HPE Community
Operating System - HP-UX
1827459 Members
3667 Online
109965 Solutions
New Discussion

SA7200 Configuration

 
Ranjith_5
Honored Contributor

‎01-25-2005 01:29 AM

‎01-25-2005 01:29 AM

SA7200 Configuration

Hi Experts,

Setup Overview:-
=====================

I am new to SA7200 configuration part.

I have existing 2 portal server viz; S1 & S2 for that SA7200 is currently doing traffic redirection. My environmrnt is coming up with 2 new servers for the same purpose. We are planning to move the portal application from old server to the new servers. Now the test environment is set on the new servers. Now I want to test the application before moving it to production.

Test environment:-
====================
I want to setup the portal url as https://www.test.xyz.com. I need to foward the page to 192.168.0.1 & 192.168.0.2 according to the load a that time.

I understand that to achieve this I have to modify my DNS config, SA7200 config and SSL.

Can anyone direct me the step by step procedure. I have the user guide of SA7200. So kindly dont ask me to look on to bulky docs coz not having the time to learn the full process, since i need to complete this by tomorrow. Need some quick stuffs. Valid comments are going to get max pts.

Thanks a million in advance...!!

regards,
Syam
0 Kudos
11 REPLIES 11
Florian Heigl (new acc)
Honored Contributor

‎01-25-2005 02:16 AM

‎01-25-2005 02:16 AM

Re: SA7200 Configuration

Hi, unfortunately I don't have the SSL option, and honestly I hated the interface, so I don't know it by heart.

You need to add the vip www.test.xyz.com in the 7200 and the two servers with policy 'load' instead of 'round'

###

config/policygroup/ create test.xyz.com
config/policygroup/test.xyz.com
service create http vip port 80
server create 192.168.0.1 port 80 primary
back
server create 192.168.0.2 port 80 primary
back
service www balancing load


####
now have Your DNS record for www.test.xyz.com point to the vip
(the vip needs to be a ip address seperate from the one Your SA7200 uses.

(at home, that's just: www CNAME vip1 )

https SHOULD be the same with port 443 instead of 80 but I am not sure sure.

theoretically the SA7200 should be accessed via https and the back-end servers should run plain http. OTOH that way You can't use the out-of-path-return feature and I just don't have any experience on it.

I'll try to test around tonight, but I'm not sure this will be very successfull :)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Ranjith_5
Honored Contributor

‎01-25-2005 03:11 AM

‎01-25-2005 03:11 AM

Re: SA7200 Configuration

Hi Florian,

This is the first time I am working on load balancer. If you can give me the steps after logging in to the web interface, it will be really helpful for me.

regards,
Syam
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-25-2005 03:42 AM

‎01-25-2005 03:42 AM

Re: SA7200 Configuration

Hmmm... Please start reading the manuals to get used the commands a bit. (I won't discuss that point - I also had a first time with these and regarding the SA9200's there's noone to ask as far as I know)

After login You get into a perl-based restricted shell that allows You to view or modify the current configuration (let's call it a very ugly IOS clone?)

view = show
modify = config
help = list current commands
the object scope of a command is set by adding a path to it, like
show sys/snmp/trap-destination
(just an example)
or config sys/ntp/server server 192.168.10.1
(just an example)

I'll re-active mine tonight and will update this thread. But in case I'm not-so-lucky with patching the Ignite-cluster here at work, You better read some manuals because then there will be no 'tonight' :)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-25-2005 12:22 PM

‎01-25-2005 12:22 PM

Re: SA7200 Configuration

Ok, I'll try to give You some kind of walkthrough:

egal-bsd.intern.blutmeer.de:/net/vault/export/home/floh$ telnet accelar750-2
Trying 192.168.10.37...
Connected to accelar750-2.intern.blutmeer.de.
Escape character is '^]'.
Nortel Networks Accelar 750 Server Switch command line interface.

Copyright (c) 1999 IPivot, Inc. All Rights Reserved.

Login: rwa
...

Accelar-750/show# policygroup info
Policy group: blutmeer_http
Throttling: disabled
Service name:blutmeer_http
(that's the already active vip1)

(now let's do a new one)

Accelar-750/show/policygroup# config
Accelar-750/config# policygroup
Accelar-750/config/policygroup# ?
create {throttle }

Accelar-750/config/policygroup# create deranfangvomende_http
Accelar-750/config/policygroup/deranfangvomende_http#

Accelar-750/config/policygroup/deranfangvomende_http# ?
throttle
service
service delete
service create vip port {type sticky sticky-timeout backups response priority balancing }


(? get's You the online help, help the extended edition. widescreen, director's cut, whatever)

Accelar-750/config/policygroup/deranfangvomende_http# service create www vip 192.168.10.101 port 80 balancing load
Accelar-750/config/policygroup/deranfangvomende_http/service/www#


Please note I left out most of the *feature* commands - a short note on it: iirc RICH_HTTP get's You regular expressions You can enable it if You need it. restricting to tcp/udp might gain performance, but I can't tell.

DO NOT use the 606 and http detection features - they fiddle around with the server reply, if a requested file existed on none of the servers, the load balancer tells the client 'all servers are busy', or at least my Nortel model does. honestly I forgot the 606's meaning, it's a very special condition only these load-balancers can detect. :)

Accelar-750/config/policygroup/deranfangvomende_http/service/www# server create 192.168.10.7 port 8080 type primary mode brokered 606 disable http disable


have a look at this:

Accelar-750/config/policygroup/deranfangvomende_http/service/www/server/192.168.10.7 port 8080# ?
[...]
expression create
expression delete

this is where You can add regex!

back
Accelar-750/config/policygroup/deranfangvomende_http/service/www/server# create 192.168.10.220 port 8080 type primary mode brokered 606 disable

okay, now I've got two servers in there.
on backup and we're done for now

Accelar-750/config/policygroup/deranfangvomende_http/service/www/server# create 62.138.60.53 port 80 type backup mode brokered 606 disable http disable

(that guy is on a different subnet than the other servers, but within the same site, but still this would produce a lot of redundant traffic, so he's only useful as backup)

in the end I make a backup

Accelar-750# save o.conf

Accelar-750# dir
Configuration files:
File name Lines
-------------------
backup.cfg 20
default.cfg 27
o.conf 34

Now check it over:
Accelar-750/show/policygroup# Accelar-750/show/policygroup# info
Policy group: blutmeer_http
Throttling: disabled
Service name:blutmeer_http
Policy group: deranfangvomende_http
Throttling: disabled
Service name:www

Accelar-750/show/policygroup/deranfangvomende_http/service/www# info
Policy Name:deranfangvomende_http
Service name:www
Protocol: TCP
VIP: 192.168.10.101
Protocol port: 80
Sticky: Disabled
Service: enabled
Number of microseconds between dup syn trigger: 500000
Maximum response time (milli-seconds) : 50
Service priority: 1
Service state: Active
Service type: Hot TCP:TCP
Backup servers: disabled
Balance Strategy : Load Balanced
Server Name: 192.168.10.7
Status Port Type Weight Mode
-------------------------------------------
Active 8080 Primary 1 BROKERED

Average response time (milli-seconds): No data
Minimum average response time (milli-seconds): No data
Maximum average response time (milli-seconds): No data
New connections per second: No data

Expressions:

Server Name: 192.168.10.220
Status Port Type Weight Mode
-------------------------------------------
Dead 8080 Primary 1 BROKERED

Average response time (milli-seconds): No data
Minimum average response time (milli-seconds): No data
Maximum average response time (milli-seconds): No data
New connections per second: No data

Expressions:

Server Name: 62.138.60.53
Status Port Type Weight Mode
-------------------------------------------
Active 80 Backup 1 BROKERED

Average response time (milli-seconds): No data
Minimum average response time (milli-seconds): No data
Maximum average response time (milli-seconds): No data
New connections per second: No data

Expressions:




Now I'll test it using lynx - real fast to gather some data:

cnt=0 ; while [ 300 -ge $cnt ]; do lynx http://192.168.10.101 --dump 2>/dev/null
1>/dev/null & cnt=$(( $cnt + 1 )) ; done



Server Name: 192.168.10.7
Status Port Type Weight Mode
-------------------------------------------
Active 8080 Primary 4 BROKERED

Average response time (milli-seconds): No data
Minimum average response time (milli-seconds): No data
Maximum average response time (milli-seconds): No data
New connections per second: No data

Expressions:

Server Name: 192.168.10.220
Status Port Type Weight Mode
-------------------------------------------
Dead 8080 Primary 1 BROKERED



You see, my alpha-cluster is powered off, and no data was gathered, the load balancer should ping the servers from time to time, but that's a different topic.

So this IS a working setup, and using port 443 for the vip and servers it will work with https, I hope. If it doesn't use a apache/squid reverse proxy in front of the webservers and let that speak https.

It would be wonderful if You posted Your config when it works.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-25-2005 12:26 PM

‎01-25-2005 12:26 PM

Re: SA7200 Configuration

hehe - I just read 'web interface' - it never worked with mine due to java problems (note the plural).

But You should be able to guess You way through the web interface now.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Ranjith_5
Honored Contributor

‎01-25-2005 09:08 PM

‎01-25-2005 09:08 PM

Re: SA7200 Configuration

Hi,


I just came in ..Submitted pts to u..Let me try your suggestions. I have already created the policy and have added the hostnames for the both the portal servers yesterday itself. But now to resolve this hostnames to IP addresses I feel I need to put them in the host file of SA7200. I am stuck at this part. I am in research and developement. No one here to consult...
thanks for ur help.

Can u help me on ading the host entries on SA7200.

regards,
Syam
0 Kudos
Ranjith_5
Honored Contributor

‎01-25-2005 11:16 PM

‎01-25-2005 11:16 PM

Re: SA7200 Configuration

Hi Florian,

Thanks for ur posts. I tried the CLI but then ,find it very complicated. I have already done 70% work last day itself.

I already created the similar policies with the new vitrual IPS. Created services OPR,8443, and http, with the new virtual IPs. The new configuration is very similar to the existing setup, except the new virtual IPs.

Now to get my page redirected to the portal servers what should I do? Hope I have to add some host entries for the new portal servers, some where in the device. I am not able to find the same.Pls help.

regards,
Syam
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-25-2005 11:23 PM

‎01-25-2005 11:23 PM

Re: SA7200 Configuration

point the site to the vip of the load balancer?
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Ranjith_5
Honored Contributor

‎01-25-2005 11:53 PM

‎01-25-2005 11:53 PM

Re: SA7200 Configuration

Hi,

When I type http:// , it should take me to the web page on the portal. If this works I can go forward with configuring the DNS to resolve this address as per my requirement and also the SSL device.

regards,
Syam
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-31-2005 01:17 AM

‎01-31-2005 01:17 AM

Re: SA7200 Configuration

I can't help You with the web-interface; I can't access it, and also I'm afraid it might different to Yours.

If You don't dare doing it by command line, better consider getting some consulting from HP, this should be the only other *fast* option.

As You might have noticed the SAxxxx load balancers are not in widespread use, so I'm afraid there won't be anyone else here to help You - I think I'd turn to HP if I were You.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Ranjith_5
Honored Contributor

‎02-07-2005 06:58 AM

‎02-07-2005 06:58 AM

Re: SA7200 Configuration

Hi ,

I configured the SA7200 using the Product manual..Also I had to add entries for virtual IP in httpd.conf of both servers.

Thanks all for your help..
regards,
Syam
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.