Brocade Loadbalancers

Now lets consider the following scenario. The client has multiple domains. Traffic is going to all domains on HTTP. However, these domains are under a single virtual server and each domain requires a separate health-check. In order to achieve this configuration port-aliasing is used. What is port-aliasing, you may ask ? Within the ADX various … Read more

Introduction Within this article we will show you the steps needed to configure cookie persistence (insert) based on URI. i.e cookie persistence is only performed for a single URI. Cookie Insert When cookie insert persistence is configured the loadbalancer selects a server to the send the traffic to. The server id of the server is … Read more

In order to mitigate the Poodle vulnerability on the Brocade ADX SSLv3 must be disabled. However this can only be achieved via the code release 12.4s, which disables SSLv3 completely. All code versions prior to this do not have any method or option to disable the SSLv3 protocol. HealthChecks On the ADX there are 2 … Read more

What are the Timeout threasholds for Healthchecks on a Brocade ADX ? Check  Timeout Details  L3 (ICMP) 2 sec interval / 4 retries None L4 5 sec interval / 3 retries L4 periodric healtchecks are not enabled by default. L7 5 sec interval / 3 retries None      

Issues When exporting a capture from the ADX from a debug filter. The wrong timestamps are written. This results in both the time and date being incorrect when viewing them within a 3rd Party tool (such as Wireshark). However when viewing the packets via an ASCII dump within the debug filter the correct timestamps are … Read more

Introduction There are 2 main methods for configuring the TCP stack on an ADX, globally or via a tcp profile. Within this article we will look at the main configuration settings available, such as how to configure Nagle, SACK and Window Scaling. TCP Profiles TCP profiles allow you to modify the TCP parameters on a … Read more

Purpose The purpose of this document is to explain the role and functions of the CSW Pseudo Stack. Summary Within the Brocade ADX feature set is the ability to forward traffic based on layer 7 attributes (such as host header, URI etc.). This is achieved by enabling content switching (CSW). In order for the the … Read more

Question How do I show the CPU usage for the management processor ? Answer To see the CPU usage on the MP (Management Processor) the following command is used, SSH@adx# show cpu-utilization peak: 41.4 percent busy at 5520 seconds ago 7243 sec avg: 10.3 percent busy    1 sec avg:  1.0 percent busy    5 … Read more

Background The Brocade ADX offers 3 main types of layer 7 healthchecks. These are, Server Healthcheck – Server healthchecks are configured on the real server itself. Once configured it issues a healtcheck to the real server based on the port/protocol configured. Port-Policy – A port-policy is a policy that contains all of your parameters for … Read more

The Brocade ADX offers two methods for binding multiple ports to a single healthcheck ; via the use of a port profile or by using healthcheck element groups. The main caveat when using a port profile is that you can only bind a non well-known port to the healthcheck of a well known port. And … Read more

The ADX provides a number of loadbalancing methods (also known as predictors) such as round robin and least connections.Within this article we will look at the Dynamic Weighted loadbalancing method. Summary The Dynamic Weighted balancing method is a dynamic predictor that allows you to distribute traffic based upon the resource usage of your server (such … Read more

Within this article we will look into the ‘keepalive’ command. As this command isn’t greatly documented I thought this would be a good opportunity to explain in a little more detail how it works. Keepalive vs Keep-alive First of all it is worth noting that the ‘keepalive’ command (which is configured under the real server) … Read more

Symptoms You may find that when enabling SSL (termination) and a CSW policy your SSL session fails due to the ADX issuing a RST back to the client. When running a url debug via rcon you see the following : URL: process client packet return error CSW_PARSE_ERROR_MAX_MEMORY[80] ??? Free multiple stored packets. HTTP Split State: … Read more

Symptoms When enabling CSW and running HTTP pipelining you may experience a breakdown in your HTTP session. Issue When enabling CSW on a Virtual Server pipelining is enabled on the designated port by default. The issue occurs when a second GET request comes in before the first GET/POST answer is fully received from the server (this … Read more

The Brocade ADX offers 2 ways to configure SSL. These are, SSL (Termination) – Allows for SSL termination at the loadbalancer so that unencrypted traffic can be sent onto the backend servers. This is also known as client side encryption/decryption. SSL Proxy – Allows for the Brocade ADX to decrypt and then re-encrypt the traffic … Read more

Policy-Based Server Load Balancing (PB-SLB) provides the ability to distribute traffic based on the source IP address of the client. There are 2 ways in which to configure PB-SLB. You can either pull a list of IP`s from a TFTP server or define the IP`s directly on the ADX.This example is based on defining the … Read more

The Brocade ADX provides the ability to capture network traffic which can then be viewed later for further analysis. This is achieved via the  debug filter.Within this article we will provide the necessary steps required to configure, run, save and then export a debug filter. Debug Filter Mode First of all we enter the debug … Read more

The Brocade ADX offers 3 types of HA. There are : Sym Active-Standby – Sym Active-Standby is only available on Router code. Both devices receive traffic but only the VIP with the highest sym-priority processes the traffic.Sym Active-Active – Sym Active-Active is only available on Router code. Both devices receive traffic, traffic for each VIP … Read more

Within this article we will look at the commands required to clear the debug-filter buffer on an ADX Loadbalancer.The command that is used to clear the buffer is “no buffer-size <buffer size>”. Below shows the necessary steps. First of all we place ourselves into the debug filter prompt. We check the amount that we have … Read more

The Brocade ADX offers a range of options for troubleshooting CSW (Content Switching) policies.Within this article we will look the main troubleshooting feature URL Debug and also provide the various show commands available when troubleshooting CSW. URL Debug The URL debug option allows you to debug the CSW policy flows based on a given IP. … Read more

Within this article we will look at the configuration steps required adding headers to your HTTP based traffic. The 2 headers we will look at are X-Forwarded-Proto and X-Forwarded-For. These headers are described below. X-Forwarded-Proto – Inserts the protocol used between the client and the intermediary device (such as the LoadBalancer). Typically used when protocol … Read more

The Brocade ADX offers 2 methods in which to configure FTP SLB (Server Load Balancing). These methods are : Layer 3 – Uses the sticky and concurrent connection settings to provide FTP SLB.Layer 4-7 – Provides FTP SLB via the use of FTP application awareness (introduced in version 12.3.1d). 1. Layer 3 To Load-balance either … Read more

Within this article we will look at the two ways in which to NAT traffic. Source NAT Pool This examples provides the commands required to configure source NAT via the use of a pool and ACL. This allows you to source NAT a number of internal hosts behind the ADX to a single IP address. … Read more

Nested CSW rules provides the ability to perform Boolean (AND, OR etc) based conditions on standard csw rules. Within this example we will be : Redirecting any request that has a host header of ‘PRODUCTION.example.com’ and containing a URL request for /FOLDER/index.html to ‘/REDIRECT/index.html’ Balancing any request that has a host header of ‘STAGING.example.com’ and … Read more

Below shows the basic steps for upgrading a Brocade ADX. Copy Image First of all the image is copied from a TFTP server. Note : The option ‘secondary’ is used to ensure that the primary image is not overwritten. adx# copy tftp flash [tftp server ip] ASR12301c.bin secondary Check Flash Next, check the image has … Read more

The Brocade ADX offers 2 main persistence methods ; sticky and cookie. Within this article we will look at both of these methods and the various configuration options of each one. Types Sticky With sticky traffic is sent to the same server based on the clients IP for duration of the sticky timeout duration. Sticky also … Read more

A typical issue when SSL termination is performed on the load balancer is that URL redirects from the backend servers still contain a ‘http://’ prefix rather then ‘https://’ Within this article we will show the required commands for creating a Content Switching Policy that will rewrite any URL`s containing a ‘http://’ prefix to ‘https://’ for … Read more

Summary The Brocade ADX provides DoS protection within the hardware layer. This allows for a much greater total of DoS attacks to be processed.Such attacks that are recognised and protected against at the hardware layer are :  deny-all fragments Fin-with-no-ack icmp-fragment ip-option land-attack large-icmp ping-of-death syn-and-fin-set syn-fragments TCP-no-flags unknown-ip-protocol xmas-tree At a software layer the following attacks … Read more

The Brocade ADX has a number of Load Balancing methods available. These are also known as predictors. Assignment Predictors can be assigned on a global level or on a per virtual server basis. Below shows the syntax:global              – server predictor [BALANCING METHOD]virtual server   – server [BALANCING METHOD] Types Below explains the various available … Read more

HealthCheck elements provides the ability to perform boolean based expressions against your healthchecks (AND, OR, and NOT).In this example we will configure a health check that bring up http on webserver1 if : the string STRING1 is matched within the content retrieved via a HTTP GET / from server 192.168.1.20 the string STRING2 is matched … Read more

A match-list provides the ability to content match string based values and mark the application (layer 7) based health-check as either up or down.When assigning a match-list health-check the match-list is assigned to a port policy. This port policy is then assigned to the virtual server. Steps 1. First we enable Layer 7 health-checks on … Read more

When disabling a service on the Brocade ADX you can either disable the port or real server. Below shows the necessary syntax: server real <NAME> <IP>  disable server real <NAME> <IP>  port ssl disable  port http disable When either the server or port is disabled it is important to remember that new sessions are not … Read more

Port profiles provide the ability to configure custom settings for individual TCP/UDP ports. Any port that the ADX deems unknown, is in turn defined as UDP and will send any subsequent health-checks to the port via UDP. To use a unknown port a port profile must be configured. (config)# server port 8181(config-port-8181)#  tcp keepalive use-master-state(config-port-8181)#  … Read more

Below provides a basic example on how to configure a primary / backup setup. Traffic is only distributed to the primary server, at the point the primary node becomes offline traffic is distributed to the secondary server. server real RS_192.168.1.1 192.168.1.1 port http port http url “HEAD /” server real RS_192.168.1.2 192.168.1.2 backup port http port http url “HEAD /” … Read more

Content Switching provides the ability to distribute / rewrite traffic based upon a sessions Layer 7 payload. This feature also provides the ability to persist connections to a given server/server group. There are 4 main methods to Layer 7 switching: Cookie Switching – Uses either a server sent cookie or ADX injected cookie to direct … Read more

Port Alias`s provide the ability to bind a single Real Server to multiple Virtual Servers. This is achieved via the real-port option from within the bind command. Below shows an example, Create Real Server  First the Real Server is created with a port alias. Here the real port will be port 80 and the alias … Read more

Summary Typically health-checks are assigned on a per virtual server basis. However this can become cumbersome if you have a large number of virtual servers configured.Via the use of a Port Policy health-checks are configured within the Port Policy. The Port Policy is then assigned to multiple Virtual Servers. Syntax Below shows the required commands … Read more

The following commands are based upon Brocade ADX 12.4. Show Commands show ip int show interface(s) ip`s show default values show defaults show server global show global configured parameters show ip vrrp-extended brief show cluster status show server real show real server stats show server real http [real server] show real server http details for … Read more