Verify Access Appliance: Configuring front-end load balancer

Configure front-end load balancer

To configure the front end load balancer with the local management interface, use the Front End Load Balancer management page.
Steps

Select System > Network Settings > Front End Load Balancer.
On the General tab page:

Select Enabled if we want to enable this front-end load balancer.
Select Debug if we want more debug messages to be sent to the security log.
Select Enable SSL if we plan to enable SSL communication for any Layer-7 services.
In the SSL Key File list, select the key file containing the certificates to be used in the Layer-7 SSL communication. The SSL Key File list can only be selected if Enable SSL is enabled.

Optional: On the Advanced Tuning tab page, modify global level parameters to fine tune the configuration.

Click Add.
In the Add New Parameter window, select the desired parameter from the Name list.
Enter a value for the selected parameter in the Value field.
Click Save.

On the Servers tab page, we can work with virtual servers and real servers. Each virtual server corresponds to an interface (virtual IP address and port) that is load balanced. Each real server corresponds to a load balanced server.

Add a virtual server

Click New.
On the Add Virtual Server page, define settings of the virtual server to be added.
On the General tab page:

Field Description

Enabled Whether the new virtual server is active.

Name Name of the virtual server, used to uniquely identify this server. The syntax for the virtual server name must be treated as if it were a server host name. It must not contain any space characters.

Virtual Address Specifies the IP address that connects this virtual server to the public network.

Port Port on which this virtual server listens.

Mask Network mask to be applied to the IP address for the virtual server.

Interface Appliance interface on which the new virtual server connects to the public network.

Layer 4 or Layer 7 The load balancing layer for the server. Layer 4 indicates TCP level load balancing. Layer 7 indicates application level load balancing.

Cookie used in Layer 7 The name of the cookie to be used in Layer 7 load balancing. This field is available only when Layer 7 load balancing has been selected.

Layer 7 SSL Enabled Whether SSL is used to terminate the connection. This field is available only when Layer 7 load balancing has been selected.

Layer 7 SSL Certificate Label The label of the certificate to be used when terminating the connection. This field is available only when Layer 7 load balancing has been selected.

On the Scheduler tab page:

Field Description

Scheduler Scheduling algorithm for distributing jobs to the real servers. Available choices are:

lc

Least connection. The server with the lowest number of connections receives the request. This algorithm is dynamic so we can update the weight ratios in real time.

rr

Round robin. Requests are rotated between the servers. This algorithm is dynamic and uses the weight parameter assigned to each server.

srr

Static round robin. Each server is used in turn according to the defined weight for the server. This algorithm is static so we cannot dynamically change the weight ratio for a server.

sh

Source hashing. A hash of the source IP is divided by the total weight of the running servers to determine which server receives the request. This algorithm inherently sends requests from the same IP address to the same server provided the available servers remains unchanged.

For Layer 4 operations, only a scheduler setting of sh (source hash) specifies to use all CPUs available on the appliance. If other scheduler settings are used for Layer 4 operation, then the load balancer process operates that particular virtual server by using one CPU. This behavior might impact performance of the front end load balancer for the virtual server, particularly if the back-end servers are using SSL.
For Layer 7 operations, all CPUs available are always used regardless of the scheduler setting.

Health Check Interval Number of seconds between health check messages that are sent to the real servers.

Rise The number of successful health checks before a server is considered active.

Fall The number of unsuccessful health checks before a server is considered inactive.

Optional: On the Advanced Tuning tab page, add, edit, or delete any service level advanced configuration parameters as needed. See Front-end load balancer advanced tuning parameters for the available parameters. See Benefits of layer 7 load balancing for descriptions of the advanced tuning attributes available.
Click Save.

Delete a virtual server

Select the virtual server to delete from the list.
Click Delete.
On the confirmation page, click Yes.

Edit a virtual server

Select the virtual server to edit from the list.
Click Edit.
On the Edit Virtual Server page, modify the settings as needed.
Click Save.

Manage real servers

From the list of virtual servers, select the virtual server to associate the real servers with.
Click Real Servers. The Real Servers page is displayed.

To add a real server:

Click New.
On the Add Real Server page that pops up, define settings for the server o be added.

Field Description

Enabled Whether the new real server is active.

Address Specifies the IP address for the real server.

Weight Specifies an integer representing this processing capacity of the server relative to that of other real servers. For example, a server assigned 2000 has twice the capacity of a sever assigned 1000. The weighted scheduling algorithms adjust this number dynamically based on workload.

SSL Enabled Whether to use an SSL connection between the load balancer and the back-end server.

SSL Certificate Label Specifies the SSL certificate label.

Click Save.

To delete a real server:

Select the real server to delete from the list.
Click Delete.
On the confirmation page, click Yes.

To edit a real server:

Select the real server to edit from the list.
Click Edit.
On the Edit Real Server page, modify the settings as needed.
Click Save.

Click Close to return to the Front End Load Balancer main page.

On the High Availability tab page, we can define the settings that enable high availability of the front-end load balancer function. For example, configure a second front-end load balancer as either a primary or a back-up load balancer for the environment.

Select the Enable High Availability check box to enable this feature.
Select Primary or Backup to designate this system as the primary or backup front-end load balancer.
For the Local Interface - Primary field, select the local IP address of the front-end load balancer.
For the Remote Address - Backup field, specify the IP address used by this system to communicate with the other front-end load balancer. This field is required if a backup load balancer is in use.
For the Remote Port field, specify the port to be used for high availability communication.
In the Health Check Interval field, specify in seconds the interval of the heartbeat messages that are sent between the primary and backup front-end load balancers.
In the Health Check Timeout field, specify in seconds the time to wait before the system declares a non-responsive router unavailable and initiating failover.

On the Logging tab page, configure the local or remote logging options.

If we select Log to local, no additional configuration is required on this page.
If we select Log to remote, provide values for Syslog facility, Remote syslog server address, and Remote syslog server port.

On the Error Pages tab page, customize the error pages (200, 400, 403, 408, 500, 502, 503, and 504) that are returned by the software. These error pages are returned when the layer-7 load balancing function encounters a problem.

To edit an existing error page:

Select the error page to customize.
Click Edit.
In the Edit File window, modify the error page as needed.
Click Save.

To import a new page to replace an existing error page:

Select the error page to be replaced.
Click Import.
In the Import Error Page window, click Browse.
Select the new page.
Click Save.

To export an error page:

Select the error page to export.
Click Export.
Destination location to export the file to.
Click Export to confirm the operation.

Click Save to save all changes that are made on the Front End Load Balancer management page.
Commit changes .

Parent topic: Front-end load balancer

Field	Description
Enabled	Whether the new virtual server is active.
Name	Name of the virtual server, used to uniquely identify this server. The syntax for the virtual server name must be treated as if it were a server host name. It must not contain any space characters.
Virtual Address	Specifies the IP address that connects this virtual server to the public network.
Port	Port on which this virtual server listens.
Mask	Network mask to be applied to the IP address for the virtual server.
Interface	Appliance interface on which the new virtual server connects to the public network.
Layer 4 or Layer 7	The load balancing layer for the server. Layer 4 indicates TCP level load balancing. Layer 7 indicates application level load balancing.
Cookie used in Layer 7	The name of the cookie to be used in Layer 7 load balancing. This field is available only when Layer 7 load balancing has been selected.
Layer 7 SSL Enabled	Whether SSL is used to terminate the connection. This field is available only when Layer 7 load balancing has been selected.
Layer 7 SSL Certificate Label	The label of the certificate to be used when terminating the connection. This field is available only when Layer 7 load balancing has been selected.

Field	Description
Scheduler	Scheduling algorithm for distributing jobs to the real servers. Available choices are: lc Least connection. The server with the lowest number of connections receives the request. This algorithm is dynamic so we can update the weight ratios in real time. rr Round robin. Requests are rotated between the servers. This algorithm is dynamic and uses the weight parameter assigned to each server. srr Static round robin. Each server is used in turn according to the defined weight for the server. This algorithm is static so we cannot dynamically change the weight ratio for a server. sh Source hashing. A hash of the source IP is divided by the total weight of the running servers to determine which server receives the request. This algorithm inherently sends requests from the same IP address to the same server provided the available servers remains unchanged. For Layer 4 operations, only a scheduler setting of sh (source hash) specifies to use all CPUs available on the appliance. If other scheduler settings are used for Layer 4 operation, then the load balancer process operates that particular virtual server by using one CPU. This behavior might impact performance of the front end load balancer for the virtual server, particularly if the back-end servers are using SSL. For Layer 7 operations, all CPUs available are always used regardless of the scheduler setting.
Health Check Interval	Number of seconds between health check messages that are sent to the real servers.
Rise	The number of successful health checks before a server is considered active.
Fall	The number of unsuccessful health checks before a server is considered inactive.

Field	Description
Enabled	Whether the new real server is active.
Address	Specifies the IP address for the real server.
Weight	Specifies an integer representing this processing capacity of the server relative to that of other real servers. For example, a server assigned 2000 has twice the capacity of a sever assigned 1000. The weighted scheduling algorithms adjust this number dynamically based on workload.
SSL Enabled	Whether to use an SSL connection between the load balancer and the back-end server.
SSL Certificate Label	Specifies the SSL certificate label.