Application Delivery (ADX)

Reply
Contributor
Posts: 20
Registered: ‎01-18-2012

All port's on a VIP?

So I am configuring a VIP for a particular request and the application that this VIP will be load-balancing uses a single port initially (let's say 80), but then instigates the client to open another TCP session using a different port (let's say 60000) that is above the well-known ports... and this is picked at random... So, when this happens, per the VIP\Real Server not being configured for this new port, our ADX (running 12.400) reject's the new TCP session... Is there a way to configure a VP\Real Server to allow all ports? Obviously, this is less preferred from a security standpoint, alas, I need a VIP that will allow sessions to terminate to\through it with dynamic destination ports...

Help!

Thanks.

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: All port's on a VIP?

a) use port default. this is all ports. I wrote some document in details.

http://foundry.matrix.jp/files/Tech_Bulletin/Tech_Bulletin_%2301.pdf

b) random port within predicted range, i.e. 30000-30050

ServerIronADX(config)#port-range pr1

ServerIronADX(config-pr-pr1)# port 8051 to 8100

one port range configuration supports up to 50 consecutive ports.

Optionally, you way want to configure ports as track-group, sticky, concurrent with a) or b) above.

Thanks.

//Kono

Contributor
Posts: 20
Registered: ‎01-18-2012

Re: All port's on a VIP?

Hey Kono,

Thanks for great and prompt reply! That does answer my question. I do have a related question for you or anyone that may know the answer to this... So if I open up all ports on a VIP and load balance between say 2 real servers, yet the real servers are dynamically opening up ephemeral ports between whatever and whatever, yet these real servers are opening up different ephemeral ports, when a client tries to use this VIP, without me enabling L4 health checks, the ADX will have no idea which server is listen on which random port and will thus send balanced traffic to the wrong real server... Would this not require me to enable L4 health checks on 10's of thousands of ports thus allowing the LB to know which server actually has which port up and thus directing requests to the proper server? I saw your reference to the track-group (and associated port-group) commands, but those only allow me to associate a small # of ports with the "primary" port, where, with this particular VIP I am configuring, the servers may open up non-well-known ports between the range of 49,000 and 65,000... Is there a elegant way to address this?

Thanks!

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: All port's on a VIP?

Hi Schmeg,

Below, this ts the configuration for your additional question. 65535 is "port default".

server virtual vip1

track-group 80 65535

port http sticky

Thanks.

//Kono

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.