Replacing between different versions (Method 1)¶
The procedure for changing the Load Balancer (redundant configuration) in use to the new Load Balancer version (redundant configuration) is described.
The new Load Balancer version does not take over the IP address used by the old version and uses another IP address after replacing.
Operations have been checked by Service Provider, in terms of the following combinations of versions.
Old version |
New version |
| 10.5-57.7 Standard Edition | 11.0-67.12 Standard Edition |
System configuration to replace in this guide¶
Regarding the system configuration below, the replacing method for the Load Balancer(Citrix NetScaler VPX) is described.
Prerequisites¶
Version upgrade is not possible, as described in the `Service Descriptions<https://ecl.ntt.com/en/documents/service-descriptions/rsts/network/loadbalancer/loadbalancer.html#id30>`_.
For with-VRRP replacing from the old to new version, it is necessary to stop VRRP of the old LB and add VRRP settings of the new LB, because operations differ between the versions.
The customer is expected to check the functions with the new version beforehand.
It is assumed that VRRP operates in the interface for client side and does not operate in the interface for distribution server side because SNAT works there.
In vserver setting, please note that contents of settings are different between Pattern A where Virtual IP addresses are registered in the different segment from Virtual IPs registered for VRRP and are set as IP addresses to distribute so that redundancy of multiple VIP become possible, and Pattern B where Virtual IPs registered for VRRP are set as Virtual IP addresses.
As deleted VRID has to be newly created at the time of change back, record the set values of VRID in advance.
Though the settings are not saved on the old LB side in this procedure, save the settings as required because rebooting will return the settings to those before saving. For saving method, please refer to Setting for configuration saving of NetScaler VPX.
For this procedure, operations have been checked with the following settings made.
In vserver setting, please note that contents of settings are different between when VIP of VRRP and Virtual Server IP are the same, and when they are different.
Settings of old LB1(excerpted from System - Diagnostics - running config)
#Enable Function
enable ns feature LB SSL
#VRID
add vrID 40 -priority 200 -preemption ENABLED
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#service group
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
#vserver(Pattern a: In case of different VIP for VRRP and Virtual Server IP)
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#vserver(Pattern b: In case of same VIP for VRRP and Virtual Server IP)
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#ssl
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "password for secret key"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
bind ssl vserver ssl-vserver -certkeyName server1
#bind
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
#hostname
set ns hostName lb1
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
Settings of old LB2(excerpted from System - Diagnostics - running config)
#Enable feature
enable ns feature LB SSL
#VMAC
add vrID 40 -priority 100 -preemption ENABLED
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#service group
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
#vserver(Pattern a: In case of different VIP for VRRP and Virtual Server IP)
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#vserver(Pattern b: In case of same VIP for VRRP and Virtual Server IP)
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#ssl
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "秘密鍵のパスワード"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
bind ssl vserver ssl-vserver -certkeyName server1
#bind
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
#hostname
set ns hostName lb2
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
The image of replacing¶
The conceptual outline of Load Balancer(Citrix NetScaler VPX) replacing work is presented below.
1.The following configuration is the one before replacing work.
2.Create a firewall instance of the new version, and connect to the Logical Network as done with the old Load Balancer. At that time, also set the corresponding interface, for “VRRP communication setting registration”, through ECL2.0 Customer Portal.
3.Make the same settings on the new Load Balancer version as of the old Load Balancer version. (Note that this does not apply to the VRRP setting.)
4.Disable and stop VRRP of the old Load Balancer.
*VRRP needs to be disabled (not deleted), to ease switchback.
5.Apply the prepared configuration for switching to the new Load Balancer, and start VRRP. Check that switching is made properly. Communication interruption may occur because of switching VRRP.
6-1.After checking that communications through the new Load Balancer have been stabilized, delete the old Load Balancer.
6-2.If communications through the new Load Balancer fail and cannot be recovered from failure, perform switching back.
Work procedure¶
1 Pre-check¶
1-1. Save the configuration of old LB1.
1-1-1.Log into the Load Balancer (old LB1) by executing the command below.
1-1-2.Check the VRRP status of the Load Balancer (old LB1).
Click [ System ] → [ Network ] → [ VMAC ] and check that the set-up state of the Virtual Router ID agrees with the assumption.
1-1-3.Check the status pf Virtual Server etc.
Click [ Traffic Management ] → [ Load Balancing ] → [ Virtual Servers ] and check that the set-up state of the Virtual Server agrees with the assumption.
1-1-4.Save the backup file.
(Please refer to Configuration management)
1-2. Save the configuration of old LB2.
1-2-1.Log into the Load Balancer (old LB2).
1-2-2. Click [ System ] → [ Network ] → [ VMAC ] and check that the set-up state of the Virtual Router ID agrees with the assumption.
2.Creating new LB¶
2-1. Creating new LB1
2-1-1.Create Load Balancer(new LB1) through ECL2.0 Customer Portal.
(Please refer to ‘Load Balancer instance application method <https://ecl.ntt.com/en/documents/tutorials/rsts/LoadBalancer/instance/create.html>`_ , and create Load Balancer.)
Note
For creation of the Load Balancer (new LB1), select “zone1-groupa” for “Zone/group”.
2-1-2.Connect the Logical Network to the created Load Balancer (new LB1) through ECL2.0 Customer Portal.
(Please refer to connecting the Logical Network , and connect the interface.)
Note
Repeat the procedure for all interfaces to be connected with the Logical Network. Set the IP address of the interface different from the address of the old LB. For the virtual IP address for VRRP, set the same address as of the old LB.
2-1-3.Register the VRRP communication settings onto the interface of the Load Balancer (new LB1) through ECL2.0 Customer Portal.
(Please refer to the VRRP communication setting registration , and register VRRP communication setting.)
2-1-4. Register the default gateway of the Load Balancer (new LB1) through ECL2.0 Customer Portal.
(Please refer to the Load Balancer instance operation method , and register the default gateway.)
Note
In the case where setting of the default gateway is not needed, omit this procedure.
2-1-5. Perform syslog transfer setting of Load Balancer (new LB1)via Customer Portal of ECL2.0.
(Please refer to Syslog transfer setting , and perform syslog transfer setting.)
Note
If syslog transfer setting is not required, skip this work step.
2-2. Creating new LB2
2-2-1.Create Load Balancer(new LB2) through ECL2.0 Customer Portal.
(Please refer to ‘Load Balancer instance application method <https://ecl.ntt.com/en/documents/tutorials/rsts/LoadBalancer/instance/create.html>`_ , and create Load Balancer.)
Note
For creation of the Load Balancer (new LB1), select “zone1-groupb” for “Zone/group”.
2-2-2.Connect the Logical Network to the created Load Balancer (new LB2) through ECL2.0 Customer Portal.
(Please refer to connecting the Logical Network , and connect the interface.)
Note
Repeat the procedure for all interfaces to be connected with the Logical Network. Set the IP address of the interface different from the address of the old LB. For the virtual IP address for VRRP, set the same address as of the old LB.
2-2-3.Register the VRRP communication settings onto the interface of the Load Balancer (new LB2) through ECL2.0 Customer Portal.
(Please refer to the VRRP communication setting registration , and register VRRP communication setting.)
2-2-4. Register the default gateway of the Load Balancer (new LB2) through ECL2.0 Customer Portal.
(Please refer to the Load Balancer instance operation method , and register the default gateway.)
Note
In the case where setting of the default gateway is not needed, omit this procedure.
2-2-5. Perform syslog transfer setting of Load Balancer (new LB2)via Customer Portal of ECL2.0.
(Please refer to Syslog transfer setting , and perform syslog transfer setting.)
Note
If syslog transfer setting is not required, skip this work step.
3.Setting onto the New LB¶
3-1.Restoring the configuration onto new LB1 beforehand
3-1-1. Access the new LB1 with a browser in advance and enable SSH. For details, please refer to How to access NetScaler VPX CLI (SSH) .
3-1-2. If SSL certificate is required, register it in advance. For details, please refer to How to register a certificate .
3-1-3. To connect to new LB1 with SSH, log in by executing the command below from a connectable server.
$ ssh user-admin@172.16.10.252
###############################################################################
# #
# WARNING: Access to this system is for authorized users only #
# Disconnect IMMEDIATELY if you are not an authorized user! #
# #
###############################################################################
Password:
3-1-4.Paste the to-be-set configuration created from backup of old LB onto the console.
a.If VIP of VRRP and Virtual Server IP are different
Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
And edit the configuration below for restoration.
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10
#Remove configuration in order to configure via GUI
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "秘密鍵のパスワード"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
b.If VIP of VRRP and Virtual Server IP are same
Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind setting for virtual server
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
And edit the configuration below for restoration.
#Remove configuration in order to configure via GUI
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "秘密鍵のパスワード"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
Note
For set-up and check method of configuration, please refer to Configuration management.
If reboot is required after saving configuration, please refer to Load Balancer instance operation method, and reboot Load Balancer from Portal screen.)
3-2.Restoring the configuration onto new LB2 beforehand
3-2-1. Access the new LB2 with a browser in advance and enable SSH. For details, please refer to How to access NetScaler VPX CLI (SSH).
3-2-2. If SSL certificate is required, register in advance. For details, please refer to How to register a certificate.
3-2-3. To connect to new LB2 with SSH, log in by executing the command below from a connectable server.
$ ssh user-admin@172.16.10.253
###############################################################################
# #
# WARNING: Access to this system is for authorized users only #
# Disconnect IMMEDIATELY if you are not an authorized user! #
# #
###############################################################################
Password:
3-2-4.Paste the to-be-set configuration created from backup of old LB2 onto the console.
a.If VIP of VRRP and Virtual Server IP are different
Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
And edit the configuration below for restoration.
#VirtualServer for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10
#Remove configuration in order to configure via GUI
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "秘密鍵のパスワード"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
b.If VIP of VRRP and Virtual Server IP are same
Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
And edit the configuration below for restoration.
#Remove configuration in order to configure via GUI
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "秘密鍵のパスワード"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
Note
For set-up and check method of configuration, please refer to Configuration management.
If reboot is required after saving configuration, please refer to Load Balancer instance operation method, and reboot Load Balancer from Portal screen.)
4.Communication stop of old LB¶
4-1. Stop communication of old LB2(Backup)
4-1-1. Log into the Load Balancer (old LB2), click [ system ] → [ Network ] → [ IPs ], and select [ disable ] from the [ Action ] button with all Virtual IPs selected in the list.
Note
If only one Virtual IP is available, select the only one.
4-1-2. Click [ system ] → [ Network ] → [ VMAC ], select a corresponding Virtual Router ID, and click the [ Delete ] button.
4-2. Stop communication of old LB1(Master)
4-2-1. Log into the Load Balancer (old LB1), click [ system ] → [ Network ] → [ IPs ], and select [ disable ] from the [ Action ] button with all Virtual IPs selected in the list.
Note
If only one Virtual IP is available, select the only one.
4-2-2. Click [ system ] → [ Network ] → [ VMAC ], select a corresponding Virtual Router ID, and click the [ Delete ] button.
5.Start communication of new LB¶
5-1. Setting VRRP of new LB1 (Master system)
5-1-1. Log into the Load Balancer (new LB1) and paste the configuration for VRRP switching onto the SSH console.
a.If VIP of VRRP and Virtual Server IP are different (for details, please refer to configuration example to be set at the last.)
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10
b.If VIP of VRRP and Virtual Server IP are same (for details, please refer to configuration example to be set at the last).
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer configuration for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for vserver
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
Note
After work step 4-2-1, communication halt is started. Then, VRRP settings with new LB1 in work step 5-1-5, new LB1 turns into the master, followed by communication recovery.
For Citrix NetScaler VPX, the session is not retained at the time of replacing. Therefore, depending on applications, re-connections are required.
5-1-2.Check the VRRP status of the Load Balancer (new LB1) by executing the command below.
Check that MASTER is shown for the state.
#VRRP check command
> sh vrid
5-2.Check communications.
5-2-1.Check communications which pass through the Load Balancer(Browser, wget etc.).
Note
If recovery of communications is not made, switching back is to be performed. (For the concrete procedure for switching back, see “7. Switchback Procedure” in this guide.)
5-3.Setting VRRP of new LB2 (for backup)
5-3-1. Log into the Load Balancer (new LB2) and paste the configuration for VRRP switching onto the SSH console.
a.If VIP of VRRP and Virtual Server IP are different (for details, please refer to configuration example to be set at the last.)
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same (for details, please refer to configuration example to be set at the last).
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for Virtual Server
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
5-3-2.Check the VRRP status of the Load Balancer (new LB2) by executing the command below.
Check that BACKUP is shown for the state.
#VRRP check command
> sh vrid
5-4.Saving the configuration file of the new LB.
5-4-1. Check that the set-up configuration agrees with the assumption and execute the command below to save the configuration of the Load Balancer (new LB1). (Errors should not be displayed.)
> save ns config
Done
>
5-4-2. Check that the set-up configuration agrees with the assumption and execute the command below to save the configuration of the Load Balancer (new LB2). (Errors should not be displayed.)
> save ns config
Done
>
6.Deletion of the old LB¶
*Please operate this procedure after confirming that communication after switching is stable.
6-1.Select “Network” then “Load Balancer” on ECL2.0 Control Panel. Then, display the Load Balancer list.
6-2.Delete the Load Balancer(old LB1) through ECL2.0 Customer Portal.
(Please refer to Load Balancer instance deletion method , and delete Load Balancer.)
Note
Check again that the Load Balancer (old LB1) to be deleted has been properly selected.
6-3.Delete the Load Balancer (old LB2) through ECL2.0 Customer Portal.
(Please refer to Load Balancer instance deletion method , and delete Load Balancer.)
Note
Perform this work after checking that the old LB1 has been deleted.
Check again that the firewall (old LB2) to be deleted has been properly selected.
7.Switchback Procedure¶
※In case communication recovery is prioritized, and if configurations of all the target Load Balancers are not saved yet, rebooting of all units is possible to return them to the condition before the operation. Changeback procedure with assumption of setting change is described below.
7-1. Setting change of new LB1 (Master system)
7-1-1. Log into the Load Balancer (new LB1) and paste the configuration for changeback onto the SSH console.
a.If VIP of VRRP and Virtual Server IP are different (for details, please refer to configuration example to be set at the last.)
#Disable Virutal IP for loadbalancing
disable ns ip 172.16.10.100 -td 10
disable ns ip 172.16.10.200 -td 10
disable ns ip 192.168.10.251 -td 10
#Delete vrID
rm vrid 40
#Save
save ns config
b.If VIP of VRRP and Virtual Server IP are same (for details, please refer to configuration example at the end).
#Disable Virutal IP for loadbalancing
disable ns ip 192.168.10.251 -td 10
#Delete vrID
rm vrid 40
#Save
save ns config
7-2. Setting change of old LB1 (Master system)
7-2-1. Log into the Load Balancer (old LB1), click [ system ] → [ Network ] → [ VMAC ], and click the [ Add ] button.
7-2-2. Set the following parameters and click the [ Create ] button.
7-2-3. Check that the set value (Virtual Router ID is 40) is displayed in the list.
7-2-4. Click [ system ] → [ Network ] → [ IPs ], select the Virtual IP for VRRP, and click the [ Edit ] button.
7-2-5. Specify the Virtual Router ID to 40 and click the [ OK ] button.
7-2-6. After returning to the list, select [ enable ] from the [ Action ] button with all Virtual IPs selected in the list.
Note
If only one Virtual IP is available, select the corresponding one.
7-2-7. Check that the state of the selected Virtual IP has changed to green.
7-2-8.Check communications.
Check communications which pass through the Load Balancer(Browser, wget etc.).
7-2-9.Saving the configuration file of the new LB.
Click the Save icon in the upper right corner on the screen to save the configuration of the Load Balancer (old LB1). (Errors should not be displayed.)
By executing the command below, save the configuration of the Load Balancer(old LB1). (An error shall not be shown.)
> save ns config
Done
>
Note
Although the communication has already recovered as above, if you also need to switch back to LB2, execute following.
7-3. Setting change of old LB2 (Backup system)
7-3-1. By referencing “7-1.Setting change of Virtual IP of new LB1 (Master system)”, change the setting of Virtual IP (old LB2) in the similar procedure as the old LB1.
7-3-2. Check the VRRP status of the Load Balancer (old LB1, 2).
Click [ system ] → [ Network ] → [ VMAC ]. Check that the State is as displayed.
7-3-3.Saving the configuration file of the Load Balancer (old LB2).
Click the Save icon in the upper right corner on the screen to save the configuration.
8.To-be-set Configuration Examples¶
Examples of configurations to be used for the aforementioned work are presented below. Note that the values set here are merely examples used for descriptions on the manual. When switching practically, revise as needed.
1.New LB1 Prior-restoration configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable feature
enable ns feature LB SSL
#VRID
add vrID 40 -priority 200
#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10
##SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
##hostname
set ns hostName lb1
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
#Save
save ns config
Note
Virtual IP for VRRP is excluded from prior restoration. (It will be set up at the time of VRRP switching.)
Though Virtual IP for load balancing is set up in prior restoration, IP will be disabled for safety purposes. (It will be set enabled at the time of VRRP switching.)
b.If VIP of VRRP and Virtual Server IP are same
#Enable feature
enable ns feature LB SSL
#VRID
add vrID 40 -priority 200
#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
##hostname
set ns hostName lb1
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
#Save
save ns config
Note
Virtual IP for VRRP is excluded from prior restoration. (It will be set up at the time of VRRP switching.)
2.New LB1 VRRP switching configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
##SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
3.New LB2 Prior-restoration configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable feature
enable ns feature LB SSL
#VRID
add vrID 40 -priority 100
#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 - svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10
##SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
##hostname
set ns hostName lb2
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
#Save
save ns config
Note
The differences of the configuration for prior restoration from LB1 are vrID Priority (=100) and hostname.
Configuration for VRRP switching has no difference from LB1.
b.If VIP of VRRP and Virtual Server IP are same
#Enable feature
enable ns feature LB SSL
#VRID
add vrID 40 -priority 100
#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10
#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 - svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http
##hostname
set ns hostName lb2
#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"
#Save
save ns config
Note
The differences of the configuration for prior restoration from LB1 are vrID Priority (=100) and hostname.
Configuration for VRRP switching has no difference from LB1.
4.Configuration for new LB2 VRRP switching (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
##SSL
bind ssl vserver ssl-vserver -certkeyName server1
#Bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup