《Radware_2011_技术培训.ppt》由会员分享,可在线阅读,更多相关《Radware_2011_技术培训.ppt(284页珍藏版)》请在三一办公上搜索。
1、AppDirector Level 1Course Code:400-101Radware Knowledge&E,slide 2,Contents,AppDirector:Training Presentations Day 1OverviewLab ConfigurationManagementFarmsLayer 4 Traffic RedirectionHealth Monitoring,slide 3,Contents,AppDirector:Training Presentations Day 2Server ManagementClient ManagementLayer 7 P
2、oliciesClient NAT,slide 4,Contents,AppDirector:Training Presentations Day 3Transaction AccelerationRedundancyExam,Slide 5,Radware Certified Application Specialist(RCAS),Certification is split into two partsPart 1:Hands-On Practical ExamPart 2:Web-Based Certification ExamIncluded at course fee(first
3、try)Hands-On always proctored from trainerusually done directly after the trainingCertification Exam,AppDirector High Level Overview,slide 7,Agenda,AppDirector:OverviewIntroductionFeatures and LicensingAppDirector Hardware,Introduction,Introducing Radware Application Delivery Solution,Radware Applic
4、ation Delivery solution is a comprehensive,cost-effective solution ensuring:Full availability Maximum performance Complete security of your mission-critical applications,while enabling greater cost reduction and higher ROI,Slide 9,Slide 10,Employees&Users,Customers,Partners,Data Center,Application S
5、ervers,Web&PortalServers,ESB,Message Queuing System,Mainframe,Databaseservers,AppDirector,AppXML,Identity Management System,Radware ADC Solution Topology,Web Services&XML Gateway,Intelligent Application Delivery Controller,Best-in-class Web Application Firewall,AppWall,Virtual Director,Application D
6、elivery Solution for the Virtualized Data Center,Virtual ADC Adapter Network Diagram,Customers,Mainframe,Databaseservers,vCenter VMware Management Server,AppDirector,VI Virtual Infrastructure,Virtual ADC Adapter listens to any configuration change in vCenter,Virtual ADC Adapter automatically configu
7、res the ADC with the new configuration change,Virtual ADC Adapter,Slide 11,Slide 12,Data Center Cost Reduction,Cost reduction involves the following factors:Reduce CAPEXProduct and equipments costsReduce OPEXMaintenance,electricity,cooling,space costsFaster ROILower TCO,Radwares ADC Solution enables
8、 significant cost reduction through:On demand throughput and service scalability Platform longevity Green platform leadership Superior performance per watt,Slide 13,Multiple elements evolve with the organization over time Throughput Requirements Application Requirements,New!IP Telephony Service,Trad
9、itional IT Applications,Additional Server Capacity,New Customers,On Demand Scalability in Services and Throughput,Radwares on demand scalability enables:Elimination of overspending on the ADC solution to deliver full investment protectionPaying for the exact capacity required through the“pay-as-you-
10、grow”approachOn demand scaling when more throughput or services are required without a forklift upgrade All translate into significant savings on CAPEX,Slide 14,5-year Platform Longevity Guaranteed,Radware Platform Longevity Guarantees business benefits:Extended platform life time sold for at least
11、the next five years Platform standardization and operational simplicity reduce OPEX on maintenance,training and spare unitsPlatform longevity,combined with platform performance leadership and scalability options,enables you to achieve full business benefits with CAPEX and OPEX savings,Platform Longe
12、vity Guaranteed,Slide 15,OnDemand Switch:Designed Green,Radware ADC hardware platforms are Designed GreenUsing custom-made hardware with:Embedded components providing more efficient power consumptionSmall footprint of 1U Devices for minimal rack footprintLess heat dissipationAnd in addition:Reducing
13、 your data centers overall energy consumption thanks to offloading servers!,Radware ADC solution reduces OPEX andenables your green environmental objectives,Superior L7 TPS Processing,Validated Performance Leadership,Consistent 4Gbps throughput capacity,Superior SSL Acceleration,Slide 16,Slide 17,Ra
14、dware Provides the Most Comprehensive Global Traffic Management SolutionReachability through DNS and AnycastUS Patented Global Load Balancing Based on ProximityRedirection Methods:DNS,HTTP,RTSPUS Patented TriangulationNetwork Products Guide Best Global Load Balancing Award,Radware Global Solution,Ra
15、dware GSLB guarantees transaction completion for ALL applications in distributed sites at ALL times delivering the best response time,Guarantee business continuity Ensure transaction completionIncrease asset ROI,Radware ADC Solution Business Value,Slide 18,Features and Licensing,slide 20,AppDirector
16、 Features and Licensing,The AppDirector is available with the following licenses:Standard-Local Licenseoptional licenses can be purchased:Global License Throughput LicenseSSL License(2.x,500 CPS included in standard license)Compression License(2.x,100Mbps included in standard license)Bandwidth Manag
17、ement and Intrusion PreventionDOS Shield and B-DOS,slide 21,Local and Global Functionality,Local Health Monitoring Traffic Redirection SSL Compression Application Security DOS Protection Bandwidth Management,slide 22,AppDirector Features and Licensing,Traffic Redirection and OptimizationThe main foc
18、us of the AppDirector is the ability to redirect traffic loads included in this function are:Load Balancing Client management Layer 7 switching Client PersistencySSLCachingCompression,slide 23,AppDirector Features and Licensing,Health MonitoringMonitoring active applications to verify the servers he
19、althOver 20 different predefined protocol checks including:HTTP and HTTPSDNSFTPLDAP/SSMTPRTSP.,slide 24,AppDirector Features and Licensing,IPSThe IPS functionality provides the following internal mechanisms:Application SecurityAnti-ScanningStateful InspectionProtocol Anomalies Protection,slide 25,Ap
20、pDirector Features and Licensing,Bandwidth Management ServicesThe Bandwidth Management Services are provided using the following internal mechanisms:The Policy DatabaseThe ClassifierThe QueuesThe Scheduler,slide 26,AppDirector Features and Licensing,DOS MitigatorThe DOS license provides the followin
21、g internal mechanisms:Rate based DOS protectionSYN Flood Protection with SYN CookiesBehavioral DOS Protection and attack mitigation,slide 27,AppDirector Features and Licensing,GlobalThe Global license enables the ability to redirect traffic to multiple sites and collect global statistics from those
22、sites for optimal load considerations.Two mechanisms are enabled with Global:Redirection HTTPDNSTriangulationRTSPAny cast Client ProxyProximityBased on Hop count,Latency,and Load.,OnDemand Switch Hardware,AppDirector Platform Offering,Throughput(Gbps),Port Density,Processing Power,1G,2G,4G,8G,12G,16
23、G,AppDirector x016,AppDirector x08,Slide 29,8-20 Gbps on demand,scalable throughput Ports:8 x GE,4 x 10GE,4 x SFP Serial,Dual out-of-band management ports LCD,USB port Layer 2 switch Dual AC/DC power supply,0-4 Gbps on demand,scalable throughput Ports:6 x GE,2 x SFP USB port,Serial Dual AC/DC power
24、supply,20G,AppDirector on OnDemand Switch VL,Slide 30,Radwares most-affordable AppDirector offering:Up to 4 Gbps throughput,2 SFP(1G)ports,6 GE ports,USB Port,RJ-45 Standard console port,HA:Dual Power Supplies,OnDemand Switch VL Highlights,Port density6 Gigabit Ethernet Ports(Copper)2 Gigabit Fiber
25、Ports(SFP-GBIC Mini)One of the GE ports can be configured for out-of-band management Front Panel ControlsPower and Reset button short and long pressPower button press button,state rememberedUSBRJ-45 standard console portLEDs:PWR,SYS OKHigh reliabilityHigh MTBF-190K hours,Slide 31,OnDemand Switch 3,U
26、p to 20Gbps Throughput Capacity2U form factorNEBS readyDual,redundant AC/DC power supply configurations16 GB Memory(Upgradeable to 32 GB)2 AMD Shanghai 2.5 Ghz Quad Core Processors,Slide 32,OnDemand Switch 3:Port Density,Traffic Ports4 10 Gigabit Fiber ports(XFP pluggable optics)ports4 Gigabit Ether
27、net SFP ports(SFP-GBIC Mini)8 Gigabit Ethernet Copper ports on switchManagement Ports2 out-of-band Gigabit Ethernet for Management,bypassing switchSwitchH/W trunks supportedSTP supported,Slide 33,slide 34,Front Panel Input/Output,Power and Reset buttons short and long pressPower button press button,
28、state rememberedUSBSerial consoleLEDs:PWR,FAN,SYS OKLCD,slide 35,Dedicated Management Ports,Two dedicated management portsReliable even under high load of traffic portsA separate trunk can be built of 2 for reliabilityNo traffic forwarded between management and traffic ports,slide 36,ODS1 ODS2,OnDem
29、andSwitch 1&2,OnDemand Switch 1 versus 2,ODS 1&2 provide the same throughput levels,but differ in:Ports densitySwitching-ODS2 provides hardware switching capabilitiesPerformance-ODS2 delivers a bit more performance over ODS1Memory-ODS1&ODS2 are shipped with sufficient memory to address most applicat
30、ion requirements.ODS1 shipped with 2GBODS2 shipped with 2GB,upgradeable to 4GB,Slide 37,OnDemand Switch 1,Ports4 Gigabit Ethernet(Copper/Fiber)for traffic2 Gigabit Ethernet for ManagementDual mode portsInserted GBIC select SFP portOtherwise RJ45 copper port is activeAMD Opteron dual-core 2.2 GHzUp t
31、o 2GB Memory,OnDemand Switch 2,Ports4 SFP for GBIC on switch12 Gigabit Ethernet Copper ports on switch2 separate Gigabit Ethernet for ManagementSwitchH/W trunks supportedSTP supportedAMD Opteron dual-core 2.6 GHzUp to 4GB Memory,Slide 39,OnDemand Switch Tech Specs Summary,Slide 40,Enhanced Accelerat
32、ion,Standard Acceleration,OnDemandSwitch VL,3 and OnDemandSwitch VL,3 XL,Slide 41,Enhanced Acceleration,AppDirector ODS hardware platforms comparison chart:,Standard Acceleration,OnDemandSwitch 1,2 and OnDemandSwitch 1,2 XL,Slide 42,Technical Overview,slide 44,Agenda,AppDirector:Technical OverviewIn
33、troductionPhysical TopologiesBasics of Traffic Flow,slide 45,Introduction,The AppDirector is a high-speed application load balancer,able to maintain traffic flows for both local and geographically diverse application server operations.The Capabilities of the AppDirector are divided into two categori
34、es part of the APSolute OS Architecture:Traffic RedirectionHealth Monitoring,slide 46,Introduction,Traffic RedirectionParameters to create,manage and manipulate the flow of traffic are found in the Traffic Redirection menu.Menu items included are:FarmsLayer 4 PoliciesLayer 7 PoliciesDistributed Site
35、 NAT DNSSegmentation,slide 47,Introduction Traffic Redirection,slide 48,Health Monitoring,Health Monitoring contains two parts:Health Check DBThe DB of all the health checks being performed by the AppDirectorBinding TableBinding the health checks to the servers in the AppDirector.,slide 49,AppDirect
36、or Terminology,Some Basic terminology that will be used through the presentation.A Farm is a collection of servers running the same application web,mail,DNS,FTP,etcA Virtual IP Address is used to forward traffic to farmsLayer4/7 Policies are used to tie the VIP to the Farm,Physical Topologies,slide
37、51,AppDirector Physical Topologies,Switch,Switch,Backup AppDirector,Active AppDirector,Router,4.3.2.254,4.3.2.2,4.3.2.1,slide 52,AppDirector Physical Topologies,Switch,Backup AppDirector,Active AppDirector,Router4.3.2.254,Server4.3.2.10,Server Default Gateway Active AppDirector,Server4.3.2.11,Server
38、4.3.2.12,Server4.3.2.13,4.3.2.1,4.3.2.2,One-Leg Mode,VLAN Tagging 802.1q,For AppDirector to support VLAN Tags you need to enable 802.1q environment support.After enabling you need to reboot the device!VLAN Tag Handling can beRetain VLAN Tags:preserves VLAN Tags on incoming traffic passing through th
39、e device(used only with Segmentation per VLAN,but is Default)Overwrite VLAN Tags:rewrites VLAN Tags based on the local subnet to which the traffic is sent or on the destination MAC of the packet.CLInet vlan-tag-environment set enableWeb Based Management Device VLAN Tagging,Slide 53,slide 54,Local Tr
40、iangulation,Single-Leg configurationServers with routable addressesServers gateway is NOT the AppDirectorUses loopback adapter on each server in farmLoopback address on each server is that of the VIPLoopbacks must NOT answer ARP requests,slide 55,Local Triangulation,AppDirector,Router4.3.2.1,IP=4.3.
41、2.30Loop back=4.3.2.100Default Gateway=4.3.2.1,VIP=4.3.2.100,IP=4.3.2.10Loop back=4.3.2.100Default Gateway=4.3.2.1,Load Balancing Decision,Source IP ClientDestination IP VIPDestination MAC-Server,Triangle,Segmentation,If using a single AppDirector to load balance multiple farms-each located on a dif
42、ferent segment around a firewall-AppDirector must ensure that all traffic between segments is passed through the firewall.Segmentation involves dividing your network into logical segments,where a single AppDirector load balances the traffic so that all segments can be inspected by a single firewall.
43、Segmentation can be done by Physical Ports or VLAN-Tags,Slide 56,Segmentation-Notes,Segmentation is a global AppDirector feature and can not be turned on and off per farm.All the segments must be of the same type:either port segments or VLAN Tag segments.Device management can only be performed via a
44、 port/VLAN tag that belongs to the default segment.AppDirector default gateway can only belong to the default segment.You can also assign a NHR to each segment,similar to the way Next Hop Routers can be associated with Virtual IPs.A configuration where farms associated with the same Layer 4 Policy V
45、IP are associated with different segments is not supported.You need to ensure that these configuration conflicts are avoided.Similarly,configurations where servers and the Virtual IP do not belong to the same segment are not supported.Segmentation by physical ports cannot be used when the same physi
46、cal port belongs to multiple segments and is used with Delayed Binding(Layer 7 policies,Session ID Persistency,SYN Flood Protection,etc).,Slide 57,Slide 58,Next-Hop-Router per VIP,Switch,Switch,Backup AppDirector,Active AppDirector,Router,4.3.2.254,4.3.2.2,4.3.2.1,Router,4.3.2.253,VIP 1,VIP 2,Slide
47、59,Next-Hop-Router per VIP,Traffic Flow,slide 61,AppDirector Basics of Traffic Flow,In most circumstances,the AD requires that traffic flow bi-directionally through the device-clients send a request to a Layer-4 policy and the AD forwards the request to a server:the server responds back through the
48、AD.The AD will only load balance traffic that is destined to a matching Layer-4 policyThe AD will not intercept other traffic flowing through the device.It will only route it.,slide 62,Overview,Flow OptionsThere are 4 different possible flow configurations on the AppDirector:NormalLocal Triangulatio
49、nClient NATGlobal,slide 63,Overview,Normal Flow:Client connects to a Layer-4 policy(VIP).AppDirector makes a forwarding decision.Client is sent to a selected Server.Server responds back to Client through AppDirector.,slide 64,Overview Normal Flow,VIP(6.6.6.100),Client 4.3.2.1,Server 1192.168.1.10,Se
50、rver 2192.168.1.11,Server 3192.168.1.12,Load Balancing Decision,VIP,slide 65,Overview,Local Triangulation:Client connects to a Layer-4 policy(VIP).AppDirector makes a forwarding decision.AppDirector sends client to the MAC address of the server with a loopback adapter configured as the VIP.Server re
