Brocade Loadbalancers

Within this article we will look at the configuration steps required adding headers to your HTTP based traffic. The 2 headers we will look at are X-Forwarded-Proto and X-Forwarded-For. These headers are described below. X-Forwarded-Proto – Inserts the protocol used between the client and the intermediary device (such as the LoadBalancer). Typically used when protocol … Read more

The Brocade ADX offers 2 methods in which to configure FTP SLB (Server Load Balancing). These methods are : Layer 3 – Uses the sticky and concurrent connection settings to provide FTP SLB.Layer 4-7 – Provides FTP SLB via the use of FTP application awareness (introduced in version 12.3.1d). 1. Layer 3 To Load-balance either … Read more

Within this article we will look at the two ways in which to NAT traffic. Source NAT Pool This examples provides the commands required to configure source NAT via the use of a pool and ACL. This allows you to source NAT a number of internal hosts behind the ADX to a single IP address. … Read more

Nested CSW rules provides the ability to perform Boolean (AND, OR etc) based conditions on standard csw rules. Within this example we will be : Redirecting any request that has a host header of ‘PRODUCTION.example.com’ and containing a URL request for /FOLDER/index.html to ‘/REDIRECT/index.html’ Balancing any request that has a host header of ‘STAGING.example.com’ and … Read more

Below shows the basic steps for upgrading a Brocade ADX. Copy Image First of all the image is copied from a TFTP server. Note : The option ‘secondary’ is used to ensure that the primary image is not overwritten. adx# copy tftp flash [tftp server ip] ASR12301c.bin secondary Check Flash Next, check the image has … Read more

The Brocade ADX offers 2 main persistence methods ; sticky and cookie. Within this article we will look at both of these methods and the various configuration options of each one. Types Sticky With sticky traffic is sent to the same server based on the clients IP for duration of the sticky timeout duration. Sticky also … Read more

A typical issue when SSL termination is performed on the load balancer is that URL redirects from the backend servers still contain a ‘http://’ prefix rather then ‘https://’ Within this article we will show the required commands for creating a Content Switching Policy that will rewrite any URL`s containing a ‘http://’ prefix to ‘https://’ for … Read more

Summary The Brocade ADX provides DoS protection within the hardware layer. This allows for a much greater total of DoS attacks to be processed.Such attacks that are recognised and protected against at the hardware layer are :  deny-all fragments Fin-with-no-ack icmp-fragment ip-option land-attack large-icmp ping-of-death syn-and-fin-set syn-fragments TCP-no-flags unknown-ip-protocol xmas-tree At a software layer the following attacks … Read more

The Brocade ADX has a number of Load Balancing methods available. These are also known as predictors. Assignment Predictors can be assigned on a global level or on a per virtual server basis. Below shows the syntax:global              – server predictor [BALANCING METHOD]virtual server   – server [BALANCING METHOD] Types Below explains the various available … Read more

HealthCheck elements provides the ability to perform boolean based expressions against your healthchecks (AND, OR, and NOT).In this example we will configure a health check that bring up http on webserver1 if : the string STRING1 is matched within the content retrieved via a HTTP GET / from server 192.168.1.20 the string STRING2 is matched … Read more

A match-list provides the ability to content match string based values and mark the application (layer 7) based health-check as either up or down.When assigning a match-list health-check the match-list is assigned to a port policy. This port policy is then assigned to the virtual server. Steps 1. First we enable Layer 7 health-checks on … Read more

When disabling a service on the Brocade ADX you can either disable the port or real server. Below shows the necessary syntax: server real <NAME> <IP>  disable server real <NAME> <IP>  port ssl disable  port http disable When either the server or port is disabled it is important to remember that new sessions are not … Read more

Port profiles provide the ability to configure custom settings for individual TCP/UDP ports. Any port that the ADX deems unknown, is in turn defined as UDP and will send any subsequent health-checks to the port via UDP. To use a unknown port a port profile must be configured. (config)# server port 8181(config-port-8181)#  tcp keepalive use-master-state(config-port-8181)#  … Read more

Below provides a basic example on how to configure a primary / backup setup. Traffic is only distributed to the primary server, at the point the primary node becomes offline traffic is distributed to the secondary server. server real RS_192.168.1.1 192.168.1.1 port http port http url “HEAD /” server real RS_192.168.1.2 192.168.1.2 backup port http port http url “HEAD /” … Read more

Content Switching provides the ability to distribute / rewrite traffic based upon a sessions Layer 7 payload. This feature also provides the ability to persist connections to a given server/server group. There are 4 main methods to Layer 7 switching: Cookie Switching – Uses either a server sent cookie or ADX injected cookie to direct … Read more

Port Alias`s provide the ability to bind a single Real Server to multiple Virtual Servers. This is achieved via the real-port option from within the bind command. Below shows an example, Create Real Server  First the Real Server is created with a port alias. Here the real port will be port 80 and the alias … Read more

Summary Typically health-checks are assigned on a per virtual server basis. However this can become cumbersome if you have a large number of virtual servers configured.Via the use of a Port Policy health-checks are configured within the Port Policy. The Port Policy is then assigned to multiple Virtual Servers. Syntax Below shows the required commands … Read more

The following commands are based upon Brocade ADX 12.4. Show Commands show ip int show interface(s) ip`s show default values show defaults show server global show global configured parameters show ip vrrp-extended brief show cluster status show server real show real server stats show server real http [real server] show real server http details for … Read more