Application Delivery (ADX)

Reply
N/A
Posts: 1
Registered: ‎06-26-2010

Stateless HTTP

Hello Guys.

     I have been struggling with stateless http on an ADX 1000. It's a very flexible load balancer platform for sure, and I would like to yet solve this puzzle. I have tried multiple variations, and as such I will be posting the most simple config I have used with it.  I am also utilizing the SYN-Proxy and Unlimited VIP features as there's no documenation I can find that says you cannot use them together with Stateless.          Would anyone happen to know if there is a reason stateless load balancing (using little to no session table resources for http) would not be working?

Also if there is an issue with Stateless being used in combination, I have tested a DSR configuration and it did work fine, but I know it uses session table resources.  Does anyone know if DSR uses less session table resources then standard NAT ?

     I have been able to fill the session table on the ADX with between 600 megabit to 1.2 gigabits of http traffic using this configuration. The following is the version of the firmware, as well as the config file with some of the IP's replaced with X's, and hostnames replaced with H' :

Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
Boot Version 12.1.00aT405 Jul  9 2010 19:03:54 PDT label: dob12100a
Monitor Version 12.1.00aT405 Jul  9 2010 19:03:54 PDT label: dob12100a
System Version 12.1.00gT403 Nov 17 2010 20:49:26 PST label: ASR12100g
AXP Version: 1.12 Dated: 2009/12/01 10:22:32
PAX Version: 0.0 Dated: 2010/10/06 14:31:02
MBRIDGE Version: 000b, Device ID # bebe

!
ver      12.1.00gT403
!
global-protocol-vlan
!
context default


healthck HHcheck tcp
  dest-ip XX.XXX.XXX.X
  port http
  protocol http
  protocol http url "HEAD /"
  retries 1
  l7-check

healthck HHcheck tcp
  dest-ip XX.XXX.XXX.X
  port http
  protocol http
  protocol http url "HEAD /"
  retries 1
  l7-check

healthck HHcheck tcp
  dest-ip XX.XXX.XXX.X
  port http
  protocol http
  protocol http url "HEAD /"
  retries 1
  l7-check

healthck HHcheck tcp
  dest-ip XX.XXX.XXX.X
  port http
  protocol http
  protocol http url "HEAD /"
  retries 1
  l7-check

!
server real HH-HH-H1 10.1.200.2
host-range 509
port http
port http healthck p1check
port http keepalive
port http url "HEAD /"
port ssl
!
server real HH-HH-H2 10.2.200.2
host-range 509
port http
port http healthck p2check
port http keepalive
port http url "HEAD /"
port ssl
!
server real HH-HH-H3 10.3.200.2
host-range 509
port http
port http healthck p3check
port http keepalive
port http url "HEAD /"
port ssl
!
server real HH-HH-H4 10.4.200.2
host-range 509
port default disable
disable
port http disable
port http healthck p4check
port http keepalive
port http url "HEAD /"
port ssl disable
!
!
server virtual HH-HH-vip HH.HH.200.2
host-range 509
port http
port http stateless
port ssl sticky
bind http HH-HH-H1 http HH-HH-H2 http HH-HH-H3 http HH-HH-H4 http
bind ssl HH-HH-H1 ssl HH-HH-H2 ssl HH-HH-H3 ssl HH-HH-H4 ssl
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 100 by port
untagged ethe 1 to 8
router-interface ve 1
!
aaa authentication web-server default local
aaa authentication login default local
aaa authentication login privilege-mode
enable telnet password .....
enable super-user-password .....
no enable aaa console
hostname HH-HH-HHH
ip route 0.0.0.0 0.0.0.0 XX.XXX.XXX.XX
!
ip router-id XX.XXX.XXX.XX
ip tcp syn-proxy
logging XX.XX.XXX.XX
logging buffered 1000
username UUUUU password .....
username UUUUU password .....
snmp-server community ..... ro 15
snmp-server community ..... rw 15
snmp-server location LLLLLLLLLL

snmp-server host XX.XXX.XXX.XX .....
snmp-server host XX.X.XXX.XX .....
clock summer-time
web-management https
no-asm-block-till-bootup
!
interface ethernet 15
ip address XX.XXX.XXX.XX 255.255.255.252

!
interface ethernet 17
ip address XX.XXX.XXX.XX 255.255.255.252
ip tcp syn-proxy in
!
interface ve 1
ip address 10.1.200.1 255.255.254.0
ip address 10.2.200.1 255.255.254.0
ip address 10.3.200.1 255.255.254.0
ip address 10.4.200.1 255.255.254.0
ip address XX.XXX.XXX.X 255.255.255.240
!

------------------------------

If anyone would like to help or join in the discussion, and needs any information from me, please ask. Thanks for your help guys.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.