ADC Lab 5

PBSLB
Version 4.1.0 (12/16/16)
Lab 5 Overview
In this lab you configure, apply and verify ACOS PBSLB functionality using 1) Black-White
Lists to steer traffic destinations and 2) Class-Lists to set connection limits.

Continuing from Lab 4: HTTP Acceleration

When starting this lab immediately after successfully completing Lab 4, proceed to the
Initial Device Verification section.

Starting from all Other Chassis Conditions

When starting this lab from any other starting point, prepare the devices by opening
Appendix A and proceeding to section Device Preparation: Lab 5 – PBSLB.

Initial Device Verification

Open an SSH session to the vMaster (1.0.0.10).
Periodically display aVCS status to monitor reload progress.
repeat 5 show vcs summary
The reload is complete when aVCS output is stable for at least 30 seconds. Exit the
repeat command by pressing Control-C.
Verify the configuration with the following commands:
show vcs summary

Contact your instructor if your output differs significantly from the shown output.

A10 ADC 4.1.0 (12/16/16) Lab 5: PBSLB Page 2 of 6

Using the VIP-HTTP Virtual Server
PBSLB is demonstrated with the previously created virtual server. The Initial Device
Verification section verifies the virtual server is configured and functioning.

PBSLB with Black-White Lists

Configuring a Second Server Group
PBSLB traffic flow control is demonstrated with additional servers in a new service group.
1. Create and verify access to the Bad Store Server.
slb server BADS1 210.0.0.210
port 80 tcp
show slb server BADS1
2. Create and configure the SG-BADS service group. Verify the service-group.
slb service-group SG-BADS tcp
member BADS1 80
show slb service-group SG-BADS

Removing the Server Group Template from the VIP

3. [Browser] Confirm the HTTP VIP is functioning by connecting to http://100.0.0.21.
The browser should display the It Works page.
4. [CLI] Display the contents of the VIP-HTTP virtual server.
show run | sec VIP-HTTP
5. From VIP-HTTP, port 80, remove the SG-HTTP service group.
no service-group SG-HTTP
6. [CLI] Clear browser cache
clear session all
7. Verify VIP-HTTP is unreachable by connecting to http://100.0.0.21
The access attempt should timeout unsuccessfully.

Creating a Black-White List

8. [Browser] Open another tab and use admin credentials to log into the ACOS GUI:
https://master/

A10 ADC 4.1.0 (12/16/16) Lab 5: PBSLB Page 3 of 6

9. Access the Create Black-White Lists panel.
ADC > BW-Lists
Click the Create button (right side of panel)
10. Enter the following on the Create Black-White List panel.
Select Local (radio button)
Name: LT-BW1
Definition: 110.0.0.100 2 ; 2 for http 4 for badstore 6 reset
Text after a semicolon is an optional comment. Using comments to document entries is
best practices.
11. Click Create to save the list. Leave the GUI session open.
Subsequent lab instructions modify the Black-White list.

Creating a Template that Implements the Black-White List

12. Create a policy template (named TP-PBSLB) that, when applied to the VIP port,
implements the new Black-White list.
slb template policy TP-PBSLB
13. Configure the policy template by specifying its name and correlating service groups to
numbers. The comments in the list previously created refer to this correlation.
bw-list name LT-BW1
bw-list id 2 service-group SG-HTTP
bw-list id 4 service-group SG-BADS
bw-list id 6 reset
exit

Implementing the Black-White List

14. Apply the policy template to the HTTP port on the VIP. Confirm the configuration.
slb virtual-server VIP-HTTP
port 80 http
template policy TP-PBSLB
show runn | sec VIP-HTTP
15. From the browser, connect to the VIP (100.0.0.21)
Because id 2 is the group number assigned to the desktop IP in LT-BW1, the browser
should display the It Works page.
16. Close the It Works tab and clear the browser cache.
17. From vMaster GUI, modify the Black-White list to change the LT-BW1 ID from 2 to 4.

A10 ADC 4.1.0 (12/16/16) Lab 5: PBSLB Page 4 of 6

 ADC > BW-Lists
Click the LT-BW1 text in the list
Definition text box: change 110.0.0.100 2 to 110.0.0.100 4
Click Update (bottom right corner of panel)
18. Connect to VIP-HTTP again
The browser should display the Bad Store website.
19. Close the Bad Store tab and clear the browser cache.
20. From the vMaster GUI, modify the Black-White list to change the LT-BW1 ID from 4 to
6; this sends a reset packet to the client.
ADC > BW-Lists
Click the LT-BW1 text in the list
Definition text box: change 110.0.0.100 4 to 110.0.0.100 6
Click Update (bottom right corner of panel)
21. Attempt to connect to VIP-HTTP again.
The browser should display an error indicating the webpage is not available with the
ERR_CONNECTION_RESET message at the bottom.

PBSLB with Class Lists and Policy Templates

Traffic can be dropped, reset, locked out, or forwarded; Limits can be set for connections,
requests, connection rates, and request rates. These steps forward traffic and log events.
22. Re-apply the http service group to port 80, remove the policy template, and verify VIP-
HTTP generates the It Works page.

Creating the Class List and Policy Template

23. Create the Class List, then verify its configuration.
class-list CL1
110.0.0.0/24 lid 1
show class-list CL1
24. Create and configure the Policy Template, then verify the configuration.
slb template policy TP-POL1
class-list CL1
lid 1
conn-limit 1
over-limit-action forward log
show slb template policy

A10 ADC 4.1.0 (12/16/16) Lab 5: PBSLB Page 5 of 6

Implementing the Class List
25. Apply the template to VIP-HTTP port 80
template policy TP-POL1
26. Clear browser cache, connect to VIP-HTTP in a new tab, and refresh page several times.
27. Since VIP-HTTP is assigned to VRID 1, it is active on device 2. Log in to A2 (1.0.0.2) and
check the log for PBSLB events (Command is case sensitive).
show log | inc PBSLB
You should see messages like the following:
Apr 25 2015 02:14:31 Info [PBSLB]:[ve 100] TCP 110.0.0.100 > 100.0.0.21:80 PBSLB
forwards traffic even connection number is over limit (VP Policy TP-POL1)

A10 ADC 4.1.0 (12/16/16) Lab 5: PBSLB Page 6 of 6