Brocade Virtual Traffic Manager: User's Guide, v10...53-1004324-03 December 2017 Brocade Virtual Traffic Manager: User's Guide Supporting 10.4r2

53-1004324-03

December 2017

Brocade Virtual Traffic Manager: User's Guide

Supporting 10.4r2

Copyright © 2017 Brocade Communications Systems, Inc. All Rights Reserved.

ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade,

OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision

and vADX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other

countries. Other brands, products, or service names mentioned may be trademarks of others.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or

implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade

reserves the right to make changes to this document at any time, without notice, and assumes no responsibility

for its use. This informational document describes features that may not be currently available. Contact a Brocade

sales office for information on feature and product availability. Export of technical data contained in this

document may require an export license from the United States government.

.The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or

entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the

information contained herein or the computer programs that accompany it.

The product described by this document may contain “open source” software covered by the GNU General

Public License or other open source license agreements. To find out which open source software is included in

Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the

programming source code, please visit

http://www.brocade.com/en/support/support-tools/oscd.html.

Brocade Communications Systems, Incorporated

Corporate and Latin American Headquarters

Brocade Communications Systems, Inc.

130 Holger Way

San Jose, CA 95134

Tel: 1-408-333-8000

Fax: 1-408-333-8101

E-mail: [email protected]

Asia-Pacific Headquarters

Brocade Communications Systems China HK, Ltd.

No. 1 Guanghua Road

Chao Yang District

Units 2718 and 2818

Beijing 100020, China

Tel: +8610 6588 8888

Fax: +8610 6588 9999


European Headquarters

Brocade Communications Switzerland Sàrl

Centre Swissair

Tour B - 4ème étage

29, Route de l'Aéroport

Case Postale 105

CH-1215 Genève 15

Switzerland

Tel: +41 22 799 5640

Fax: +41 22 799 5641


Asia-Pacific Headquarters

Brocade Communications Systems Co., Ltd. (Shenzhen

WFOE)

Citic Plaza

No. 233 Tian He Road North

Unit 1308 – 13th Floor

Guangzhou, China

Tel: +8620 3891 2000

Fax: +8620 3891 2111


http://www.brocade.com/en/support/support-tools/oscd.html

Contents

Brocade Virtual Traffic Manager: User's Guide iii

Contents

Preface ..................................................................................................................... 19

Document Conventions ............................................................................................ 19

Notes and Warnings ............................................................................................ 19

Text Formatting Conventions ............................................................................ 19

Command Syntax Conventions ......................................................................... 20

Brocade Resources ..................................................................................................... 21

Document Feedback .................................................................................................. 21

Contacting Brocade Technical Support .................................................................. 22

Brocade Customers .............................................................................................. 22

Brocade OEM Customers .................................................................................... 23

CHAPTER 1 Traffic Manager Overview ............................................................... 24

About This Guide ...................................................................................................... 24

Intended Audience .............................................................................................. 24

Introducing the Traffic Manager ............................................................................. 24

Typical Deployment ............................................................................................ 25

Traffic Manager Product Variants ........................................................................... 26

Developer Mode ................................................................................................... 27

Supported Platforms ............................................................................................ 27

Supported Cluster Combinations ...................................................................... 27

Chapter Outline ......................................................................................................... 29

CHAPTER 2 Network Layouts .............................................................................. 33

Essentials of Network Configuration ..................................................................... 33

Dedicated Management Network ........................................................................... 34

Sizing Your Cluster.................................................................................................... 35

Front-End Servers ................................................................................................ 35

IP Transparency ......................................................................................................... 37

Routing Configuration ........................................................................................ 39

Local Routing Problems ...................................................................................... 39

IP Transparency and Traffic Manager Clusters ............................................... 40

Traffic IP Addresses and Traffic IP Groups ........................................................... 40

Traffic IP Address Modes ................................................................................... 41

Example Configurations ..................................................................................... 42

Using IP Transparency with a Cluster .............................................................. 45

Route Health Injection and the Network .......................................................... 48

Contents

iv Brocade Virtual Traffic Manager: User's Guide

Introduction to IPv6 .................................................................................................. 52

Main Features of IPv6 in the Traffic Manager ................................................. 52

Technical Restrictions .......................................................................................... 53

CHAPTER 3 Initial Configuration ......................................................................... 55

Architecture Concepts ............................................................................................... 55

Managing Your First Service .................................................................................... 57

Using the Wizard to Create a Virtual Server and Pool ................................... 57

Creating a Pool and Virtual Server Manually .................................................. 58

Creating a Cluster ...................................................................................................... 59

Joining a Cluster ................................................................................................... 60

Joining Clusters with Traffic IP Groups ........................................................... 63

CHAPTER 4 Virtual Servers ................................................................................. 64

Applying Rules .......................................................................................................... 66

SSL Decryption ........................................................................................................... 67

Service Protection Classes ........................................................................................ 68

Bandwidth Management Classes ............................................................................ 69

Service Level Monitoring Classes ............................................................................ 69

HTTP Content Caching ............................................................................................. 70

Web Accelerator ......................................................................................................... 70

HTTP Content Compression .................................................................................... 71

Controlling Content Compression .................................................................... 71

Connection Analytics ................................................................................................ 72

Using Connection Analytics ............................................................................... 73

Request Logging ........................................................................................................ 74

Request Logging to a File .................................................................................... 74

Remote Request Logging .................................................................................... 75

Controlling Request Logging ............................................................................. 75

Connection Management .......................................................................................... 75

Handling Errors.................................................................................................... 79

Memory Limits for Connections ........................................................................ 81

CHAPTER 5 Pools ................................................................................................. 83

Load Balancing ........................................................................................................... 83

Locality Aware Request Distribution (LARD) ................................................. 85

Session Persistence .................................................................................................... 86

Bandwidth Management .......................................................................................... 87

Health Monitoring ..................................................................................................... 87

SSL Encryption ........................................................................................................... 88

Connection Management .......................................................................................... 88

Pool Connection Limiting ......................................................................................... 89

Contents

Brocade Virtual Traffic Manager: User's Guide v

Introduction .......................................................................................................... 89

Pool Connection Limits ....................................................................................... 89

Clustered Connection Limiting .......................................................................... 89

Connection Queuing ............................................................................................ 90

Considerations ...................................................................................................... 90

Enabling Pool Connection Limiting .................................................................. 91

Tracking Connection Limits ............................................................................... 91

Testing Connection Limits .................................................................................. 92

Back-End Fault Tolerance ......................................................................................... 92

Draining and Disabling Nodes ................................................................................ 94

Using the Drain a Node and Disable a Node Wizards ................................... 95

Autoscaling ................................................................................................................. 96

Introduction .......................................................................................................... 96

How It Works ....................................................................................................... 96

Configuration........................................................................................................ 97

DNS-Derived Autoscaling ...................................................................................... 106

CHAPTER 6 Traffic IP Groups and Fault Tolerance ......................................... 108

Fault Tolerance ......................................................................................................... 108

Traffic IP Addresses and Traffic IP Groups ................................................... 108

Distributing Traffic Within a Traffic IP Group .............................................. 109

Choosing Traffic IP Addresses .............................................................................. 109

Creating a Traffic IP Group .................................................................................... 110

Traffic Distribution ............................................................................................ 110

Passive Machines ............................................................................................... 112

Disabling a Traffic IP Group ............................................................................ 112

Interface-to-Subnet Mapping (Traffic IP Networks) .......................................... 112

Configuring Fault-Tolerance .................................................................................. 113

Fault Tolerance Configuration Settings .......................................................... 113

Understanding Traffic Manager Fault Tolerance Checks ............................ 116

Health Broadcasts .............................................................................................. 116

Determining the Health of a Cluster ............................................................... 117

Failover ...................................................................................................................... 117

Traffic IP Address Transfer (Single-Hosted Mode) ...................................... 117

Traffic IP Address Transfer (Multi-Hosted Mode) ....................................... 118

Traffic IP Address Transfer (RHI Mode) ........................................................ 118

Recovering from Failure ................................................................................... 118

Debugging and Monitoring Fault Tolerance Activity ........................................ 119

Configuring BGP Connectivity .............................................................................. 119

Configuring BGP Router IDs ............................................................................ 120

Managing BGP Neighbors ................................................................................ 120

Configuring OSPFv2 Connectivity........................................................................ 121

Contents

vi Brocade Virtual Traffic Manager: User's Guide

Configuring OSPFv2 IP Addresses ................................................................. 122

Configuring Neighborhood Monitoring ........................................................ 123

CHAPTER 7 Key Features in the Traffic Manager Administration Interface .. 124

The Home Page ........................................................................................................ 124

Services > Configuration Summary ...................................................................... 125

Catalogs ..................................................................................................................... 125

License Management ............................................................................................... 126

Adding and Removing License Keys .............................................................. 127

System > Global Settings ......................................................................................... 128

System > Backups..................................................................................................... 129

System > Backups > Partial Backups ............................................................... 131

Activity Monitoring ................................................................................................. 135

Activity > Current Activity ............................................................................... 135

Activity > Historical Activity ............................................................................ 140

Click Plot Data to view the graph using the current setting. You can also

download the data as a ".tsv" (tab-separated variable) file for your own

analysis.Activity > Map ..................................................................................... 141

Activity > Connections ...................................................................................... 141

Activity > Draining Nodes ................................................................................ 143

Activity > View Logs ......................................................................................... 144

Cloud Credentials .................................................................................................... 144

IAM Roles in Amazon EC2 Credentials ......................................................... 146

The Web Application Firewall ............................................................................... 146

Overview ............................................................................................................. 147

Enabling the Application Firewall ................................................................... 147

Application Firewall Features in the Traffic Manager Admin UI .............. 147

The System > Application Firewall Page ........................................................ 149

The Enforcer and Decider ................................................................................. 151

The Enforcer Rule ............................................................................................... 151

User Management .............................................................................................. 152

Updating Your Software ................................................................................... 153

CHAPTER 8 TrafficScript Rules ......................................................................... 154

Overview ................................................................................................................... 154

TrafficScript Example ........................................................................................ 155

TrafficScript Documentation ............................................................................ 156

Applications of Rules on the Traffic Manager ............................................... 157

Using a Rule on the Traffic Manager .................................................................... 157

Creating a Rule in the Catalog ......................................................................... 158

Uploading a Rule to the Catalog ...................................................................... 161

Applying a Rule to a Virtual Server ................................................................ 162

Contents

Brocade Virtual Traffic Manager: User's Guide vii

Example Rules .......................................................................................................... 163

Routing by Content Type .................................................................................. 163

Restricting Access Based on Time of Day ....................................................... 163

Customer Prioritization ..................................................................................... 164

Managing Levels of Service .............................................................................. 164

Routing Based on XML Traffic ......................................................................... 165

CHAPTER 9 TrafficScript Authentication Support ........................................... 168

Overview ................................................................................................................... 168

Configuring Authenticators ................................................................................... 168

Configuring the TrafficScript Rule ........................................................................ 172

Configuring the Virtual Server .............................................................................. 173

CHAPTER 10 Java Extensions ........................................................................... 174

Introduction to Java ................................................................................................. 174

Invoking a Java Extension ...................................................................................... 174

Configuring the Traffic Manager to Use Java ...................................................... 175

Requirements ...................................................................................................... 175

Compiling a Java Extension .............................................................................. 175

Loading Java Extensions onto the Traffic Manager ...................................... 176

Configuring the Traffic Manager’s Java Extension Runner ......................... 176

CHAPTER 11 Protocol Support ......................................................................... 178

Basic TCP Protocols ................................................................................................. 178

Server-First Protocols ........................................................................................ 178

Client-First Protocols ......................................................................................... 179

Server-First with "Server Banner" .................................................................... 180

Generic Streaming Protocols ............................................................................ 181

HTTP .......................................................................................................................... 181

SSL .............................................................................................................................. 183

Protecting the SSL Handshake ......................................................................... 184

SSL Connection Renegotiation Protection ...................................................... 184

SMTP (Simple Mail Transport Protocol) .............................................................. 186

FTP ............................................................................................................................. 187

FTP Source Ports ................................................................................................ 188

SSL-Wrapped FTP (FTPS) ................................................................................. 189

Use Cases for SSL-Wrapped FTP ..................................................................... 190

Real-Time Streaming Protocol ............................................................................... 191

Setting Up an RTSP Service .............................................................................. 192

Session Initiation Protocol ...................................................................................... 193

Features of SIP .................................................................................................... 193

The Traffic Manager and the SIP Protocol ..................................................... 194

Contents

viii Brocade Virtual Traffic Manager: User's Guide

Configuring the Proxy Servers to Support Traffic Management ................ 195

Setting Up a SIP Service on the Traffic Manager ........................................... 196

SIP Operation Modes on the Traffic Manager ............................................... 196

Additional SIP Settings ..................................................................................... 198

Communicating with UDP-Based SIP Servers .............................................. 200

CHAPTER 12 Session Persistence .................................................................... 201

What Is Session Persistence? .................................................................................. 201

Configuring Session Persistence ............................................................................ 202

Enabling Session Persistence ............................................................................ 202

Selecting a Persistence Method ........................................................................ 203

Resolving Session Persistence Maps to Nodes .............................................. 208

Node Failure Options ........................................................................................ 208

Draining Connections ........................................................................................ 209

Sizing the Session Persistence Caches ............................................................. 210

Using Session Persistence with Multi-Hosted Traffic IP Addresses .......... 211

Session Persistence with UDP protocols .............................................................. 212

Examples ................................................................................................................... 212

Universal PHP Persistence ............................................................................... 212

CHAPTER 13 SSL Encryption ............................................................................ 214

Overview of SSL....................................................................................................... 214

Server Authentication ........................................................................................ 214

Client Authentication ........................................................................................ 215

Encrypted Data Transfer ................................................................................... 216

SSL Features in the Traffic Manager ..................................................................... 216

Decryption and Encryption .............................................................................. 216

SSL Certificates Catalog .................................................................................... 216

SSL Decryption Wizard .......................................................................................... 217

Configuring SSL Certificates .................................................................................. 217

Creating a New Self-Signed SSL Certificate ................................................... 218

Managing Certificate Data ................................................................................ 219

Creating a Certificate Signing Request ........................................................... 220

Importing a New SSL Certificate ..................................................................... 221

Working with Intermediate Certificates ......................................................... 221

Managing Certificate Authority Certificates and CRL Files ............................. 222

SSL Decryption ......................................................................................................... 223

Setting Up SSL Decryption ............................................................................... 224

Serving Multiple Sites Using a Single Virtual Server ................................... 226

Configuring Ciphers and TLS Versions .......................................................... 227

Client Certificates ............................................................................................... 229

Configuring OCSP ............................................................................................. 230

Contents

Brocade Virtual Traffic Manager: User's Guide ix

SSL Session ID Cache......................................................................................... 233

OCSP Stapling Cache......................................................................................... 234

SSL Encryption ......................................................................................................... 234

Preserving IP Addresses with SSL Forwarding .................................................. 235

Use of SSL Cryptographic Devices........................................................................ 236

Configuring the Traffic Manager to Use an SSL Device .............................. 237

Verifying Correct Operation of SSL Devices.................................................. 240

Using the Connect to Microsoft Azure Key Vault Wizard .......................... 241

Identifying Keys and Certificates Stored on a Secure Device ..................... 243

CHAPTER 14 Health Monitoring ........................................................................ 244

Which Nodes Are Monitored? ............................................................................... 244

Using Nodes in Multiple Pools ........................................................................ 244

Passive Health Monitoring ..................................................................................... 245

Retrying Failed Requests .................................................................................. 246

Node Failures...................................................................................................... 247

Enabling and Disabling Passive Monitoring ................................................. 247

Overview of Health Monitors ................................................................................ 247

The Monitors Catalog .............................................................................................. 248

Built-in Health Monitors ................................................................................... 249

Custom Health Monitors .................................................................................. 251

Per-Node and Pool-Wide Monitors ................................................................. 252

Using Health Monitors ........................................................................................... 252

Applying a Monitor to a Pool ........................................................................... 252

External Program Monitors .................................................................................... 253

Uploading Monitors to the Traffic Manager .................................................. 254

Writing Monitors in Perl ................................................................................... 254

CHAPTER 15 Service Protection ....................................................................... 256

Classes of Risk .......................................................................................................... 256

Denial of Service (DoS) ...................................................................................... 256

Web Worms and Viruses .................................................................................. 256

Distributed Denial of Service Attacks (DDoS) ............................................... 256

Malformed HTTP Attacks ................................................................................. 257

Firewalls and Other Security Measures .......................................................... 257

Protection Features .................................................................................................. 257

Network Access Restrictions ............................................................................ 257

Connection Limiting .......................................................................................... 258

Malformed HTTP Filtering ............................................................................... 258

Rule-Based Protection ....................................................................................... 258

Enabling Service Protection.................................................................................... 258

Adding a Service Protection Class ........................................................................ 259

Contents

x Brocade Virtual Traffic Manager: User's Guide

Basic Settings ...................................................................................................... 259

Simultaneous Connections ............................................................................... 259

Connection Rate ................................................................................................. 260

Access Restrictions ............................................................................................. 261

HTTP-Specific Settings ...................................................................................... 261

Service Protection Rule...................................................................................... 262

Applying a Service Protection Class to a Virtual Server .................................... 262

Service Protection Performance ............................................................................. 263

CHAPTER 16 Bandwidth Management.............................................................. 264

What Is Bandwidth Management? ........................................................................ 264

Configuring Bandwidth Management ................................................................. 265

Adding a Bandwidth Class to the Catalog ..................................................... 265

Assigning a Bandwidth Class to a Virtual Server ......................................... 266

Assigning a Bandwidth Class to a Pool .......................................................... 266

Using TrafficScript to Select a Bandwidth Class ........................................... 267

CHAPTER 17 Request Rate Shaping ................................................................. 268

What Is Request Rate Shaping? ............................................................................. 268

Configuring a Request Rate Shaping Class (Rate Class).................................... 269

Adding a Rate Class to the Catalog ................................................................. 269

Using a Rate Class ................................................................................................... 269

The Rate Queue .................................................................................................. 270

Selective Rate Shaping ....................................................................................... 271

More Fine-Grained Rate Shaping .......................................................................... 271

Rate-Shaping Web Spiders ............................................................................... 272

Graphing Request Rate Shaping ............................................................................ 273

CHAPTER 18 Service Level Monitoring ............................................................ 274

Introducing Service Level Monitoring ................................................................. 274

Configuring a Service Level Monitoring Class (SLM Class) ............................. 275

Adding an SLM Class to the Catalog .............................................................. 275

Applying an SLM Class to a Virtual Server ......................................................... 276

Applying SLM Classes from TrafficScript ........................................................... 276

SLM Class TrafficScript Examples ........................................................................ 276

"FrontPage Scripts Only" Service Level Monitoring ..................................... 277

Prioritizing Resources with Service Level Monitoring ................................. 277

Graphing SLM Class Conformance Rates ............................................................ 278

CHAPTER 19 Content Caching .......................................................................... 279

Introduction .............................................................................................................. 279

Contents

Brocade Virtual Traffic Manager: User's Guide xi

Configuring Content Caching ................................................................................ 279

Applying Content Caching to a Virtual Server ............................................. 280

Configuring Lifetimes ....................................................................................... 280

Configuring Web Cache Memory Usage ........................................................ 281

Monitoring Cache Activity ............................................................................... 283

Configuring Disk-Based Caching .................................................................... 283

Caching Policy .......................................................................................................... 284

Requests ............................................................................................................... 284

Responses ............................................................................................................ 284

Variants ................................................................................................................ 285

Byte Ranges ......................................................................................................... 285

ETags .................................................................................................................... 286

Controlling Content Caching Using TrafficScript .............................................. 286

HTTP Request Processing ................................................................................. 286

HTTP Response Processing .............................................................................. 286

TrafficScript Cache Control Functions ............................................................ 286

Forcing Stale Content out of the Cache ................................................................ 288

Manual Removal of Cached Content .............................................................. 288

Programmatic Removal of Cached Content................................................... 289

CHAPTER 20 Using Brocade Web Accelerator to Optimize Your Web Content290

Introduction .............................................................................................................. 290

Modes of Operation ................................................................................................. 290

Configuring Web Accelerator for Your Services ................................................. 291

The Web Accelerator Wizard ........................................................................... 292

Application Scopes ............................................................................................ 292

Web Accelerator Profiles ................................................................................... 293

Measuring Web Accelerator Changes .................................................................. 298

Checking That Web Accelerator Is Active ...................................................... 298

Using Stealth Mode to Test Web Accelerator ................................................ 298

Measuring Web Page Speed ............................................................................. 299

Tools ..................................................................................................................... 299

Understanding Custom Acceleration Profiles ..................................................... 301

Acceleration Settings ......................................................................................... 303

Understanding Optimization Techniques ........................................................... 308

Web Page Speed Rules ...................................................................................... 309

Resource Naming and URL Versioning ......................................................... 312

Using a Content Distribution Network .......................................................... 316

Troubleshooting Web Accelerator ........................................................................ 317

Controlling Unexpected Behavior ................................................................... 317

Interaction with Other Traffic Manager Functionality ................................. 318

Runtime Errors ................................................................................................... 322

Contents

xii Brocade Virtual Traffic Manager: User's Guide

Image Errors ....................................................................................................... 323

CSS Errors ........................................................................................................... 324

JavaScript Errors ................................................................................................. 324

Other Configurable Global Settings ................................................................ 326

CHAPTER 21 Event Handling and Alerts .......................................................... 327

Overview ................................................................................................................... 327

Event Types .............................................................................................................. 328

Creating New Event Types ............................................................................... 329

Actions ....................................................................................................................... 330

Testing Actions ................................................................................................... 331

Configuring an Event Handler .............................................................................. 332

Duplicate Events ................................................................................................ 332

Custom Actions ........................................................................................................ 332

Calling a Program or Script .............................................................................. 332

Sending a SOAP Message ................................................................................. 333

Raising Events from TrafficScript or Java Extensions ........................................ 335

Example ............................................................................................................... 336

CHAPTER 22 Configuring System Level Settings ........................................... 338

Network Configuration .......................................................................................... 338

Configuring the Hostname and IP Addresses ............................................... 338

Configuring VLANs .......................................................................................... 339

Configuring Your DNS Settings ...................................................................... 340

Configuring Routing ......................................................................................... 341

Configuring Return Path Routing ................................................................... 341

Configuring IP Forwarding and Network Address Translation (NAT) .... 345

Time and Date Configuration ................................................................................ 348

Setting the Time Manually................................................................................ 348

Using an NTP Server ......................................................................................... 348

Synchronizing Time from the Traffic Manager ............................................. 349

Remote Login to the Traffic Manager ................................................................... 349

Entering Custom Kernel Parameters .................................................................... 349

Adding or Modifying a Parameter .................................................................. 350

Existing Entries ................................................................................................... 350

CHAPTER 23 System Security ........................................................................... 351

Firewall and Operating System Settings .............................................................. 351

Firewalling Techniques ..................................................................................... 351

Firewall Configuration with the Traffic Manager ......................................... 351

Network Design ....................................................................................................... 352

UNIX User Permissions .......................................................................................... 353

Contents

Brocade Virtual Traffic Manager: User's Guide xiii

File System Security................................................................................................. 354

Operating System Settings ..................................................................................... 354

CHAPTER 24 Admin Server Security ................................................................ 356

Basic Administration Server Settings ................................................................... 356

Changing the Admin Server SSL Certificate .................................................. 356

Restricting Access to the Admin Server.......................................................... 357

Changing Admin Server Ports ......................................................................... 357

Traffic Manager SSH Server Security .............................................................. 357

Cluster Communication .................................................................................... 359

SSL Settings for Admin Server and Internal Connections ........................... 360

Access to the REST API ..................................................................................... 361

User Management .................................................................................................... 361

User Authentication ........................................................................................... 361

Local Users .......................................................................................................... 362

Authenticators .................................................................................................... 364

Testing an Authenticator .................................................................................. 368

Permission Groups ............................................................................................. 369

Login Timeout .................................................................................................... 370

Suspended Users ................................................................................................ 370

Login Security and Behavior .................................................................................. 371

The Login Information Banner .............................................................................. 372

The Event and Audit Logs...................................................................................... 373

CHAPTER 25 The Traffic Manager Control API ................................................ 374

Introducing the Traffic Manager Control API ..................................................... 374

Example: Listing Running Virtual Servers .......................................................... 374

Perl with SOAP::Lite .......................................................................................... 374

C Sharp or Mono ................................................................................................ 375

Further Examples ............................................................................................... 377

CHAPTER 26 Command Line Interface ............................................................. 378

Accessing the CLI .................................................................................................... 378

Permissions ......................................................................................................... 379

Commands ................................................................................................................ 380

Control API methods ......................................................................................... 381

Built-in Commands ............................................................................................ 384

Scripting the CLI ...................................................................................................... 388

Script Output ...................................................................................................... 389

Contents

xiv Brocade Virtual Traffic Manager: User's Guide

CHAPTER 27 Granular Configuration Import/Export with zconf .................... 390

Introduction .............................................................................................................. 390

Using zconf ............................................................................................................... 390

Exporting a Complete Backup ............................................................................... 391

Configuration Listings ............................................................................................ 392

Partial Imports .......................................................................................................... 392

CHAPTER 28 Multi-Site Cluster Management .................................................. 393

Introduction .............................................................................................................. 393

Activation and Deactivation .................................................................................. 394

Key Concepts ............................................................................................................ 394

Configuration Locations ................................................................................... 394

Clusters ................................................................................................................ 395

Deployment Scenarios ............................................................................................ 395

Create and Manage a Second Traffic Manager Location ............................. 395

Add a New Traffic Manager to Your Multi-Site Cluster .............................. 396

Merging Two or More Existing Traffic Manager Clusters ........................... 396

Configuration ........................................................................................................... 398

Setting Up Locations .......................................................................................... 398

Setting Traffic Manager Locations ................................................................... 398

Location-Specific Configuration ...................................................................... 399

Home Page Changes .......................................................................................... 400

The World Map .................................................................................................. 401

Traffic Visualization .......................................................................................... 401

CHAPTER 29 The Traffic Manager DNS Server ................................................ 402

DNS Primer............................................................................................................... 402

Introduction ........................................................................................................ 402

The Layout of DNS ............................................................................................ 402

Delegation of Authority .................................................................................... 402

Name Resolution ................................................................................................ 403

Resource Records ............................................................................................... 403

Zone Files ............................................................................................................ 404

The Resolution Process ...................................................................................... 406

Supported DNS Features ........................................................................................ 407

Implemented Features from RFC 1034 ........................................................... 407

Implemented Features from RFC 1035 ........................................................... 408

Exceptions for RFC 1034 ................................................................................... 409

Exceptions for RFC 1035 ................................................................................... 409

Other Implemented Features ........................................................................... 410

Other Excluded Features ................................................................................... 410

Configuring the DNS Server .................................................................................. 411

Contents

Brocade Virtual Traffic Manager: User's Guide xv

Configuration Summary ................................................................................... 411

Uploading DNS Zonefiles to the Traffic Manager ........................................ 412

Setting Up Traffic Manager Zones .................................................................. 412

Configuring a DNS Virtual Server .................................................................. 413

CHAPTER 30 Global Load Balancing ................................................................ 415

Introduction and Prerequisites .............................................................................. 415

About Global Server Load Balancing ................................................................... 416

GSLB Within the Traffic Manager ................................................................... 417

Deployment Planning ............................................................................................. 417

Traffic Manager Positioning ............................................................................. 417

Deployment Methods ........................................................................................ 418

The Time-to-Live (TTL) Field ........................................................................... 423

Components of a Traffic Manager GLB Deployment......................................... 423

GLB Locations ..................................................................................................... 423

GLB Services ....................................................................................................... 424

GLB Configured Virtual Servers and Pools ................................................... 425

DNS Servers ........................................................................................................ 425

Service IP Addresses .......................................................................................... 425

Service Monitors ................................................................................................. 425

Configuring GLB...................................................................................................... 426

Overview ............................................................................................................. 426

Defining GLB Locations .................................................................................... 426

Creating a Service Monitor ............................................................................... 427

Creating a GLB Service ...................................................................................... 428

Creating a DNS Server Pool ............................................................................. 433

Creating a DNS Virtual Server ......................................................................... 433

Traffic Visualization ................................................................................................ 434

The Current Activity Graph ............................................................................. 435

The Historical Activity Graph .......................................................................... 435

The Connections Page ....................................................................................... 435

GLB Request Logs .............................................................................................. 435

Testing DNS with DIG ............................................................................................ 436

Extending the Traffic Manager's GeoIP Database .............................................. 436

Unrecognized IP Addresses ............................................................................. 437

Extending the Traffic Manager's GeoIP Database ......................................... 437

Testing the IP Address Mappings ................................................................... 438

Updating Your Traffic Manager Cluster Configuration .............................. 438

CHAPTER 31 FIPS Validation in the Traffic Manager....................................... 440

Introduction to FIPS ................................................................................................ 440

FIPS Mode ................................................................................................................. 440

Contents

xvi Brocade Virtual Traffic Manager: User's Guide

FIPS 140-2 ............................................................................................................ 440

FIPS 140-2 and the Traffic Manager ................................................................ 441

Deploying FIPS Mode ............................................................................................. 444

Preparation .......................................................................................................... 444

Enabling FIPS Mode .......................................................................................... 449

Operating in FIPS Mode .................................................................................... 449

CHAPTER 32 Kerberos Constrained Delegation Support ............................... 451

The Kerberos Protocol ............................................................................................. 451

Kerberos Protocol Transition and Constrained Delegation .............................. 451

Protocol Transition ............................................................................................. 451

Constrained Delegation .................................................................................... 451

Rationale for Using Kerberos ................................................................................. 452

Configuring Kerberos on the Traffic Manager .................................................... 452

Traffic Manager Service Principal ................................................................... 452

Virtual Server Protocol Transition Configuration ......................................... 454

Pool Protocol Transition Configuration .......................................................... 455

CHAPTER 33 Troubleshooting .......................................................................... 457

Tools and Techniques .............................................................................................. 457

Diagnosis and Event Logging ................................................................................ 457

Monitoring Requests and Responses .................................................................... 458

Connection Activity Report .............................................................................. 459

Request Logs ....................................................................................................... 459

Advanced Logging ............................................................................................ 460

Monitoring Events ............................................................................................. 460

Detailed Debugging of Connections ..................................................................... 460

Testing Individual Nodes ....................................................................................... 462

Understanding Your Configuration ..................................................................... 462

Troubleshooting Tips .............................................................................................. 463

Generating Test Requests.................................................................................. 463

Checking Automatic Back-End Failover ........................................................ 464

Checking Automatic Front-End Failover ....................................................... 464

Common Problems .................................................................................................. 465

Did Not Become Root ........................................................................................ 465

Connection Refused ........................................................................................... 465

Inappropriate Traffic IP Addresses Configured ............................................ 466

The Traffic Manager Drops Connection Before Protocol Begins ................ 466

Web Server Returns Error 400 .......................................................................... 466

Wrong Port Number Configured .................................................................... 466

Running Out of File Descriptors ...................................................................... 467

Running Out of Disk Space .............................................................................. 467

Contents

Brocade Virtual Traffic Manager: User's Guide xvii

Getting Help ............................................................................................................. 468

CHAPTER 34 Glossary ....................................................................................... 469

CHAPTER 35 Software License Acknowledgements ....................................... 476

License for the Berkeley DB Code (Version 1.85) ................................................ 476

RSA PKCS11 ............................................................................................................. 477

License for the OpenLDAP Code, Version 2.4.23 ............................................... 477

PCRE2 License .......................................................................................................... 478

Libnet License ........................................................................................................... 480

License for Yahoo! UI Library ................................................................................ 481

License for ssleay Cryptographic Library ............................................................ 482

License for libxml2 and libxslt ............................................................................... 483

License for the Java Servlet API ............................................................................. 484

License for the Expat XML Parser ......................................................................... 485

License for MooTools .............................................................................................. 486

Licenses for OpenLayers ......................................................................................... 486

License for rsync ...................................................................................................... 488

License for mod_imap.c .......................................................................................... 488

License for Antlr and libantlr ................................................................................. 490

License for es3-grammar ........................................................................................ 491

License for jsoncpp .................................................................................................. 491

License for libjpeg .................................................................................................... 492

License for libunwind ............................................................................................. 494

License for the Perl JSON Library ......................................................................... 494

License for OpenSSL ............................................................................................... 497

License for WebP ..................................................................................................... 500

License for Flex......................................................................................................... 501

License for CryptoJS ................................................................................................ 502

License for zlib ......................................................................................................... 503

License for zlib.js ...................................................................................................... 504

License for XML::Twig ............................................................................................ 504

License for MIT Kerberos ....................................................................................... 505

License for Libedit ................................................................................................... 528

License for ZebOS .................................................................................................... 531

License for Curl ........................................................................................................ 531

License for Jansson .................................................................................................. 531

License for Digest::SHA .......................................................................................... 532

License for Sys::SysLog ........................................................................................... 533

License for Perl ......................................................................................................... 533

Contents

xviii Brocade Virtual Traffic Manager: User's Guide

CHAPTER 36 Index ............................................................................................. 537

Document Conventions Traffic Manager Overview

Brocade Virtual Traffic Manager: User's Guide 19

Preface

Read this preface for an overview of the information provided in this guide. This

preface includes the following sections:

"Document Conventions", next

"Brocade Resources" on page 21

"Document Feedback" on page 21

"Contacting Brocade Technical Support" on page 22

Document Conventions

The document conventions describe text formatting conventions, command syntax

conventions, and important notice formats used in Brocade technical documentation.

Notes and Warnings

Note, important, and caution statements might be used in this document. They are

listed in the order of increasing severity of potential hazards.

Note: A Note provides a tip, guidance, or advice, emphasizes important information,

or provides a reference to related information.

Important: An Important statement indicates a stronger note, for example, to alert

you when traffic might be interrupted or the device might reboot.

Caution: A Caution statement alerts you to situations that can be potentially

hazardous to you or cause damage to hardware, firmware, software, or data.

Text Formatting Conventions

Text formatting conventions such as boldface, italic, or Courier font might be used in

the flow of the text to highlight specific words or phrases.

Format Description

bold text Identifies command names

Identifies keywords and operands

Traffic Manager Overview Document Conventions

20 Brocade Virtual Traffic Manager: User's Guide

Format Description

Identifies the names of user-manipulated GUI elements

Identifies text to enter at the GUI

italic text Identifies emphasis

Identifies variables

Identifies document titles

Courier font Identifies CLI output

Identifies command syntax examples

Command Syntax Conventions

Bold and italic text identify command syntax components. Delimiters and operators

define groupings of parameters and their logical relationships.

Convention Description

bold text Identifies command names, keywords, and command

options.

italic text Identifies a variable.

value In Fibre Channel products, a fixed value provided as input

to a command option is printed in plain text.

For example, --show WWN.

[ ] Syntax components displayed within square brackets are

optional.

Default responses to system prompts are enclosed in square

brackets.

Document Feedback Traffic Manager Overview


Convention Description

{ x | y | z } A choice of required parameters is enclosed in curly

brackets separated by vertical bars. You must select one of

the options.

In Fibre Channel products, square brackets may be used

instead for this purpose.

x | y A vertical bar separates mutually exclusive elements.

< > Nonprinting characters, for example, passwords, are

enclosed in angle brackets.

... Repeat the previous element, for example,

member[member...].

\ Indicates a “soft” line break in command examples. If a

backslash separates two lines of a command input, enter the

entire command at the prompt without the backslash.

Brocade Resources

Visit the Brocade website to locate related documentation for your product and

additional Brocade resources.

White papers, data sheets, and the most recent versions of Brocade software and

hardware manuals are available at www.brocade.com. Product documentation for

all supported releases is available to registered users at MyBrocade. Click the

Support tab and select Document Library to access documentation on MyBrocade or

www.brocade.com. You can locate documentation by product or by operating

system.

Release notes are bundled with software downloads on MyBrocade. Links to

software downloads are available on the MyBrocade landing page and in the

Document Library.

Document Feedback

Quality is our first concern at Brocade and we have made every effort to ensure the

accuracy and completeness of this document. However, if you find an error or an

http://www.brocade.com/http://my.brocade.com/http://my.brocade.com/http://www.brocade.com/http://my.brocade.com/

Traffic Manager Overview Contacting Brocade Technical Support


omission, or you think that a topic needs further development, we want to hear from

you. You can provide feedback in two ways:

Through the online feedback form in the HTML documents posted on

http://www.brocade.com/.

By sending your feedback to [email protected].

Provide the publication title, part number, and as much detail as possible, including

the topic heading and page number if applicable, as well as your suggestions for

improvement.

Contacting Brocade Technical Support

As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by

telephone, or by e-mail. Brocade OEM customers contact their OEM/Solutions

provider.

Brocade Customers

For product support information and the latest information on contacting the

Technical Assistance Center, go to http://www.brocade.com and select Support.

If you have purchased Brocade product support directly from Brocade, use one of

the following methods to contact the Brocade Technical Assistance Center 24x7.

http://www.brocade.com/mailto:[email protected]://www.brocade.com/

Contacting Brocade Technical Support Traffic Manager Overview


Online Telephone E-mail

Preferred method of

contact for nonurgent

issues:

Case management

through the

MyBrocade portal.

Quick Access links to

Knowledge Base,

Community,

Document Library,

Software Downloads

and Licensing tools.

Required for Sev 1-Critical

and Sev 2-High issues:

Continental US: 1-800-

752-8061

Europe, Middle East,

Africa, and Asia

Pacific:

+800-AT FIBREE (+800

28 34 27 33)

Toll-free numbers are

available in many

countries.

For areas unable to

access a toll free

number:

+1-408-333-6061

[email protected]

Please include:

Problem summary

Serial number

Installation details

Environment

description

Brocade OEM Customers

If you have purchased Brocade product support from a Brocade OEM/Solution

Provider, contact your OEM/Solution Provider for all of your product support needs.

OEM/Solution Providers are trained and certified by Brocade to support

Brocade® products.

Brocade provides backline support for issues that cannot be resolved by the

OEM/Solution Provider.

Brocade Supplemental Support augments your existing OEM support contract,

providing direct access to Brocade expertise. For more information, contact

Brocade or your OEM.

For questions regarding service levels and response times, contact your

OEM/Solution Provider.

http://my.brocade.com/http://www.brocade.com/services-support/international_telephone_numbers/index.pagemailto:[email protected]

Traffic Manager Overview Introducing the Traffic Manager


CHAPTER 1 Traffic Manager Overview

About This Guide

The Brocade Virtual Traffic Manager: User's Guide describes how to configure and

manage Brocade Virtual Traffic Manager (the Traffic Manager).

Brocade recommends first reading the Brocade Virtual Traffic Manager: Installation and

Getting Started Guide applicable to your product variant for an introduction to

installing the Traffic Manager and performing basic configuration to load-balance

services.

This document describes the features and capabilities of the Traffic Manager release

10.4r2.

Intended Audience

This guide is written for system administrators familiar with administering and

managing Web services and infrastructure.

This guide assumes you are familiar with networking terminology.

Introducing the Traffic Manager

The Traffic Manager product family provides high-availability, application-centric

traffic management and load balancing solutions. They provide control, intelligence,

security and resilience for all your application traffic.

The Traffic Manager is intended for organizations hosting valuable business-critical

services, such as TCP and UDP-based services like HTTP (Web) and media delivery,

and XML-based services such as Web Services.

The Traffic Manager’s unique process architecture ensures it can handle large

volumes of network traffic efficiently. Its inherent scalability allows you to add more

front-end Traffic Managers or back-end servers to your cluster as the need arises.

The cluster size is unlimited, and the performance of the Traffic Manager grows in

line with the performance of the platform used.

The Traffic Manager represents a family of highly capable solutions that can be

adapted and extended as new requirements arise. Using the unique TrafficScript

language and built-in Java Extensions you can write sophisticated, tailored traffic

management rules to inspect, transform, manage and route requests and responses.

TrafficScript rules can manage connections in any TCP or UDP-based protocol.

Introducing the Traffic Manager Traffic Manager Overview


Traffic Manager products are secure out-of-the-box, and are hardened against

intrusion and Denial-of-Service (DoS) attacks. They incorporate the fastest and

strongest Secure Sockets Layer1 (SSL) encryption technologies, and can efficiently

decrypt and re-encrypt large numbers of secure connections. TrafficScript rules,

security policies and other content-based calculations can be applied to encrypted

requests while retaining full end-to-end security.

For critical, high-availability solutions, the Traffic Manager offers cluster

redundancy. This allows you to have unlimited numbers of active and passive

standby front-end servers. If one of your active machines fails, a standby server is

automatically brought into action; in the case of subsequent failure, more standby

servers are available to take up the load. This ensures that there is no single point of

failure in the system.

Typical Deployment

Fig 1. A typical deployment using a cluster of Traffic Managers

1 The Traffic Manager supports SSL and its successor TLS (Transport Layer Security). References to SSL throughout this guide

typically refer to both algorithms, unless specified independently.

Traffic Manager Overview Traffic Manager Product Variants


Traffic Manager Product Variants

The Traffic Manager product family is available in a variety of software, hardware

appliance, virtual appliance, and cloud instance configurations. All variants share

the same core Traffic Manager software, but different versions can provide different

levels of functionality depending on the enabling license key.

This manual documents the full functionality of the Traffic Manager software with

all options enabled. It might describe features and capabilities that are not present or

visible in the version of the product you are using. Features present but not enabled

in your license key are greyed-out and un-selectable in the Admin UI.

For example, Global Load Balancing, Service Level Monitoring, Rate Shaping,

Autoscaling, and Bandwidth Management are examples of advanced product

capabilities and might not be enabled in your particular configuration.

In addition, Brocade provides two optional Traffic Manager components, available

only through an appropriate license key upgrade:

Brocade Virtual Web Application Firewall (Web Application Firewall):

Provides advanced attack detection and protection for your Web applications. See

CHAPTER 7, "The Web Application Firewall" for more details about how this fits

into your Traffic Manager infrastructure. For full product details and instructions,

see the Brocade Virtual Web Application Firewall User Guide, available from the

Brocade Web site at:

https://www.brocade.com/vadc-docs

Brocade Web Accelerator (Web Accelerator): Provides content optimization

functionality for your Web applications. This is available as either a fully

integrated component of the Traffic Manager, or in standalone proxy mode

whereby the load balancing aspects of the Traffic Manager are disabled. Your

sales representative can provide details about which variant is most appropriate

for your needs. CHAPTER 20, "Using Brocade Web Accelerator to Optimize Your

Web Content", provides full details about how to enable and configure Web

Accelerator for your infrastructure.

Note: Web Accelerator functionality is not available for software variants running

on SPARC-based Solaris or SunOS platforms.

Appliance and cloud versions of the Traffic Manager feature Networking and

Date/Time configuration options not available in software-only versions.

Your product version specifications describe which capabilities are enabled in your

particular variant. See also the applicable installation and getting started guide

available from the Brocade Web site.

https://www.brocade.com/vadc-docs

Traffic Manager Product Variants Traffic Manager Overview


Developer Mode

When unlicensed, The Traffic Manager falls back to a default state known as

Developer mode. This is designed to allow the user to experience the full features

and capabilities of the Traffic Manager for development or evaluation purposes. Full

product functionality is provided, but in a bandwidth-constrained environment. It

operates with a maximum bandwidth limited to 1Mb/s and 100 SSL TPS

(transactions per second).

Important: The Developer mode is not designed or intended for full production use.

It is recommended that you contact your support provider for details about how to

purchase a license key suitable for your needs.

Supported Platforms

The Traffic Manager software can be deployed on a range of platforms, on physical

or virtual servers, and in cloud infrastructures. Refer to the release notes and

documentation at http://www.brocade.com/en/products-services/application-

delivery-controllers/virtual-traffic-manager.html for up-to-date platform and version

number requirements.

Software

The Traffic Manager is available as a software package suitable for deployment on

existing supported Linux and UNIX servers. Supported distributions are listed in the

release notes as mentioned above.

Appliances

Brocade provides the Traffic Manager as an appliance disk image, suitable for

deployment

Documents

Brocade Virtual Traffic Manager: User's Guide, v10...53-1004324-03 December 2017 Brocade Virtual Traffic Manager: User's Guide Supporting 10.4r2