Setting up BIG-IP v4.5 LoadBalancer with GlassFish

Setting up BIGIP with SJSAS

Setting up BIG-IP v4.5 with SJSAS

By Prashant Abbagani

Sun and F5 have developed an effective way to direct traffic for Sun Java System Application Server (SJSAS) deployments using the BIG-IP application traffic management device. When deployed with SJSAS, the BIG-IP product ensures fast delivery, always-on access, peak security and easy expansion for applications running on SJSAS.

With SJSAS and F5 Networks award-winning application traffic management products, enterprises achieve increased security, higher uptime and better performance from their SJSAS-based applications, while increasing the return on investment of their e-business infrastructures.

For more information on the BIG-IP system, see http://www.f5.com/f5products/products/bigip/.

For more information on the SJSAS, see http://www.sun.com/software/products/appsrvr/index.xml

Prerequisites and configuration notes

The following are prerequisites for this Deployment Guide:
  • You must have a Sun Java System Application Server deployment running version 8.2EE or later. You can have 'Project glassfish' installed instead without the failover capability.
  • The BIG-IP system must be running version 4.5.x or 4.6.x.
  • Briefly review the basic configuration tasks and the few pieces of information, such as IP addresses, that you should gather in preparation for completing the BIG-IP system configuration.

Note

All of the configuration procedures in this document are performed on the BIG-IP system. For specific information on how to configure SJSAS, consult the Sun Documentation.
This document is written with the assumption that you are familiar with both the BIG-IP system and SJSAS. For more information on configuring these products, consult the appropriate documentation.

Configuration Example

The BIG-IP system provides intelligent traffic management and high availability for SJSAS deployments. Through advanced health checking capabilities, the BIG-IP product recognizes when resources are unavailable or under-performing and directs traffic to another resource. The BIG-IP device tracks SJSAS end-user sessions, which ensures the client maintains session state with the servers. The following diagram shows an example deployment with SJSAS and the BIG-IP system. To deploy our sample application, a horizontally scalable tiered network architecture will be used. The goal is to load-balance requests accross a group of application servers.

Figure 1.1 Deployment and Configuration of Sample Application server Cluster
Figure 1.1 Deployment and Configuration of Sample Application server Cluster

Application Server

Option I: Project glassfish - Since the 'Project Glassfish' is targeted for developers, it doesnot support for multimachine administration and failover. However we will install Project Glassfish on two hosts and cluster them with the BIG-IP system

Option II: Sun Java System Application Server Enterprise Edition - We will install the 'Sun Java System Application Server Enterprise Edition', create cluster with two application server instances running on two different hosts and deploy the sample application to this cluster. Now we will cluster these two instances with the BIG-IP system.

Sample Application

We use the sample application 'clusterJSP' to demonstrate the use of load-balancing and failover functionality. This sample application can be downloaded seperately or can be used fom the SJSAS EE installation. The response on the Sample application's JSP page displays many useful session and request properties; you can identify the Application Server instance on which the request was processed. The name of the machine is printed in the response, Executed From Server: ..., for example:
Executed From Server: server-10.foo.com

Hardware Setup

We would do the following to configure the hardware.
  1. Follow the instructions to setup BIG-IP in the Reference Guide, ensure the Configuration utility web interface is available and ready for configuration
  2. The machines that host the Sun Java System Application Server's are available and ready to connect to the BIG-IP system
  3. Configure the Interfaces and VLAN's.

Configuring BIG-IP system for deployment with SJSAS

To configure the BIG-IP product to load balance Sun Java System Application Servers, you need to complete the following procedures:

Important

If your SJSAS deployment uses SSL, follow the procedures in Configuring the BIG-IP system for SJSAS deployments with SSL traffic.

The BIG-IP system offers both web-based and command line configuration tools, so that users can work in the environment that they are most comfortable with. This Deployment Guide contains procedures to configure the BIG-IP system using the BIG-IP web-based Configuration utility only. If you are familiar with using the bigpipe command line interface you can use the command line to configure the BIG-IP device, however, we recommend using the Configuration utility.

Connecting to the BIG-IP device

The first step in this configuration is to connect to the BIG-IP system. Use the following procedure to access the BIG-IP web-based Configuration utility using a web browser.

To connect to the BIG-IP system using the Configuration utility

  1. In a browser, type the following URL:
  2. https:// < Administrative IP of the BIG-IP device >
    A Security Alert dialog box appears, click Yes.
    The authorization dialog box appears.
     
  3. Type your user name and password, and click OK.
  4. The Configuration Status screen opens.
    Once you are logged onto the BIG-IP system, the initial screen, called the Configuration Status page, displays. From the Configuration status page, you can access the Configuration utility, documentation such as manuals and release notes, and software downloads.
     
  5. From the Configuration Status screen, click Configure your BIG-IP (R) using the Configuration utility.
  6. The Configuration utility opens to the Network Map screen.

Creating the Pool

The first procedure in this configuration is to configure a pool for the SJSAS servers. A BIG-IP pool is a set of devices grouped together to receive traffic according to a load balancing method. In this Guide, we configure one pool for our SJSAS servers. For this pool, we use cookie persistence, Insert mode, the recommended persistence method for SJSAS.

To create the pool from the Configuration utility

  1. In the navigation pane, click Pools.
  2. The Pools screen opens.
     
  3. Click the Add button.
  4. The Add Pool screen opens.
     
  5. In the Pool Name box, enter a name for your pool.
  6. In our example, we use sjsas_http.
     
  7. In the Load Balancing Method box, enter your preferred load balancing method (different load balancing methods may yield optimal results for a particular network).
  8. In our example, we select Round Robin (member), where connections are distributed evenly across all members in the pool.
     
  9. In the Resources section, you add the web servers to the pool.
    1.  
    2. In the Member Address box, type the IP address of the SJSAS server. In our example, we type 122.10.10.1.
    3.  
    4. In the Service box, type the service number you want to use for this server, or specify a service by choosing a service name from the list (for example 38080).
    5.  
    6. In our example, we type 38080, the default SJSAS server port.
    7.  
    8. The Member Ratio and Member Priority boxes are optional.
    9.  
    10. Click the Add button (>>) to add the member to the Current Members list.
    11. Repeat steps a-d for each server you want to add to the pool. In our example, we repeat these steps for the other server (122.10.10.2). See Figure 1.2.

  10. The other fields in the Add Pool screen are optional. Configure these fields as applicable for your network. (For additional information about configuring a pool, click the Help button.)
  11.  
  12. Click the Done button.
  13. Creating the Pool
    Figure 1.2 Creating the Pool

  14. In the Pool screen, from the Pool Name list, click the name of the pool you just created.
  15. In our example, we click sjsas_http.
     
  16. Click the Persistence tab.
  17. The Persistence screen for the pool opens.
     
  18. In the Persistence Type section, click the option button for Active HTTP Cookie.
  19.  
  20. From the Method list, select Insert.
  21.  
  22. In the Expiration box, type an expiration for the cookie. In our example we type 30 in the Minutes box.

  23. Important: The cookie expiration should be at least equal to the application session timeout for the SJSAS servers. The default application session timeout is 30 minutes. You could also leave the Expiration blank, and the cookie will expire when the browser is closed.
     
  24. Click the Apply button
Cookie Persistence
Figure 1.3 Configuring the cookie persistence

Command Line

app-bigip:~# b pool sjsas_http { member 122.10.10.1:38080 member 122.10.10.2:38080 lb_method rr persist cookie cookie_mode insert cookie_expiration 0d 00:30:00}

Creating the Virtual Server

The next step in this configuration is to define a virtual server that references the pool you just created.

To create the HTTP virtual server using the Configuration utility

  1. In the navigation pane, click Virtual Servers.
  2. The Virtual Servers screen opens.
     
  3. Click the Add button.
  4. The Add Virtual Server screen opens.
     
  5. Enter the IP address and service for the virtual server, then click the NEXT button.
  6. In our example, we use 192.10.10.1 with service of 80. The Configure Basic Properties screen displays.
    Click the Next button again.
     
  7. Click the Pool option button, and from the list, select the pool you created in the Creating the pool section.
  8. In our example, we select sjsas_http (see Figure1.4).

    Creating the Virtual server
    Figure 1.4 Creating the Virtual server
     

  9. Click the Done button. For additional information about configuring a virtual server, click the Help button.
  10. To view the virtual server, click the virtual server in the list. In our example, the virtual server properties are shown in Figure 1.5.

    Virtual server properties
    Figure 1.5 Configuring the Virtual server

Command Line

app-bigip:~# b virtual 192.10.10.1:80 use pool sjsas_http

Configuring a HTTP health monitor

We now configure the optional HTTP ECV monitor. In this example, we configure an HTTP ECV monitor for the SJSAS servers.
  1. In the navigation pane, click Monitors.
  2. The Network Monitors screen opens.
     
  3. Click the Add button.
  4. The Add Monitor dialog box opens.
     
  5. In the Add Monitor screen, type the name of your monitor (it must be different from the monitor template name), in our example, we type sjsas_http_monitor. In the Inherits From box, select the http monitor template from the list. Click the Next button.
  6. Add Monitor
    Figure 1.6 Creating the HTTP Monitor
     

  7. In the Configure Basic Properties section, type an Interval and Timeout value. We recommend at least a 1:3 +1 ratio between the interval and the timeout (for example, the default setting has an interval of 5 and an timeout of 16). We recommend a slightly higher ratio. In our example, we enter 30 for the Interval and 91 for the Timeout.
  8. Click the Next button.
    The Configure ECV HTTP Monitor screen opens.
     
  9. In the Configure ECV HTTP Monitor screen, you can add a Send String and Receive Rule specific to that application. Complete the relevant information, and click the Done button.
  10. The Add Monitor dialog box closes, and you return to the Network Monitors screen.

    Configuring the HTTP Monitor
    Figure 1.7 Configuring the HTTP Monitor

     Command Line

    app-bigip:~# b monitor sjsas_http_monitor '{use http interval 30 timeout 91 send "GET /index.html HTTP/1.0" recv "" }'

  11. From the Network Monitors screen, click the Basic Associations tab.
  12. The Basic Association screen opens.
     
  13. In the Node section, from the list, select the name of the monitor you created in Step 3. In our example, we select sjsas_http_monitor.
  14.  
  15. In the Node column, locate the SJSAS nodes relevant to this monitor, and click a check in the Add box for each node.
  16. In our example, we check the Add box for 122.10.10.1:38080 and 122.10.10.2:38080.

    Associating the Nodes to Monitor
    Figure 1.8 Associating the Monitor to the Nodes
     

  17. Click Apply.
  18. You now see the sjsas_http_monitor in the Existing Associations column of the Node section for each of the SJSAS servers.
    For additional information associating a monitor, click the Help button.
Command Line

app-bigip:~# b node 122.10.10.1:38080 122.10.10.2:38080 monitor use sjsas_http_monitor

Configuring the BIG-IP system for SJSAS deployments with SSL traffic

If your SJSAS deployment requires SSL, the configuration on the BIG-IP system is slightly different. For SJSAS deployments using SSL, you need to configure an SSL proxy and a loopback virtual server on the BIG-IP system, in addition to creating the pool and health monitor.

Note
If you are not using SSL in your deployment, you do not need to perform these steps.

To configure the BIG-IP for directing SSL traffic to the SJSAS servers, you need to complete the following procedures from the first section of this document:

Creating the loopback virtual server for the SSL proxy

The SSL proxy uses a loopback virtual server for the SSL proxy. To create this loopback virtual server, use the following steps.

Note
Before you configure the virtual server, you must have already configured the pool (see Creating the pool).
To create the loopback virtual server

  1. In the navigation pane, click Virtual Servers.
  2. The Virtual Servers screen opens.
     
  3. Click the Add button.
  4. The Add Virtual Server screen opens.
     
  5. Enter the IP address and service for the loopback virtual server, then click the NEXT button.
  6. In our example, we use 150.10.10.1 with service of 80. The Configure Basic Properties screen displays.
    Click the Next button again.
     
  7. Click the Pool option button, and from the list, select the pool you created in the Creating the pool section.
  8. In our example, we select sjsas_http.
     
  9. Click the Done button. For additional information about configuring a virtual server, click the Help button.
  10.  
  11. To view the virtual server, click the virtual server in the list.
  12. For more information on configuring the proxy addresses, refer to the BIG-IP Reference Guide.
Command Line

app-bigip:~# b virtual 192.10.10.2:80 use pool sjsas_http

Creating the SSL proxy

The next step is to create an SSL proxy. An SSL proxy is a gateway for decrypting HTTP requests to an HTTP server and encrypting the reply. The SSL proxy on the BIG-IP system offloads the task of SSL encryption/decryption from the server, which frees processing cycles for those servers, and provides a central location for certificate management.

Important
Before creating the SSL proxy on the BIG-IP system, you should have a certificate issued by a recognized certificate authority.

To create an SSL proxy from the Configuration utility

  1. From the navigation pane, click Proxies.
  2. The Proxies screen opens.
     
  3. Click the Add button.
  4. The Add Proxy screen appears.
     
  5. In the Proxy Type section, click a check in the SSL box.
  6.  
  7. In the Proxy Address box, type the originating (source) IP address. This must be a valid IP address or host name. For a web site, use the registered address to which your clients connect.
  8. In our example, we use 192.10.10.2.
     
  9. In the Proxy Service box, type https, or choose https from the list.
  10.  
  11. In the Destination Address box, type the address of the loopback virtual server you created in the Creating the loopback virtual server for the SSL proxy section.
  12.  
  13. In our example, we type 150.10.10.1.
  14.  
  15. In the Destination Service box, type the same port you used for the pool in the Creating the pool section. In our example, we type 80.
  16.  
  17. In the SSL Certificate box, type the name of the SSL certificate for the server, or select it from the list.
  18.  
  19. In the SSL Key box, type the SSL key for the server, or select it from the list of installed keys. It is very important that you choose the key that you used to create the certificate you selected in the SSL Certificate box.
  20. Creating SSL Proxy
    Figure 1.9 Adding the SSL proxy
     

  21. Click the Next button.
  22.  
  23. From the Rewrite Redirects list, select All. When you select All, the proxy always rewrites URIs as if they matched the originally requested URIs.
  24.  
  25. The other fields in the Add Proxy window are optional. Configure these fields as applicable for your network. (For additional information about configuring a Proxy, click the Help button.)
  26.  
  27. Click the Done button to add the Proxy.
Command Line

app-bigip:~# b proxy 192.10.10.2:https target virtual 150.10.10.1:http clientssl enable clientssl key sjsas_key clientssl cert sjsas_certificate

Important
Be sure to perform the procedures Configuring a HTTP health monitor before finishing the configuration
 

Testing

Testing the Setup

  1. In the browser (for example, Mozilla), go to http://192.10.10.1/clusterjsp/.
  2. The request lands in BIG-IP, which then routes it to one of the Application Server instances. The response on the JSP page displays many useful session and request properties; you can identify the Application Server instance on which the request was processed. Look for the name of the machine in the response, Executed From Server: ..., for example:
    Executed From Server: server-10.foo.com
  3. Establish a new session. On a different machine or in a browser (for example, Firefox), go to http://192.10.10.1/clusterjsp/.
  4. If the response cites another Application Server instance (in the example in step 1, the other instance might be server-11.foo.com), you're assured that BIG-IP system is distributing the requests within the available Application Server instances.

Testing the Load balancer Algorithm

Plan is to use Sticky-Round-Robin Algorithm. To verify that the this algorithm is functioning properly, on both browser windows, enter values in the two text fields for Name and Value of Attributes and click the ADD SESSION DATA button.

The second requests in each session must land in the same Application Server instance that processed the first request. If the Application Server instance name in the response for the second request is the same as that for the first response, the sticky algorithm is in working order.

Verification of failover

To verify that the failover capability is functioning properly, we perform the following:
  1. On a new browser window, go to http://192.10.10.1/clusterjsp/.
  2.  
  3. Enter values in the two text fields for Name and Value of Attributes and click the ADD SESSION DATA button.
  4. The browser prints the session data in a response. Note the Application Server instance name cited in the response, Executed From Server: ....
     
  5. Stop that Application Server instance. Type:
  6. Application_Server_install_dir/bin/asadmin stop-instance --host DAS_hostname --port DAS_port_number instance_name
    where DAS_hostname and DAS_port_number are the host name and port number, respectively, for the Application Server's Administration Server. instance_name is the name of the instance in the Application Server cluster to be stopped.
     
  7. Repeat step 2.
This scenario would indicate a smooth go: BIG-IP system assigns this request to an instance that's running, which then checks if the ID of the requested session is valid. If so, the instance acquires the ID from the HADB. Finally, the response posts the data for both the current and the prefailover sessions.
Comments:

Post a Comment:
Comments are closed for this entry.
About

sv96363

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today