brocade virtual traffic manager: user's guide, v10...53-1004324-03 december 2017 brocade virtual...
TRANSCRIPT
-
53-1004324-03
December 2017
Brocade Virtual Traffic Manager: User's Guide
Supporting 10.4r2
-
Copyright © 2017 Brocade Communications Systems, Inc. All Rights Reserved.
ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade,
OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision
and vADX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other
countries. Other brands, products, or service names mentioned may be trademarks of others.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or
implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade
reserves the right to make changes to this document at any time, without notice, and assumes no responsibility
for its use. This informational document describes features that may not be currently available. Contact a Brocade
sales office for information on feature and product availability. Export of technical data contained in this
document may require an export license from the United States government.
.The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or
entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the
information contained herein or the computer programs that accompany it.
The product described by this document may contain “open source” software covered by the GNU General
Public License or other open source license agreements. To find out which open source software is included in
Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the
programming source code, please visit
http://www.brocade.com/en/support/support-tools/oscd.html.
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters
Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
Tel: 1-408-333-8000
Fax: 1-408-333-8101
E-mail: [email protected]
Asia-Pacific Headquarters
Brocade Communications Systems China HK, Ltd.
No. 1 Guanghua Road
Chao Yang District
Units 2718 and 2818
Beijing 100020, China
Tel: +8610 6588 8888
Fax: +8610 6588 9999
E-mail: [email protected]
European Headquarters
Brocade Communications Switzerland Sàrl
Centre Swissair
Tour B - 4ème étage
29, Route de l'Aéroport
Case Postale 105
CH-1215 Genève 15
Switzerland
Tel: +41 22 799 5640
Fax: +41 22 799 5641
E-mail: [email protected]
Asia-Pacific Headquarters
Brocade Communications Systems Co., Ltd. (Shenzhen
WFOE)
Citic Plaza
No. 233 Tian He Road North
Unit 1308 – 13th Floor
Guangzhou, China
Tel: +8620 3891 2000
Fax: +8620 3891 2111
E-mail: [email protected]
http://www.brocade.com/en/support/support-tools/oscd.html
-
Contents
Brocade Virtual Traffic Manager: User's Guide iii
Contents
Preface ..................................................................................................................... 19
Document Conventions ............................................................................................ 19
Notes and Warnings ............................................................................................ 19
Text Formatting Conventions ............................................................................ 19
Command Syntax Conventions ......................................................................... 20
Brocade Resources ..................................................................................................... 21
Document Feedback .................................................................................................. 21
Contacting Brocade Technical Support .................................................................. 22
Brocade Customers .............................................................................................. 22
Brocade OEM Customers .................................................................................... 23
CHAPTER 1 Traffic Manager Overview ............................................................... 24
About This Guide ...................................................................................................... 24
Intended Audience .............................................................................................. 24
Introducing the Traffic Manager ............................................................................. 24
Typical Deployment ............................................................................................ 25
Traffic Manager Product Variants ........................................................................... 26
Developer Mode ................................................................................................... 27
Supported Platforms ............................................................................................ 27
Supported Cluster Combinations ...................................................................... 27
Chapter Outline ......................................................................................................... 29
CHAPTER 2 Network Layouts .............................................................................. 33
Essentials of Network Configuration ..................................................................... 33
Dedicated Management Network ........................................................................... 34
Sizing Your Cluster.................................................................................................... 35
Front-End Servers ................................................................................................ 35
IP Transparency ......................................................................................................... 37
Routing Configuration ........................................................................................ 39
Local Routing Problems ...................................................................................... 39
IP Transparency and Traffic Manager Clusters ............................................... 40
Traffic IP Addresses and Traffic IP Groups ........................................................... 40
Traffic IP Address Modes ................................................................................... 41
Example Configurations ..................................................................................... 42
Using IP Transparency with a Cluster .............................................................. 45
Route Health Injection and the Network .......................................................... 48
-
Contents
iv Brocade Virtual Traffic Manager: User's Guide
Introduction to IPv6 .................................................................................................. 52
Main Features of IPv6 in the Traffic Manager ................................................. 52
Technical Restrictions .......................................................................................... 53
CHAPTER 3 Initial Configuration ......................................................................... 55
Architecture Concepts ............................................................................................... 55
Managing Your First Service .................................................................................... 57
Using the Wizard to Create a Virtual Server and Pool ................................... 57
Creating a Pool and Virtual Server Manually .................................................. 58
Creating a Cluster ...................................................................................................... 59
Joining a Cluster ................................................................................................... 60
Joining Clusters with Traffic IP Groups ........................................................... 63
CHAPTER 4 Virtual Servers ................................................................................. 64
Applying Rules .......................................................................................................... 66
SSL Decryption ........................................................................................................... 67
Service Protection Classes ........................................................................................ 68
Bandwidth Management Classes ............................................................................ 69
Service Level Monitoring Classes ............................................................................ 69
HTTP Content Caching ............................................................................................. 70
Web Accelerator ......................................................................................................... 70
HTTP Content Compression .................................................................................... 71
Controlling Content Compression .................................................................... 71
Connection Analytics ................................................................................................ 72
Using Connection Analytics ............................................................................... 73
Request Logging ........................................................................................................ 74
Request Logging to a File .................................................................................... 74
Remote Request Logging .................................................................................... 75
Controlling Request Logging ............................................................................. 75
Connection Management .......................................................................................... 75
Handling Errors.................................................................................................... 79
Memory Limits for Connections ........................................................................ 81
CHAPTER 5 Pools ................................................................................................. 83
Load Balancing ........................................................................................................... 83
Locality Aware Request Distribution (LARD) ................................................. 85
Session Persistence .................................................................................................... 86
Bandwidth Management .......................................................................................... 87
Health Monitoring ..................................................................................................... 87
SSL Encryption ........................................................................................................... 88
Connection Management .......................................................................................... 88
Pool Connection Limiting ......................................................................................... 89
-
Contents
Brocade Virtual Traffic Manager: User's Guide v
Introduction .......................................................................................................... 89
Pool Connection Limits ....................................................................................... 89
Clustered Connection Limiting .......................................................................... 89
Connection Queuing ............................................................................................ 90
Considerations ...................................................................................................... 90
Enabling Pool Connection Limiting .................................................................. 91
Tracking Connection Limits ............................................................................... 91
Testing Connection Limits .................................................................................. 92
Back-End Fault Tolerance ......................................................................................... 92
Draining and Disabling Nodes ................................................................................ 94
Using the Drain a Node and Disable a Node Wizards ................................... 95
Autoscaling ................................................................................................................. 96
Introduction .......................................................................................................... 96
How It Works ....................................................................................................... 96
Configuration........................................................................................................ 97
DNS-Derived Autoscaling ...................................................................................... 106
CHAPTER 6 Traffic IP Groups and Fault Tolerance ......................................... 108
Fault Tolerance ......................................................................................................... 108
Traffic IP Addresses and Traffic IP Groups ................................................... 108
Distributing Traffic Within a Traffic IP Group .............................................. 109
Choosing Traffic IP Addresses .............................................................................. 109
Creating a Traffic IP Group .................................................................................... 110
Traffic Distribution ............................................................................................ 110
Passive Machines ............................................................................................... 112
Disabling a Traffic IP Group ............................................................................ 112
Interface-to-Subnet Mapping (Traffic IP Networks) .......................................... 112
Configuring Fault-Tolerance .................................................................................. 113
Fault Tolerance Configuration Settings .......................................................... 113
Understanding Traffic Manager Fault Tolerance Checks ............................ 116
Health Broadcasts .............................................................................................. 116
Determining the Health of a Cluster ............................................................... 117
Failover ...................................................................................................................... 117
Traffic IP Address Transfer (Single-Hosted Mode) ...................................... 117
Traffic IP Address Transfer (Multi-Hosted Mode) ....................................... 118
Traffic IP Address Transfer (RHI Mode) ........................................................ 118
Recovering from Failure ................................................................................... 118
Debugging and Monitoring Fault Tolerance Activity ........................................ 119
Configuring BGP Connectivity .............................................................................. 119
Configuring BGP Router IDs ............................................................................ 120
Managing BGP Neighbors ................................................................................ 120
Configuring OSPFv2 Connectivity........................................................................ 121
-
Contents
vi Brocade Virtual Traffic Manager: User's Guide
Configuring OSPFv2 IP Addresses ................................................................. 122
Configuring Neighborhood Monitoring ........................................................ 123
CHAPTER 7 Key Features in the Traffic Manager Administration Interface .. 124
The Home Page ........................................................................................................ 124
Services > Configuration Summary ...................................................................... 125
Catalogs ..................................................................................................................... 125
License Management ............................................................................................... 126
Adding and Removing License Keys .............................................................. 127
System > Global Settings ......................................................................................... 128
System > Backups..................................................................................................... 129
System > Backups > Partial Backups ............................................................... 131
Activity Monitoring ................................................................................................. 135
Activity > Current Activity ............................................................................... 135
Activity > Historical Activity ............................................................................ 140
Click Plot Data to view the graph using the current setting. You can also
download the data as a ".tsv" (tab-separated variable) file for your own
analysis.Activity > Map ..................................................................................... 141
Activity > Connections ...................................................................................... 141
Activity > Draining Nodes ................................................................................ 143
Activity > View Logs ......................................................................................... 144
Cloud Credentials .................................................................................................... 144
IAM Roles in Amazon EC2 Credentials ......................................................... 146
The Web Application Firewall ............................................................................... 146
Overview ............................................................................................................. 147
Enabling the Application Firewall ................................................................... 147
Application Firewall Features in the Traffic Manager Admin UI .............. 147
The System > Application Firewall Page ........................................................ 149
The Enforcer and Decider ................................................................................. 151
The Enforcer Rule ............................................................................................... 151
User Management .............................................................................................. 152
Updating Your Software ................................................................................... 153
CHAPTER 8 TrafficScript Rules ......................................................................... 154
Overview ................................................................................................................... 154
TrafficScript Example ........................................................................................ 155
TrafficScript Documentation ............................................................................ 156
Applications of Rules on the Traffic Manager ............................................... 157
Using a Rule on the Traffic Manager .................................................................... 157
Creating a Rule in the Catalog ......................................................................... 158
Uploading a Rule to the Catalog ...................................................................... 161
Applying a Rule to a Virtual Server ................................................................ 162
-
Contents
Brocade Virtual Traffic Manager: User's Guide vii
Example Rules .......................................................................................................... 163
Routing by Content Type .................................................................................. 163
Restricting Access Based on Time of Day ....................................................... 163
Customer Prioritization ..................................................................................... 164
Managing Levels of Service .............................................................................. 164
Routing Based on XML Traffic ......................................................................... 165
CHAPTER 9 TrafficScript Authentication Support ........................................... 168
Overview ................................................................................................................... 168
Configuring Authenticators ................................................................................... 168
Configuring the TrafficScript Rule ........................................................................ 172
Configuring the Virtual Server .............................................................................. 173
CHAPTER 10 Java Extensions ........................................................................... 174
Introduction to Java ................................................................................................. 174
Invoking a Java Extension ...................................................................................... 174
Configuring the Traffic Manager to Use Java ...................................................... 175
Requirements ...................................................................................................... 175
Compiling a Java Extension .............................................................................. 175
Loading Java Extensions onto the Traffic Manager ...................................... 176
Configuring the Traffic Manager’s Java Extension Runner ......................... 176
CHAPTER 11 Protocol Support ......................................................................... 178
Basic TCP Protocols ................................................................................................. 178
Server-First Protocols ........................................................................................ 178
Client-First Protocols ......................................................................................... 179
Server-First with "Server Banner" .................................................................... 180
Generic Streaming Protocols ............................................................................ 181
HTTP .......................................................................................................................... 181
SSL .............................................................................................................................. 183
Protecting the SSL Handshake ......................................................................... 184
SSL Connection Renegotiation Protection ...................................................... 184
SMTP (Simple Mail Transport Protocol) .............................................................. 186
FTP ............................................................................................................................. 187
FTP Source Ports ................................................................................................ 188
SSL-Wrapped FTP (FTPS) ................................................................................. 189
Use Cases for SSL-Wrapped FTP ..................................................................... 190
Real-Time Streaming Protocol ............................................................................... 191
Setting Up an RTSP Service .............................................................................. 192
Session Initiation Protocol ...................................................................................... 193
Features of SIP .................................................................................................... 193
The Traffic Manager and the SIP Protocol ..................................................... 194
-
Contents
viii Brocade Virtual Traffic Manager: User's Guide
Configuring the Proxy Servers to Support Traffic Management ................ 195
Setting Up a SIP Service on the Traffic Manager ........................................... 196
SIP Operation Modes on the Traffic Manager ............................................... 196
Additional SIP Settings ..................................................................................... 198
Communicating with UDP-Based SIP Servers .............................................. 200
CHAPTER 12 Session Persistence .................................................................... 201
What Is Session Persistence? .................................................................................. 201
Configuring Session Persistence ............................................................................ 202
Enabling Session Persistence ............................................................................ 202
Selecting a Persistence Method ........................................................................ 203
Resolving Session Persistence Maps to Nodes .............................................. 208
Node Failure Options ........................................................................................ 208
Draining Connections ........................................................................................ 209
Sizing the Session Persistence Caches ............................................................. 210
Using Session Persistence with Multi-Hosted Traffic IP Addresses .......... 211
Session Persistence with UDP protocols .............................................................. 212
Examples ................................................................................................................... 212
Universal PHP Persistence ............................................................................... 212
CHAPTER 13 SSL Encryption ............................................................................ 214
Overview of SSL....................................................................................................... 214
Server Authentication ........................................................................................ 214
Client Authentication ........................................................................................ 215
Encrypted Data Transfer ................................................................................... 216
SSL Features in the Traffic Manager ..................................................................... 216
Decryption and Encryption .............................................................................. 216
SSL Certificates Catalog .................................................................................... 216
SSL Decryption Wizard .......................................................................................... 217
Configuring SSL Certificates .................................................................................. 217
Creating a New Self-Signed SSL Certificate ................................................... 218
Managing Certificate Data ................................................................................ 219
Creating a Certificate Signing Request ........................................................... 220
Importing a New SSL Certificate ..................................................................... 221
Working with Intermediate Certificates ......................................................... 221
Managing Certificate Authority Certificates and CRL Files ............................. 222
SSL Decryption ......................................................................................................... 223
Setting Up SSL Decryption ............................................................................... 224
Serving Multiple Sites Using a Single Virtual Server ................................... 226
Configuring Ciphers and TLS Versions .......................................................... 227
Client Certificates ............................................................................................... 229
Configuring OCSP ............................................................................................. 230
-
Contents
Brocade Virtual Traffic Manager: User's Guide ix
SSL Session ID Cache......................................................................................... 233
OCSP Stapling Cache......................................................................................... 234
SSL Encryption ......................................................................................................... 234
Preserving IP Addresses with SSL Forwarding .................................................. 235
Use of SSL Cryptographic Devices........................................................................ 236
Configuring the Traffic Manager to Use an SSL Device .............................. 237
Verifying Correct Operation of SSL Devices.................................................. 240
Using the Connect to Microsoft Azure Key Vault Wizard .......................... 241
Identifying Keys and Certificates Stored on a Secure Device ..................... 243
CHAPTER 14 Health Monitoring ........................................................................ 244
Which Nodes Are Monitored? ............................................................................... 244
Using Nodes in Multiple Pools ........................................................................ 244
Passive Health Monitoring ..................................................................................... 245
Retrying Failed Requests .................................................................................. 246
Node Failures...................................................................................................... 247
Enabling and Disabling Passive Monitoring ................................................. 247
Overview of Health Monitors ................................................................................ 247
The Monitors Catalog .............................................................................................. 248
Built-in Health Monitors ................................................................................... 249
Custom Health Monitors .................................................................................. 251
Per-Node and Pool-Wide Monitors ................................................................. 252
Using Health Monitors ........................................................................................... 252
Applying a Monitor to a Pool ........................................................................... 252
External Program Monitors .................................................................................... 253
Uploading Monitors to the Traffic Manager .................................................. 254
Writing Monitors in Perl ................................................................................... 254
CHAPTER 15 Service Protection ....................................................................... 256
Classes of Risk .......................................................................................................... 256
Denial of Service (DoS) ...................................................................................... 256
Web Worms and Viruses .................................................................................. 256
Distributed Denial of Service Attacks (DDoS) ............................................... 256
Malformed HTTP Attacks ................................................................................. 257
Firewalls and Other Security Measures .......................................................... 257
Protection Features .................................................................................................. 257
Network Access Restrictions ............................................................................ 257
Connection Limiting .......................................................................................... 258
Malformed HTTP Filtering ............................................................................... 258
Rule-Based Protection ....................................................................................... 258
Enabling Service Protection.................................................................................... 258
Adding a Service Protection Class ........................................................................ 259
-
Contents
x Brocade Virtual Traffic Manager: User's Guide
Basic Settings ...................................................................................................... 259
Simultaneous Connections ............................................................................... 259
Connection Rate ................................................................................................. 260
Access Restrictions ............................................................................................. 261
HTTP-Specific Settings ...................................................................................... 261
Service Protection Rule...................................................................................... 262
Applying a Service Protection Class to a Virtual Server .................................... 262
Service Protection Performance ............................................................................. 263
CHAPTER 16 Bandwidth Management.............................................................. 264
What Is Bandwidth Management? ........................................................................ 264
Configuring Bandwidth Management ................................................................. 265
Adding a Bandwidth Class to the Catalog ..................................................... 265
Assigning a Bandwidth Class to a Virtual Server ......................................... 266
Assigning a Bandwidth Class to a Pool .......................................................... 266
Using TrafficScript to Select a Bandwidth Class ........................................... 267
CHAPTER 17 Request Rate Shaping ................................................................. 268
What Is Request Rate Shaping? ............................................................................. 268
Configuring a Request Rate Shaping Class (Rate Class).................................... 269
Adding a Rate Class to the Catalog ................................................................. 269
Using a Rate Class ................................................................................................... 269
The Rate Queue .................................................................................................. 270
Selective Rate Shaping ....................................................................................... 271
More Fine-Grained Rate Shaping .......................................................................... 271
Rate-Shaping Web Spiders ............................................................................... 272
Graphing Request Rate Shaping ............................................................................ 273
CHAPTER 18 Service Level Monitoring ............................................................ 274
Introducing Service Level Monitoring ................................................................. 274
Configuring a Service Level Monitoring Class (SLM Class) ............................. 275
Adding an SLM Class to the Catalog .............................................................. 275
Applying an SLM Class to a Virtual Server ......................................................... 276
Applying SLM Classes from TrafficScript ........................................................... 276
SLM Class TrafficScript Examples ........................................................................ 276
"FrontPage Scripts Only" Service Level Monitoring ..................................... 277
Prioritizing Resources with Service Level Monitoring ................................. 277
Graphing SLM Class Conformance Rates ............................................................ 278
CHAPTER 19 Content Caching .......................................................................... 279
Introduction .............................................................................................................. 279
-
Contents
Brocade Virtual Traffic Manager: User's Guide xi
Configuring Content Caching ................................................................................ 279
Applying Content Caching to a Virtual Server ............................................. 280
Configuring Lifetimes ....................................................................................... 280
Configuring Web Cache Memory Usage ........................................................ 281
Monitoring Cache Activity ............................................................................... 283
Configuring Disk-Based Caching .................................................................... 283
Caching Policy .......................................................................................................... 284
Requests ............................................................................................................... 284
Responses ............................................................................................................ 284
Variants ................................................................................................................ 285
Byte Ranges ......................................................................................................... 285
ETags .................................................................................................................... 286
Controlling Content Caching Using TrafficScript .............................................. 286
HTTP Request Processing ................................................................................. 286
HTTP Response Processing .............................................................................. 286
TrafficScript Cache Control Functions ............................................................ 286
Forcing Stale Content out of the Cache ................................................................ 288
Manual Removal of Cached Content .............................................................. 288
Programmatic Removal of Cached Content................................................... 289
CHAPTER 20 Using Brocade Web Accelerator to Optimize Your Web Content290
Introduction .............................................................................................................. 290
Modes of Operation ................................................................................................. 290
Configuring Web Accelerator for Your Services ................................................. 291
The Web Accelerator Wizard ........................................................................... 292
Application Scopes ............................................................................................ 292
Web Accelerator Profiles ................................................................................... 293
Measuring Web Accelerator Changes .................................................................. 298
Checking That Web Accelerator Is Active ...................................................... 298
Using Stealth Mode to Test Web Accelerator ................................................ 298
Measuring Web Page Speed ............................................................................. 299
Tools ..................................................................................................................... 299
Understanding Custom Acceleration Profiles ..................................................... 301
Acceleration Settings ......................................................................................... 303
Understanding Optimization Techniques ........................................................... 308
Web Page Speed Rules ...................................................................................... 309
Resource Naming and URL Versioning ......................................................... 312
Using a Content Distribution Network .......................................................... 316
Troubleshooting Web Accelerator ........................................................................ 317
Controlling Unexpected Behavior ................................................................... 317
Interaction with Other Traffic Manager Functionality ................................. 318
Runtime Errors ................................................................................................... 322
-
Contents
xii Brocade Virtual Traffic Manager: User's Guide
Image Errors ....................................................................................................... 323
CSS Errors ........................................................................................................... 324
JavaScript Errors ................................................................................................. 324
Other Configurable Global Settings ................................................................ 326
CHAPTER 21 Event Handling and Alerts .......................................................... 327
Overview ................................................................................................................... 327
Event Types .............................................................................................................. 328
Creating New Event Types ............................................................................... 329
Actions ....................................................................................................................... 330
Testing Actions ................................................................................................... 331
Configuring an Event Handler .............................................................................. 332
Duplicate Events ................................................................................................ 332
Custom Actions ........................................................................................................ 332
Calling a Program or Script .............................................................................. 332
Sending a SOAP Message ................................................................................. 333
Raising Events from TrafficScript or Java Extensions ........................................ 335
Example ............................................................................................................... 336
CHAPTER 22 Configuring System Level Settings ........................................... 338
Network Configuration .......................................................................................... 338
Configuring the Hostname and IP Addresses ............................................... 338
Configuring VLANs .......................................................................................... 339
Configuring Your DNS Settings ...................................................................... 340
Configuring Routing ......................................................................................... 341
Configuring Return Path Routing ................................................................... 341
Configuring IP Forwarding and Network Address Translation (NAT) .... 345
Time and Date Configuration ................................................................................ 348
Setting the Time Manually................................................................................ 348
Using an NTP Server ......................................................................................... 348
Synchronizing Time from the Traffic Manager ............................................. 349
Remote Login to the Traffic Manager ................................................................... 349
Entering Custom Kernel Parameters .................................................................... 349
Adding or Modifying a Parameter .................................................................. 350
Existing Entries ................................................................................................... 350
CHAPTER 23 System Security ........................................................................... 351
Firewall and Operating System Settings .............................................................. 351
Firewalling Techniques ..................................................................................... 351
Firewall Configuration with the Traffic Manager ......................................... 351
Network Design ....................................................................................................... 352
UNIX User Permissions .......................................................................................... 353
-
Contents
Brocade Virtual Traffic Manager: User's Guide xiii
File System Security................................................................................................. 354
Operating System Settings ..................................................................................... 354
CHAPTER 24 Admin Server Security ................................................................ 356
Basic Administration Server Settings ................................................................... 356
Changing the Admin Server SSL Certificate .................................................. 356
Restricting Access to the Admin Server.......................................................... 357
Changing Admin Server Ports ......................................................................... 357
Traffic Manager SSH Server Security .............................................................. 357
Cluster Communication .................................................................................... 359
SSL Settings for Admin Server and Internal Connections ........................... 360
Access to the REST API ..................................................................................... 361
User Management .................................................................................................... 361
User Authentication ........................................................................................... 361
Local Users .......................................................................................................... 362
Authenticators .................................................................................................... 364
Testing an Authenticator .................................................................................. 368
Permission Groups ............................................................................................. 369
Login Timeout .................................................................................................... 370
Suspended Users ................................................................................................ 370
Login Security and Behavior .................................................................................. 371
The Login Information Banner .............................................................................. 372
The Event and Audit Logs...................................................................................... 373
CHAPTER 25 The Traffic Manager Control API ................................................ 374
Introducing the Traffic Manager Control API ..................................................... 374
Example: Listing Running Virtual Servers .......................................................... 374
Perl with SOAP::Lite .......................................................................................... 374
C Sharp or Mono ................................................................................................ 375
Further Examples ............................................................................................... 377
CHAPTER 26 Command Line Interface ............................................................. 378
Accessing the CLI .................................................................................................... 378
Permissions ......................................................................................................... 379
Commands ................................................................................................................ 380
Control API methods ......................................................................................... 381
Built-in Commands ............................................................................................ 384
Scripting the CLI ...................................................................................................... 388
Script Output ...................................................................................................... 389
-
Contents
xiv Brocade Virtual Traffic Manager: User's Guide
CHAPTER 27 Granular Configuration Import/Export with zconf .................... 390
Introduction .............................................................................................................. 390
Using zconf ............................................................................................................... 390
Exporting a Complete Backup ............................................................................... 391
Configuration Listings ............................................................................................ 392
Partial Imports .......................................................................................................... 392
CHAPTER 28 Multi-Site Cluster Management .................................................. 393
Introduction .............................................................................................................. 393
Activation and Deactivation .................................................................................. 394
Key Concepts ............................................................................................................ 394
Configuration Locations ................................................................................... 394
Clusters ................................................................................................................ 395
Deployment Scenarios ............................................................................................ 395
Create and Manage a Second Traffic Manager Location ............................. 395
Add a New Traffic Manager to Your Multi-Site Cluster .............................. 396
Merging Two or More Existing Traffic Manager Clusters ........................... 396
Configuration ........................................................................................................... 398
Setting Up Locations .......................................................................................... 398
Setting Traffic Manager Locations ................................................................... 398
Location-Specific Configuration ...................................................................... 399
Home Page Changes .......................................................................................... 400
The World Map .................................................................................................. 401
Traffic Visualization .......................................................................................... 401
CHAPTER 29 The Traffic Manager DNS Server ................................................ 402
DNS Primer............................................................................................................... 402
Introduction ........................................................................................................ 402
The Layout of DNS ............................................................................................ 402
Delegation of Authority .................................................................................... 402
Name Resolution ................................................................................................ 403
Resource Records ............................................................................................... 403
Zone Files ............................................................................................................ 404
The Resolution Process ...................................................................................... 406
Supported DNS Features ........................................................................................ 407
Implemented Features from RFC 1034 ........................................................... 407
Implemented Features from RFC 1035 ........................................................... 408
Exceptions for RFC 1034 ................................................................................... 409
Exceptions for RFC 1035 ................................................................................... 409
Other Implemented Features ........................................................................... 410
Other Excluded Features ................................................................................... 410
Configuring the DNS Server .................................................................................. 411
-
Contents
Brocade Virtual Traffic Manager: User's Guide xv
Configuration Summary ................................................................................... 411
Uploading DNS Zonefiles to the Traffic Manager ........................................ 412
Setting Up Traffic Manager Zones .................................................................. 412
Configuring a DNS Virtual Server .................................................................. 413
CHAPTER 30 Global Load Balancing ................................................................ 415
Introduction and Prerequisites .............................................................................. 415
About Global Server Load Balancing ................................................................... 416
GSLB Within the Traffic Manager ................................................................... 417
Deployment Planning ............................................................................................. 417
Traffic Manager Positioning ............................................................................. 417
Deployment Methods ........................................................................................ 418
The Time-to-Live (TTL) Field ........................................................................... 423
Components of a Traffic Manager GLB Deployment......................................... 423
GLB Locations ..................................................................................................... 423
GLB Services ....................................................................................................... 424
GLB Configured Virtual Servers and Pools ................................................... 425
DNS Servers ........................................................................................................ 425
Service IP Addresses .......................................................................................... 425
Service Monitors ................................................................................................. 425
Configuring GLB...................................................................................................... 426
Overview ............................................................................................................. 426
Defining GLB Locations .................................................................................... 426
Creating a Service Monitor ............................................................................... 427
Creating a GLB Service ...................................................................................... 428
Creating a DNS Server Pool ............................................................................. 433
Creating a DNS Virtual Server ......................................................................... 433
Traffic Visualization ................................................................................................ 434
The Current Activity Graph ............................................................................. 435
The Historical Activity Graph .......................................................................... 435
The Connections Page ....................................................................................... 435
GLB Request Logs .............................................................................................. 435
Testing DNS with DIG ............................................................................................ 436
Extending the Traffic Manager's GeoIP Database .............................................. 436
Unrecognized IP Addresses ............................................................................. 437
Extending the Traffic Manager's GeoIP Database ......................................... 437
Testing the IP Address Mappings ................................................................... 438
Updating Your Traffic Manager Cluster Configuration .............................. 438
CHAPTER 31 FIPS Validation in the Traffic Manager....................................... 440
Introduction to FIPS ................................................................................................ 440
FIPS Mode ................................................................................................................. 440
-
Contents
xvi Brocade Virtual Traffic Manager: User's Guide
FIPS 140-2 ............................................................................................................ 440
FIPS 140-2 and the Traffic Manager ................................................................ 441
Deploying FIPS Mode ............................................................................................. 444
Preparation .......................................................................................................... 444
Enabling FIPS Mode .......................................................................................... 449
Operating in FIPS Mode .................................................................................... 449
CHAPTER 32 Kerberos Constrained Delegation Support ............................... 451
The Kerberos Protocol ............................................................................................. 451
Kerberos Protocol Transition and Constrained Delegation .............................. 451
Protocol Transition ............................................................................................. 451
Constrained Delegation .................................................................................... 451
Rationale for Using Kerberos ................................................................................. 452
Configuring Kerberos on the Traffic Manager .................................................... 452
Traffic Manager Service Principal ................................................................... 452
Virtual Server Protocol Transition Configuration ......................................... 454
Pool Protocol Transition Configuration .......................................................... 455
CHAPTER 33 Troubleshooting .......................................................................... 457
Tools and Techniques .............................................................................................. 457
Diagnosis and Event Logging ................................................................................ 457
Monitoring Requests and Responses .................................................................... 458
Connection Activity Report .............................................................................. 459
Request Logs ....................................................................................................... 459
Advanced Logging ............................................................................................ 460
Monitoring Events ............................................................................................. 460
Detailed Debugging of Connections ..................................................................... 460
Testing Individual Nodes ....................................................................................... 462
Understanding Your Configuration ..................................................................... 462
Troubleshooting Tips .............................................................................................. 463
Generating Test Requests.................................................................................. 463
Checking Automatic Back-End Failover ........................................................ 464
Checking Automatic Front-End Failover ....................................................... 464
Common Problems .................................................................................................. 465
Did Not Become Root ........................................................................................ 465
Connection Refused ........................................................................................... 465
Inappropriate Traffic IP Addresses Configured ............................................ 466
The Traffic Manager Drops Connection Before Protocol Begins ................ 466
Web Server Returns Error 400 .......................................................................... 466
Wrong Port Number Configured .................................................................... 466
Running Out of File Descriptors ...................................................................... 467
Running Out of Disk Space .............................................................................. 467
-
Contents
Brocade Virtual Traffic Manager: User's Guide xvii
Getting Help ............................................................................................................. 468
CHAPTER 34 Glossary ....................................................................................... 469
CHAPTER 35 Software License Acknowledgements ....................................... 476
License for the Berkeley DB Code (Version 1.85) ................................................ 476
RSA PKCS11 ............................................................................................................. 477
License for the OpenLDAP Code, Version 2.4.23 ............................................... 477
PCRE2 License .......................................................................................................... 478
Libnet License ........................................................................................................... 480
License for Yahoo! UI Library ................................................................................ 481
License for ssleay Cryptographic Library ............................................................ 482
License for libxml2 and libxslt ............................................................................... 483
License for the Java Servlet API ............................................................................. 484
License for the Expat XML Parser ......................................................................... 485
License for MooTools .............................................................................................. 486
Licenses for OpenLayers ......................................................................................... 486
License for rsync ...................................................................................................... 488
License for mod_imap.c .......................................................................................... 488
License for Antlr and libantlr ................................................................................. 490
License for es3-grammar ........................................................................................ 491
License for jsoncpp .................................................................................................. 491
License for libjpeg .................................................................................................... 492
License for libunwind ............................................................................................. 494
License for the Perl JSON Library ......................................................................... 494
License for OpenSSL ............................................................................................... 497
License for WebP ..................................................................................................... 500
License for Flex......................................................................................................... 501
License for CryptoJS ................................................................................................ 502
License for zlib ......................................................................................................... 503
License for zlib.js ...................................................................................................... 504
License for XML::Twig ............................................................................................ 504
License for MIT Kerberos ....................................................................................... 505
License for Libedit ................................................................................................... 528
License for ZebOS .................................................................................................... 531
License for Curl ........................................................................................................ 531
License for Jansson .................................................................................................. 531
License for Digest::SHA .......................................................................................... 532
License for Sys::SysLog ........................................................................................... 533
License for Perl ......................................................................................................... 533
-
Contents
xviii Brocade Virtual Traffic Manager: User's Guide
CHAPTER 36 Index ............................................................................................. 537
-
Document Conventions Traffic Manager Overview
Brocade Virtual Traffic Manager: User's Guide 19
Preface
Read this preface for an overview of the information provided in this guide. This
preface includes the following sections:
"Document Conventions", next
"Brocade Resources" on page 21
"Document Feedback" on page 21
"Contacting Brocade Technical Support" on page 22
Document Conventions
The document conventions describe text formatting conventions, command syntax
conventions, and important notice formats used in Brocade technical documentation.
Notes and Warnings
Note, important, and caution statements might be used in this document. They are
listed in the order of increasing severity of potential hazards.
Note: A Note provides a tip, guidance, or advice, emphasizes important information,
or provides a reference to related information.
Important: An Important statement indicates a stronger note, for example, to alert
you when traffic might be interrupted or the device might reboot.
Caution: A Caution statement alerts you to situations that can be potentially
hazardous to you or cause damage to hardware, firmware, software, or data.
Text Formatting Conventions
Text formatting conventions such as boldface, italic, or Courier font might be used in
the flow of the text to highlight specific words or phrases.
Format Description
bold text Identifies command names
Identifies keywords and operands
-
Traffic Manager Overview Document Conventions
20 Brocade Virtual Traffic Manager: User's Guide
Format Description
Identifies the names of user-manipulated GUI elements
Identifies text to enter at the GUI
italic text Identifies emphasis
Identifies variables
Identifies document titles
Courier font Identifies CLI output
Identifies command syntax examples
Command Syntax Conventions
Bold and italic text identify command syntax components. Delimiters and operators
define groupings of parameters and their logical relationships.
Convention Description
bold text Identifies command names, keywords, and command
options.
italic text Identifies a variable.
value In Fibre Channel products, a fixed value provided as input
to a command option is printed in plain text.
For example, --show WWN.
[ ] Syntax components displayed within square brackets are
optional.
Default responses to system prompts are enclosed in square
brackets.
-
Document Feedback Traffic Manager Overview
Brocade Virtual Traffic Manager: User's Guide 21
Convention Description
{ x | y | z } A choice of required parameters is enclosed in curly
brackets separated by vertical bars. You must select one of
the options.
In Fibre Channel products, square brackets may be used
instead for this purpose.
x | y A vertical bar separates mutually exclusive elements.
< > Nonprinting characters, for example, passwords, are
enclosed in angle brackets.
... Repeat the previous element, for example,
member[member...].
\ Indicates a “soft” line break in command examples. If a
backslash separates two lines of a command input, enter the
entire command at the prompt without the backslash.
Brocade Resources
Visit the Brocade website to locate related documentation for your product and
additional Brocade resources.
White papers, data sheets, and the most recent versions of Brocade software and
hardware manuals are available at www.brocade.com. Product documentation for
all supported releases is available to registered users at MyBrocade. Click the
Support tab and select Document Library to access documentation on MyBrocade or
www.brocade.com. You can locate documentation by product or by operating
system.
Release notes are bundled with software downloads on MyBrocade. Links to
software downloads are available on the MyBrocade landing page and in the
Document Library.
Document Feedback
Quality is our first concern at Brocade and we have made every effort to ensure the
accuracy and completeness of this document. However, if you find an error or an
http://www.brocade.com/http://my.brocade.com/http://my.brocade.com/http://www.brocade.com/http://my.brocade.com/
-
Traffic Manager Overview Contacting Brocade Technical Support
22 Brocade Virtual Traffic Manager: User's Guide
omission, or you think that a topic needs further development, we want to hear from
you. You can provide feedback in two ways:
Through the online feedback form in the HTML documents posted on
http://www.brocade.com/.
By sending your feedback to [email protected].
Provide the publication title, part number, and as much detail as possible, including
the topic heading and page number if applicable, as well as your suggestions for
improvement.
Contacting Brocade Technical Support
As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by
telephone, or by e-mail. Brocade OEM customers contact their OEM/Solutions
provider.
Brocade Customers
For product support information and the latest information on contacting the
Technical Assistance Center, go to http://www.brocade.com and select Support.
If you have purchased Brocade product support directly from Brocade, use one of
the following methods to contact the Brocade Technical Assistance Center 24x7.
http://www.brocade.com/mailto:[email protected]://www.brocade.com/
-
Contacting Brocade Technical Support Traffic Manager Overview
Brocade Virtual Traffic Manager: User's Guide 23
Online Telephone E-mail
Preferred method of
contact for nonurgent
issues:
Case management
through the
MyBrocade portal.
Quick Access links to
Knowledge Base,
Community,
Document Library,
Software Downloads
and Licensing tools.
Required for Sev 1-Critical
and Sev 2-High issues:
Continental US: 1-800-
752-8061
Europe, Middle East,
Africa, and Asia
Pacific:
+800-AT FIBREE (+800
28 34 27 33)
Toll-free numbers are
available in many
countries.
For areas unable to
access a toll free
number:
+1-408-333-6061
Please include:
Problem summary
Serial number
Installation details
Environment
description
Brocade OEM Customers
If you have purchased Brocade product support from a Brocade OEM/Solution
Provider, contact your OEM/Solution Provider for all of your product support needs.
OEM/Solution Providers are trained and certified by Brocade to support
Brocade® products.
Brocade provides backline support for issues that cannot be resolved by the
OEM/Solution Provider.
Brocade Supplemental Support augments your existing OEM support contract,
providing direct access to Brocade expertise. For more information, contact
Brocade or your OEM.
For questions regarding service levels and response times, contact your
OEM/Solution Provider.
http://my.brocade.com/http://www.brocade.com/services-support/international_telephone_numbers/index.pagemailto:[email protected]
-
Traffic Manager Overview Introducing the Traffic Manager
24 Brocade Virtual Traffic Manager: User's Guide
CHAPTER 1 Traffic Manager Overview
About This Guide
The Brocade Virtual Traffic Manager: User's Guide describes how to configure and
manage Brocade Virtual Traffic Manager (the Traffic Manager).
Brocade recommends first reading the Brocade Virtual Traffic Manager: Installation and
Getting Started Guide applicable to your product variant for an introduction to
installing the Traffic Manager and performing basic configuration to load-balance
services.
This document describes the features and capabilities of the Traffic Manager release
10.4r2.
Intended Audience
This guide is written for system administrators familiar with administering and
managing Web services and infrastructure.
This guide assumes you are familiar with networking terminology.
Introducing the Traffic Manager
The Traffic Manager product family provides high-availability, application-centric
traffic management and load balancing solutions. They provide control, intelligence,
security and resilience for all your application traffic.
The Traffic Manager is intended for organizations hosting valuable business-critical
services, such as TCP and UDP-based services like HTTP (Web) and media delivery,
and XML-based services such as Web Services.
The Traffic Manager’s unique process architecture ensures it can handle large
volumes of network traffic efficiently. Its inherent scalability allows you to add more
front-end Traffic Managers or back-end servers to your cluster as the need arises.
The cluster size is unlimited, and the performance of the Traffic Manager grows in
line with the performance of the platform used.
The Traffic Manager represents a family of highly capable solutions that can be
adapted and extended as new requirements arise. Using the unique TrafficScript
language and built-in Java Extensions you can write sophisticated, tailored traffic
management rules to inspect, transform, manage and route requests and responses.
TrafficScript rules can manage connections in any TCP or UDP-based protocol.
-
Introducing the Traffic Manager Traffic Manager Overview
Brocade Virtual Traffic Manager: User's Guide 25
Traffic Manager products are secure out-of-the-box, and are hardened against
intrusion and Denial-of-Service (DoS) attacks. They incorporate the fastest and
strongest Secure Sockets Layer1 (SSL) encryption technologies, and can efficiently
decrypt and re-encrypt large numbers of secure connections. TrafficScript rules,
security policies and other content-based calculations can be applied to encrypted
requests while retaining full end-to-end security.
For critical, high-availability solutions, the Traffic Manager offers cluster
redundancy. This allows you to have unlimited numbers of active and passive
standby front-end servers. If one of your active machines fails, a standby server is
automatically brought into action; in the case of subsequent failure, more standby
servers are available to take up the load. This ensures that there is no single point of
failure in the system.
Typical Deployment
Fig 1. A typical deployment using a cluster of Traffic Managers
1 The Traffic Manager supports SSL and its successor TLS (Transport Layer Security). References to SSL throughout this guide
typically refer to both algorithms, unless specified independently.
-
Traffic Manager Overview Traffic Manager Product Variants
26 Brocade Virtual Traffic Manager: User's Guide
Traffic Manager Product Variants
The Traffic Manager product family is available in a variety of software, hardware
appliance, virtual appliance, and cloud instance configurations. All variants share
the same core Traffic Manager software, but different versions can provide different
levels of functionality depending on the enabling license key.
This manual documents the full functionality of the Traffic Manager software with
all options enabled. It might describe features and capabilities that are not present or
visible in the version of the product you are using. Features present but not enabled
in your license key are greyed-out and un-selectable in the Admin UI.
For example, Global Load Balancing, Service Level Monitoring, Rate Shaping,
Autoscaling, and Bandwidth Management are examples of advanced product
capabilities and might not be enabled in your particular configuration.
In addition, Brocade provides two optional Traffic Manager components, available
only through an appropriate license key upgrade:
Brocade Virtual Web Application Firewall (Web Application Firewall):
Provides advanced attack detection and protection for your Web applications. See
CHAPTER 7, "The Web Application Firewall" for more details about how this fits
into your Traffic Manager infrastructure. For full product details and instructions,
see the Brocade Virtual Web Application Firewall User Guide, available from the
Brocade Web site at:
https://www.brocade.com/vadc-docs
Brocade Web Accelerator (Web Accelerator): Provides content optimization
functionality for your Web applications. This is available as either a fully
integrated component of the Traffic Manager, or in standalone proxy mode
whereby the load balancing aspects of the Traffic Manager are disabled. Your
sales representative can provide details about which variant is most appropriate
for your needs. CHAPTER 20, "Using Brocade Web Accelerator to Optimize Your
Web Content", provides full details about how to enable and configure Web
Accelerator for your infrastructure.
Note: Web Accelerator functionality is not available for software variants running
on SPARC-based Solaris or SunOS platforms.
Appliance and cloud versions of the Traffic Manager feature Networking and
Date/Time configuration options not available in software-only versions.
Your product version specifications describe which capabilities are enabled in your
particular variant. See also the applicable installation and getting started guide
available from the Brocade Web site.
https://www.brocade.com/vadc-docs
-
Traffic Manager Product Variants Traffic Manager Overview
Brocade Virtual Traffic Manager: User's Guide 27
Developer Mode
When unlicensed, The Traffic Manager falls back to a default state known as
Developer mode. This is designed to allow the user to experience the full features
and capabilities of the Traffic Manager for development or evaluation purposes. Full
product functionality is provided, but in a bandwidth-constrained environment. It
operates with a maximum bandwidth limited to 1Mb/s and 100 SSL TPS
(transactions per second).
Important: The Developer mode is not designed or intended for full production use.
It is recommended that you contact your support provider for details about how to
purchase a license key suitable for your needs.
Supported Platforms
The Traffic Manager software can be deployed on a range of platforms, on physical
or virtual servers, and in cloud infrastructures. Refer to the release notes and
documentation at http://www.brocade.com/en/products-services/application-
delivery-controllers/virtual-traffic-manager.html for up-to-date platform and version
number requirements.
Software
The Traffic Manager is available as a software package suitable for deployment on
existing supported Linux and UNIX servers. Supported distributions are listed in the
release notes as mentioned above.
Appliances
Brocade provides the Traffic Manager as an appliance disk image, suitable for
deployment