US Robotics 3CP3453 User's Guide

WebMux™ Model 481SD/592SGQ User Guide Version 9.0.x

- 6 - 1.2 Rear View 1.2.1 Server LAN Port Connect this port to the Server LAN switch or hub. This port connects to the servers and your local comp

- 96 - Appendix D Sample Custom CGI Code The custom cgi-bin checking program may be written in Java, VB, C, or Perl, for example, or it may be a WB or

- 97 - Also, the MIME header of the custom health check request will include the “Host:” and “User-Agent:.” The “Host:” MIME header will be the label

- 98 - Appendix E Access CLI Commands Once the diagnose ports set, superuser could use ssh or telnet to access the CLI commands to help troubleshoot n

- 99 - poweroff - initiates the proper shutdown sequence putconfig - restore farm/server settings from your PC to WebMux reboot - initiates a soft re

- 100 - Appendix F Extended Regular Expressions Extended Regular Expressions is powerful system for filtering and matching string patterns. Although y

- 101 - Items with either OO or “Object Oriented” or “Object-Oriented” on one line. OO|([oO]bject( |\-)[oO]riented) To search for characters other tha

- 102 - Appendix G Notes on IPv6 Because IPv6 uses the colon (:) symbol in the address, there are special considerations needed when using the IPv6 ad

- 103 - Appendix H WebMux SNMP MIB Query ID .1.3.6.1.4.1.27182.3.1.1.1.11.0 caiWebMuxActive.0 SYNTAX INTEGER { true(1), false(2) } DESCRIPTION “Whethe

- 104 - .1.3.6.1.4.1.27182.3.1.1.3.1.7.x.y caiWebMuxFarmAddressPort.x.y SYNTAX Unsigned32 (1..65535) DESCRIPTION “A TCP or UDP port number used to acc

- 105 - .1.3.6.1.4.1.27182.3.1.1.2.1.2.x caiWebMuxFarmRowStatus.x SYNTAX INTEGER { active(1), notInService(2), notReady(3), createAndGo(4), createAndW

- 7 - Section 2 WebMux Overview 2.1 Key Features The WebMux is a standalone network appliance designed primarily to load balance IP traffic to multip

- 106 - .1.3.6.1.4.1.27182.3.1.1.1.10.0 caiWebMuxMemoryUsage.0 SYNTAX Unsigned32 UNITS “%” DESCRIPTION “The current memory usage expressed as a percen

- 107 - .1.3.6.1.4.1.27182.3.1.1.4.1.10.x.y caiWebMuxServerConnectionsPerSec.x.y SYNTAX Gauge32 DESCRIPTION “The current rate of connections being ser

- 108 - .1.3.6.1.4.1.27182.3.1.1.4.1.12.x.y caiWebMuxServerState.x.y SYNTAX Unsigned32 DESCRIPTION “The current state of this server. The bits have th

- 109 - Appendix I Special Details about Out-of-Path Mode Since firmware version 8.2.03, the WebMux bonds the “Internet” and “Server” ports in a Link

- 110 - Appendix J Tagged VLAN and WebMux VLANs may be untagged and tagged. To use untagged VLANs, also known as port based VLANs, no additional confi

- 111 - In Out-of-Path Mode, you only have one VLAN ID to assign for the original network since the WebMux only uses one network for both incoming tra

- 112 - Appendix K Multiple Uplink/VLAN Support As of version 8.5.00, the WebMux support load balancing multiple uplink capabilities. You can configur

- 113 - -m|—netmask NETMASK network mask for the network is NETWORK, e.g., 255.255.255.0 -n|—network NETWORK address of the network is NETWORK, e.g.

- 114 - and secondary units. In NAT mode, the Router (Internet) LAN and Server LAN interfaces are deactivated when the unit is in standby to eliminate

- 115 - Appendix L Bond All Interfaces Setup Guide As of firmware version 8.5.04, when you specify a non-zero VLAN ID in NAT Mode or Transparent Mode,

- 8 - • Built-in Anti-Attack Security Function. Automatic protection against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

- 116 - When you create a port channel, a new interface may be created designated by 1/1 for example. Next, you will assign the VLAN IDs to the PORT-C

- 117 - Appendix M How to Add Commands to WebMux Startup Sequence Sometimes there is a need to add commands to the WebMux startup sequence so that cer

- 118 - Appendix N Using Client Side SSL Certificate Authentication on the WebMux WebMux can authenticate visiting browsers by installing client side

- 119 - b. Select an unused key slot (key 3, for example): c. Open the ca.crt file created in step 1 as a text file. d. Copy and paste the text i

- 120 - iv. Your certificate request is saved in the file “webmux.csr” 4. Self-sign the certificate request and import the certificate into the WebM

- 121 - i. Go back to the Certificate Manager and click on the “Your Certificates” tab. Click on “Import”: ii. Select the “client.p12” file creat

- 122 - ii. Click on the Content Tab, then click on the Certificates button:

- 123 - iii. In the Certificates windows, click on the Personal tab: iv. Click on the Import button. You will see this screen. Click the Next b

- 124 - v. Click the Browse button: vi. Be sure to select the Personal Information Exchange (p12) format:

- 125 - vii. Enter the password you created at 7a: viii. Click the Next button:

- 9 - • Multiple Uplink/VLAN Support. Using the command line interface command, nwconfig, WebMux can be configured for use with Multiple ISPs. You ca

- 126 - ix. Click the Finish button: x. The Certificate has been imported: 9. To enable client side certificate authentication on the WebMux

- 127 - Appendix O Configuring End to End SSL Load Balancing End to End SSL Load Balancing allows you to enable SSL on the front end between the clien

- 128 - 2. Click the submit button and you should be back at the main console screen with the newly added farm showing. 3. Click on the farm IP and

- 129 - Index 128bit, 60 ACTIVE, 67, 74, 87 Add, 34, 37, 53, 64, 66, 68, 69, 83, 91 Add Gateway Farm, 72 Allowed, 31, 33, 46, See Anti-Attack, 8, 48

- 130 - Proxy, 7, 26, 81, 82, 83, 85 public key, 62 Reboot, 24, 32, 52, 82, 83, 84, 85, 91 re-encryption, 14, 57 Round-Robin, 10 route, 20, 30, 41, 54

- 10 - Section 3 The WebMux Family The 1U WebMux family consists of three models. They are: • The WebMux 481SD • The WebMux 592SGQ • The WebMux 690

- 11 - Model Number: 481SD 592SGQ 690PG Fault Tolerance Diskless Design Yes Yes Yes Port aggregation Yes Yes Yes Failover via network connect

- 12 - Model Number: 481SD 592SGQ 690PG Miscellaneous Power and Heat (MAX at full load) 100W/300BTU 200W/500BTU 350W/1000BTU Factory warranty

- 13 - Next, a Virtual Farm or multiple farms must be configured on the WebMux. A virtual farm is a single representation of the servers to the client

- 14 - In most situations, the incoming traffic is in small requests, and return traffic from servers back to clients is large amount of data, pictur

- 15 - Section 4 Sample Configurations 4.1 Single WebMux (Two-Armed NAT Mode) • This installation requires one WebMux. • One WebMux interface (In

- 16 - • Changes to the server: change the default gateway to 192.168.199.1, as well as the IP address to the 192.168.199.xxx subnet. If on the serve

- 17 - • Both WebMuxes connect to the Router LAN, and to the Server LAN. Each WebMux interface has a unique IP address. • The registered Internet IP

- 18 - 4.3 Installation without IP Address Change (Two-Armed Transparent Mode) Transparent Mode is another WebMux configuration that allows you to

- 19 - For single WebMux setup, any kind of switch will work, since there is only one bridge path exist on the network. No Spanning Tree Protocol is r

- 20 - 4.5 Installation without IP Address Change (One-Armed Out-of-Path Mode) The above diagram is an example about how to configure the WebMux in

- 21 - through the real network interface. In other words, the loopback adapter cannot have the gateway specified. Please refer to Appendix A and B fo

- 22 - Section 5 Configuring the WebMux 5.1 Before you Start Please collect the information about names and IP addresses designated by the arrows in

- 23 - takes the Internet traffic and distributes it to the servers behind it. The LAN connecting the WebMux and real servers together is called Serve

- 24 - • Turn on the WebMux. Turn on the switch on the back of the WebMux and push the power-on button in the front momentarily. You will see the ver

- 25 - Is this a Primary WebMux? If this is the Primary, answer Yes. If this is the Secondary WebMux, answer No. The secondary WebMux automatically g

Copyright© 1997-2012 CAI Networks, Inc. The information contained in this document is the property of CAI Networks, Inc. Neither receipt nor possess

- 26 - to go back to clients (up to 100X more than on the specification chart); it also does not require a change to the server IP address. The scree

- 27 - These IP addresses cannot be your Internet registered addresses. They must be Internet non-routable. For example, you can assign addresses in a

- 28 - Enter Server LAN Gateway IP address: This IP address is on WebMux. It will be the Default Gateway entry for all the servers on the Server LAN.

- 29 - Enter Server LAN VLAN ID (optional): Note The VLAN ID is used for full 802.1q VLAN support. In Single Network Mode the Router LAN VLAN ID a

- 30 - Enter Server LAN Network IP Address Mask: This is the network mask of the Server LAN. For a class A network, it may be 255.0.0.0. For a class

- 31 - Clear Allowed Host File? The allowed host file prevents any unauthorized access to the WebMux Management Console. If a workstation’s IP addres

- 32 - port collision in case passive FTP is one of the other farms. Using port number below 1024 will not require setting up an “admin farm IP.” Disc

- 33 - LCD Brightness: Pressing the “down” button at the “Power off?” screen will bring you to the LCD Brightness screen. This screen will allow you

- 34 - Section 6 Management Console After the Initial Configuration, you should be able to use a web browser to connect to the WebMux. The web browser

- 35 - 6.1 Login Start Login Page: Start a web browser from your management workstation. Set URL to https://webmuxip:webmuxport/ webmuxip is the IP a

- 36 - Password: Fill in the correct password for the selected User ID. The password is case sensitive. The default passwords are: ID Password superu

- 37 - 6.2 Main Management Console Once logged in to the Management Console, the main screen will show. To continue configuring the WebMux, the norm

- 38 - 6.2.1 Save On the main management console, clicking on the Save button will cause the WebMux to save its configuration. Changes made to the “F

- 39 - 6.3 Network Setup After logging into management console as superuser, click on the network menu. You will come to this screen: IPv6 96-bit

- 40 - Server for email notification: The WebMux can send email notifications. Enter the IP address of the email server that will forward the notifica

- 41 - WebMux https control port: Since the WebMux is load balancing incoming HTTPS traffic, the HTTPS port for the management console must be set to

- 42 - No: The WebMux will NOT route incoming IP packets through the WebMux, except IP packets for farm IP/port. This is the default setting. Front Ne

- 43 - Reset Stranded TCP Connections: When a server failed to function, there could be many TCP connections still in TCP_WAIT state. If this set to “

- 44 - You should see this screen: Routes displayed that are “grayed out” cannot be modified. To add a route, make sure “make indicated changes” is s

- 45 - 6.3.2 Reconfigure The reconfigure button will bring you to the initial network settings page. More details about this are covered in Section

- i - Table of Contents Packing List ...

- 46 - 6.4 Security Settings Allowed remote host IPs: The WebMux management console and diagnostic login only allow logins from these IP addresses t

- 47 - ICMP Packet input policy: Accept: The WebMux will allow all ICMP packets to travel through the WebMux. For CLI arp commands working properly, t

- 48 - 6.4.3 Activating the Anti-Attack Feature To get to the Anti-Attack settings of the WebMux, hover the mouse over the security menu on top and

- 49 - Duration to block attackers: This sets the amount of time to block attacker IP addresses. It may not be desirable to block specific IP address

- 50 - 6.5 Miscellaneous Settings The miscellaneous screen will show the events log by default. 6.5.1 Show Event This button will display all the

- 51 - Download: This feature allows the SAVED (not necessarily the active) configuration to be saved at the Administrative Browser workstation. Be su

- 52 - Year: Enter the year. Enter all 4 digits. Hour: Enter the hour of the day. Use the 24 hour clock, or military time. Minute: Enter the minute of

- 53 - Section 7 Setting Up Load Balancing 7.1 Add Farm Back at the “main” screen of the Main Management console, click the “Add Farm” button to add

- 54 - the corresponding IP addresses in the status screen. Although labels can be anything, it is better to have meaningful and unique label for each

- 55 - Service: The service selection determines the type of service running on the servers in the farm and how the WebMux will check the server healt

- ii - 5.6.1 Primary WebMux Information ... 255.7 NAT Mode Rela

- 56 - Scheduling method: The scheduling method is the way in which traffic is distributed among the servers in the farm. Eight different methods are

- 57 - more than once in a single farm. This scheduling method will allow you to have several name based virtual hosts on a single physical server wi

- 58 - Compress HTTP Traffic: Selecting “yes” to this option will activate the WebMux HTTP compression. If the client web browser sends out a MIME hea

- 59 - 7.2 Enabling SSL Termination By default, the SSL termination is NOT on. The following description is about enabling SSL termination for an HTT

- 60 - The WebMux allows SSL termination from any port to the farm port. If your SSL/TLS traffic is other than the standard HTTPS traffic, you may wan

- 61 - At the bottom of the screen you will see the option to choose encryption protocols allowed: This will enable you to restrict SSL connections t

- 62 - You can click a key number to generate keys, copy and paste signed certificates: You can view, copy and paste keys into the two windows. You s

- 63 - After submitting the selection, you will see this next screen: Enter all the necessary information. Click on the “Confirm” button to complete

- 64 - able to directly transfer your existing key and certificate from your Linux server. For Windows IIS keys and certificates, you will need to con

- 65 - that will determine which site is being accessed. The format of the farm label should be the site host name (i.e., www.xyz.com), max length 75

- iii - Section8Initial Setup Change Through Browser ... 79Section9

- 66 - SNAT: Selecting YES in this field will enable SNAT for this farm only. This option is not available when SNAT is enabled system-wide in the ne

- 67 - Server Port Number: If the port number specified in the farm setup is the same as the real server’s port number, you can leave this as “same.”

- 68 - Last Resort Standby—The server will be put into STANDBY state. Unless all other servers are out of services, this server will not be switch in.

- 69 - Virtual Host Load Directing: If you selected Layer 7 virtual host load directing with cookies as the scheduling method, the add server screen w

- 70 - Weight: Scheduling priority weight. Valid integer numbers are between 0 and 100. Changing the weight to zero will stop the incoming connections

- 71 - IP Address: Add an IP address to the current farm configuration. The IP address can be the same as long as the port number does not duplicate a

- 72 - 7.9 Add Gateway Farm Gateway Farms allow you to load balance outgoing traffic between multiple external gateways. The gateways can be routers

- 73 - Label: You can enter a label for reference purposes. The use of the label for gateways is optional. Click the “Confirm” button to create the g

- 74 - IP Address: Enter the IP address of your gateway. Label: The label here is used only for reference purposes. Weight: Scheduling priority weight

- 75 - have created a gateway farm, the status of your external route is determined by the availability of any one of the gateways in your gateway far

- iv - Packing List • One (1) WebMux unit • One (1) User Manual • One (1) Warranty registration card

- 76 - 7.10 Modify Health Check User may change the healthcheck behavior by modify and enable custom healthck, modifying the HTTP server respond code

- 77 - allowed responses. The URL is truncated to 255 bytes (to be a string of at most 256 bytes with a terminating null). The response from the serve

- 78 - 7.11 Monitor Traffic History Chart To monitor the traffic history, WebMux keep some of its statistics information in the memory during running

- 79 - Section 8 Initial Setup Change Through Browser You may want to change the basic settings for the WebMux through browser interface, for example,

- 80 - The next question on the screen asks to set the time in the WebMux. The WebMux uses its clock to set the cookie for the management browser. Whe

- 81 - Section 9 Sample Configurations and Worksheets 9.1 Initial Configuration Worksheets Configuration Before WebMux Installation Equipment IP Addr

- 82 - Question Entry Primary Secondary Server LAN VLAN ID (optional) Administration Setup Information External Gateway Address Remake /hom

- 83 - Administration HTTP Port Number 24 Secure Administration HTTPS Port Number 35 Is this WebMux primary Y WebMux running solo without backup Y

- 84 - Webserver(s) Default Gateway 10.1.1.1 Web Site IP Address 10.1.1.200/255.255.0.0 Configuration After WebMux Installation Question Entry Host

- 85 - If using multiple VLAN configuration, please note the VLAN IP address cannot be used for FARM address. FARM address must be an address within t

- 5 - Section 1 Main Components 1.1 Front View 1.1.1 Toggle Power Switch This switch toggles power on and off. To power off, the switch must be pre

- 86 - Section 10 Contact Information For latest product and support information, please visit our web site at: http://www.cainetworks.com To reach u

- 87 - Section 11 FAQs I can’t login with my browser. It always says you are not logged in. To use your browser to manage the WebMux, it must be set t

- 88 - How come my servers in the farm are showing in red color from time to time, even the servers are okay? Your servers are trying to resolve the W

- 89 - What can I do if the service that I want to load balance is not in the list? The WebMux already supports many different services. If your servi

- 90 - Section 12 Regulations 12.1 Notice to the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This dev

- 91 - Appendix A How to Add a Loopback Adapter For Out-of-Path Mode, a loopback adapter or device similar in function is required. This appendix list

- 92 - select Disable NetBIOS over TCP/IP. Click OK in the various windows to make all the changes permanent. Beginning with Windows Server 2008, the

- 93 - For SUSE Enterprise Linux 9: You can use YAST to set up a Virtual Interface and add the farm IP. Login as root, and add this command to the boo

- 94 - Appendix B How to Make Route Delete Reboot Persistent These instructions are for Windows 2000/NT systems. This is not necessary for Windows 20

- 95 - Appendix C Virtual Hosting Issues Servers serving more than one web site may do virtual hosting. The WebMux supports virtual hosting by checkin