Professional Documents
Culture Documents
Brocade Bcle Nutshell Certification Study Tools PDF
Brocade Bcle Nutshell Certification Study Tools PDF
Brocade, the Brocade B-weave logo, Fabric OS, File Lifecycle Manager, MyView, Secure Fabric OS,
SilkWorm, and StorageX are registered trademarks and the Brocade B-wing symbol and Tapestry are
trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
FICON is a registered trademark of IBM Corporation in the U.S. and other countries. All other brands,
products, or service names are or may be trademarks or service marks of, and are used to identify,
products or services of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty,
expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered
by Brocade. Brocade reserves the right to make changes to this document at any time, without notice,
and assumes no responsibility for its use. This informational document describes features that may not
be currently available. Contact a Brocade sales office for information on feature and product availability.
Export of technical data contained in this document may require an export license from the United
States government.
Objective: The BCLE Nutshell guide is designed to help you prepare for the BCLE Certification, exam number
150-320.
Audience: The BCLE Nutshell self-study guide is intended for those who have successfully completed the
ETH 202 Introduction to ServerIron ADX Web Switching and Load Balancing course, and who wish to
undertake self-study or review activities before taking the actual BCLE exam. The BCLE guide is not intended
as a substitute for classroom training or hands-on time with Brocade products.
How to make the most of the BCLE guide: The BCLE guide summarizes the key topics on the BCLE exam for
you in an easy to use format. It is organized closely around the exam objectives. We suggest this guide be
used in conjunction with our free online knowledge assessment test. To benefit from the BCLE guide, we
strongly recommend you have successfully completed the ETH 202 Introduction to ServerIron ADX Web
Switching and Load Balancing course.
We hope you find this useful in your journey towards BCLE Certification, and we welcome your feedback by
sending an email to jcannata@brocade.com.
1 - Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Factory Pre-loaded Software: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Upgrading a Boot Image from 12.0.00 to 12.1.00 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Upgrade Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Upgrading a Boot Image from 12.0.00 to 12.1.00 on a Dual-Management System . . . . . . . . 2
Downloading a Brocade ADX Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Downloading a Software Image as Primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
When the Brocade ADX reloads, it will boot using the primary image. . . . . . . . . . . . . . . . . . . . 3
Downloading a Software Image as Secondary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
When the Brocade ADX reloads, it will boot using the secondary image. . . . . . . . . . . . . . . . . . 3
Copying a File Between Flash and a USB Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Brocade ADX 4000 and Brocade ADX 10000 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Hardware-based SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Setting Up Local User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Configuring Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enabling Telnet Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Enabling Telnet Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Configuring Authentication-method Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Using ACLs to Restrict Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2 - Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Main Brocade ADX Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Basic Server Load Balancing (SLB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Global Server Load Balancing (GSLB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
URL-based Server Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuring Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
SLB Design Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configure Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Cloning Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configure Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Disabling Port Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Configurable Application Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Hash-based SLB with Server Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring Primary and Backup Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Designating a Real Server as a Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enabling a VIP to use the Primary and Backup Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Enabling HTTP Redirect on a Virtual Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Tracking the Primary Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring a Track Port Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Alias Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Many-to-one TCP or UDP Port Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Binding Same Real Ports to Multiple VIP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Load-balancing Predictor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Least Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Round Robin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Weighted Round Robin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Weighted and Enhanced Weighted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connection Assignments for Weighted Load-balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connection Assignments for Enhanced Weighted Load-balancing . . . . . . . . . . . . . . . . . . . . . 25
Dynamic Weighted Predictor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Dynamic-weighted Direct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Dynamic-weighted Reverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Changing the Load-balancing Predictor Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Assigning Weights to the Real Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Configuring Dynamic Weighted Predictor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Configure a Virtual Server with Dynamic Weighted Predictor . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Slow Start of the Backup and the Primary Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Defining the Maximum Number of Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Layer 4 and Layer 7 Health Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Health Checks Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Layer 4 Health Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring a Port Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
FIN Close for Server Health Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Configuring HTTP Content Matching Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3 - Additional Server Load Balancing Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Source-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Direct Server Return (DSR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Health Checks with DSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
GSLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
DNS Hierarchical Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
GSLB Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Removing All Addresses Except the Best Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Content Switching (CSW). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Source IP, Virutal IP, Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Port Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Cookie Based Persistence (Switching/Hashing) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Cookie Insertion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
SSL ID Based Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
URL Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Layer 7 CSW: 3-Step Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Inserting an IP Address in a Header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Stateless SLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4 - ADX Administration GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
GUI Access Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Define Global System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Creating a Real Server and Enabling Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Creating a Virtual Server/Port and Enabling Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring a Health Check for a Real Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
List of Figures
Brocade ADX 1000 Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Brocade ADX 4000 Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Brocade ADX 10000 Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Brocade ADX 10000 Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Brocade ADX Management and SSL Expansion Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SLB Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
GSLB Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
URL-based SLB Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
SLB Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Virtual Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Brocade ADX in a Multi-netted Network Without Source-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Brocade ADX in a Multi-netted Network With Source-NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
DSR Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
SYN-Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
SYN-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Brocade ADX GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
GUI Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Brocade ADX Web Interface Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Brocade ADX GUI Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Port Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Virtual Server/Port and Enabling Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Configuring a Virtual Server Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Virtual Server Binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configuring a Health Check for a Real Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Health Check Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Generic Helath Check Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Active-Standby Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Symmetric SLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Sample NDA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
1 - Installation
Functions
The Brocade ADX is an Application Delivery Controller (ADC). ADCs enhance Internet-based application avail-
ability, performance, and security by providing:
• Layer 4 through Layer 7 redirection, load balancing, and failover
• TCP connection multiplexing
• Server offload such as Secure Socket Layer (SSL) acceleration and TCP connection management
• Data compression
• Network address translation (NAT)
• Network-level security functions, distributed Denial of Service (DDoS) protection, and server cloaking
• Transparent cache switching
Software
Upgrade Procedure
1. Check the version of the boot image in your Brocade ADX by issuing command show version command.
Note that the Boot version and Monitor version are the same and they should be dob12000.
ADX# show version
2. Reload the Brocade ADX and interrupt the normal boot cycle by pressing b to enter the monitor mode.
ADX# reload
3. Configure the Remote address to reach a TFTP Server from the Brocade ADX.
Monitor> remote addr 10.45.10.47 255.255.255.0
Upgrading a Boot Image from 12.0.00 to 12.1.00 on a Dual-Management System (2 Management Modules)
To prevent the active-standby feature in the application image from interfering with the boot upgrade process,
you must observe the following procedure for a dual-management system.
1. Both management modules must be placed at the Monitor> prompt as described in Step 2 of the previous
procedure.
2. On either of the management modules, follow the procedures described in the previous section up through
Step 10 where you execute the upgrade all command. Do this while keeping the other management
module at the Monitor> prompt.
3. Reset the management module where the upgrade all command was executed and then place it at the
Monitor> prompt again.
4. Return to the management module that hasn’t been upgraded and perform the same procedure that you
performed on the first management module.
After the upgrade procedure is performed on both management modules, you can safely power-cycle the
Brocade ADX. Optionally, instead of power-cycling you can execute the reset command to reload the device,
but it is advisable to power cycle during the boot image upgrade.
When the Brocade ADX reloads, it will boot using the primary image.
When the Brocade ADX reloads, it will boot using the secondary image.
The following example copies the file named asm12000.bin on the Brocade ADX flash to a file of the same
name on a USB drive connected to the USB port on the Brocade ADX switch.
ADX# copy flash usb1 asm12000bin asm12000.bin
Syntax: copy flash usb0 | usb1 <from-filename> <to-filename>
The usb0 parameter directs the Brocade ADX to copy the specified file in flash to its internal USB drive. The
usb1 parameter directs the Brocade ADX to copy the specified file in flash to an externally connected USB
drive. The <from-filename> variable specifies the name of the file that you want to copy from flash to the
USB drive. The <to-filename> variable specifies the name of the file that you are copying to on the USB
drive.
The system - boot source: primary, mode: warm start, soft reset, total resets: 0
Hardware
- Counter Sync
- Server Selection H/W Assist
4. “Management Module (MM)”
Contains the main processor and also has the expansion slots for the two SSL daughter cards. The
MM will be shipped with the SSL daughter card populated and the SSL function will have to be turned
on through a licensing process.
Hardware-based SSL
The hardware-based SSL offering enables application delivery services including SSL offload, SSL termina-
tion, and SSL Proxy. Here are some specifics as relates to fixed/chassis systems:
• Fixed configuration Brocade ADX systems: Embedded SSL hardware module is included inside the Brocade
ADX 1000. After Feb 1, 2010, all fixed Brocade ADX 1000 systems ordered will have embedded SSL
hardware by default but usage of SSL capabilities will depend on whether the SSL SKU version was
ordered. Before Feb 1, 2010, only Brocade ADX 1000 systems ordered specifically to be SSL capable will
have this hardware option onboard and enabled at the factory.
• Chassis/Modular Brocade ADX systems: An SSL application expansion module hardware (co-located on a
Management module) provides SSL offload/termination/proxy services for Brocade ADX chassis series. A
Brocade ADX Chassis 4000/10000 can be ordered with an SSL-enabled management module or existing
systems can be upgraded with the addition of an SSL application expansion module onto one or both
management modules.
Administration
Configuring Telnet
The Brocade ADX supports up to five concurrent inbound Telnet and SSH sessions, one outbound
Telnet session, and console access. Write access through Telnet and SSH is limited to one session only.
Telnet or SSH to the assigned management IP address (assuming it is reachable) to access the CLI shell
running Switch (S) code.
Example:
To configure the device to consult a RADIUS server first to authenticate attempts to access the
Privileged EXEC and CONFIG levels of the CLI, then consult the local user accounts if the RADIUS server is
unavailable, enter the following command:
ADX(config)# aaa authentication enable default radius local
2 - Configuration
GSLB is a feature that extends load balancing capability for the ADX ServerIron to multiple sites. These sites
can be located any where across the globe. When a customer makes a request the GSLB box decides how to
handle the traffic.
The benefits of Global Server Load Balancing are:
• Leverage and enhance existing authoritative DNS Server(s)
• Transparently modify DNS response based on server/app. availability
• Site load condition intelligence gathered using Brocade protocol
The Brocade ADX can examine both the URL string and Host header field when determining where to send the
HTTP request.
Configuring Servers
server. A few Brocade ADX configurations require that you disable translation for an application port. For
example, if you want to bind multiple virtual IP addresses to the same real server, you must disable port
translation for all but one of the virtual IP addresses, then bind the virtual IP addresses to an alias port for the
application. Disabling port translation enables the virtual IP addresses to use the same actual port number on
the real server while the Brocade ADX collects and displays separate statistics for the alias port number
associated with each virtual IP address.
To disable translation for an application port, enter commands such as the following:
ADX(config)# server virtual-name-or-ip v1 209.157.22.1
ADX(config-vs-v1)# no port 80 translate
Syntax: [no] port <tcp/udp-port> translate
You can configure the Brocade ADX to ensure that a client that accesses certain TCP or UDP ports on a VIP
always goes to the same real server. For example, you might want to configure the TCP or UDP ports related to
an interactive Web site so that when a client begins a session on the site, subsequent requests from the client
go to the same real server. As another example, you might want the real server to be able to arbitrarily assign
open TCP or UDP sessions with the client using ports dynamically allocated by the real server.
Application grouping parameters apply to virtual servers. When you configure a virtual server, you specify the
TCP or UDP ports on that virtual server. When you apply application grouping to a TCP or UDP port on a virtual
server, the application grouping overrides the predictor. The Brocade ADX allows you to configure the following
application grouping methods on an individual virtual-server basis:
• Sticky connections – When you add a TCP or UDP port to a virtual server, if you specify that the port is
“sticky”, a client request for that port always goes to the same real server unless the sticky age timer has
expired. The sticky age timer specifies how long the connection remains “sticky” (always goes to the same
real server) and is reset each time a new client request goes to the sticky port. Once the sticky timer
expires, the Brocade ADX uses the predictor (load-balancing metric) you have configured to select a real
server for requests for a port.
• Configurable TCP or UDP application groups – You can group a “primary” TCP or UDP port with up to four
additional TCP or UDP ports. After the Brocade ADX sends a client request for the primary port to a real
server, subsequent requests from the client for ports grouped with the primary port go to the same real
server.
• Concurrent connections – When you configure a TCP or UDP port in a virtual server to support concurrent
connections, the real server can open additional ("concurrent") TCP or UDP sessions with the client using
arbitrary TCP or UDP port numbers. Although the concurrent connections feature is similar to the
application group feature, application groups apply to specific TCP or UDP ports that you configure on the
virtual server. Concurrent connections enables the real server to arbitrarily determine the TCP or UDP ports
and assign them to the client.
By default, the concurrent property of a virtual TCP or UDP service port is enabled except for FTP, Telnet, TFTP,
HTTP, and SSL ports.
When you define a real server, you specify whether the real server is local or remote:
• Local – A local server is one that is connected to the Brocade ADX at Layer 2. The Brocade ADX uses local
servers for regular load balancing.
• Remote – A remote server is one that is connected to the Brocade ADX through one or more router hops.
The Brocade ADX uses remote servers only if all the local servers are unavailable.
If the server is attached through one or more router hops, configure the server as remote. When you add a
remote real server, the Brocade ADX does not include the server in the predictor (load-balancing method).
Instead, the Brocade ADX sends traffic to the remote server only if all local real servers are unavailable. The
server name is used to bind the server IP address, so that the real server name can be used to represent the
server.
To configure a remote real server, enter a command such as the following.
Syntax: server remote-name <name> <ip-addr>
The server name can be any alphanumeric string of up to 32 characters.
By default, the virtual server uses the locally attached real servers as the primary load-balancing servers and
the remotely attached servers as backups. To designate a real server to be a backup server, enter the
following command:
ADX(config-rs-R3)# backup
Syntax: [no] backup
In order for the backup functionality to operate, you must also apply the lb-pri-servers command.
ADX(config-vs-VIP1)# httpredirect
Syntax: [no] httpredirect
ADX(config-vs-v1)# bind 80 r1 80 r2 80
ADX(config-vs-v1)# bind 23 r1 23 r2 23
ADX(config-vs-v1)# bind 69 r1 69 r2 69
ADX(config-vs-v1)# exit
In this example, the track-group command groups the HTTP port (80), TFTP port (69), and Telnet port (23)
together. Whenever a client attempts to connect to a port within the group, the Brocade ADX ensures all ports
in the group are active before granting the connection. The sticky parameter makes the TCP or UDP ports
sticky. The sticky parameter must be set for all ports in the group. After the Brocade ADX sends a client to a
real server for any of these three ports, subsequent requests from that client for the HTTP, TFTP, or Telnet port
go to the same real server. Up to eight ports can be grouped together using the track group function. A port
can be part of only one group. The track-group and track commands for a port are mutually exclusive.
Alias Ports
Load-balancing Predictor
The predictor is the parameter that determines how to balance the client load across servers. You can fine-
tune how traffic is distributed across multiple real servers by selecting one of the following load balancing
metrics (predictors):
Least Connections
Sends the request to the real server that currently has the fewest active connections with clients.
For sites where a number of servers have similar performance, the least connections option smoothes
distribution if a server gets bogged down. For sites where the capacity of various servers varies greatly, the
least connections option maintains an equal number of connections among all servers. This results in those
servers capable of processing and terminating connections faster receiving more connections than slower
servers over time. The Least Connections predictor does not depend on the number of connections to
individual ports on a real server but instead depends on the total number of active connections to the server.
The Least Connections predictor can be applied globally for the entire Brocade ADX or locally per-virtual
server.
Round Robin
Directs the service request to the next server, and treats all servers equally regardless of the number of
connections. For example, in a configuration of four servers, the first request is sent to server1, the second
request is sent to server2, the third is sent to server3, and so on. After all servers in the list have received one
request, assignment begins with server1 again. If a server fails, SLB avoids sending connections to that
server and selects the next server instead. The Round Robin predictor can be applied globally to apply for the
entire Brocade ADX or locally per-virtual server.
2. Weight server2 = 8
3. Weight server3 = 2
4. Weight server4 = 2
5. Weight server5 = 5
6. Total weight of all servers = 24
The result is that server1 gets 7/24 of the current number of connections, server2 gets 8/24, server3 gets 2/
24 and so on. If a new server, server6, is added with a weight of 10, the new server gets 10/34. If you set the
weight so that your fastest server gets 50 percent of the connections, it will get 50 percent of the connections
at a given time. Because the server is faster than others, it can complete more than 50 percent of the total
connections overall because it services the connections at a higher rate. Thus, the weight is not a fixed ratio
but adjusts to server capacity over time. The difference between weighted and enhanced-weighted, load-
balancing is the method of distributing the traffic once it is assigned.
with the greatest weight is allocated a connection first but then the next connection is allocated to the real
server with the next greatest weight, and then to the server with the next greatest weight on-down-the-line,
until all servers have gotten their first connection. The process repeats with each real server getting a
connection in sequence until each real server has gotten connections equal to its assigned weight.
Dynamic-weighted Direct
The SNMP response value from real server is considered as direct performance weight of that server. Direct
weighted load balancing is similar to least connections, except that servers with a higher weight value receive
a larger percentage of connections. You can assign a weight to each real server and that weight determines
the percentage of the current connections that are given to each server.
Dynamic-weighted Reverse
The SNMP response from each server is regarded as reverse performance weight. Dynamic-weighted reverse
load balancing is similar to dynamic-weighted direct, except that the servers with a lower weight value receive
a larger percentage of connections. You can assign a weight to each real server, and that weight determines
the percentage of the current connections that are given to each server.
Dynamic-weighted direct
To configure a dynamic-weighted reverse predictor, use the following comand:
ADX(config-vs-vs1)# predictor dynamic-weighted direct oid 1
Syntax: predictor dynamic-weighted {direct oid <ID> }
Configuration example:
ADX(config)#server virtual-name-or-ip vs1 10.1.1.151
ADX(config-vs-vs1)#predictor dynamic-weighted direct oid 1
ADX(config-vs-vs1)#port http
ADX(config-vs-vs1)#bind http rs1 http rs2 http rs3 http
Dynamic-weighted reverse
To configure a dynamic-weighted reverse predictor, use the following comand:
ADX(config-vs-vs1)# predictor dynamic-weighted reverse oid 1 max 50
supported on the Brocade ADX. This is also the default maximum connection value for real servers. To modify
the maximum connections supported for a specific real server, enter commands such as the following:
ADX(config)# server real Web1
ADX(config-rs-Web1)# max-conn 145000
ADX(config-rs-Web4)# end
ADX# write mem
Since UDP is a connectionless protocol, the Brocade ADX and other clients do not expect replies to data sent
to a UDP port. Thus, lack of a response indicates a healthy port.
ADX(config-http-ml-m1)#exit
The first command sets the name of the matching list and enters the HTTP matching list CLI level.
The first down statement looks for the text “404” in the HTML file sent from the real server in response to an
HTTP keepalive request; the second down statement looks for the text “File Not Found.” If either of these text
strings are found in the HTML file, the Brocade ADX marks port 80 (HTTP) on the real server FAILED. If neither
of the text strings are found, the Brocade ADX marks the port ACTIVE.
The down simple and up simple statements specify the selection criteria in the matching list. The following is
an example of a matching list that uses compound selection criteria, in which the beginning and ending parts
of selection criteria are specified:
ADX(config)# http match-list m4
ADX(config-http-ml-m4)# up compound "monkey see" "monkey do" log
ADX(config-http-ml-m4)# down compound "500" "Internal Server Error" log
ADX(config-http-ml-m4)# down compound "503" "Service Unavailable" log
ADX(config-http-ml-m4)# default down
ADX(config-http-ml-m4)# exit
In this example, the default down command causes port 80 on the real server to be marked FAILED if
none of the selection criteria are found in the HTTP response message.
Source-NAT
You can define a total of 64 source-ip and source-nat-ip addresses on a Brocade ADX running switch code.
The source-ip command is not required on Brocade ADX’s running router code.
b. The small requests can result in large frames being sent directly back to the client
enabled. However, the SI does still translate the destination IP address in the client’s request to the real
server’s IP address for other ports.
ADX(config)# server virtual-name-or-ip v1 209.157.22.1
ADX(config-vs-v1)# port 80 dsr
You can use Layer 4 and Layer 7 health checks in your DSR configuration.
• The Brocade ADX addresses Layer 3 (IP ping) health checks to the real server IP address, and addresses
Layer 4 health checks to the real server IP address and the TCP or UDP protocol on the server.
• The Brocade ADX addresses Layer 7 health checks to the real server MAC address and to the loopback
address that matches the VIP address.
GSLB
DNS servers perform the translation between fully qualified domain names and IP addresses. DNS supports a
number of record types such as IPv4 Address records (A records), IPv6 Address records (AAAA records), Name
Server records (NS records), Mail Exchange (MX records), and Canonical Name records (CNAME records).
Just like a file system, the structure of the DNS database is hierarchical. At the top of system is the root. Each
node in this tree must have a label. The label can be 63 characters long and the zero-length label is reserved
for the root. On the next level are the top-level domains (TLDs). This is where the .com, .net, .org, and other Top
Level Domains reside. Nodes within the tree are also known as domains. Domains are simply subtrees of the
domain name space. This is important for domain names are indexes into the DNS database. Therefore,
under the TLDs are individual domains such as brocade.com. The keepers of the TLDs do not administer the
domains under them. This is known as delegation. The name system under the TLDs are administered by the
individuals assigned to them. This can be a private enterprise company or it can be an ISP using their name
servers to as a service to a company.
GSLB Operations
• Modes - [non] transparent, cache
• Proxy DNS (Authoritative address is a VIP[s])
- GSLB ADX does contain a DNS server
3. Round Trip Time between the remote Brocade ADX and the DNS client
6. FlashBack speed
Session Persistence, the ability to persist all the sessions for a given user to the same server for the duration
of an application transaction.
• Identify the user
• Recognize when an application transaction begins or ends
Types of Session Persistence:
• Source IP, Virtual IP, Port
• Port Tracking
• Concurrent
• Sticky
• Cookie Based Persistence
- Switching
- Hashing
Port Tracking
Often, e-commerce applications have SSL traffic following HTTP traffic. The Brocade ADX sends all
connections to the follower port (for example, SSL) to the same real server to which the connections to the
lead port (for example, HTTP) were sent.
Cookie Insertion
Cookie insertion allows the Brocade ADX to insert a cookie into an HTTP response sent from a server to a
client. When cookie insertion is enabled, the real servers do not need to send or be aware of a cookie related
to cookie switching. In addition to inserting a cookie, the Brocade ADX can also delete the inserted cookie or
“damage” it by rearranging the NAME part of the cookie.
The Brocade ADX will insert a cookie when:
• There is no cookie header
• The cookie header exists but it does not contain the cookie name specified by the port http cookie-name
command
• The cookie name is found, but the cookie value is out of range. The cookie value must be between 1 –
2047
• The cookie name is found, but the real server or server group indicated by the cookie value is not available
and its association with a real server to ensure that all subsequent traffic with that SSL ID will always be
directed to the same real server.
URL Switching
The Brocade ADX can direct HTTP requests to a server or group of servers, using information in the test of a
URL string. The Brocade ADX examines the contents of a URL string and makes a decision about where to
send the packet based on selection criteria in user-defined policies. If text in the URL string matches the
selection criteria, the HTTP request is sent to a load-balanced server group specified in the policy.
“URL string” is defined as the contents of the Request-URI part of the Request-line in an HTTP request
message. This information usually consists of the absolute pathname (directory and filename) of a resource.
For example: /doc/Brocade ADX /1199/url_switching.html
The network location of the resource is specified in the Host header field in an HTTP request message. For
example: Host: www.brocade.com
The Brocade ADX can examine both the URL string and Host header field when determining where to send the
HTTP request.
Stateless SLB
Stateless SLB does not use session table entries for the TCP and UDP sessions between the Brocade ADX and
clients or real servers. These configuration options are useful if you want to deploy multiple Brocade ADXs to
provide service for the same VIPs or applications but the network topology cannot ensure that server
responses will pass back through the Brocade ADX. To configure an application port to be stateless, enable
the stateless parameter on the port in the virtual server. Here is an example:
ADX(config)#server real R1 10.10.10.1
ADX(config-rs-R1)#port http
ADX(config-rs-R1)#exit
ADX(config)#server real R2 10.10.11.1
ADX(config-rs-R2)#port http
ADX(config-rs-R2)#exit
ADX(config)#server virtual-name-or-ip StatelessHTTP 192.168.4.69
ADX(config-vs-StatelessHTTP)#port http stateless
ADX(config-vs-StatelessHTTP)#bind http R1 http
ADX(config-vs-StatelessHTTP)#bind http R2 http
The Brocade ADX does not use the standard SLB load-balancing methods when selecting a real server for a
stateless application port. Instead, the Brocade ADX uses hash values to select a real server. The Brocade
ADX calculates the hash value for a given client request based on the request’s source IP address and source
TCP/UDP port.
Security Features
The SYN-defense feature allows the Brocade ADX to complete the TCP three-way handshake on behalf of a
connecting client. When a connecting client sends a TCP SYN to a server, the Brocade ADX forwards the SYN
to the real server, then forwards the SYN ACK from the server to the client. Next, the Brocade ADX sends an
ACK to the real server, completing the three-way handshake on behalf of the connecting client. This action
allows the real server to move the connection from its pending connection queue to its established (and much
larger) connection queue.
• The content area for configuring the Real Server is displayed on the right side of the window.
• The Summary tab displays a list of the existing real servers in the system.
3. Click the Basic tab at the top of the window. The “Basic Real Server” window is displayed.
• Real Server Name: For example, RS1 (Real Server #1); Server IP: For example, 10.10.10.201
6. Click Enable for Admin Status. Enable is the default option.
7. Click Apply. The message “The operation was successful” is displayed.
6. Select a Predictor: Least Connection, Round Robin, Weighted, Enhanced Weighted, Weighted Round Robin,
and Dynamic Weighted (Optionally modify).
7. Click Apply. The message “The operation was successful” is displayed.
3. In the Characteristics panel, select Enable for Admin Status. (Enabled is the default option.)
• Select the virtual server name from the Virtual Server drop down list.
• Select the virtual server port name from the Port drop down list.
• Select the real server name from the Real Server drop down list.
• Select the real server port name from the Port drop down list.
3. Click the Bind button.
To globally enable Layer 2, Layer 3, and Layer 4 health checks, follow these steps:
Click Traffic Management > Health Checks > Generic. The Generic Health Check window is displayed.
Follow these steps to enable the minimum required configuration shown above. Client connections and
server connections must be on the same interfaces on both Brocade ADXs.
1. On Brocade ADX A, place the untagged hot standby port (sync-link) in its own port-specific VLAN and
disable STP:
ADX-A(config)# vlan 2 by port
ADX-A(config-vlan-2)# untagged ethe 2/1
ADX-A(config-vlan-2)# no spanning-tree
Placing the hot standby port in its own VLAN prevents unnecessary traffic from going over the directly
connected backup link. With Hot Standby, you cannot have spanning-tree configured anywhere on any
link connected between the two Brocade ADXs. By default, spanning tree is usually enabled on
switches but disabled on routers.
2. To avoid system conflicts, globally disable spanning-tree on VLAN 1:
ADX-A(config)# vlan 1 name DEFAULT-VLAN by port
ADX-A(config-vlan-1)# no spanning-tree
3. Configure the server backup port, shared chassis-MAC address between the Brocade ADXs, and any
connected router-ports:
!
server backup ethe 2/1 00e0.5201.0c72 vlan-id 2
server router-ports ethernet 2/3
server router-ports ethernet 2/4
!
The server backup ethernet command must be configured exactly the same on both Brocade ADXs.
The server router-ports command enables the Brocade ADX to count the number of upstream (or
downstream) router ports connected to the switch. Both Brocade ADXs must use the same router-
ports numbers, such as 2/3 in this example. The reason is the standby Brocade ADX is a dummy
device that learns nothing, such as MACs, on its own.
4. Save the configuration and reload the software after configuring or changing the server backup port
number. If you change the port number of the backup while the Brocade ADX is load balancing, clients will
not be able to ping the VIP.
ADX-SLB-A #wr mem
ADX-SLB-A# reload
5. Configure the second Brocade ADX (Brocade ADX-B). On this system, port 2/1 is the hot standby port.
Using the same port numbers and MAC address is a requirement. Notice the chassis-MAC address on each
Brocade ADX matches:
ADX-B# server backup ethe 2/1 00e0.5201.0c72 vlan-id 2
ADX-B# server router-ports ethernet 2/3
ADX-B# server router-ports ethernet 2/4
ADX-B(config)# vlan 1 name DEFAULT-VLAN by port
ADX-B(config-vlan-1)# no spanning-tree
ADX-B(config-vlan-1)# vlan 2 by port
ADX-B(config-vlan-2)# untagged ethe 2/1
ADX-B(config-vlan-2)# no spanning-tree
ADX-B# write memory
ADX-B# reload
Symmetric SLB
Symmetric SLB (SSLB) is active-standby VIP. Each Brocade ADX is the active Brocade ADX for a specific set of
VIPs, while the other Brocade ADX is the backup for the same set of VIPs. Symmetric SLB is supported in both
Switch (S) code and Router (R) code. In SSLB, you determine which Brocade ADXs are active and backup for a
VIP by associating a sym-priority with the VIP. You assign a different priority to the same VIP on each Brocade
ADX. When all Brocade ADXs and associated links are available, the Brocade ADX with the highest priority for
the VIP services the VIP.
If a Brocade ADX is running software with a router image and the Brocade ADXs are in an Active-Active
configuration, you need to enable VRRP or VRRP-E on these Brocade ADXs; otherwise, FTP, RTSP, and MMS
protocols may not work. Also, configure the IP address of the real server’s default gateway IP address in VRRP-
E configuration and the "owner" IP address in VRRP configuration. In Symmetric SLB and Sym-Active configu-
rations with VRRP-E, when the device switches from the Master router to a Backup router, there is a CLI com-
mand that guarantees simultaneous VIP failover in the event VRRP-E fails over to a Backup router. To enable
this feature, first define a VIP group that includes VIP addresses, then bind the VIP group to a Virtual Router ID
(VRID). To configure Symmetric SLB, configure the sym-priority <value> command on each active and standby
VIP. The higher the <value>, the higher the preference (priority). The range is from 0 – 255. You also can con-
figure the priority to dynamically adjust to changes in the health of applications on the VIP. Enabled by default,
any L2 link can be used for automatic session synchronization between the Brocade ADXs. Unlike Hot
Standby, the Brocade ADXs need not be directly connected. To specify a specific port (optional), use the ses-
sion-sync server subcommand on both devices.
Sym-Active SLB
Sym-Active SLB is true active-active. Both Brocade ADXs handle traffic (active-active), and both Brocade ADXs
are active for the same VIP on both Brocade ADXs. The difference between Sym-Active and Symmetric SLB is
minimal. For Sym-active, the difference being sym-active configured on the VIP to enable the standby box to
process traffic.
• Ability to apply transaction rate limit to traffic coming to a specific VIP only.
• Ability to operate on a per VIP basis, whereby a different rate limit can be applied to traffic coming to a
different VIP.
6 - Troubleshooting
Server States
The server states only concern is up to Layer 3. They do not deal with Layers 4 or 7. Layer 2 reachability refers
to ARPs, a Layer 2 query for Layer 3 information. Layer 3 reachability refers to ICMP echo requests and
replies, or pings.
• Enabled: There is no link to the real server. The real server is configured on the Brocade ADX but is not
physically connected to the Brocade ADX.
• Failed: The real server has failed to respond to repeated Layer 3 health checks (IP pings).
• Testing: A real server will go to "Testing" if it is reachable at Layer 2 but not at Layer 3. When you first add a
real server, the Brocade ADX will first try to ARP it. While it is ARPing, the server state will read "State:
Enabled". After the real server replies to the ARP, the Brocade ADX will normally send one ICMP echo
request. After it gets the ARP reply and before it gets the ICMP echo reply, the Brocade ADX will show the
real server state as Testing.
• Suspect: The Brocade ADX associates a time stamp with each packet sent to and received from the real
servers. If the time gap between the last packet received from the server and the last packet sent to the
server grows to 3 or 4 seconds, the Brocade ADX sends a ping (Layer 3 Health Check) to the server. If the
server does not respond within the ping interval (a configurable parameter), the Brocade ADX changes the
state to SUSPECT and resends the ping, up to the number of retries specified by the ping retries parameter
(also configurable). If the server still does not respond after all the retries, the state changes to FAILED. If
the server does respond, the state changes to ACTIVE.
• Grace-down: The server gracefully shut down.
• Active: A real server will go to active as long as it is reachable at Layer 2 and 3, regardless of whether or not
its ports are bound to anything, regardless of whether or not its ports pass tests. After receiving that first
ping reply, normally the Brocade ADX switches to periodic ARPs. If you enable server l3-health-
check globally, then the Brocade ADX switches to using periodic pings instead. The real server still shows
the state active. If you enter the no server l3-health-check command globally, then the Brocade
ADX will switch back to ARP. After that first ping succeeds, if you do not have L3 Health Checks enabled,
you can add an ICMP blocking ACL on the real server, and the system will still display "Active". If you re-add
server l3-health-check, then the real server state will change from Active to Suspect and then
Failed. This behavior is all done before any ports have been bound to a virtual server. All these states on a
real server have nothing to do with L4/L7.
CPU load (%) - The percentage of the Brocade ADX’s CPU that is actively engaged in SLB and other activities.
This information is reported by the site Brocade ADX.
Preference - The numeric preference value for this site Brocade ADX. The preference can be used by the GSLB
policy to select a site. This information is configured on the GSLB Brocade ADX.
Location - The geographic location of the Brocade ADX. The location is based on the Brocade ADX’s
management IP address and can be one of the following: Europe, N-AM – North America, S-AM – South
America If you explicitly identified the geographic location, the value you specified appears instead of a value
based on the IP address..
Virtual IPs - The virtual IP addresses (VIPs) configured on the Brocade ADX. This information is reported by the
site Brocade ADX. The letter in parentheses at the end of each address indicates whether the Brocade ADX is
an active or standby Brocade ADX for that address. The letter can be A (active) or S (standby). Unless the
Brocade ADX is configured along with a partner Brocade ADX for Symmetric Server Load Balancing, the value
is always A. If a number appears following the A or S, a host range (the unlimited VIP feature) is configured on
the VIP. The number indicates the number of hosts in the host range.
The GSLB Brocade ADX does not necessarily provide global SLB for all the VIPs configured on the site Brocade
ADXs. The GSLB provides global SLB only for the VIPs that correspond to the DNS zone names you configure
the GSLB Brocade ADX to load balance
Connection Load - The average load at each connection-load sampling interval in the most recent set of
sample intervals.