CAI Networks WebMux 480S User manual
i
Table of Contents
Table of Contents······························································································································ i
Packing List····································································································································iii
Main Components···························································································································· 1
Front View··································································································································· 1
Rear View···································································································································· 2
WebMux™ Overview······················································································································· 3
Key Features······························································································································· 3
The WebMux™ Family ··············································································································· 5
Network Overview······················································································································· 7
Sample Configurations···················································································································· 9
Single WebMux™························································································································ 9
Redundant Installation·············································································································· 11
Installation without IP Address Change··················································································· 13
Configuring the WebMux ·············································································································· 15
Before you Start ························································································································ 15
Hardware Setup --- Collect Information··················································································· 16
Hardware Setup ---Setup the new network ··············································································· 16
Hardware Setup ---Configuration Summary············································································· 17
Initial Configuration······················································································································ 17
NAT Mode Related Configuration ···························································································· 18
Out-of-Path Related Configuration··························································································· 20
NAT and Out-of-Path Common Configuration········································································· 20
What if I made mistake in my configuration? ··········································································· 23
Management Console···················································································································· 24
Login········································································································································· 24
Main Management Console ······································································································ 26
SSL Keys···································································································································· 27
Administration Set Up··············································································································· 33
Change Browser Login Password: ··························································································· 39
Set Clock:·································································································································· 41
Upload/Download····················································································································· 43
Add Farm ·································································································································· 44
ii
Modify Farm ····························································································································· 49
Add Server: ······························································································································· 51
Modify Server···························································································································· 54
Initial setup change Through Browser······················································································ 56
Initial Configuration Worksheets·································································································· 58
Sample Configuration Worksheets ································································································ 59
Contact Information······················································································································ 63
FAQs·············································································································································· 64
Regulations···································································································································· 67
Appendix 1 – How to Add A Loopback Adapter············································································ 68
Appendix 2 - How to make route delete reboot persistent····························································· 70
Appendix 3 - Phone Paging Codes································································································ 71
Appendix 4 – Virtual Hosting Issues····························································································· 73
Appendix 5 – Sample Custom CGI Code······················································································· 74
Appendix 6 – Access CLI Commands···························································································· 75
Appendix 7 – Extended Regular Expressions················································································ 76
Index·············································································································································· 77
iii
Packing List
•One (1) WebMux™ unit
•One (1) Power cord
•One (1) User Manual
•One (1) Warranty registration card
iv
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
1
Main Components
Front View
Toggle Power Switch
This switch toggles power on and off. To power off, the switch must be pressed
and held for 5 seconds.
Reset Button
Press and release the reset button to reset the WebMux™. This process may
take several minutes to complete.
Up Arrow Button, Down Arrow Button
When each button is pressed, the value on the cursor location increases or
decreases. It goes through lower case letters, upper case letters, numbers and
symbols. When the cursor is located at the left most position on the LCD, the up
and down arrow allows the user to select a different item to setup.
Left Arrow Button and Right Arrow Button
When each button is pressed, the cursor moves to the left and right.
Check Mark Button, and Cross Button
Check Mark Button confirms the selection, Cross Button cancels the selection. At
any time when the system is running holding down to the Check Mark Button will
invoke the configuration menu, where you can change IP addresses and other
settings.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
2
Rear View
Server LAN Port
Connect this port to the Server LAN switch or hub. This port connects to the
servers and your local computers. It is the right most RJ45 socket. In Out-of Path
configuration, this is the only Ethernet cable to be connected.
Backup WebMux™ Port
Optionally, you may connect another WebMux™ to this port so that you can have
redundancy. If you have more than one WebMux™, you can connect them using
a cross over cable, or a regular cable with a hub.
Router LAN Port
Connect this port to the Router LAN switch or hub. In most situations, this port
connects to the Internet side network in NAT mode. It is the left most RJ45
Socket.
PLEASE NOTE: The Router LAN and Server LAN port are not interchangeable.
External Modem Connect Port
To utilize the phone pager function of the WebMux™, please connect the
external modem to this port. In some cases, if you prefer support engineers to
not use diagnostic ports over the Internet, our support engineers can also
connect through the modem to assist you with setup issues. A US Robotics
V.Everything modem is required: US Robotics part number 3CP3453. Modem dip
switch has 3, 8, and 10 down, rest up. A standard external modem cable is also
needed. Check with your modem supplier for the cable.
Power Switch
This switches the WebMux™ on and off. When in the "off" position, the front
panel power switch is disabled.
Power Cord
Please use the supplied power cord to connect the WebMux™ to the power
source. 1U WebMux™ has a 115V/230V AC universal power supply.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
3
WebMux™ Overview
Key Features
The WebMux™ is a standalone network appliance designed primarily to load
balance IP traffic to multiple servers. The WebMux™ includes the following key
features.
•Improves performance by distributing the traffic for a site or domain
among multiple servers. No one server will be bogged down trying to
service a particular site.
•SSL Termination to reduce the cost of multiple certificates.
•Provides high availability by tracking which servers are functioning
properly and which servers are out of service. If a server unexpectedly
goes down, the WebMux™ will automatically re-direct the traffic to other
servers, or will bring a standby or backup server online to service the
traffic. The WebMux™ does application level health check to many
network protocols on servers.
•Provides Persistent Connections by memorizing the user browser
session and the server session and sending the same user to the same
server. This is important for sites using shopping cart and dynamically
generated pages, like BroadVision, ASP and JSP sites.
•Provides fault tolerance. This installation requires two WebMuxes, a
primary and a secondary. The two WebMuxes will automatically sync the
configuration datum.
•Easy management. It can be managed via a secured web browser
session from anywhere in the world. By using https 128 bit encryption to
the management web console, secure remote management of server
farms is truly possible.
•Operating System independent. No software or agent to load on the
servers. Non-intrusive load/failure detection and management.
•Provides Proxy function. When communication is initiated from behind
the WebMux™, the WebMux™ will substitute its own address for the
internal address. This allows the web servers to initiate communication for
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
4
services such as credit card validation and mapping services. (Note: this
function only works in NAT mode).
•Built-in Firewall Protections. Stop possible hacker intrusion into your
network from Internet. All IP addresses and ports are blocked except the
farm IP address. Built-in functions will detect any possible denial of service
attack and make your services always available. (Note: this function only
works in NAT mode with “Forwarding Deny”, see setup for details).
•In-Path or Out-of-Path Load Balancing. In normal setup, the WebMux™
can be configured In-Path, to act as firewall in addition to the load balancer
and health checker. However, if outbound traffic is much larger than
inbound traffic and you already have a firewall in place, or change of IP
address causes problems, consider using Out-of-Path configuration. Out-
of-Path load balancing is also called direct routing, or one leg operation.
•Layer 7 Load Balancing. WebMux™ can direct traffic to specific groups
of servers within a farm according to a match pattern in HTTP MIME
header. This allows you, for example, to group servers that serve only a
specific type of content while serving other types of content on another
group of servers. WebMux™ Layer 7 load balancing also includes URI
load directing with host name MIME header matching and cookies in order
to memorize the user browser session and the server session and send the
same user to the same server. This is important for sites using shopping
cart and dynamically generated pages.
•Informs you of the status of your network. It provides phone pager
and email notification so that the network administrator can be paged or
emailed whenever a server or WebMux™ goes down, and when it returns
online. This feature could reduce server room night shift operator costs, or
timely repair should the server goes down unexpectedly.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
5
The WebMux™ Family
The 1U WebMux™ family consists of three models. They are:
•The WebMux™ 480S
•The WebMux™ 580SG
•The WebMux™ 680SP
The table below compares the features of the models.
Model Number: 480S 580SG 680SP
Speeds:
Copper Ethernet Speed 10/100 10/100/1000 10/100/1000
MAX. SSL Termination 1024
RSA Transaction/S 120 200 2000
Max SSL Terminated connection 5,000 10,000 20,000
Max Active SSL Certificates 16 16 16
Balancing Method:
Round-Robin Yes Yes Yes
Persistent Round-Robin Yes Yes Yes
Weighted Round-robin Yes Yes Yes
Persistent Weighted Round-
robin Yes Yes Yes
Least Connections Yes Yes Yes
Persistent Least Connections Yes Yes Yes
Weighted Least Connections Yes Yes Yes
Persistent Weighted Least
Connections Yes Yes Yes
Weighted Fast Response Yes Yes Yes
Persistent Weighted Fast
Response Yes Yes Yes
Layer 7 URI load directing Yes Yes Yes
Layer 7 URI load directing with
host name MIME header
matching and cookies
Yes Yes Yes
Layer 7 hashed URI load
directing Yes Yes Yes
Fault Tolerance:
Diskless Design Yes Yes Yes
Port aggregation Yes Yes Yes
Failover via Ethernet Yes Yes Yes
Service aware Yes Yes Yes
Server aware Yes Yes Yes
Backup server Yes Yes Yes
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
6
Performance:
Maximum concurrent
connections 1,440,000 2,880,000 5,760,000
Maximum New Connections/S 7,000 40,000 50,000
Maximum throughput per second 200 MBit/s 1 GBit/s 2 Gbit/s
Maximum Internet Link Speed 2 X T3 1.5 X OC-12 1.5 X OC-12
Management:
Secure web browser access Yes Yes Yes
In service/Not in service Yes Yes Yes
Page alarms (ext modem req) Yes Yes Yes
Email Notification Yes Yes Yes
Configuration access Yes Yes Yes
Remote telnet access Yes Yes Yes
Persistent connections Yes Yes Yes
Port mapping Yes Yes Yes
Port-specific services Yes Yes Yes
Security Features
Network Address Translation Yes Yes Yes
Network Port Translation Yes Yes Yes
TCP SYN protection Yes Yes Yes
TCP DoS protection Yes Yes Yes
SSL support Yes Yes Yes
Device Support:
Maximum virtual farms 500 Unlimited Unlimited
Maximum real servers 65,532 65,532 65,532
Device's role in the network IP router IP router IP router
UDP-based service support Yes Yes Yes
Misc.
Overnight Exchange Unit Service Contract ServiceContract ServiceContract
Free Email/Phone Support Three Years Three Years Three Years
Warranty on Hardware/Firmware Three Years Three Years Three Years
Power Consumption 120W 200W 350W
115VAC Current 2.5A 3.5A 5A
Heat Production 350BTU/H 550BTU/H 800BTU/H
Power and Cooling Requirement
95 – 130VAC or 195-235VAC at 50-60Hz universal input power required.
Absolute operating temperature range is 0-40C. Recommended operation
ambient temperature should not to exceed 30C.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
7
Network Overview
The WebMux™ has two modes, In-Path, or NAT (Network Address Translation)
and Out-of-Path (Direct Routing) mode. Each mode has its advantage and
disadvantages. Lets look the NAT mode first.
The main purpose of the WebMux™ is to balance the traffic among multiple web
or other servers. The diagram above shows an NAT installation with two
WebMuxes. In this configuration, one WebMux™ is serving as the primary, and
the other is serving as the secondary, or backup, providing a fault tolerant
solution.
In order for the web servers to share the incoming traffic, the WebMux™ must be
connected to the network. There are two interfaces on the WebMux™. One
interface connects to the Router LAN. This is the network to which the Internet
router is connected. The other interface is connected to the Server LAN. This
network connects all the web servers. The WebMux™ routes traffic between
these two networks.
Next, a Virtual Farm or multiple farms must be configured on the WebMux™. A
virtual farm is a single representation of the servers to the clients. A farm consists
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
8
of a group of servers that service the same domain, website or services. For
example, to configure a farm (or virtual farm) to serve www.cainetworks.com:
•First, Server 1 and Server 2 would each need the website
www.cainetworks.com configured on them and HTTP/HTTPS services
started, and
•Second, a farm on the WebMux™ is defined with Server 1 and Server 2 in
it. The servers would be setup to either share the traffic, or setup as a
primary server and standby server. In either case, if Server 1 goes down,
then all traffic will be automatically directed to Server 2 by the WebMux™.
In Out-of-Path mode, only one network in the setup, that is the server LAN, is
connected to the Internet through the firewall and router. Internet traffic or local
connections can both be directly sent to the WebMux™, which routes the
packets to the proper server(s), then the server routes the return traffic back to
the remote or local clients directly.
In most situations, the incoming traffic is in small requests, and return traffic from
servers back to clients is large amount of data, pictures, or documents. Using
direct routing will allow up to 100 times more traffic to be handled by the
WebMux™ load balancer. The disadvantage for direct routing is that the firewall
protections built-in to the WebMux™ will no longer function. Users then must
provide their own firewall for incoming and outgoing traffic.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
9
Sample Configurations
Single WebMux™
•This installation requires one WebMux™.
•One WebMux™ interface connects to the Router LAN. The other
interface connects to the Server LAN.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
10
•The WebMux™ translates the Internet addresses to an internal non-
routable class-C address. In this example, the netmask is 255.555.255.0.
The IP address of the WebMux™ interface attached to the Server LAN is
192.168.199.251.
•The Default Gateway for all the servers is 192.168.199.1.
•Farm 1 IP address is 205.133.156.200. Servers 1 and 2 serve Farm 1.
•Farm 2 IP address is 205.133.156.210. Servers 2 and 3 serve Farm 2.
•Changes to the server: change the default gateway to 192.168.199.1, as
well as the IP address to the 192.168.199.xxx address. If on the server
there is a service attached to the IP address (HTTP/S, FTP, etc), please
make sure the service will run on the new IP address.
NOTE: Although the WebMux™ can work with any IP address range, all server IP addresses
should be Internet non-routable address so that the source address from the Internet does not
conflict with the IP addresses on the Server LAN.
NOTE: If there is a firewall between the WebMux™ and the Internet Router, a rule must be
defined in the firewall to allow the IP address of the WebMux™ interface on the Router LAN along
with the farm IP address to communicate out to the Internet on all ports. If you are doing Network
Address Translation of the farm address to a non-routable address, then both the farm address
and the WebMux™ interface address must be translated to communicate outbound on all ports.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
11
Redundant Installation
•The installation requires two WebMuxes. One will be the primary, and the
other the secondary. They connect together with the Ethernet cable that
is either cross-over or through a hub. The primary redundant interface IP
address is 192.168.255.253; the secondary redundant interface IP
address is 192.168.255.254. They can not be changed.
•Both WebMuxes connect to the Router LAN, and to the Server LAN. Each
WebMux™ interface has a unique IP address.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
12
•The registered Internet IP address range is a class C address range. The
IP address of the WebMuxes’ Virtual Farms must be in the same network
range as the Internet router.
•The WebMux™ translates the Internet addresses to an internal non-
routable class A address. In this example, the subnet-mask is 255.0.0.0.
The IP address of the WebMux™ interfaces attached to the Server LAN
are 10.1.1.10 and 10.1.1.20.
•The Default Gateway for all the servers is 10.1.1.1.
•Farm 1 IP address is 205.133.156.200.
•Servers 1 and 2 serve Farm 1.
•Farm 2 IP address is 205.133.156.210.
•Servers 2 and 3 serve Farm 2.
•Changes to the servers: change default the gateway to 10.1.1.1, as well
as the IP addresses to the 10.3.1.10/20/30 addresses. If on the server
there is a service attached to the IP address (HTTP/S, FTP, etc), please
make sure the service will run on the new IP address.
NOTE: Although the WebMux™ can work with any IP address range, all server IP addresses
should be Internet non-routable address so that the source address from the Internet does
not conflict with the IP addresses on the Server LAN.
NOTE: If there is a firewall between the WebMux™ and the Internet Router, a rule must be
defined in the firewall to allow the IP address of the WebMux™ interfaces on the Router LAN
in addition to the farm IP address (could be same as the WebMux™ Router LAN IP address)
to communicate out to the Internet on all ports. Since the WebMux™ doing Network Address
Translation of the farm address to a non-routable address, the farm addresses on the
WebMux™ interface must communicate outbound on all ports defined in the farms.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
13
Installation without IP Address Change
Out-of-Path Mode:
The above diagram is an example about how to configure the WebMux™ in out-
of-path mode without changing the IP addresses of the web servers and other
servers that already exist on the network. This is particularly helpful when the
changing of an existing network of servers causes problems.
In this configuration, all the servers still remain on the same IP network and can
communicate. From the servers “view”, the WebMux™ is on the same network
as the servers. On the WebMux™, only the server LAN cable is connected,
since there is only one network in direct routing mode. The WebMux™ takes at
least two IP addresses to work in this mode, server LAN Interface IP address and
farm IP address.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
14
Out-of-path mode also allows two WebMuxes to fully backup each other. The two
WebMuxes are connected to each other through a cross-over Ethernet cable.
Two simple changes must be made to each server in the farm. 1) Have a new
loopback adapter installed and have its address set to the farm address. Do not
set the gateway on the loopback adapter. Please refer to Appendix 1 and
Appendix 2 for how to configure a loopback adapter, as well as how to remove
the route from the servers. Please note for Out-of-Path to work properly, the
loopback adapter must route the return traffic through the real network
interface. In other words, the loopback adapter cannot have the gateway
specified. Please refer to Appendix 1 and 2 for more details on how to
configure the loopback adapter on servers. In case the server is running
Windows 2003, the route created during adding loopback adapter cannot
be deleted; please make sure the loopback adapter has much higher metric.
2) If your service is bind to any specific IP address, add the loopback adapter’s
IP address to that service.
The firewall configuration must be changed to point to the new farm address on
the WebMux™. Since the WebMux™ always uses one IP address in the server
LAN, the farm address must be a different IP address in the server LAN in Out-
of-Path mode.
NOTE: Under normal Out-of-Path operations, you will only need to set the external gateway IP
address for the WebMux™. However, if you are going to have the WebMux™ do SSL
termination or Layer 7 load balancing, you must set a server LAN gateway IP in the WebMux™
and have the servers’ default gateway point to that IP address.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
15
Configuring the WebMux™
Before you Start
Please collect the information about names and IP addresses designated by the
arrows in the network topology below.
Network Terminology
A Virtual Farm includes the WebMux™ setup and the servers under it.
Functionally, it acts as a single unit on a network. For example,
http://www.cainetworks.com is one virtual server farm;
https://www.cainetworks.com is another farm, and ftp://ftp.cainetworks.com is the
third farm. The first farm works on a set of servers on port 80, the second farm
consists of another set of servers on port 443, and the third farm works on a set
of servers on port 21. Please note that the WebMux™ does support combining
80/443 ports as one single farm, so that same client browsing the site in HTTP
mode will be send to the same server for HTTPS requests. In the combined
mode, ports 80/443 will be combined into one farm.
The WebMux™ Model 480S, 580SG, and 680PG User Guide – Version 7.0.x
Copyright© 1997-2006 CAI Networks, Inc.
16
To serve the Internet, there must be at least one Internet Router. This local
area network that connects the router and the WebMux™ is called the Router
LAN. In this LAN, the WebMux™ takes the Internet traffic and distributes it to
the servers behind it. The LAN connecting the WebMux™ and real servers
together is called Server LAN.
In NAT mode, only the WebMux™ boxes are connected to both Router LAN and
Server LAN. At least one WebMux™ is needed to define the Router LAN and
the Server LAN.
The side of the WebMux™ that connects to the Router LAN is to send and
receive all the IP packets from the router to the Internet. The side of the
WebMux™ that connects to the Server LAN is to send and receive IP packets to
and from the servers in the farms. By properly configuring the WebMux™, one
can create one or more Virtual Farms on top of physical hardware.
Hardware Setup --- Collect Information
•Make a drawing of the existing network and note all the configuration
settings. This will help you to fall back to the existing configurations if
needed.
•Make a new drawing for the new setup with the WebMux™ and the web
farm in place. This will be used as a guide for setup and preparation of all
the necessary material and equipment.
•Collect all the IP addresses, their network masks, network addresses, and
broadcast addresses for the Server LAN and Router LAN WebMux™
interfaces. The IP address of the Internet router is also needed.
•Label all the cables. Prepare additional cables if needed.
•Make sure there are enough electrical or UPS outlets for all the new
equipment.
Hardware Setup ---Setup the new network
•Power down all the devices on the network.
•If you have a secondary WebMux™, connect the WebMuxes with a cross-
over Ethernet cable.
•Connect the servers to the Server LAN
•Connect the WebMux™(es) to the Server LAN
•Connect the WebMux™(es) to the Router LAN (NAT mode only).
This manual suits for next models
2
Table of contents
Other CAI Networks Switch manuals
Popular Switch manuals by other brands
Dynex
Dynex DX-PT413 Quick setup guide
Cisco
Cisco SRW2048 - Small Business Managed Switch datasheet
MCD Elektronik
MCD Elektronik 153780 manual
LF
LF Portfolio LP-FSBK quick start guide
Endress+Hauser
Endress+Hauser nivocompact FTC 731 Installation and operating manual
GRASS VALLEY
GRASS VALLEY 8972PX datasheet
