6.3.9.3 Persistence Method Collaborating with an SLB Persistence Policy
- Configuration purpose:
To implement session persistence by applying both the persistence method and a Layer 7 SLB persistence policy. In this case, the session ID is obtained through the policy. The following table describes the configuration for the method and policy:
Table 6-13 Configurations of the Method and Policy
Item | Configurations | |
Policy | | The header policy is configured to obtain the content of
“x-up-calling-line-id” in the HTTP request header as the target string. |
| The default policy is configured. | |
Persistence method |
|
The first choice method is round robin (rr).
The session ID is of the string type. Whether to obtain the session ID from the client request or server response is not specified. |
| The offset and ID length for obtaining the session ID are specified. |
Once configured, the FortiBalancer appliance will:
- If the request from the client matches with the header policy, the FortiBalancer appliance will obtain the session ID based on the offset and ID length from the content of “x-up-calling-line-id”.
- If the request from the client matches with the default policy, the FortiBalancer appliance will use the first choice method to direct the request to a real server and not implement session persistence.
- Prerequisites:
- Layer 4 or 7 real services r1 and r2 are already defined. In this example, the real services are of the HTTP type.
- A Layer 4 or 7 virtual service v1 is already defined. In this example, the virtual service is of the HTTP type.
- web UI:
- Select Server Load Balance > Groups > Groups. In the Add Group area, select “Persistence” from the Group Method drop-down list and “string” from the Session
Type drop-down list. Specify other parameters as required. Click the Add action link.
- In the Group List area, double-click the group. In the Group Members area of the displayed page, click the Add action link. In the Add Group Member area of the displayed page, specify the required parameters and click Save to save the configuration.
- Select Server Load Balance > Virtual Services > Virtual Services. In the Virtual Service List area, double-click the virtual service. In the Associate Groups area of the displayed page, specify the required parameters and click the Add action link.
- Select Server Load Balance > Groups > Groups. In the Group List area, double-click the group. In the Group Settings area of the displayed page, specify the Persistence Timeout, Persistence Timeout Mode, Persistence Session ID Offset, and Persistence Session ID Length Click the Set action link.
- CLI:
- Execute the following command to configure the service group and persistence method:
slb group method <group_name> persistence <session_id_type> [rr|sr|lc] [threshold]
For example:
FortiBalancer(config)#slb group method g1 persistence string rr
- Execute the following command to add real services to the service group:
slb group member <group_name> <real_name> [weight]
For example:
FortiBalancer(config)#slb group member g1 r1 1 0
FortiBalancer(config)#slb group member g1 r2 1 0
- Execute the following command to bind the service group and virtual service with the header and default policies:
slb policy header <policy_name> {virtual_name|vlink_name}
{group_name|vlink_name} <header_name> <header_pattern> <precedence> slb policy default {virtual_name|vlink_name} {group_name|vlink_name}
For example:
FortiBalancer(config)#slb policy header p1 v1 g1 “x-up-calling-line-id” “^1” 1 FortiBalancer(config)#slb policy default v1 g1
- Execute the following command to configure the offset and length for the session ID.
slb group persistence value <group_name> <offset> [session_id_length]
For example:
FortiBalancer(config)#slb group persistence request header g1 abc user y 0 FortiBalancer(config)#slb group persistence value g1 4 3
- Execute the following command to configure the time out mode:
slb persistence timeout <timeout_minutes> [group_name] [idle|timeout]
For example:
FortiBalancer(config)#slb persistence timeout 5 g1 idle
6.4 SLB Summary
SLB Type | Priority (1 is the highest) | Virtual
Service |
Real Service | Health check | Scenarios |
Layer 7
HTTP/HTTP S |
2 | IP + Port + proto
(HTTP, HTTPS) |
IP + Port + proto
(HTTP, HTTPS) |
None
HTTP HTTPS TCP TCPS ICMP Additional Script |
1. Balance traffic according to application protocol headers. e.g. HTTP headers
2. Cache feature is needed |
Layer 7 DNS | 2 | IP + Port + proto (DNS) | IP + Port + proto (DNS) | None
DNS ICMP Additional Script |
DNS requests DNS cache feature can be applied for better performance |
Layer 7 FTP | 2 | IP + Port + proto (FTP) | IP + Port + proto (FTP) | None
TCP ICMP Additional Script |
FTP traffic |
Layer 7 SIP | 2 | IP + Port + proto
(SIP-TCP, SIP-UDP) |
IP + Port + proto
(SIP-TCP, SIP-UDP) |
None
TCP TCPS ICMP Additional Script SIP-TCP SIP-UDP |
Balance VOIP traffic |
Layer 7 RTSP | 2 | IP + Port + proto (RTSP) | IP + Port + proto (RTSP) | None
TCP ICMP Additional Script RTSP-TCP |
Balance real time media traffic |
Layer 4 | 2 | IP + port | IP + Port | None
TCP TCPS ICMP Additional Script |
1. Balance traffic according to
TCP/UDP headers. 2.TCP port or UDP port is specified to determine a particular service |
Port range
(for Layer 7) |
3 | Layer 7 VS + Port range | Layer 7 RS
Layer 7 RS (0 port) |
Non-zero port RS: Layer 7 health check Zero port RS:
ICMP Additional |
In addition to Layer 7 SLB, cross-port and dynamic port application traffic balance is supported |
Port range
(for Layer 4) |
3 | Layer 4 VS + Port range | Layer 4 RS
Layer 4 RS (0 port) |
Non-zero port RS: Layer 4 health check Zero port | In addition to Layer 4 SLB, cross-port and dynamic port application traffic balance is supported |
Fortinet Technologies Inc. 102 FortiBalancer 8.4 User Guide
SLB Type | Priority (1 is the highest) | Virtual
Service |
Real Service | Health check | Scenarios |
RS:
ICMP Additional |
|||||
Layer 3 | 4 | IP | IP | None
ICMP Additional |
In addition to port range SLB, cross-protocol application traffic balance is supported. Currently, only TCP and UDP protocol are supported |
Layer 2 | 1 | IP + port ranges | IP, MAC | ARP
Additional (only ICMP) |
1. The backend real services do not have usable IP addresses so that the traffic cannot be balanced according to IP addresses;
2. The backend real services are not the destination of the input traffic (e.g. virus scanners check every packet before forwarding it to the real destination). |