Embed Size (px)
Citation preview
- 1
Alteon Virtual Appliance (VA) version 29 and
Cisco Unified Computing System (UCS)
Implementation Guide
- 2
Table of Content Solution Overview ................................................................................................................................ 3
Cisco’s Unified Computing System Overview ..................................................................................... 3
Radware’s Alteon Virtual Appliance Overview .................................................................................... 4
Design Overview ................................................................................................................................. 4
Diagram 1.0 – Cisco’s UCS and Radware’s Alteon VA Physical Topology System Requirements ... 4
Alteon VA VM Requirements ........................................................................................................... 4
Environmental Requirements .......................................................................................................... 5
Tests Conducted for Solution Validation ............................................................................................. 5
Radware’s Virtual Appliance Configuration ......................................................................................... 7
Preparing the UCS ecosystem for the Alteon VA OVA installation ................................................. 7
Initial Configuration of the Management Interface ........................................................................ 11
Connecting to the VA .................................................................................................................... 11
Logging into the VA ....................................................................................................................... 12
Detailed Configuration Overview ................................................................................................... 12
Validating the Configuration and Service Status ........................................................................... 13
Appendix 1 – Alteon VA Configuration ............................................................................................. 14
Technical Support.............................................................................................................................. 15
- 3
Solution Overview Radware’s Virtual Application Delivery Infrastructure (VADI) and Cisco’s Unified Computing System (UCS) ensure customers a resilient, efficient and scalable solution catering to all forms of data center and cloud solutions. Radware’s Alteon Application Delivery Controller (ADC) guarantees the maximum availability, scalability and performance of applications and services running on Cisco UCS, while accelerating end to end traffic for a mobilized workforce towards globalized applications.
Radware’s Alteon ADC is offered in three form factors, all delivering identical feature set and configuration, including a dedicated hardware ADC, virtualized ADC (via ADC-VX™ ADC virtualization technology) or a software ADC, called Alteon Virtual Appliance (VA). The rest of this paper mainly refers to the integration of Alteon VA into Cisco UCS platforms.
Radware’s Alteon ADC integrated application acceleration features are designed to accelerate application response time and ensure best application SLA while offloading server processing. With the ability to intelligently align user agents and content, traffic is optimized for all users, addressing the critical need of a mobile workforce. By offloading processor intensive operations, such as SSL and/or TCP overhead, Alteon ADC frees the servers’ resources to expedite requests, which results in reduced server CPU utilization, lower latency and lowering CAPEX. Moreover, the bandwidth management service aligns the utilization of network resources with business objectives to guarantee SLA.
By embracing Radware’s “Pay-as-you-Grow” approach, customers only pay for the exact capacity currently required and prevent over-spending on the initial solution. Throughput capacity, acceleration capabilities, application-aware services and the number of ADC instances can be added on demand to meet new business requirements.
For additional information, please visit: http://www.radware.com/products/applicationdelivery/alteonva.aspx
Cisco’s Unified Computing System Overview
When rapidly changing business demands require fast response, turn to the Cisco Unified
Computing System (UCS). The industry's first converged data center platform, the Cisco UCS
delivers smart, programmable infrastructure that simplifies and speeds enterprise-class
application and service deployment in
bare-metal, virtualized and cloud-computing environments.
Unified, model-based management, end-to-end provisioning, and migration support come
together in this next-generation data center platform to accelerate and simplify application
deployment with greater reliability and security.
The Cisco Unified Computing System:
Integrates Cisco servers, and network and I/O resources into one system
Improves enterprise application availability and performance
Scales service delivery to increase business agility
Streamlines data center resources to reduce total cost of ownership
Radically reduces the number of devices requiring setup, management, power, cooling,
and cabling
- 4
For more information, please visit: http://www.cisco.com/en/US/products/ps10265/benefits.html
Radware’s Alteon Virtual Appliance Overview
Radware’s Alteon Virtual Appliance (VA™) is a fully-functional ADC solution packaged as a virtual appliance running on server virtualization infrastructure. It provides identical functionality to Alteon physical ADC devices including local and global server load balancing, Layer 7 capabilities and application acceleration.
Design Overview
This design is meant to simplify the repeatable deployment model for applications leveraging the UCS for networking, computing and storage functions. Leveraging the ADC as a built in networking component, the application can maintain a more consistent configuration between deployments, improving time and accuracy, minimizing the impact from a physical to virtual migration.
The ADC controls a globally routable virtual IP (VIP). This VIP is used to manage a single or multiple applications that may reside within the UCS framework. Health monitoring processes of the ADC dynamically determine the state of each service to optimize the resource selection per request according to availability, load and configurable policy. When the ideal resource is selected the ADC forwards the incoming request and retains persistency information according to where the specific session was sent. This persistent forwarding decision is retained throughout the life of a users dialog.
In this design, we use standard web applications to help evaluate the many tests conducted during validation.
Diagram 1.0 – Cisco’s UCS and Radware’s Alteon VA Physical Topology
System Requirements
Alteon VA VM Requirements
• Hypervisor Support
- 5
– VMware ESX 5.0 or above
– Addition Hypervisors are supported if applicable
• Virtual Machine Requirements
– CPU: 2 vCPUs
– Memory : 2GB
– Logical Disk: 3GB
– Network: 3 virtual interfaces (Management, Clients, Servers)
Environmental Requirements
• 2 - Virtual Machine running web service/application
– Part of the IP subnet associated with Alteon Data port/interface
• Client or Browser capable of reaching the Alteon Virtual IP routed via the Client
interface.
Tests Conducted for Solution Validation
The following tests were conducted to ensure the most appropriate solution was defined and validated. All tests were successfully completed using the Radware Alteon VA, UCS and Server configurations following Table 1.0.
Test Case
Action Expected Result Actual Result
Status
Verify that Alteon is reachable via console and/or SSH
- Using the vSphere console ensure that CLI connectivity is available for initial configuration and on-going alerts
Login and general information summary should appear
Radware Alteon login page and general info is visible
Pass
Test Alteon Web-based manageme nt (BBI)
- Via the Jump Host,
using IP connectivity
across a routed network
login via WBM (BBI)
Radware Alteon VA login and web interface should appear
Radware Alteon VA
Home Page is
displayed
Pass
TCP Health Checking the status of various application servers
- Via the group health
monitoring definition
ensure that real servers are actively responding to the TCP port check defined
When stopping the web service on a real server, the
TCP port check
should fail
Real server became unavailable when web service was stopped
Pass
HTTP Health
Checking
the status
of various
application
servers
- Via the group health
monitoring definition
ensure that real servers are actively responding to the HTTP check defined
When deleting the index web service page on a real server, the HTTP port check should fail
Real server became unavailable when web service index page was removed
Pass
Load Balancing Real World Traffic Mix
- Send numerous session
requests towards the
virtual IP
Sessions should be equally distributed across web servers
Sessions were
equally balanced
Pass
- 6
Load Balancing HTTP requests while maintaining persistency based on source IP
- Set virtual service persistency method to Client IP
- Send numerous session
requests towards the
virtual IP
Sessions should be
persisted according to SRC
IP regardless of
real server load
Sessions were
persisted
according to IP
Pass
Alteon ADC achieves client persistency (stickiness) based on cookie insertion
- Set virtual service
persistency method to
Cookie
- Send numerous session
requests towards the virtual IP
Sessions should be
persisted
according to cookie
regardless of real
server load
Sessions were
persisted
according to cookie
Pass
Alteon ADC
load
balances
- Set virtual service persistency method disable (SRC IP + SRC Port)
Sessions should be
persisted according to SRC
Sessions were
distributed evenly
across real servers
Pass
two web
servers in
cyclic mode
- Send numerous session
requests towards the
virtual IP
IP and port while
cyclically sending
new requests per server
Alteon ADC load balances two web servers in weighted mode
- Set virtual service persistency method disable (SRC IP + SRC Port)
- Set weight to 5 on real
server 1
- Send numerous session
requests towards the
virtual IP
Every 5 sessions should be sent to server 1 in respect to 1 session per server 2
Sessions were distributed according to weight across real servers
Pass
Alteon ADC load balances two web servers in least amount of connections mode
- Set group dispatch
method to “LeastConnections”
- Send numerous session requests towards the virtual IP
The real server holding the fewest number of connections should take new requests
Sessions were distributed according to the least loaded server
Pass
Verify Alteon’s ability to failover traffic with no service interruption while migrating VMs for real servers
- Migrate a real server IP to
a new virtual
machine without
touching ADC config
- Send numerous session
requests towards the
virtual IP
The health monitoring will identify the availability of the real server IP according to the new host and immediately use it for traffic distribution
without disruption to
existing
sessions
Sessions were retained while real servers were migrating to new underlying hosts, completely transparent to the virtual service or client
Pass
Table 1.0 - Test Conducted for Solution Validation
- 7
Radware’s Virtual Appliance Configuration
Preparing the UCS ecosystem for the Alteon VA OVA installation
Using a jump host, running vSphere Client, connect to the UCS blade server.
- 8
Click on File, in the upper left corner, and select “deploy from OVF template”.
Browse to the Alteon VA OVA File, in this case saved on the jump servers desktop, and select.
Then select Next on the navigation pane.
After reviewing the “Alteon VA template details” (information only), select Next.
Review the “license agreement”, Accept, and select Next.
Now, you will be asked to identify the specific “Host” for the VA. In the example, there is a location folder named “Radware” where 10.0.101.37 is the specific host used for our OVA instantiation. The OVA can be named anything to help in administration of the VA. Once the “Host” is identified, select Next, in the navigation pane.
- 9
Accept defaults for “Disk Format” and select Next.
Next you will be asked to align Alteon VA interfaces with VNIC interfaces assigned to the Host. Note: Three interfaces are currently used during instantiation. Later, during Alteon VA configuration, it becomes the choice of network administration and layout which of the three interfaces will be used in production.
- 10
Finally, you are asked to verify the “Ready to Complete” summary and select
Finish for installation to begin.
Moving to the Alteon VA entry now available in vSphere, you can now select the VA “AlteonVA_CiscoUCS” and Power On the VM.
- 11
To watch the installation execute, now move to the “Console” tab.
Initial Configuration of the Management Interface
Using the vSphere “console” tab, connect to the Radware Alteon Virtual Appliance.
Use the /cfg/sys/mmgmt menu to configure the management IP address
10.0.107.10, subnet mask 255.255.255.0, and default gateway 10.0.107.1.
/c/sys/mmgmt dhcp disabled addr 10.0.107.10 mask 255.255.255.0 broad 10.0.107.255 gw 10.0.107.1 ena Enable access to the Radware Alteon VA for Telnet, SSH and HTTP.
/cfg/sys/access/http/ena /cfg/sys/access/tnet/ena /cfg/sys/access/sshd/on/ena apply save
Connecting to the VA
You can accomplish initial switch configuration and management in a number of ways. An Application Switch offers a console connection, Telnet session, SSH and Web Browser connection
for initial configuration.
- 12
Logging into the VA
The user and password is (Default “admin”) for both.
Detailed Configuration Overview
Note: The configuration reviewed below defines session based persistency. Please see Appendix 1 for complete configuration.
The goal of the following section is to move data port 1 to VLAN 107, aligning to the UCS physical
NIC and logic VLAN assignment for our ecosystem.
/c/port 1 pvid 107
/c/l2/vlan 107 ena name "VLAN 107" learn ena def 1
/c/l2/stg 1/clear /c/l2/stg 1/add 1 2 107 /c/l2/stg 1/port 1/off /c/l2/stg 1/port 2/off /c/l3/if 1 ena
ipver v4 addr 10.0.107.65 mask 255.255.255.0 broad 10.0.107.255 vlan 107
/c/l3/gw 1 ena ipver v4 addr 10.0.107.1
/c/slb on
/c/slb/adv direct ena
/c/slb/real 1 ena ipver v4 rip 10.0.107.200
/c/slb/real 2 ena ipver v4
Assign VLAN 107 to Data port 1
Assign Data port 1 to VLAN 107
Remove STP from the single leg def.
Assign Data Network IP and VLAN association.
Assign Data Network default gateway.
Turn on “Server Load Balancing”.
Add Real Server 1 to the config.
Add Real Server 2 to the config.
- 13
rip 10.0.107.201 /c/slb/group 1
ipver v4 health http add 1 add 2
/c/slb/port 1 client ena server ena
/c/slb/virt 1 ena ipver v4 vip 10.0.107.70
/c/slb/virt 1/service 80 http group 1 rport 80
Add Group 1 and associated Real Servers to be load balanced.
Identify the port where the ADC will process client and server traffic.
Add the Virtual IP address that will globally represent the service/group.
Add a HTTP service to the Virtual IP and associate the appropriate group.
Validating the Configuration and Service Status
Using the CLI of the Alteon VA, execute the following informational command to see the state of the service, group and real servers at a glance:
/info/slb/virt 1
Note: If the real servers are not actively responding to the HTTP health check configured, the service will not be active or ready to receive traffic on the Virtual IP. In the example above, the servers are active and ready for traffic. The service can be accessed via any web client via IP 10.0.107.70. With traffic running from clients towards the Virtual IP of 10.0.107.70, we now begin to see sessions distributed across the two available servers.
/info/slb/sess/dump
- 14
Appendix 1 – Alteon VA Configuration
script start "Alteon Application Switch VA" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 18:03:35 Tue Dec 11, 2012
/* Configuration last applied at 18:06:51 Wed Dec 5, 2012
/* Configuration last save at 17:57:24 Wed Dec 5, 2012
/* Version 29.0.0, Mgmt MAC address 00:50:56:8c:2e:56
/c/sys/mmgmt
dhcp disabled addr
10.0.107.10
mask 255.255.255.0
broad 10.0.107.255 gw
10.0.107.1
ena
/c/sys/access
http ena
/c/port 1
pvid 107
/c/l2/vlan 1
dis
learn ena
def 0
/c/l2/vlan 2
dis
learn ena
def 2
/c/l2/vlan 107
ena
name "VLAN 107"
learn ena
def 1
/c/l2/stg 1/clear
/c/l2/stg 1/add 1 2 107
/c/l2/stg 1/port 1/off
/c/l2/stg 1/port 2/off
/c/l3/if 1 ena ipver v4
addr 10.0.107.65
mask 255.255.255.0
broad 10.0.107.255
vlan 107
/c/l3/gw 1
ena ipver
v4
- 15
addr 10.0.107.1 /c/slb
on
/c/slb/adv
direct ena
/c/slb/real 1 ena ipver v4
rip 10.0.107.200
/c/slb/real 2 ena ipver v4
rip 10.0.107.201
/c/slb/group 1 ipver v4 health http add 1 add 2
/c/slb/port 1 client
ena
server ena
/c/slb/virt 1 ena ipver v4
vip 10.0.107.70
/c/slb/virt 1/service 80 http
group 1
rport 80
/ script end /**** DO NOT EDIT THIS LINE!
Technical Support
Radware offers technical support for all of its products through the Radware Certainty Support Program. Please refer to your Certainty Support contract, or the Radware Certainty Support Guide available at:
http://www.radware.com/content/support/supportprogram/default.asp.
For more information, please contact your Radware Sales representative or:
U.S. and Americas: (866) 234-5763
International: +972(3) 766-8666
© 2008 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective owners.
