WebMux™ Model 481SD/592SGQ User Guide Version 9.0.x
- 6 - 1.2 Rear View 1.2.1 Server LAN Port Connect this port to the Server LAN switch or hub. This port connects to the servers and your local comp
- 96 - Appendix D Sample Custom CGI Code The custom cgi-bin checking program may be written in Java, VB, C, or Perl, for example, or it may be a WB or
- 97 - Also, the MIME header of the custom health check request will include the “Host:” and “User-Agent:.” The “Host:” MIME header will be the label
- 98 - Appendix E Access CLI Commands Once the diagnose ports set, superuser could use ssh or telnet to access the CLI commands to help troubleshoot n
- 99 - poweroff - initiates the proper shutdown sequence putconfig - restore farm/server settings from your PC to WebMux reboot - initiates a soft re
- 100 - Appendix F Extended Regular Expressions Extended Regular Expressions is powerful system for filtering and matching string patterns. Although y
- 101 - Items with either OO or “Object Oriented” or “Object-Oriented” on one line. OO|([oO]bject( |\-)[oO]riented) To search for characters other tha
- 102 - Appendix G Notes on IPv6 Because IPv6 uses the colon (:) symbol in the address, there are special considerations needed when using the IPv6 ad
- 103 - Appendix H WebMux SNMP MIB Query ID .1.3.6.1.4.1.27182.3.1.1.1.11.0 caiWebMuxActive.0 SYNTAX INTEGER { true(1), false(2) } DESCRIPTION “Whethe
- 104 - .1.3.6.1.4.1.27182.3.1.1.3.1.7.x.y caiWebMuxFarmAddressPort.x.y SYNTAX Unsigned32 (1..65535) DESCRIPTION “A TCP or UDP port number used to acc
- 105 - .1.3.6.1.4.1.27182.3.1.1.2.1.2.x caiWebMuxFarmRowStatus.x SYNTAX INTEGER { active(1), notInService(2), notReady(3), createAndGo(4), createAndW
- 7 - Section 2 WebMux Overview 2.1 Key Features The WebMux is a standalone network appliance designed primarily to load balance IP traffic to multip
- 106 - .1.3.6.1.4.1.27182.3.1.1.1.10.0 caiWebMuxMemoryUsage.0 SYNTAX Unsigned32 UNITS “%” DESCRIPTION “The current memory usage expressed as a percen
- 107 - .1.3.6.1.4.1.27182.3.1.1.4.1.10.x.y caiWebMuxServerConnectionsPerSec.x.y SYNTAX Gauge32 DESCRIPTION “The current rate of connections being ser
- 108 - .1.3.6.1.4.1.27182.3.1.1.4.1.12.x.y caiWebMuxServerState.x.y SYNTAX Unsigned32 DESCRIPTION “The current state of this server. The bits have th
- 109 - Appendix I Special Details about Out-of-Path Mode Since firmware version 8.2.03, the WebMux bonds the “Internet” and “Server” ports in a Link
- 110 - Appendix J Tagged VLAN and WebMux VLANs may be untagged and tagged. To use untagged VLANs, also known as port based VLANs, no additional confi
- 111 - In Out-of-Path Mode, you only have one VLAN ID to assign for the original network since the WebMux only uses one network for both incoming tra
- 112 - Appendix K Multiple Uplink/VLAN Support As of version 8.5.00, the WebMux support load balancing multiple uplink capabilities. You can configur
- 113 - -m|—netmask NETMASK network mask for the network is NETWORK, e.g., 255.255.255.0 -n|—network NETWORK address of the network is NETWORK, e.g.
- 114 - and secondary units. In NAT mode, the Router (Internet) LAN and Server LAN interfaces are deactivated when the unit is in standby to eliminate
- 115 - Appendix L Bond All Interfaces Setup Guide As of firmware version 8.5.04, when you specify a non-zero VLAN ID in NAT Mode or Transparent Mode,
- 8 - • Built-in Anti-Attack Security Function. Automatic protection against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- 116 - When you create a port channel, a new interface may be created designated by 1/1 for example. Next, you will assign the VLAN IDs to the PORT-C
- 117 - Appendix M How to Add Commands to WebMux Startup Sequence Sometimes there is a need to add commands to the WebMux startup sequence so that cer
- 118 - Appendix N Using Client Side SSL Certificate Authentication on the WebMux WebMux can authenticate visiting browsers by installing client side
- 119 - b. Select an unused key slot (key 3, for example): c. Open the ca.crt file created in step 1 as a text file. d. Copy and paste the text i
- 120 - iv. Your certificate request is saved in the file “webmux.csr” 4. Self-sign the certificate request and import the certificate into the WebM
- 121 - i. Go back to the Certificate Manager and click on the “Your Certificates” tab. Click on “Import”: ii. Select the “client.p12” file creat
- 122 - ii. Click on the Content Tab, then click on the Certificates button:
- 123 - iii. In the Certificates windows, click on the Personal tab: iv. Click on the Import button. You will see this screen. Click the Next b
- 124 - v. Click the Browse button: vi. Be sure to select the Personal Information Exchange (p12) format:
- 125 - vii. Enter the password you created at 7a: viii. Click the Next button:
- 9 - • Multiple Uplink/VLAN Support. Using the command line interface command, nwconfig, WebMux can be configured for use with Multiple ISPs. You ca
- 126 - ix. Click the Finish button: x. The Certificate has been imported: 9. To enable client side certificate authentication on the WebMux
- 127 - Appendix O Configuring End to End SSL Load Balancing End to End SSL Load Balancing allows you to enable SSL on the front end between the clien
- 128 - 2. Click the submit button and you should be back at the main console screen with the newly added farm showing. 3. Click on the farm IP and
- 129 - Index 128bit, 60 ACTIVE, 67, 74, 87 Add, 34, 37, 53, 64, 66, 68, 69, 83, 91 Add Gateway Farm, 72 Allowed, 31, 33, 46, See Anti-Attack, 8, 48
- 130 - Proxy, 7, 26, 81, 82, 83, 85 public key, 62 Reboot, 24, 32, 52, 82, 83, 84, 85, 91 re-encryption, 14, 57 Round-Robin, 10 route, 20, 30, 41, 54
- 10 - Section 3 The WebMux Family The 1U WebMux family consists of three models. They are: • The WebMux 481SD • The WebMux 592SGQ • The WebMux 690
- 11 - Model Number: 481SD 592SGQ 690PG Fault Tolerance Diskless Design Yes Yes Yes Port aggregation Yes Yes Yes Failover via network connect
- 12 - Model Number: 481SD 592SGQ 690PG Miscellaneous Power and Heat (MAX at full load) 100W/300BTU 200W/500BTU 350W/1000BTU Factory warranty
- 13 - Next, a Virtual Farm or multiple farms must be configured on the WebMux. A virtual farm is a single representation of the servers to the client
- 14 - In most situations, the incoming traffic is in small requests, and return traffic from servers back to clients is large amount of data, pictur
- 15 - Section 4 Sample Configurations 4.1 Single WebMux (Two-Armed NAT Mode) • This installation requires one WebMux. • One WebMux interface (In
- 16 - • Changes to the server: change the default gateway to 192.168.199.1, as well as the IP address to the 192.168.199.xxx subnet. If on the serve
- 17 - • Both WebMuxes connect to the Router LAN, and to the Server LAN. Each WebMux interface has a unique IP address. • The registered Internet IP
- 18 - 4.3 Installation without IP Address Change (Two-Armed Transparent Mode) Transparent Mode is another WebMux configuration that allows you to
- 19 - For single WebMux setup, any kind of switch will work, since there is only one bridge path exist on the network. No Spanning Tree Protocol is r
- 20 - 4.5 Installation without IP Address Change (One-Armed Out-of-Path Mode) The above diagram is an example about how to configure the WebMux in
- 21 - through the real network interface. In other words, the loopback adapter cannot have the gateway specified. Please refer to Appendix A and B fo
- 22 - Section 5 Configuring the WebMux 5.1 Before you Start Please collect the information about names and IP addresses designated by the arrows in
- 23 - takes the Internet traffic and distributes it to the servers behind it. The LAN connecting the WebMux and real servers together is called Serve
- 24 - • Turn on the WebMux. Turn on the switch on the back of the WebMux and push the power-on button in the front momentarily. You will see the ver
- 25 - Is this a Primary WebMux? If this is the Primary, answer Yes. If this is the Secondary WebMux, answer No. The secondary WebMux automatically g
Copyright© 1997-2012 CAI Networks, Inc. The information contained in this document is the property of CAI Networks, Inc. Neither receipt nor possess
- 26 - to go back to clients (up to 100X more than on the specification chart); it also does not require a change to the server IP address. The scree
- 27 - These IP addresses cannot be your Internet registered addresses. They must be Internet non-routable. For example, you can assign addresses in a
- 28 - Enter Server LAN Gateway IP address: This IP address is on WebMux. It will be the Default Gateway entry for all the servers on the Server LAN.
- 29 - Enter Server LAN VLAN ID (optional): Note The VLAN ID is used for full 802.1q VLAN support. In Single Network Mode the Router LAN VLAN ID a
- 30 - Enter Server LAN Network IP Address Mask: This is the network mask of the Server LAN. For a class A network, it may be 255.0.0.0. For a class
- 31 - Clear Allowed Host File? The allowed host file prevents any unauthorized access to the WebMux Management Console. If a workstation’s IP addres
- 32 - port collision in case passive FTP is one of the other farms. Using port number below 1024 will not require setting up an “admin farm IP.” Disc
- 33 - LCD Brightness: Pressing the “down” button at the “Power off?” screen will bring you to the LCD Brightness screen. This screen will allow you
- 34 - Section 6 Management Console After the Initial Configuration, you should be able to use a web browser to connect to the WebMux. The web browser
- 35 - 6.1 Login Start Login Page: Start a web browser from your management workstation. Set URL to https://webmuxip:webmuxport/ webmuxip is the IP a
- 36 - Password: Fill in the correct password for the selected User ID. The password is case sensitive. The default passwords are: ID Password superu
- 37 - 6.2 Main Management Console Once logged in to the Management Console, the main screen will show. To continue configuring the WebMux, the norm
- 38 - 6.2.1 Save On the main management console, clicking on the Save button will cause the WebMux to save its configuration. Changes made to the “F
- 39 - 6.3 Network Setup After logging into management console as superuser, click on the network menu. You will come to this screen: IPv6 96-bit
- 40 - Server for email notification: The WebMux can send email notifications. Enter the IP address of the email server that will forward the notifica
- 41 - WebMux https control port: Since the WebMux is load balancing incoming HTTPS traffic, the HTTPS port for the management console must be set to
- 42 - No: The WebMux will NOT route incoming IP packets through the WebMux, except IP packets for farm IP/port. This is the default setting. Front Ne
- 43 - Reset Stranded TCP Connections: When a server failed to function, there could be many TCP connections still in TCP_WAIT state. If this set to “
- 44 - You should see this screen: Routes displayed that are “grayed out” cannot be modified. To add a route, make sure “make indicated changes” is s
- 45 - 6.3.2 Reconfigure The reconfigure button will bring you to the initial network settings page. More details about this are covered in Section
- i - Table of Contents Packing List ...
- 46 - 6.4 Security Settings Allowed remote host IPs: The WebMux management console and diagnostic login only allow logins from these IP addresses t
- 47 - ICMP Packet input policy: Accept: The WebMux will allow all ICMP packets to travel through the WebMux. For CLI arp commands working properly, t
- 48 - 6.4.3 Activating the Anti-Attack Feature To get to the Anti-Attack settings of the WebMux, hover the mouse over the security menu on top and
- 49 - Duration to block attackers: This sets the amount of time to block attacker IP addresses. It may not be desirable to block specific IP address
- 50 - 6.5 Miscellaneous Settings The miscellaneous screen will show the events log by default. 6.5.1 Show Event This button will display all the
- 51 - Download: This feature allows the SAVED (not necessarily the active) configuration to be saved at the Administrative Browser workstation. Be su
- 52 - Year: Enter the year. Enter all 4 digits. Hour: Enter the hour of the day. Use the 24 hour clock, or military time. Minute: Enter the minute of
- 53 - Section 7 Setting Up Load Balancing 7.1 Add Farm Back at the “main” screen of the Main Management console, click the “Add Farm” button to add
- 54 - the corresponding IP addresses in the status screen. Although labels can be anything, it is better to have meaningful and unique label for each
- 55 - Service: The service selection determines the type of service running on the servers in the farm and how the WebMux will check the server healt
- ii - 5.6.1 Primary WebMux Information ... 255.7 NAT Mode Rela
- 56 - Scheduling method: The scheduling method is the way in which traffic is distributed among the servers in the farm. Eight different methods are
- 57 - more than once in a single farm. This scheduling method will allow you to have several name based virtual hosts on a single physical server wi
- 58 - Compress HTTP Traffic: Selecting “yes” to this option will activate the WebMux HTTP compression. If the client web browser sends out a MIME hea
- 59 - 7.2 Enabling SSL Termination By default, the SSL termination is NOT on. The following description is about enabling SSL termination for an HTT
- 60 - The WebMux allows SSL termination from any port to the farm port. If your SSL/TLS traffic is other than the standard HTTPS traffic, you may wan
- 61 - At the bottom of the screen you will see the option to choose encryption protocols allowed: This will enable you to restrict SSL connections t
- 62 - You can click a key number to generate keys, copy and paste signed certificates: You can view, copy and paste keys into the two windows. You s
- 63 - After submitting the selection, you will see this next screen: Enter all the necessary information. Click on the “Confirm” button to complete
- 64 - able to directly transfer your existing key and certificate from your Linux server. For Windows IIS keys and certificates, you will need to con
- 65 - that will determine which site is being accessed. The format of the farm label should be the site host name (i.e., www.xyz.com), max length 75
- iii - Section8Initial Setup Change Through Browser ... 79Section9
- 66 - SNAT: Selecting YES in this field will enable SNAT for this farm only. This option is not available when SNAT is enabled system-wide in the ne
- 67 - Server Port Number: If the port number specified in the farm setup is the same as the real server’s port number, you can leave this as “same.”
- 68 - Last Resort Standby—The server will be put into STANDBY state. Unless all other servers are out of services, this server will not be switch in.
- 69 - Virtual Host Load Directing: If you selected Layer 7 virtual host load directing with cookies as the scheduling method, the add server screen w
- 70 - Weight: Scheduling priority weight. Valid integer numbers are between 0 and 100. Changing the weight to zero will stop the incoming connections
- 71 - IP Address: Add an IP address to the current farm configuration. The IP address can be the same as long as the port number does not duplicate a
- 72 - 7.9 Add Gateway Farm Gateway Farms allow you to load balance outgoing traffic between multiple external gateways. The gateways can be routers
- 73 - Label: You can enter a label for reference purposes. The use of the label for gateways is optional. Click the “Confirm” button to create the g
- 74 - IP Address: Enter the IP address of your gateway. Label: The label here is used only for reference purposes. Weight: Scheduling priority weight
- 75 - have created a gateway farm, the status of your external route is determined by the availability of any one of the gateways in your gateway far
- iv - Packing List • One (1) WebMux unit • One (1) User Manual • One (1) Warranty registration card
- 76 - 7.10 Modify Health Check User may change the healthcheck behavior by modify and enable custom healthck, modifying the HTTP server respond code
- 77 - allowed responses. The URL is truncated to 255 bytes (to be a string of at most 256 bytes with a terminating null). The response from the serve
- 78 - 7.11 Monitor Traffic History Chart To monitor the traffic history, WebMux keep some of its statistics information in the memory during running
- 79 - Section 8 Initial Setup Change Through Browser You may want to change the basic settings for the WebMux through browser interface, for example,
- 80 - The next question on the screen asks to set the time in the WebMux. The WebMux uses its clock to set the cookie for the management browser. Whe
- 81 - Section 9 Sample Configurations and Worksheets 9.1 Initial Configuration Worksheets Configuration Before WebMux Installation Equipment IP Addr
- 82 - Question Entry Primary Secondary Server LAN VLAN ID (optional) Administration Setup Information External Gateway Address Remake /hom
- 83 - Administration HTTP Port Number 24 Secure Administration HTTPS Port Number 35 Is this WebMux primary Y WebMux running solo without backup Y
- 84 - Webserver(s) Default Gateway 10.1.1.1 Web Site IP Address 10.1.1.200/255.255.0.0 Configuration After WebMux Installation Question Entry Host
- 85 - If using multiple VLAN configuration, please note the VLAN IP address cannot be used for FARM address. FARM address must be an address within t
- 5 - Section 1 Main Components 1.1 Front View 1.1.1 Toggle Power Switch This switch toggles power on and off. To power off, the switch must be pre
- 86 - Section 10 Contact Information For latest product and support information, please visit our web site at: http://www.cainetworks.com To reach u
- 87 - Section 11 FAQs I can’t login with my browser. It always says you are not logged in. To use your browser to manage the WebMux, it must be set t
- 88 - How come my servers in the farm are showing in red color from time to time, even the servers are okay? Your servers are trying to resolve the W
- 89 - What can I do if the service that I want to load balance is not in the list? The WebMux already supports many different services. If your servi
- 90 - Section 12 Regulations 12.1 Notice to the USA Compliance Information Statement (Declaration of Conformity Procedure) DoC FCC Part 15: This dev
- 91 - Appendix A How to Add a Loopback Adapter For Out-of-Path Mode, a loopback adapter or device similar in function is required. This appendix list
- 92 - select Disable NetBIOS over TCP/IP. Click OK in the various windows to make all the changes permanent. Beginning with Windows Server 2008, the
- 93 - For SUSE Enterprise Linux 9: You can use YAST to set up a Virtual Interface and add the farm IP. Login as root, and add this command to the boo
- 94 - Appendix B How to Make Route Delete Reboot Persistent These instructions are for Windows 2000/NT systems. This is not necessary for Windows 20
- 95 - Appendix C Virtual Hosting Issues Servers serving more than one web site may do virtual hosting. The WebMux supports virtual hosting by checkin
Comments to this Manuals