Cai networks Webmux 480s User manual

Table of Contents

Table of Contents······························································································································ i

Packing List····································································································································iii

Main Components···························································································································· 1

Front View··································································································································· 1

Rear View···································································································································· 2

WebMux™ Overview······················································································································· 3

Key Features······························································································································· 3

The WebMux™ Family ··············································································································· 5

Network Overview······················································································································· 7

Sample Configurations···················································································································· 9

Single WebMux™························································································································ 9

Redundant Installation·············································································································· 11

Installation without IP Address Change··················································································· 13

Configuring the WebMux ·············································································································· 15

Before you Start ························································································································ 15

Hardware Setup --- Collect Information··················································································· 16

Hardware Setup ---Setup the new network ··············································································· 16

Hardware Setup ---Configuration Summary············································································· 17

Initial Configuration······················································································································ 17

NAT Mode Related Configuration ···························································································· 18

Out-of-Path Related Configuration··························································································· 20

NAT and Out-of-Path Common Configuration········································································· 20

What if I made mistake in my configuration? ··········································································· 23

Management Console···················································································································· 24

Login········································································································································· 24

Main Management Console ······································································································ 26

SSL Keys···································································································································· 27

Administration Set Up··············································································································· 33

Change Browser Login Password: ··························································································· 39

Set Clock:·································································································································· 41

Upload/Download····················································································································· 43

Add Farm ·································································································································· 44

Modify Farm ····························································································································· 49

Add Server: ······························································································································· 51

Modify Server···························································································································· 54

Initial setup change Through Browser······················································································ 56

Initial Configuration Worksheets·································································································· 58

Sample Configuration Worksheets ································································································ 59

Contact Information······················································································································ 63

FAQs·············································································································································· 64

Regulations···································································································································· 67

Appendix 1 – How to Add A Loopback Adapter············································································ 68

Appendix 2 - How to make route delete reboot persistent····························································· 70

Appendix 3 - Phone Paging Codes································································································ 71

Appendix 4 – Virtual Hosting Issues····························································································· 73

Appendix 5 – Sample Custom CGI Code······················································································· 74

Appendix 6 – Access CLI Commands···························································································· 75

Appendix 7 – Extended Regular Expressions················································································ 76

Index·············································································································································· 77

iii

Packing List

•One (1) WebMux™ unit

•One (1) Power cord

•One (1) User Manual

•One (1) Warranty registration card

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Main Components

Front View

Toggle Power Switch

This switch toggles power on and off. To power off, the switch must be pressed

and held for 5 seconds.

Reset Button

Press and release the reset button to reset the WebMux™. This process may

take several minutes to complete.

Up Arrow Button, Down Arrow Button

When each button is pressed, the value on the cursor location increases or

decreases. It goes through lower case letters, upper case letters, numbers and

symbols. When the cursor is located at the left most position on the LCD, the up

and down arrow allows the user to select a different item to setup.

Left Arrow Button and Right Arrow Button

When each button is pressed, the cursor moves to the left and right.

Check Mark Button, and Cross Button

Check Mark Button confirms the selection, Cross Button cancels the selection. At

any time when the system is running holding down to the Check Mark Button will

invoke the configuration menu, where you can change IP addresses and other

settings.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Rear View

Server LAN Port

Connect this port to the Server LAN switch or hub. This port connects to the

servers and your local computers. It is the right most RJ45 socket. In Out-of Path

configuration, this is the only Ethernet cable to be connected.

Backup WebMux™ Port

Optionally, you may connect another WebMux™ to this port so that you can have

redundancy. If you have more than one WebMux™, you can connect them using

a cross over cable, or a regular cable with a hub.

Router LAN Port

Connect this port to the Router LAN switch or hub. In most situations, this port

connects to the Internet side network in NAT mode. It is the left most RJ45

Socket.

PLEASE NOTE: The Router LAN and Server LAN port are not interchangeable.

External Modem Connect Port

To utilize the phone pager function of the WebMux™, please connect the

external modem to this port. In some cases, if you prefer support engineers to

not use diagnostic ports over the Internet, our support engineers can also

connect through the modem to assist you with setup issues. A US Robotics

V.Everything modem is required: US Robotics part number 3CP3453. Modem dip

switch has 3, 8, and 10 down, rest up. A standard external modem cable is also

needed. Check with your modem supplier for the cable.

Power Switch

This switches the WebMux™ on and off. When in the "off" position, the front

panel power switch is disabled.

Power Cord

Please use the supplied power cord to connect the WebMux™ to the power

source. 1U WebMux™ has a 115V/230V AC universal power supply.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

WebMux™ Overview

Key Features

The WebMux™ is a standalone network appliance designed primarily to load

balance IP traffic to multiple servers. The WebMux™ includes the following key

features.

•Improves performance by distributing the traffic for a site or domain

among multiple servers. No one server will be bogged down trying to

service a particular site.

•SSL Termination to reduce the cost of multiple certificates.

•Provides high availability by tracking which servers are functioning

properly and which servers are out of service. If a server unexpectedly

goes down, the WebMux™ will automatically re-direct the traffic to other

servers, or will bring a standby or backup server online to service the

traffic. The WebMux™ does application level health check to many

network protocols on servers.

•Provides Persistent Connections by memorizing the user browser

session and the server session and sending the same user to the same

server. This is important for sites using shopping cart and dynamically

generated pages, like BroadVision, ASP and JSP sites.

•Provides fault tolerance. This installation requires two WebMuxes, a

primary and a secondary. The two WebMuxes will automatically sync the

configuration datum.

•Easy management. It can be managed via a secured web browser

session from anywhere in the world. By using https 128 bit encryption to

the management web console, secure remote management of server

farms is truly possible.

•Operating System independent. No software or agent to load on the

servers. Non-intrusive load/failure detection and management.

•Provides Proxy function. When communication is initiated from behind

the WebMux™, the WebMux™ will substitute its own address for the

internal address. This allows the web servers to initiate communication for

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

services such as credit card validation and mapping services. (Note: this

function only works in NAT mode).

•Built-in Firewall Protections. Stop possible hacker intrusion into your

network from Internet. All IP addresses and ports are blocked except the

farm IP address. Built-in functions will detect any possible denial of service

attack and make your services always available. (Note: this function only

works in NAT mode with “Forwarding Deny”, see setup for details).

•In-Path or Out-of-Path Load Balancing. In normal setup, the WebMux™

can be configured In-Path, to act as firewall in addition to the load balancer

and health checker. However, if outbound traffic is much larger than

inbound traffic and you already have a firewall in place, or change of IP

address causes problems, consider using Out-of-Path configuration. Out-

of-Path load balancing is also called direct routing, or one leg operation.

•Layer 7 Load Balancing. WebMux™ can direct traffic to specific groups

of servers within a farm according to a match pattern in HTTP MIME

header. This allows you, for example, to group servers that serve only a

specific type of content while serving other types of content on another

group of servers. WebMux™ Layer 7 load balancing also includes URI

load directing with host name MIME header matching and cookies in order

to memorize the user browser session and the server session and send the

same user to the same server. This is important for sites using shopping

cart and dynamically generated pages.

•Informs you of the status of your network. It provides phone pager

and email notification so that the network administrator can be paged or

emailed whenever a server or WebMux™ goes down, and when it returns

online. This feature could reduce server room night shift operator costs, or

timely repair should the server goes down unexpectedly.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

The WebMux™ Family

The 1U WebMux™ family consists of three models. They are:

•The WebMux™ 480S

•The WebMux™ 580SG

•The WebMux™ 680SP

The table below compares the features of the models.

Model Number: 480S 580SG 680SP

Speeds:

Copper Ethernet Speed 10/100 10/100/1000 10/100/1000

MAX. SSL Termination 1024

RSA Transaction/S 120 200 2000

Max SSL Terminated connection 5,000 10,000 20,000

Max Active SSL Certificates 16 16 16

Balancing Method:

Round-Robin Yes Yes Yes

Persistent Round-Robin Yes Yes Yes

Weighted Round-robin Yes Yes Yes

Persistent Weighted Round-

robin Yes Yes Yes

Least Connections Yes Yes Yes

Persistent Least Connections Yes Yes Yes

Weighted Least Connections Yes Yes Yes

Persistent Weighted Least

Connections Yes Yes Yes

Weighted Fast Response Yes Yes Yes

Persistent Weighted Fast

Response Yes Yes Yes

Layer 7 URI load directing Yes Yes Yes

Layer 7 URI load directing with

host name MIME header

matching and cookies

Yes Yes Yes

Layer 7 hashed URI load

directing Yes Yes Yes

Fault Tolerance:

Diskless Design Yes Yes Yes

Port aggregation Yes Yes Yes

Failover via Ethernet Yes Yes Yes

Service aware Yes Yes Yes

Server aware Yes Yes Yes

Backup server Yes Yes Yes

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Performance:

Maximum concurrent

connections 1,440,000 2,880,000 5,760,000

Maximum New Connections/S 7,000 40,000 50,000

Maximum throughput per second 200 MBit/s 1 GBit/s 2 Gbit/s

Maximum Internet Link Speed 2 X T3 1.5 X OC-12 1.5 X OC-12

Management:

Secure web browser access Yes Yes Yes

In service/Not in service Yes Yes Yes

Page alarms (ext modem req) Yes Yes Yes

Email Notification Yes Yes Yes

Configuration access Yes Yes Yes

Remote telnet access Yes Yes Yes

Persistent connections Yes Yes Yes

Port mapping Yes Yes Yes

Port-specific services Yes Yes Yes

Security Features

Network Address Translation Yes Yes Yes

Network Port Translation Yes Yes Yes

TCP SYN protection Yes Yes Yes

TCP DoS protection Yes Yes Yes

SSL support Yes Yes Yes

Device Support:

Maximum virtual farms 500 Unlimited Unlimited

Maximum real servers 65,532 65,532 65,532

Device's role in the network IP router IP router IP router

UDP-based service support Yes Yes Yes

Misc.

Overnight Exchange Unit Service Contract ServiceContract ServiceContract

Free Email/Phone Support Three Years Three Years Three Years

Warranty on Hardware/Firmware Three Years Three Years Three Years

Power Consumption 120W 200W 350W

115VAC Current 2.5A 3.5A 5A

Heat Production 350BTU/H 550BTU/H 800BTU/H

Power and Cooling Requirement

95 – 130VAC or 195-235VAC at 50-60Hz universal input power required.

Absolute operating temperature range is 0-40C. Recommended operation

ambient temperature should not to exceed 30C.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Network Overview

The WebMux™ has two modes, In-Path, or NAT (Network Address Translation)

and Out-of-Path (Direct Routing) mode. Each mode has its advantage and

disadvantages. Lets look the NAT mode first.

The main purpose of the WebMux™ is to balance the traffic among multiple web

or other servers. The diagram above shows an NAT installation with two

WebMuxes. In this configuration, one WebMux™ is serving as the primary, and

the other is serving as the secondary, or backup, providing a fault tolerant

solution.

In order for the web servers to share the incoming traffic, the WebMux™ must be

connected to the network. There are two interfaces on the WebMux™. One

interface connects to the Router LAN. This is the network to which the Internet

router is connected. The other interface is connected to the Server LAN. This

network connects all the web servers. The WebMux™ routes traffic between

these two networks.

Next, a Virtual Farm or multiple farms must be configured on the WebMux™. A

virtual farm is a single representation of the servers to the clients. A farm consists

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

of a group of servers that service the same domain, website or services. For

example, to configure a farm (or virtual farm) to serve www.cainetworks.com:

•First, Server 1 and Server 2 would each need the website

www.cainetworks.com configured on them and HTTP/HTTPS services

started, and

•Second, a farm on the WebMux™ is defined with Server 1 and Server 2 in

it. The servers would be setup to either share the traffic, or setup as a

primary server and standby server. In either case, if Server 1 goes down,

then all traffic will be automatically directed to Server 2 by the WebMux™.

In Out-of-Path mode, only one network in the setup, that is the server LAN, is

connected to the Internet through the firewall and router. Internet traffic or local

connections can both be directly sent to the WebMux™, which routes the

packets to the proper server(s), then the server routes the return traffic back to

the remote or local clients directly.

In most situations, the incoming traffic is in small requests, and return traffic from

servers back to clients is large amount of data, pictures, or documents. Using

direct routing will allow up to 100 times more traffic to be handled by the

WebMux™ load balancer. The disadvantage for direct routing is that the firewall

protections built-in to the WebMux™ will no longer function. Users then must

provide their own firewall for incoming and outgoing traffic.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Sample Configurations

Single WebMux™

•This installation requires one WebMux™.

•One WebMux™ interface connects to the Router LAN. The other

interface connects to the Server LAN.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

•The WebMux™ translates the Internet addresses to an internal non-

routable class-C address. In this example, the netmask is 255.555.255.0.

The IP address of the WebMux™ interface attached to the Server LAN is

192.168.199.251.

•The Default Gateway for all the servers is 192.168.199.1.

•Farm 1 IP address is 205.133.156.200. Servers 1 and 2 serve Farm 1.

•Farm 2 IP address is 205.133.156.210. Servers 2 and 3 serve Farm 2.

•Changes to the server: change the default gateway to 192.168.199.1, as

well as the IP address to the 192.168.199.xxx address. If on the server

there is a service attached to the IP address (HTTP/S, FTP, etc), please

make sure the service will run on the new IP address.

NOTE: Although the WebMux™ can work with any IP address range, all server IP addresses

should be Internet non-routable address so that the source address from the Internet does not

conflict with the IP addresses on the Server LAN.

NOTE: If there is a firewall between the WebMux™ and the Internet Router, a rule must be

defined in the firewall to allow the IP address of the WebMux™ interface on the Router LAN along

with the farm IP address to communicate out to the Internet on all ports. If you are doing Network

Address Translation of the farm address to a non-routable address, then both the farm address

and the WebMux™ interface address must be translated to communicate outbound on all ports.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Redundant Installation

•The installation requires two WebMuxes. One will be the primary, and the

other the secondary. They connect together with the Ethernet cable that

is either cross-over or through a hub. The primary redundant interface IP

address is 192.168.255.253; the secondary redundant interface IP

address is 192.168.255.254. They can not be changed.

•Both WebMuxes connect to the Router LAN, and to the Server LAN. Each

WebMux™ interface has a unique IP address.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

•The registered Internet IP address range is a class C address range. The

IP address of the WebMuxes’ Virtual Farms must be in the same network

range as the Internet router.

•The WebMux™ translates the Internet addresses to an internal non-

routable class A address. In this example, the subnet-mask is 255.0.0.0.

The IP address of the WebMux™ interfaces attached to the Server LAN

are 10.1.1.10 and 10.1.1.20.

•The Default Gateway for all the servers is 10.1.1.1.

•Farm 1 IP address is 205.133.156.200.

•Servers 1 and 2 serve Farm 1.

•Farm 2 IP address is 205.133.156.210.

•Servers 2 and 3 serve Farm 2.

•Changes to the servers: change default the gateway to 10.1.1.1, as well

as the IP addresses to the 10.3.1.10/20/30 addresses. If on the server

there is a service attached to the IP address (HTTP/S, FTP, etc), please

make sure the service will run on the new IP address.

NOTE: Although the WebMux™ can work with any IP address range, all server IP addresses

should be Internet non-routable address so that the source address from the Internet does

not conflict with the IP addresses on the Server LAN.

NOTE: If there is a firewall between the WebMux™ and the Internet Router, a rule must be

defined in the firewall to allow the IP address of the WebMux™ interfaces on the Router LAN

in addition to the farm IP address (could be same as the WebMux™ Router LAN IP address)

to communicate out to the Internet on all ports. Since the WebMux™ doing Network Address

Translation of the farm address to a non-routable address, the farm addresses on the

WebMux™ interface must communicate outbound on all ports defined in the farms.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Installation without IP Address Change

Out-of-Path Mode:

The above diagram is an example about how to configure the WebMux™ in out-

of-path mode without changing the IP addresses of the web servers and other

servers that already exist on the network. This is particularly helpful when the

changing of an existing network of servers causes problems.

In this configuration, all the servers still remain on the same IP network and can

communicate. From the servers “view”, the WebMux™ is on the same network

as the servers. On the WebMux™, only the server LAN cable is connected,

since there is only one network in direct routing mode. The WebMux™ takes at

least two IP addresses to work in this mode, server LAN Interface IP address and

farm IP address.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Out-of-path mode also allows two WebMuxes to fully backup each other. The two

WebMuxes are connected to each other through a cross-over Ethernet cable.

Two simple changes must be made to each server in the farm. 1) Have a new

loopback adapter installed and have its address set to the farm address. Do not

set the gateway on the loopback adapter. Please refer to Appendix 1 and

Appendix 2 for how to configure a loopback adapter, as well as how to remove

the route from the servers. Please note for Out-of-Path to work properly, the

loopback adapter must route the return traffic through the real network

interface. In other words, the loopback adapter cannot have the gateway

specified. Please refer to Appendix 1 and 2 for more details on how to

configure the loopback adapter on servers. In case the server is running

Windows 2003, the route created during adding loopback adapter cannot

be deleted; please make sure the loopback adapter has much higher metric.

2) If your service is bind to any specific IP address, add the loopback adapter’s

IP address to that service.

The firewall configuration must be changed to point to the new farm address on

the WebMux™. Since the WebMux™ always uses one IP address in the server

LAN, the farm address must be a different IP address in the server LAN in Out-

of-Path mode.

NOTE: Under normal Out-of-Path operations, you will only need to set the external gateway IP

address for the WebMux™. However, if you are going to have the WebMux™ do SSL

termination or Layer 7 load balancing, you must set a server LAN gateway IP in the WebMux™

and have the servers’ default gateway point to that IP address.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

Configuring the WebMux™

Before you Start

Please collect the information about names and IP addresses designated by the

arrows in the network topology below.

Network Terminology

A Virtual Farm includes the WebMux™ setup and the servers under it.

Functionally, it acts as a single unit on a network. For example,

http://www.cainetworks.com is one virtual server farm;

https://www.cainetworks.com is another farm, and ftp://ftp.cainetworks.com is the

third farm. The first farm works on a set of servers on port 80, the second farm

consists of another set of servers on port 443, and the third farm works on a set

of servers on port 21. Please note that the WebMux™ does support combining

80/443 ports as one single farm, so that same client browsing the site in HTTP

mode will be send to the same server for HTTPS requests. In the combined

mode, ports 80/443 will be combined into one farm.

The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x

To serve the Internet, there must be at least one Internet Router. This local

area network that connects the router and the WebMux™ is called the Router

LAN. In this LAN, the WebMux™ takes the Internet traffic and distributes it to

the servers behind it. The LAN connecting the WebMux™ and real servers

together is called Server LAN.

In NAT mode, only the WebMux™ boxes are connected to both Router LAN and

Server LAN. At least one WebMux™ is needed to define the Router LAN and

the Server LAN.

The side of the WebMux™ that connects to the Router LAN is to send and

receive all the IP packets from the router to the Internet. The side of the

WebMux™ that connects to the Server LAN is to send and receive IP packets to

and from the servers in the farms. By properly configuring the WebMux™, one

can create one or more Virtual Farms on top of physical hardware.

Hardware Setup --- Collect Information

•Make a drawing of the existing network and note all the configuration

settings. This will help you to fall back to the existing configurations if

needed.

•Make a new drawing for the new setup with the WebMux™ and the web

farm in place. This will be used as a guide for setup and preparation of all

the necessary material and equipment.

•Collect all the IP addresses, their network masks, network addresses, and

broadcast addresses for the Server LAN and Router LAN WebMux™

interfaces. The IP address of the Internet router is also needed.

•Label all the cables. Prepare additional cables if needed.

•Make sure there are enough electrical or UPS outlets for all the new

equipment.

Hardware Setup ---Setup the new network

•Power down all the devices on the network.

•If you have a secondary WebMux™, connect the WebMuxes with a cross-

over Ethernet cable.

•Connect the servers to the Server LAN

•Connect the WebMux™(es) to the Server LAN

•Connect the WebMux™(es) to the Router LAN (NAT mode only).

This manual suits for next models

Table of contents

Other CAI Networks Switch manuals

CAI Networks

CAI Networks 690PG User manual

Popular Switch manuals by other brands

Server Technology

Server Technology C-16HF1-C20 Installation and operation manual

Garmin

Garmin ONDECK GTB 10 installation instructions

Vega

Vega VEGASWING 51 operating instructions

Huawei

Huawei Quidway S2008-EI Specifications

Pickering

Pickering LXI 60-890-022 user manual

CTS

CTS FOS-3126-PLUS SERIES user manual

Radial Engineering

Radial Engineering Backtrack user guide

Audio Authority

Audio Authority 1177A Specifications

Carbonite

Carbonite eXtreme Configuration guide

Doughboy

Doughboy UL Series owner's guide

HP HP 830 Series Command reference

Flowserve

Flowserve NRS 1-7 installation instructions

GRASS VALLEY

GRASS VALLEY 3D PRODUCTION Application note

American Dynamics

American Dynamics RJ856UD Series installation guide

Leviton

Leviton LIT-32712-00 manual 

Network Technologies

Network Technologies SERIMUX-S-x Installation and operation manual

Network Technologies

Network Technologies SERIMUX-TERM-CS-16/8 Installation and operation manual

Vimar

Vimar Eikon 20592.0 manual

CAI Networks WebMux 480S User manual

Popular Switch manuals by other brands