I’ve been spending a lot of time recently with A10’s AX3200, Thunder 3030S and vThunder Application Delivery Controllers (ADCs) as I look to replace the large number of Cisco ACE 4710s that we have in the environment.
I’m going to make a series of posts around the A10 load balancers over the next few weeks to try and highlight some configuration options as I start working on some of my larger migrations and configurations.
In this post I’ll highlight just simple load-balancing. We won’t worry about URL paths (Layer 7), persistence, stickiness, cookies, SSL termination or any of those exciting topics today. I’ll be working in a partition called “PART-TEST” although you can setup whatever partition you’d like on either your physical or virtual ADCs.
active-partition PART-TEST vlan 10 untagged ethernet 2 router-interface ve 10 interface ve 10 ip address 10.1.1.250 255.255.255.0 ! ip route 0.0.0.0 /0 10.1.1.1
In the example above we setup VLAN 10 and bound it to interface Ethernet 2 and bond that to the IP address of 10.1.1.250 adding a static default route to 10.1.1.1.
ip nat pool PART-TEST_SRCNAT 10.11.1.240 10.1.1.249 netmask /24
We’ll using source NAT so we can return the traffic to the loader. The downside of this is that we loose the real source IP address of the client, the upside is that we gain a lot of flexibility in that we don’t need traffic to “route” through the load balancer and we don’t need Layer 2 adjacency between the load balancer and the real servers.
health monitor SIMPLE_HTTP_PROBE method http url GET /health expect response-code 200
We’ll setup a simple HTTP probe that will hit the /health path and look for a HTTP/200 code.
slb server RS_SERVER1 10.1.1.51 no health-check port 80 tcp slb server RS_SERVER2 10.1.1.52 no health-check port 80 tcp
We’ll setup two real servers RS_SERVER1 (10.1.1.51) and RS_SERVER2 (10.1.1.52) and enable TCP port 80 on each of them.
slb service-group SF_GROUP1 tcp
health-check SIMPLE_HTTP_PROBE
member RS_SERVER1:80
member RS_SERVER2:80
We’ll add a service group which will allow us to bind multiple real servers into a group. We’ll add our health check at this level. We don’t want or need health checks at too many points, we’re just generating a lot of noise on the wire and burning CPU cycles on the ADC.
slb virtual-server VIP_GROUP1 10.1.1.150
port 80 tcp
name SLB_GROUP1-HTTP
source-nat pool PART-TEST_SRCNAT
service-group SF_SGROUP1
And here’s where we tie everything together. We create a VIP (virtual server), assign an IP address, add a port and then bind the service group we previously created along with the source NAT pool.
If you’re curious and want to play around you can quickly setup your own ADC, utilizing a 30 day trial version vThunder. The vThunder is supported on VMware ESXi, Microsoft Hyper-V, KVM and XenServer. If your an Amazon Web Services (AWS) customer you can also leverage the vThunder in that environment.
Cheers!
Credits: Image by Mario