Term | Description |
---|---|
active-active configuration | A configuration in which two Alteons can process traffic for the same service at the same time. Both Alteons share interfaces at Layer 3 and Layer 4, meaning that both Alteons can be active simultaneously for a given IP routing interface or load balancing virtual server (VIP). |
active-standby configuration | A configuration in which two Alteons are used. The active Alteon supports all traffic or services. The backup Alteon acts as a standby for services on the active primary Alteon. If the primary Alteon fails, the remaining Alteon takes over processing for all services. The backup Alteon may forward Layer 2 and Layer 3 traffic, as appropriate. |
DIP (destination IP address) | The destination IP address of a frame. |
dport (destination port) | The destination port (application socket: for example, HTTP-80, HTTPS-443, DNS-53). |
hot-standby configuration | A configuration in which two Alteons provide redundancy for each other. One Alteon is elected primary and actively processes Layer 4 traffic. The other Alteon (the backup) assumes the primary role if the primary fails. In a hot-standby configuration, the Spanning Tree Protocol (STP) is not needed to eliminate bridge loops. This speeds up failover when an Alteon fails. The standby Alteon disables all data ports configured as hot-standby ports, whereas the primary Alteon sets these same ports to forwarding. Consequently, on a given Alteon, all virtual routers are either primary or backup; they cannot change state individually. |
LAG (link aggregation group) | A logical port containing physical ports, as provided for by the Link Aggregation Control Protocol (LACP). A LAG can contain up to a total of eight physical and standby ports. |
NAT (Network Address Translation) | Any time an IP address is changed from one source IP or destination IP address to another address, network address translation (NAT) can be said to have taken place. In general, half NAT is when the destination IP or source IP address is changed from one address to another. Full NAT is when both addresses are changed from one address to another. No NAT is when neither source nor destination IP addresses are translated. Virtual server-based load balancing uses half NAT by design, because it translates the destination IP address from the virtual server IP address to that of one of the real servers. |
preemption | In VRRP, preemption causes a virtual router that has a lower priority to become the backup, should a peer virtual router start advertising with a higher priority. |
preferred primary | An Alteon platform that is always active for a service, and forces its peer to be the backup. Preferred primary is set according to VRRP priority. If a primary device is set with VRRP priority 101, and a secondary device is set with priority 100, then primary device is preferred primary. |
priority | In VRRP, the value given to a virtual router to determine its ranking with its peers. A higher number wins out for primary designation. Values: 1 – 254 for an IP renter, 255 for an IP owner Default: 100 |
proto (protocol) | The protocol of a frame. Can be any value represented by a 8-bit value in the IP header adherent to the IP specification, such as TCP, UDP, OSPF, ICMP, and so on. |
real server group | A group of real servers that are associated with a virtual server IP address, or a filter. |
RIP (real server IP address) | An IP address to which Alteon load balances when requests are made to a virtual server IP address (VIP). |
redirection or filter-based load balancing | A type of load balancing that operates differently from virtual server-based load balancing. With this type of load balancing, requests are transparently intercepted and redirected to a server group. Transparently means that requests are not specifically destined for a virtual server IP address that Alteon owns. Instead, a filter is configured on Alteon. This filter intercepts traffic based on certain IP header criteria and load balances it. Filters can be configured to filter on the SIP/range (via netmask), DIP/range (via netmask), protocol, sport/range or dport/range. The action on a filter can be Allow, Deny, Redirect to a Server Group, or NAT (translation of either the source IP or destination IP address). In redirection-based load balancing, the destination IP address is not translated to that of one of the real servers. Therefore, redirection-based load balancing is designed to load balance Alteons that normally operate transparently in your network — such as a firewall, spam filter, or transparent Web cache. |
SIP (source IP address) | The source IP address of a frame. |
split brain | A failure condition in which there is no communication or synchronization between two Alteon platforms which both behave as the primary. |
sport (source port) | The source port (application socket: for example: HTTP-80, HTTPS-443, DNS-53). |
tracking | A method to increase the priority of a virtual router and, as a result, the primary designation (with preemption enabled). |
virtual server load balancing | Classic load balancing. Requests destined for a virtual server IP address (VIP), which is owned by Alteon, are load balanced to a real server contained in the group associated with the VIP. Network address translation is done back and forth, by Alteon, as requests come and go. Frames come to Alteon destined for the VIP. Alteon then replaces the VIP and with one of the real server IP addresses (RIPs), updates the relevant checksums, and forwards the frame to the server for which it is now destined. This process of replacing the destination IP (VIP) with one of the real server addresses is called half NAT. If the frames were not sent to the address of one of the RIPs using half NAT, a server would receive the frame that was destined for its MAC address, forcing the packet up to Layer 3. The server would then drop the frame, because the packet would have the DIP of the VIP, and not that of the server (RIP). |
VRRP (Virtual Router Redundancy Protocol) | A protocol that acts similarly to Cisco’s proprietary HSRP address sharing protocol. The reason having for both of these protocols is so Alteons have a next hop or default gateway that is always available. Two or more Alteons sharing an IP interface are either advertising or listening for advertisements. These advertisements are sent via a broadcast message to an address such as 224.0.0.18. With VRRP, one Alteon is considered the primary and the other the backup. The primary is always advertising via broadcasts. The backup Alteon is always listening for the broadcasts. Should the primary stop advertising, the backup takes over ownership of the VRRP IP and MAC addresses as defined by the specification. Alteon announces this change in ownership to Alteons around it by way of a Gratuitous ARP, and advertisements. If the backup Alteon did not perform Gratuitous ARP, the Layer 2 devices attached to Alteon would not know that the MAC address had moved in the network. For a more detailed description, refer RFC 2338. |
VRRP router | A physical router running the Virtual Router Redundancy Protocol. |
virtual router (VR) | An address shared by two Alteon platforms using VRRP, as defined in RFC 2338. A virtual router is the primary on one Alteon, and the backup on the other. Alteon determines which virtual router to use for interfaces, virtual IP addresses, and proxy IP addresses. For each virtual router, the virtual router identifier (VRID) and the IP address are the same on both Alteons in the high availability solution. |
VRID (virtual router identifier) | In VRRP, a value used by each virtual router to create its MAC address and identify its peer for which it is sharing this VRRP address. The VRRP MAC address as defined in the RFC is 00-00-5E-00-01-{VRID}. If you have a VRRP address that two Alteons are sharing, then the VRID number must be identical on both Alteons so each virtual router on each Alteon can determine with which Alteon to share. Assign the same VRID to the Alteon platforms in a high availability solution. Radware recommends that you do not use this VRID for other devices in the same VLAN. |
virtual router MAC address | A MAC address associated with a virtual router. For legacy-based MAC addresses, the five highest-order octets of the virtual router MAC address are the standard MAC prefix defined in RFC 2338. The VRID is used to form the lowest-order octet. The MAC address format is as follows: ![]() ![]() ![]() where XX is the VRID. |
virtual router primary | Within each virtual router, one VRRP router is selected to be the virtual router primary. If the IP address owner is available, it always becomes the virtual router primary. The primary forwards packets sent to the virtual interface router. It also responds to Address Resolution Protocol (ARP) requests sent to the virtual interface router’s IP address. The primary also sends out periodic advertisements to let other VRRP routers know it is alive, and its priority. |
virtual router backup | A VRRP router within a virtual router not selected to be the primary. If the virtual router primary fails, the virtual router backup becomes the primary and assumes its responsibilities. |
VRRP advertisement messages | The primary periodically sends advertisements to an IP multicast address. As long as the backups receive these advertisements, they remain in the backup state. If a backup does not receive an advertisement for three advertisement intervals, it initiates a bidding process to determine which VRRP router has the highest priority and takes over as primary. The advertisement interval must be identical for all virtual routers, or virtual router groups. |
virtual interface router (VIR) | An IP interface that is bound to a virtual router. |
Virtual interface IP address owner | A VRRP router where the associated Layer 3 interface IP address matches the VRRP real interface IP address. Only one of the VRRP routers in a virtual interface router may be configured as the IP address owner. There is no requirement for any VRRP router to be the IP address owner. Most VRRP installations choose not to implement an IP address owner, but use only a renter. A VIR owner is always dynamically assigned a priority of 255. If active, the VIR owner always assumes the primary role, regardless of preemption settings. Tracking is not possible with a priority of 255. |
virtual server router (VSR) | A virtual router supporting Layer 4 (VIP) interfaces. A VSR is represented by the server state when dumping virtual router statuses using the /info/l3/ha command: VRRP information (group priorities): 2: vrid 25, 192.168.100.21, if 1, renter, prio 103, primary 200: vrid 45, 192.168.100.21, if 2, renter, prio 103, primary, server |
virtual proxy router (VPR) | A proxy IP address (either from network class range/subnet, port-based, or real server) that is bound to a virtual router. A VPR is represented by the proxy state when dumping virtual router statuses using the /info/l3/ha command: VRRP information (group priorities): 2: vrid 25, 192.168.100.21, if 1, renter, prio 103, primary 200: vrid 45, 192.168.100.21, if 2, renter, prio 103, primary, proxy |
VRRP sharing | When enabled, both Alteons are able to load balance an ingress request, even if an Alteon is not in the primary. A get request is directed by the routing protocol. When disabled, only a primary Alteon can load balance an ingress request. A get a request directed by the routing protocol is not processed. Sharing is enabled in active-active configurations, and disabled in all other configurations, such as active-standby and hot-standby |
VIP (virtual server IP address) | An IP address that Alteon owns and uses to terminate a load balancing request for a particular service request. |