Lab Radware
Lab Radware
Lab Radware
Overview
Objectives
After completing this lab,
you should be able to:
●● Objective
●● Objective
●● Objective
●● Objective
version 30.5x
Go
Go to
to Contents
Contents To open manual : click tab --> or press right-arrow --> or ‘grab‘
Chapter corner
Heading Here -->
Alteon Level 1 - Lab Training Manual
NOTICE of RIGHTS
NOTICE of LIABILITY
˵˵
Click SHOW button to display various information for
help (i.e. screen shot).
˵˵ Hint
Click HINT button for bits of help.
˵˵
Click WEB button to display information on graphical
user interface or other browser-based help.
˵˵ Demo
Click Demo button to display video demonstration to
complete procedure.
˵˵ CLI
Click CLI button for help with the commands used with
the command line interface.
1 INTRODUCTION TO LAB
Lab Configuration Details - Alteon VA 6
TASK: Connect to lab devices 7
2 INITIAL CONFIGURATION
TASK: Reconnect and explore 13
TASK: Reset and set up Alteon 14
TASK: Check your configuration 16 10 HIGH AVAILABILITY
Lab Configuration Details - Alteon HA 57
3 SWITCHING & ROUTING TASK: Configure active (A) 59
TASK: Configure basic setup 18 TASK: Configure backup (B) 63
TASK: Test configured SYNC 64
4 BASIC SLB CONFIGURATION
TASK: Configure basic SLB 23 11 MONITORING & REPORTING
TASK: Use DPM on Alteon 66
5 ENHANCED SLB
TASK: DPM - Report Granularity 67
TASK: Create Advanced HC 29
12 TROUBLESHOOTING
6 SSL SERVICES
TASK: CLI troubleshooting 69
TASK: SSL acceleration 35
APPENDIX
7 PERSISTENT SLB
Validate your Configuration 73
TASK: Persistent SLB 40
Lab Topology - Alteon VA (printable) 78
8 CONTENT MODIFICATION Lab Topology - Alteon HA (printable) 79
TASK: Content Modification 45 Create VLAN using Web GUI 80
Create Server Group using Web GUI 81
9 CONTENT LOAD BALANCING Add IP Interface using Web GUI 82
TASK: Content SLB - URL path 51 Create Virtual Server using Web GUI 83
TASK: Content SLB - Browser 53 Define Real Servers using Web GUI 84
OPTIONAL TASK: Reg Exp Config 54 Save Configuration using Web GUI 85
Page 4-
1 INTRODUCTION TO LAB
Connection to Virtual Lab Devices
Overview
This manual is designed with buttrons for “just-in-time”
(JIT) help to complete hands-on configuration. Use this
manual in conjunction with Alteon Level 1 Training Modules.
AFTER viewing ONE Alteon Level 1 Module, complete the
corresponding Alteon lab. Return to Training Modules, as
needed, for review, explanation, and clarification of basic
Objectives information. For more instruction on this manual, see How
to use this manual. [Click blue-dashed area as a hyperlink.]
After viewing module
“ADC Introduction" Intro to Virtual Lab Set Up
(optional) and "Technical
Introduction” then Your Alteon VA lab is already set up physically with all
completing this lab, you required cables and connections. The web servers and
should be able to: Team-PC has been conigured and set up.
Go to Contents 1 INTRO
Alteon Level 1 - Lab Training Manual
Remote-Client
VNC: 22##
Password: radware
Internet
Management port:
Remote Serial (VNC): 25## (A) APSolute Vision
Remote Secure-SSH: 26## (A) AppSolute Vision APSolute Application Delivery
1000
10/100
SYS OK
PWR RST CONSOLE USB G1 G2
10.10.240.15
Load Balancing: Ext.Client-
Remote VIP port 80: 24## Network:
Remote VIP port 443: 23## 192.168.175.0/24 Management-
Network:
Remote Client ##
APSolute Vision 10.10.240.0/21
https://njvision1.radware.net (255.255.248.0)
https://devision1.radware.net
https://jpvision1.radware.net
Username: AL-Team## Int.Client- Switch
Password: radware Network:
10.100.##.50/24 Port 1
Port 4
Alteon A Information
Port
MNG 10.10.242.##/21 Alteon-A MNG
MNG-GW 10.10.240.1
Port 2
Ext. Client network Server-Network:
port 1 → Vlan 11 10.200.##.0/24
if-1 = 192.168.175.## /24 Vlan 11
Switch
Server network
port 2 → Vlan 14
if-2 = 10.200.##.## /24 Vlan 14
Load Balancing
PIP on port 1: 10.200.##.70
VIP = 192.168.175.50 + ##
Web1 = 10.200.##.100
Web2 = 10.200.##.200
To begin this lab, you should have installed on your local computer:
˵˵
Overview
In this virtual, hands-on Radware Lab you'll make
the initial connection to the Alteon ADC (Application
Delivery Controller).
Go to Contents 2 INITIAL
Alteon Level 1 - Lab Training Manual
˵˵
˵˵
˵˵ CLI
NOTE: APPLY and SAVE changes.
b. After Alteon reset, enable remote access
to management port. Radware Labs must
enable only SNMP (when using Vision).
˵˵ CLI
NOTE: Radware Labs use AlteonOS v30.5+.
Starting with AlteonOS v30.0+, SSH and HTTPS
are enabled by default. If your business uses an
older version, you must enable SSH and HTTPS in
addition to SNMP.
˵˵ Hint
˵˵ CLI
˵˵ CLI
2. Disable VLAN 1
˵˵
IMPORTANT: Be sure to disable VLAN 1
before continuing in Radware's lab exercises.
Overview
In this lab, you will set up the switching and routing for
Layer 2 and Layer 3 of the OSI Model.
Configure L2 VLANS
Physical Port VLAN ID
Port 1 VLAN 11
Port 2 VLAN 14
Port 4 VLAN 24
˵˵ CLI Demo
˵˵ CLI
˵˵ CLI Demo
˵˵ CLI
˵˵ CLI
TIP: Remember to APPLY and SAVE changes.
Overview
In this lab we configure the Alteon to support basic
server load balancing. We configure basic server load
balancing (SLB) by setting up Layer 4 real server and
binding them into a group.
˵˵ CLI Demo
˵˵ CLI Demo
Virtual Services
Service http (port 80)
Proxy IP 10.200.##.70 / 32
Group Group ID = 1
˵˵ CLI
TIP: This is the entry or termination IP
address for a specific service -- standalone
Alteon. For Radware Lab, forcing through
proxy IP ensures connection through the PIP
-- no matter if connection is made direclty, via
Port 24## or Team-PC.
IMPORTANT: Radware Labs use AlteonOS
v30.5+. Starting with AlteonOS v30.0+,
server load balancing, port client
processing, server processing, and proxy
processing are enabled by default. If your
business uses an older version, you must
enable these features separately -- on each
respective port.
1. Check configuration.
TIP: Did you enable, apply, and save -- EASY
˵˵ CLI
2. Test connectivity.
a. Test that web servers are operating (UP).
˵˵ CLI
TIP: If messages not visible, try turning ON
message display log
▪▪ (CLI) /oper/displog ena
3. Verify configuration by generating
test-traffic to your web servers.
IMPORTANT: You will need to configure the VIP to
your lab server group. This is your Team##. Use
it to generate test-traffic within the lab to validate
your lab configuration.
˵˵ Hint
˵˵ Hint
˵˵
˵˵ CLI
Overview
Advanced health checks add flexibility in determining
the condition of servers.
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
i. After applying changes -- watch for successful
operation.
˵˵
˵˵ CLI
˵˵ CLI
TIP: You should see that for each server the health
module has created a runtime instance of each
check of the logical expression.
˵˵ CLI
˵˵ CLI
˵˵
1. Check configuration.
2. Verify configuration by generating test-
traffic to web servers.
a. Access web server via VIP and generate
traffic by opening several browser
windows.
˵˵ CLI
Overview
In this lab, we enable SSL -- Alteon’s services for
acceleration and offloading capabilities. Secure
Sockets Layer (SSL) is a security layer that can be
added to various communication protocols. SSL
performs encryption, decryption, and verification of
transmissions between clients and servers
ÌÌ SSL Acceleration
.. Enable SSL globally
.. Create a cerfificate
.. Define SSL Policy
.. Associate to virtual serivce
ÌÌ Validate your configuration
˵˵ CLI
˵˵ Hint
i. If you cannot connect directly, try this.
˵˵ Hint
˵˵ CLI
˵˵ CLI
˵˵
4. Export configuration.
a. Name exported file: SSL_Services.
˵˵ CLI
Overview
When configuring a load-balanced service, one
important issue is dealing with information that must be
maintained across multiple requests in a user’s session.
To send all requests in a user session consistently to
the same backend server is known as persistence or
stickiness.
ÌÌ Persistent SLB
.. Set group metric to PHash
.. Change metric to Roundrobin
.. Change server cookie
.. Enable passive cookie
.. Revert rport back
.. Configure to insert session cookie
ÌÌ Validate your Configuration
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
iii. Close all browsers and time out of the session
table (or clear the session table). Notice the
connection to a new server (unlike phash).
˵˵ CLI
Overview
In various cases there is a need to control the content
returned by a Web application or sent to the Web
application.
˵˵ CLI
ii. Set the real server group metric to roundrobin
as the default.
TIP: Use Group ID = 1 as previously defined.
˵˵ CLI
iii. Disable persistent binding for the virtual server
service.
iv. Apply and save changes.
˵˵ CLI
˵˵ CLI
ÌÌ Content Modification
.. Insert Client IP into HTTP header
.. Remove server identity
.. Redirect if error message
.. Replace host name
˵˵ CLI
TIP: If you reload the browser window and look
in the capture tool, you can see the Response
Header is replaced by generic information (i.e.
web server).
˵˵ CLI
iv. Under the HTTP service menu configure a
redirect to redirect back to the main URL if an
error is encounter (either URL or IP of VIP).
˵˵
Overview
Alteon ADC (Application Delivery Controller) blends
traditional server load balancing with advanced,
application-aware Layer 7 switching to support the
design of a highly scalable, optimized application
delivery system.
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
OPTIONAL: A separate content health check
is useful. Create an advanced health check for the
group to find img1.jpg in directory = images.
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
4. Apply configuration.
5. Enable more detailed statistics:
˵˵ CLI
˵˵ CLI
˵˵ CLI
Overview
In this lab you will set up a redundant network for high
availability. The single-switch configuration is enhanced
by a second switch to provide High Availability (HA)
based on enhanced configuration on Alteon OS v30.2
(or higher). The legacy-mode high availability (VRRP)
is supported in software v30.1 (and earlier). For more
information on VRRP, refer to Alteon Application Guide.
USA njlab1.radware.net
## = team number
Germany delab1.radware.net
Japan jplab1.radware.net
Remote-Client
VNC: 22##
Password: radware
1000
10/100
SYS OK
PWR RST CONSOLE USB G1 G2
Load Balancing:
10.10.240.15
Remote VIP port 80: 24## Ext.Client-
Remote VIP port 443: 23## Network:
192.168.175.0/24 Management-
APSolute Vision Network:
Remote Client ##
https://njvision1.radware.net 10.10.240.0/21
https://devision1.radware.net (255.255.248.0)
https://jpvision1.radware.net
Username: AL-Team##
Password: radware Int.Client- Switch
Network:
10.100.##.50/24 Port 1
Alteon A Information
Port 4
MNG 10.10.242.##/21
MNG-GW 10.10.240.1
Port
Alteon-A/B MNG
External Client network
port 1 → Vlan 11 Port 2
if-1 = 192.168.175.1## /24 Vlan 11 Server-Network:
Peer IP = 192.168.175.2## /24 10.200.##.0/24
Gateway 1 = 192.168.175.254
Switch
Server network
port 2 → Vlan 14 →
if-2 = 10.200.##.254 /24 Vlan 14
Peer IP = 10.200.##.253 /24
Floating IP Addresses
192 . 168 . 175 . ##
10 . 200 . ## . ## Alteon B Information
10 . 100 . ## . 1 For redundancy lab
˵˵ CLI
i. Mask = 255.255.255.0
˵˵ CLI
˵˵ CLI
5. Check configuration.
˵˵ CLI Demo
˵˵ CLI
A
/c/l3/if/c/l3/if 1/addr 192.168.175.1##/mask 255.255.255.0/ena/vlan 11/peer 192.168.175.2##
/c/l3/if 2/addr 10.200.##.254/mask 255.255.255.0/ena/vlan 14/peer 10.200.##.253
/c/l3/if 4/addr 10.100.##.254/mask 255.255.255.0/ena/vlan 24/peer 10.100.##.253
/c/l3/gw 1/addr 192.168.175.254/ena
/c/l3/ha/switch/failback always/pref active
/c/slb/sync/peer 1/ena/addr 192.168.175.2##
B
/c/l3/if 1/addr 192.168.175.2##/mask 255.255.255.0/ena/vlan 11/peer 192.168.175.1##
/c/l3/if 2/addr 10.200.##.253/mask 255.255.255.0/ena/vlan 14/peer 10.200.##.254
/c/l3/if 4/addr 10.100.##.253/mask 255.255.255.0/ena/vlan 24/peer 10.100.##.254
/c/l3/gw 1/addr 192.168.175.254/ena
/c/l3/ha/switch/failback always/pref standby
/c/slb/sync/peer 1/ena/addr 192.168.175.1##
A&B
/c/l3/ha/floatip 1/if 1/addr 192.168.175.##/ena
/c/l3/ha/floatip 2/if 2/addr 10.200.##.##/ena
/c/l3/ha/floatip 4/if 4/addr 10.100.##.1/ena
/c/slb/real Server1/rip 10.200.##.100/ena
/c/slb/real Server2/rip 10.200.##.200/ena
/c/slb/group 1/add Server1/add Server2
/c/slb/virt 1/vip 192.168.175.%%/ena/service 80/group 1/pip/mode address/addr v4 10.200.##.70 255.255.255.255
/c/l3/hamode switch
/c/l3/ha/switch/add 1/add 2/add 4
˵˵ CLI
˵˵ CLI
Overview
APSolute Vision DPM -- Device Performance
Monitoring is supported on Alteon OS29.0 and higher.
DPM requires an APSolute Vision DPM license. A 30-
day evaluation license is available.
●● Report Granularity on
DPM.
˵˵
Overview
The types of problems that typically occur with networks
are connectivity and performance. The Alteon supports
a diverse range of network architectures and protocols;
some are used to maintain and monitor connectivity
and isolate the connectivity faults.
Go to Contents 12 TROUBLESHOOTING
Alteon Level 1 - Lab Training Manual
ÌÌ CLI Troubleshooting
.. Use diff and revert
.. Use Port Menu
.. Use the Statistics Menu
.. Use Information Menu
.. Use Maintenance Menu
.. Use reset
˵˵ CLI
˵˵ CLI
˵˵ CLI
˵˵ CLI
TIP: Values can be:
▪▪ real <server ID>
▪▪ group <Group ID>
▪▪ virt <Virt ID>
4. Use the Information Menu
a. View STG (Spanning Tree Group)
information.
˵˵ CLI
˵˵ CLI
˵˵ CLI
APPENDIX
Appendix
has various information
and demonstrations
referenced by
hyperlinks elsewhere
in this Lab Manual.
1. Check configuration.
˵˵ CLI Demo
2. Test connectivity.
a. Ping all devices
˵˵ CLI
TIP: If messages not visible, try turning ON
message display log file
▪▪ /(CLI) /oper/displog ena
˵˵
˵˵ CLI
TIP: If messages not visible, try turning ON
message display log
▪▪ /(CLI) /oper/displog ena
3. Export Configuration.
IMPORTANT: At export, always "Include
Private Keys" = YES so the configuration can
be imported later.
˵˵ CLI
˵˵ CLI
˵˵ Hint
˵˵ Hint
˵˵
˵˵ CLI
˵˵ CLI
˵˵ CLI
8. Import configuration.
a. Check differences between the
configurations.
TIP: Use CLI diff
b. Import (get) configuration.
˵˵ CLI
Remote-Client
VNC: 22___
Password: radware
Internet
Management port:
Remote Serial (VNC): 25___ (A) APSolute Vision
Remote Secure-SSH: 26___ (A) AppSolute Vision APSolute Application Delivery
1000
10/100
SYS OK
PWR RST CONSOLE USB G1 G2
10.10.240.15
Load Balancing: Ext.Client-
Remote VIP port 80: 24___ Network:
Remote VIP port 443: 23___ 192.168.175.0/24 Management-
Network:
Remote Client ___
APSolute Vision 10.10.240.0/21
https://njvision1.radware.net (255.255.248.0)
https://devision1.radware.net
https://jpvision1.radware.net
Username: AL-Team___ Int.Client- Switch
Password: radware Network:
10.100.___.50/24 Port 1
Port 4
Alteon A Information
Port
MNG 10.10.242.___/21 Alteon-A MNG
MNG-GW 10.10.240.1
Port 2
Ext. Client network Server-Network:
port 1 → Vlan 11 10.200.___.0/24
if-1 = 192.168.175.___ /24 Vlan 11
Switch
Server network
port 2 → Vlan 14
if-2 = 10.200.___.___ /24 Vlan 14
Load Balancing
PIP on port 1: 10.200.___.70
VIP = 192.168.175. ___
Web1 = 10.200.___.100
Web2 = 10.200.___.200
Remote-Client
VNC: 22___
Password: radware
1000
10/100
SYS OK
PWR RST CONSOLE USB G1 G2
Load Balancing:
Ext.Client- 10.10.240.15
Remote VIP port 80: 24___
Remote VIP port 443: 23___ Network:
192.168.175.0/24 Management-
APSolute Vision Network:
Remote Client ___
https://njvision1.radware.net 10.10.240.0/21
https://devision1.radware.net (255.255.248.0)
https://jpvision1.radware.net
Username: AL-Team___
Password: radware Int.Client- Switch
Network:
10.100.___.50/24 Port 1
Alteon A Information
Port 4
MNG 10.10.242.___/21
MNG-GW 10.10.240.1
Port
Alteon-A/B MNG
External Client network
port 1 → Vlan 11 Port 2
if-1 = 192.168.175.___ /24 Vlan 11 Server-Network:
Peer IP = 192.168.175.___ /24 10.200.___.0/24
Gateway 1 = 192.168.175.254
Switch
Server network
port 2 → Vlan 14 →
if-2 = 10.200.___.254 /24 Vlan 14
Peer IP = 10.200.___.253 /24
Floating IP Addresses
192 . 168 . 175 . ___
10 . 200 . ___ . ___ Alteon B Information
10 . 100 . ___ . 1
MNG = 10.10.242.___/21
Load Balancing
PIP = 10.200.___.70 IF ID IP Address VLAN ID
VIP = 192.168.175.___ 1 192.168.175.___ / 24 11
Web1 = 10.200.___.100 2 10.200.___.253 / 24 14
Web2 = 10.200.___.200 4 10.100.___.253 / 24 24
VIDEO DEMONSTRATION
Create VLAN using Web GUI
VIDEO DEMONSTRATION
Create Server Group using Web GUI
VIDEO DEMONSTRATION
Add IP Interface using Web GUI
VIDEO DEMONSTRATION
Create Virtual Server using Web GUI
Go to Contents Page 83- APPENDIX - Add Virtual Server using Web GUI
Alteon Level 1 - Lab Training Manual
VIDEO DEMONSTRATION
Define Real Servers using Web GUI
Go to Contents Page 84- APPENDIX - Add Real Server using Web GUI
Alteon Level 1 - Lab Training Manual
VIDEO DEMONSTRATION
Save Configuration using Web GUI
Go to Contents Page 85- APPENDIX - Add Real Server using Web GUI