53-1003242-01 July 2014 Brocade Virtual ADX Graphical User Interface Guide Supporting Brocade Virtual ADX version 03.1.
Copyright © 2014 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Contents Preface Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . x Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . x Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Config Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Config Sync Summary tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Config Sync Settings tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Executing a Config Template . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Health checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Creating a port profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Defining advanced parameters for a port profile . . . . . . . . . . . 94 Creating a port policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Element health checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Viewing match list policies . . . . . . . . . . . . . . . . .
SYN-Proxy server tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Configuring Syn-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Disabling the SYN-Proxy server . . . . . . . . . . . . . . . . . . . . . . . . .161 Per-IPMSS tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161 Adding an IP-MSS entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162 Deleting an IP-MSS entry. . . . . . . . . . . . . . . . . . .
Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .203 Virtual server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204 Virtual server details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205 Virtual server ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 Real servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210 Real server statistics . . . .
Chapter 20 Accessing the CLI CLI access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251 Chapter 21 Retrieving System Information for Technical Support Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253 Appendix A Troubleshooting Unable to open web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface Document conventions This section describes text formatting conventions and important notice formats that may be used in this document. Text formatting The following text formatting conventions may be used in the flow of the text to highlight specific words or phrases.
Command syntax conventions Convention Description bold text Identifies command names, keywords, and command options. italic text Identifies variables. [] Syntax components displayed within square brackets are optional. { x | y |z } A choice of required parameters is enclosed in curly braces separated byvertical bars. You must select one. x|y A vertical bar separates mutually exclusive elements. <> Nonprinting characters, for example, passwords, are enclosed in angle brackets. ...
Brocade resources To get up-to-the-minute information, go to http://my.brocade.com to register at no cost for a user ID and password. Release notes are available at http://my.brocade.com. White papers, online demonstrations, and data sheets are available through the Brocade website at: http://www.brocade.com/products-solutions/products/index.page Select Application Delivery Switches on this page to navigate to the relevant product information.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document.
Chapter Introduction to the Brocade Virtual ADX Web Interface 1 In this chapter • System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Starting the Brocade Virtual ADX web interface . . . . . . . . . . . . . . . . . . . . . . . 2 System requirements The Brocade Virtual ADX web interface is a browser-based interface that allows you to configure, monitor, and maintain an Brocade Virtual ADX.
1 Starting the Brocade Virtual ADX web interface Starting the Brocade Virtual ADX web interface After the initial configuration, you can start accessing the web interface using the default username and password. To start the Brocade Virtual ADX web interface, perform the following steps. 1. Launch a web browser that has Hypertext Transfer Protocol (HTTP). 2. Type http:// in the address bar on the browser. 3. Press Enter. The Login window is displayed.
Chapter Navigating the Web Interface 2 In this chapter • Web interface overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 • Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Layout Layout The web interface of the Brocade Virtual ADX has the following features, as shown in Figure 1 and described in Table 1.
Layout TABLE 1 2 Brocade Virtual ADX web interface features Brocade Virtual ADX home page features Description and options Login bar Includes information regarding your login session along with the links to get additional help. The following options are displayed on the login bar: • Hostname — Host name and the model of the Brocade Virtual ADX. • User — Username that was used to log in to the Brocade Virtual ADX. • Context — Context corresponding to the username. • Role — Role of the user.
2 Navigation Navigation From the task bar, select a primary task (tab) you want to perform. Selecting the tab displays the related subsections in the menu bar. When you select a subsection, the related entities are displayed in the sidebar. By default, the system is set to open the first entity in the sidebar and displays its related fields in the main page. Getting guidance The web interface provides help throughout the web interface.
Chapter Navigating the Dashboard 3 In this chapter • Dashboard overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 • System view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 • Traffic view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Dashboard overview Both the System and Traffic dashboards have six panes that can be viewed, hidden, resized, and reorganized. The information in the dashboard is automatically updated based on the autorefresh interval that you set. By default, the autorefresh interval is set to 30 seconds. You can change the autorefresh time interval by selecting an interval option from the Auto Refresh list. To disable autorefresh, you can select the On Demand option from the list.
Dashboard overview 3 Dashboard pod controls The Dashboard pods support variable data display, time-period selection, and data export on a case-by-case basis. FIGURE 4 Dashboard pod controls 1 Display pod data in graph format 2 Display pod data in a spreadsheet 3 Toggle data display 4 Export data 5 Jump to source page Displaying dashboard pod line graph data Some pods allow you to select the data to be displayed.
3 Dashboard overview NOTE The Historical Statistics status is retained between sessions, but time period selections and data display selections are not. Exporting pod line graph data Some pods allow you to export whatever data has been collected for the graph. Clicking Export… in the pod opens a standard windows file dialog that allows you to save the data as a CSV file.
Dashboard overview 3 Viewing Line Graph data details Some pods allow you to jump to the page that provided the information in the pod. If the pod supports this, click Details… to jump to the appropriate page in the application. For example, clicking the Details… link in the Throughput pod displays the Interfaces page on the Monitor tab.
3 System view System view The System dashboard displays various system information including general summary, throughput, log messages, established connections, and sessions. To view the System dashboard, select the Dashboard tab in the task bar and click System on the menu bar. The System dashboard page is displayed, as shown in Figure 6. FIGURE 6 System dashboard The System Dashboard contains six pods. See Table 2.
Traffic view 3 Traffic view The Traffic dashboard displays network traffic information including traffic distribution, sessions and connections for service, and service response time. To view the Traffic dashboard, select the Dashboard tab in the task bar and click Traffic on the menu bar. The Traffic dashboard page is displayed, as shown in Figure 7. FIGURE 7 Traffic dashboard The Traffic dashboard contains six pods. See Table 3.
3 Traffic view TABLE 3 14 Traffic dashboard pods (Continued) Pod Description HTTP Traffic - Content Switching Allows you to view the HTTP traffic request response. Average Response Time by Service Allows you to monitor response over time based on HTTP, HTTPS, or DNS.
Chapter 4 Configuration Overview In this chapter • Navigating the configuration tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 • Saving the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Navigating the configuration tab The Configure tab is the second tab in the Brocade Virtual ADX web interface.
4 Saving the configuration information by clicking Next or Previous at the bottom of the Summary page. Click First or Last to go to the most recent or least recent entries. Also, you can select the page number from the list, to go to a specific page. The main page displays the buttons that are used to perform configuration actions. See Table 5. TABLE 5 Configuration actions Button Description New Allows you to create a new instance of the currently selected entity.
Chapter 5 System Settings In this chapter • General settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Config Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5 General settings The System Configuration page is displayed. See Figure 9. FIGURE 9 System Configuration page 3. Under System, provide the following information: • Hostname: Enter a host name for the Brocade Virtual ADX; for example, ADXHost. When you configure a host name, the name replaces the default system name. The name can contain up to 32 alphanumeric characters. • Serial Number: Displays the serial number of the Brocade Virtual ADX. The field is editable.
General settings 5 Changing the system limits You can set the system memory consumption limits to control the Brocade Virtual ADX. To configure the system limits on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click System on the menu bar. 2. From the sidebar, select General, and then select System Limits.The System Limits page is displayed. See Figure 10.
5 High Availability Click Reset to Defaults to change all the configured values to the default values. Click Reset to revert the configuration to the previous configured values. NOTE Any change to the system limits requires you to reboot the Brocade Virtual ADX for these changes to take effect. It is recommended to save the running configuration to the startup configuration to preserve the changes across reboot.
High Availability 5 The HA for Server Load Balancing (SLB) is Hot-Standby HA. This mode requires a setup of two Brocade Virtual ADXs, where one device is always active and the other device is always in the standby mode. For more information on high availability, refer to the Brocade Virtual ADX Server Load Balancing Guide. Configuring the Brocade Virtual ADX in Hot-Standby HA Hot-Standby HA allows you to configure two Brocade Virtual ADXs to serve as a redundant pair.
5 High Availability FIGURE 13 Configuring hot standby 4. Under the Basic tab, provide the following information: • Sync VLAN: Select a port-specific VLAN from the list. • Sync Port: Select the hot standby port from the list. Placing the hot standby port in its own VLAN prevents unnecessary traffic from going over the directly connected backup link. • Shared MAC Address: Specify the MAC address of one of the Brocade Virtual ADXs.
High Availability FIGURE 14 5 Hot standby advanced configuration 6. Under the Advanced tab, provide the following information: • Backup Remain Standby: Select the Enable check box to force the Brocade Virtual ADX to remain in the standby state, regardless of any changes in the system parameters (such as no heart beat, fewer router ports, and other changes). The Brocade Virtual ADX transitions to the standby state and remains as the standby until this setting is disabled.
5 Config Sync Config Sync The Config Sync controls allow you to configure the Brocade Virtual ADX for automated synchronization. Config Sync Summary tab To configure the Config Sync settings on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Select the Configure tab. 2. Click System on the menu bar. 3. From the sidebar, select Config Sync. By default, only the Summary page is displayed when you first select Config Sync. See Figure 15.
Config Sync 5 Config Sync Settings tab To configure the Config Sync synchronization controls on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Select the Configure tab. 2. Click System on the menu bar. 3. From the sidebar, select Config Sync. 4. Click the Sync Settings… button. The Sync Settings tab is displayed. See Figure 16. FIGURE 16 Sync Settings page The Config Sync Settings tab has the following controls. See Table 8.
5 Templates Templates The Templates controls allow you to upload and run XML-based Config Templates for the configuration and management of the Brocade Virtual ADX. Though you can create templates, Brocade provides pre-defined templates. These templates exist in the Brocade Virtual ADX and can be used though the Web GUI. NOTE You can use the Config Templates on the CLI or in user-written SOAP clients.
Templates 5 3. From the sidebar, select Templates. The Templates page is displayed. See Figure 17. FIGURE 17 Templates page The page displays the Templates tab with the following information: • • • • • File Name: The template filename. Name: A descriptive name for the template. Description: A description of the template. Version: The version of the template. Storage Area: The storage area where the template file resides.
5 Templates Uploading a local Config Template file To upload a local template file, perform the following steps within the Templates tab. NOTE The maximum file size that can be loaded from the local system is 750K. 1. Select the Configure tab. 2. Click System on the menu bar. 3. From the sidebar, select Templates. 4. Click the Upload button. The Upload page is displayed at the bottom of the Templates tab. See Figure 18. FIGURE 18 Upload page on the Templates tab 5.
Templates 5 3. From the sidebar, select Templates. 4. Click the TFTP Copy button. The TFTP Copy page is displayed at the bottom of the Templates tab. See Figure 19. FIGURE 19 TFTP Copy on the Templates tab 5. Provide the following information: • TFTP IP Address: Enter the IP address of the TFTP server. • TFTP File To Copy: Enter the name of the template to copy from the TFTP server.
5 Templates 5. Click Open. The Template - filename page is displayed. • If the template does not require user input before execution, the following message appears on the page: This template has no variables. • If the template requires user entries, enter the information in the variables fields, similar to Figure 20. Depending on the template you have selected, the data fields may be different from this example; every template may require different user inputs.
Templates 5 Viewing the Raw XML and Tree Structure of a template From the View Template tab, you can view the raw XML and the tree structure of the Config Template. 1. Select the template from the Templates tab 2. Click View to view the View Raw XML and Browse Tree Structure tabs. See Figure 21. FIGURE 21 View Raw XML • The View Raw XML tab contains the XML for the template.
5 User management User management User management allows restricting or authorizing system access for the users based on their context. You can view the user name, role and context associated with the logged in user in the login bar. See Figure 23. FIGURE 23 Viewing user management information Basic user management You can configure three types of users in the Brocade Virtual ADX: • Super user — A super user has admin access privileges and can view, edit and delete all configurations.
User management 5 To create a user on the Brocade Virtual ADX, perform the following steps with the Configure tab. 1. Click System on the menu bar. 2. From the sidebar, select User Management. The Users page is displayed. See Figure 24. FIGURE 24 Users page The Users page displays the list of configured user accounts. Each entry in the list includes the user name, user type, associated role template and context.
5 User management 3. Click New at the bottom of the Summary page. The User - new page tab is displayed. See Figure 25. FIGURE 25 User - new page 4. Under the User Information tab, provide the following information: • User Name: Enter a unique name for the local user account. • User Type: Click Super User, Role Based User, or Read Only User based on the privilege level. NOTE The options in the Role Based Settings tab are enabled only when you click Role Based User type.
User management 5 NOTE You cannot delete the user currently logged in to the Brocade Virtual ADX. Assigning a user role When the user type is selected as role-based, the fields under the Role Based Settings tab are enabled. 1. Click the Role Based Settings button. The Role Based Settings tab is displayed. See Figure 26. FIGURE 26 Assigning user role 2. Provide the following information: • Global (non-Context) Config: Click None, Viewer, or Manager to assign a role for the global configuration pages.
5 User management 3. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. For more information on role based users, refer to the Brocade Virtual ADX Administration Guide. Creating contexts After login, the user is automatically associated with the configured context or default context. To edit the context-related configurations, the user must be associated with that context.
User management 5 5. Click Add. The context name is displayed in the Current Contexts table. To delete a context configuration, select an entry from the Current Contexts table and click Delete. NOTE A context cannot be deleted if it is referenced. For more information on creating the contexts, refer to the Brocade Virtual ADX Administration Guide.
5 User management 4. Click New at the bottom of the Role Templates page. The Role Template - new page tab is displayed. See Figure 29. FIGURE 29 Role template - new page 5. Provide the following information: • Role Template Name: Enter the name of the role template. • Default Context: Select the context you want to associate with the user by default. • Global (non-Context) Config: Click None, Viewer, or Manager to assign a role for the global configurations. 6.
Device management 5 Device management Device management controls allow you to configure how the Brocade Virtual ADX is accessed. Configuration controls are provided for the following protocols: • • • • SNMP SSH Telnet TFTP on VLAN To display the Device Management Summary page, perform the following steps within the Configure tab. 1. Click System on the menu bar. 2. From the sidebar, select Device Management.
5 Device management SNMP Settings tab To view the SNMP Settings page, perform the following actions in the Configure tab: 1. Click System on the menu bar. 2. From the sidebar, select Device Management. 3. Click SNMP in the sidebar sub-menu to display the SNMP controls. The SNMP Settings tab is displayed. See Figure 30. FIGURE 30 SNMP Settings page The SNMP Settings tab has the following controls. See Table 9.
Device management 5 Community Strings tab The Community Strings tab displays an editable list of the server’s Community Strings. To view the SNMP Settings page, perform the following actions in the Configure tab: 1. Click System on the menu bar. 2. From the sidebar, select Device Management. 3. Click SNMP in the sidebar sub-menu to display the SNMP Settings tab. 4. Click the Community Strings button at the bottom of the window. The Community Strings tab is displayed. See Figure 31.
5 Device management TABLE 10 Community Strings tab controls (Continued) Controls Description Read Only Select the check box to assign read-only (R/O) access to the Community String, meaning that authorized management stations are able to only retrieve MIB objects. If the check box is not selected, the community string has read-write access.
Device management 5 4. Click the Clients button at the bottom of the window. The Clients tab is displayed. See Figure 32. FIGURE 32 Clients page The SNMP Clients tab has the following controls. See Table 11. TABLE 11 SNMP Clients tab controls Column Content Allowed Client IP Allowed client IP address (IPv4). Once created, it cannot be altered; it can only be deleted. Add New Entry Field for adding/editing IP address entries.
5 Device management 4. Click the V3 Users button at the bottom of the window. The V3 Users tab is displayed. See Figure 33. FIGURE 33 V3 Users tab The SNMP V3 User tab has the following controls. See Table 12. TABLE 12 SNMP V3 User tab Column Content User Name Displayed user name. Once created, it cannot be altered; it can only be deleted. Group Group that this user is a member of.
Device management 5 Traps tab The Traps tab displays a selectable list of Traps on the server. To view the Traps page, perform the following actions in the Configure tab: 1. Click System on the menu bar. 2. From the sidebar, select Device Management. 3. Click SNMP in the sidebar sub-menu to display the SNMP Settings tab. 4. Click the Traps button at the bottom of the window. The Traps tab is displayed. See Figure 34.
5 Device management • Switch Standby • TCP SYN Limit • Other Traps • Authentication • Locked Address Violation • STP New Root • STP Topology Change • OSPF Use the Traps tab to perform the following functions: • • • • • Set or disable an individual trap by marking or unmarking the check box for that trap. Click Expand All to see all the traps. Click Collapse All to collapse the tree so that only the top-level headers are displayed. Click Select All to activate all the traps.
Device management 5 4. Click the Trap Receivers button at the bottom of the window. The Trap Receivers page is displayed. See Figure 35. FIGURE 35 Trap Receivers page The SNMP Trap Receiver tab has the following controls. See Table 14. TABLE 14 SNMP Trap Receiver tab controls Column Content Host Address Host Address being monitored. Once created, it cannot be altered; it can only be deleted. Version The version of the received trap. Options are V1, V2C, or V3.
5 Device management Views tab To view the Views page, perform the following actions in the Configure tab: 1. Click System on the menu bar. 2. From the sidebar, select Device Management. 3. Click SNMP in the sidebar sub-menu to display the SNMP Settings tab. 4. Click the Views button at the bottom of the window. The Views page is displayed. See Figure 36. FIGURE 36 Views page The SNMP Views tab has the following controls. See Table 15.
Device management 5 Groups tab To view the Groups page, perform the following actions in the Configure tab: 1. Click System on the menu bar. 2. From the sidebar, select Device Management. 3. Click SNMP in the sidebar sub-menu to display the SNMP Settings tab. 4. Click the Groups button at the bottom of the window. The Groups page is displayed. See Figure 37. FIGURE 37 Groups page The SNMP Groups tab has the following controls. See Table 16.
5 Device management • Click Clear to deselect all rows and empty the edit fields, making it easier to create a new group. SSH controls To configure SSH settings on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Select the Configure tab. 2. Click System on the menu bar. 3. From the sidebar, select Device Management. 4. Click SSH in the sidebar sub-menu to display the SSH controls. The SSH Settings tab is displayed. See Figure 38. FIGURE 38 SSH Settings tab 5.
Device management TABLE 17 5 SSH panel controls (Continued) Control Description Login Timeout Length of time allowed to complete login. (range: 1–120 seconds, default is 120 seconds) Idle Timeout Length of time account is allowed to have no activity. Enter a number from 0 to 240. The default is 0. The value of 0 is no time out. Key Size Size of account encryption key. (range: 512–1024 bits, default is 768 bits) Port Number ID of port to be used by this account.
5 Device management The Telnet Settings tab has the following controls. See Table 18. TABLE 18 Telnet Settings tab controls Control Description Telnet Select the Enable check box to enable Telnet access to the server. If you do not select this check box, all other controls are dimmed and disabled. Authentication Select the Enable check box to enable authentication on Telnet access to the server. Password The password for Telnet access. Enter an password from 1 to 48 characters.
Device management 5 4. Click the Telnet Allowed Clients button. The Telnet Allowed Clients tab is displayed. See Figure 40. FIGURE 40 Telnet Allowed Clients tab The Telnet Allowed Clients tab has the following controls. See Figure 19. TABLE 19 Telnet Allowed Clients tab controls Column Content Client IP IP address for authorized client. Once listed, it cannot be altered; it can only be deleted.
5 Device management 3. Click TFTP in the sidebar sub-menu to display the TFTP controls. The TFTP Settings tab is displayed. See Figure 41. FIGURE 41 TFTP Settings tab 4. Check the TFTP on VLAN Enabled box to open the VLAN ID sub-menu. 5. Click the VLAN ID sub-menu and select TFTP on VLAN to display the TFTP on VLAN controls. 6. Click Apply at the bottom right corner to apply any change you have made, or click Reset to discard all changes. The TFTP on VLAN panel has the following controls. See Table 20.
Chapter 6 Network Settings In this chapter • Configuring network interfaces and IP addresses . . . . . . . . . . . . . . . . . . . . 55 • Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 • Configuring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 Configuring network interfaces and IP addresses Enabling or disabling an interface You can enable or disable an interface from the Summary page. To enable or disable an interface, perform the following steps within the Configure tab. 1. Click Network on the menu bar. 2. From the sidebar, select Interfaces. The list of all the configured interfaces is displayed in the main page as shown in Figure 43. FIGURE 43 Enabling or disabling an interface 3.
Configuring network interfaces and IP addresses 6 3. Select an interface from the Summary tab and click Edit. The IP Interface tab is displayed. See Figure 44. FIGURE 44 IP Interface tab 4. Provide the following information: • Loopback Interface ID: Displays the ID assigned to the interface. • MAC Address: Displays the MAC address of the interface. • Interface name: Enter a unique name for the interface. The interface name is represented by the physical and logical parts.
6 Configuring network interfaces and IP addresses 3. Click New. The IP Interface tab is displayed. See Figure 45. FIGURE 45 Loopback IP Interface tab 4. Provide the following information: • • • • Loopback Interface ID: Select an ID number from 1 to 8 to assign to the interface. MAC Address: Enter the optional MAC address of the interface. Interface name: Enter an optional unique name for the interface. Admin Status: Select the Enable check box to enable the interface.
Configuring network interfaces and IP addresses 6 Configuring IP addresses for the interface To configure an IP address for the interface, perform the following steps within the Configure tab. 1. Click Network on the menu bar. 2. From the sidebar, select Interface. 3. From the Summary page, select an interface entry from the list. 4. Click IP addresses. The IP Address page tab is displayed. See Figure 47. FIGURE 47 Configuring an IP address 5.
6 Configuring static routes • Passive OSPF: Select this check box to disable the use of this interface address for OSFP adjacency. This check box appears only when Primary and Secondary is selected. • Gateway IP: Enter the gateway address for the standby interface. This field appears only when Standby is selected. 6. Click Add to save the configuration. The configured IP address details are displayed in the table.
Configuring static routes 6 3. Click New at the bottom of the Summary page. The Static Route - new tab is displayed. See Figure 49. FIGURE 49 Static Route - new tab 4. Provide the following information: • IP Version: Click IPv4 or IPv6 to select the version of the IP address. By default, IPv4 is selected as the version of the IP address. • Destination Network: Enter the IP address of the destination route. • Subnet Mask: Enter the subnet mask in a class-based format.
6 Configuring VLANs Configuring VLANs You can configure two types of Virtual Local Area Networks (VLANs); port-based VLANs and IP subnet VLANs. To configure VLAN on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Network on the menu bar. 2. From the sidebar, select VLAN. The Summary page is displayed, as shown in Figure 50. FIGURE 50 VLAN summary The Summary page displays a list of configured VLANs.
Configuring VLANs 6 4. Provide the following information: • VLAN: Select the VLAN from the list. • VLAN Name: Enter the name of the VLAN. The name can contain 16 alphanumeric characters and you can use blank spaces in the name if you enclose the name in double quotes. • Router Interface: Select the Use check box for the routing interface to locally route the IP packets from an IP subnet VLAN to the port-based VLAN on the same router. The range is from 1 through 4095. The default value is 16. 5.
6 64 Configuring VLANs Brocade Virtual ADX Graphical User Interface Guide 53-1003242-01
Chapter 7 Traffic Settings In this chapter • Global traffic settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 • Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 • Real servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 • Source NAT IPs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7 Global traffic settings 3. For the Basic settings, provide the following information: • Load Balancing Predictor: Select the algorithm to determine the traffic distribution among the real servers. The algorithm can be one of the following: • None — No load balancing predictor is selected. • Least Connections — Sends the request to the real server that currently has the fewest active connections with clients.
Virtual servers 7 4. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. 5. To configure the TCP options settings when the SYN cookie feature is enabled, click TCP Options. The TCP Options settings in the Global Settings page is displayed, as shown in Figure 53.
7 Virtual servers FIGURE 54 Virtual Server tab 3. Click the New button to navigate to the Virtual Server - new tab and configure a new virtual server. Creating a virtual server A virtual server acts as a front end for the application server for distributing the service requests to the active real servers.
Virtual servers 7 3. Click New at the bottom of the Virtual Server page. The Virtual Server - new page tab is displayed, as shown in Figure 56. FIGURE 56 Configuring virtual server 4. Click Basic and provide the following information: • Virtual Server Name: Enter the name of the virtual server, which distributes the load at the real server. • IP Address: Enter the IP address of the virtual server to which the requests are sent. You can configure both IPv4.
7 Virtual servers • Under Rate Limiting, you can configure the following information: • Maximum TCP Connection Rate: Enter the maximum number of TCP connections per second. There is no default. The maximum connection rate can be from 1 to 4000000. • Maximum UDP Connection Rate: Enter the maximum number of UDP connections per second. There is no default. The maximum connection rate can be from 1 to 4000000. 5. Click Advanced to configure the advanced parameters on the virtual server.
Virtual servers 7 • Under VIP Route Health Injection, provide the following information: • Under Advertise VIP Route, provide the following information: Select the Enable check box to advertise a route in the network containing the virtual server, even if the virtual server is unavailable. Select Disable Advertise VIP Route to block advertisement of the network on the interface.
7 Virtual servers 3. Select a virtual server from the list in Virtual Servers table and click Ports. The Virtual Server Ports page tab is displayed, as shown in Figure 58. FIGURE 58 Virtual server ports The Virtual Server Ports page displayed a list of configured virtual server ports. Each entry in the list includes port name, runtime state, protocol, backup, and heath check status. 4. Click New at the bottom of the Virtual Server Ports page. The Basic tab is displayed, as shown in Figure 59.
Virtual servers 7 • TCP/UDP: Click one of the following options: • TCP — To enable only the TCP traffic to pass through the real server. • UDP — To enable only the UDP traffic to pass through the real server. • Both — To enable both the TCP and UDP traffic to pass through the real server. • DSR: For Direct Server Return (DSR), select the following check boxes based on the requirement: • Enable — To enable the real server to send the return traffic directly to the client.
7 Virtual servers FIGURE 60 7. Configuring stickiness parameters Provide the following information: • Stickiness: Click Enable to enable a sticky connection on the virtual server ports, when a service request by a client mandates a series of sequential TCP or UDP port connections to be served by the same real server. Select the following options based on the requirement. • Sticky To Server Group: Select the check box to enable sticky connections to be load balanced among servers in the same group.
Virtual servers FIGURE 61 7 Configuring advanced parameters 9. Provide the following information: • Under Connection Management, enter the following information: • TCP Offload: Click Enable to allow a request from one connection on the client side to reuse any established connection on the sever side. Note that CSW must be enabled. • Keepalive Age: Specifies how many minutes a connection on the server side can be kept alive. The range is from 2 through 60 minutes. The default value is 2 minutes.
7 Virtual servers • Enable Server Group Failover: Select the check box to direct the HTTP request to one of the other server groups bound to the virtual servers service, when the servers in that server group are not available. • Windows Terminal Server Port: Allows you to reconnect when disconnected from an already established connection to the session directory on the Windows 2003 terminal server.
Virtual servers 7 Enabling or disabling a virtual server You can enable or disable a virtual server from the Virtual Servers page. To enable or disable a virtual server on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Servers. The list of the virtual servers in the system is displayed on the main page, as shown in Figure 63. FIGURE 63 Enabling a virtual server 3.
7 Real servers 6. Click the New button to display the Virtual Server Port - new page and use this page to configure a virtual server port. Real servers Real servers are the actual application servers that handles all the client service requests. To view basic real servers configured on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. The Real Servers page is displayed, as shown in Figure 64.
Real servers 7 Creating a basic real server To apply SLB configuration, you must create a basic real server. After you create the basic real server, you must map the real server to the virtual server to distribute the requests from the client among the back-end application servers. To configure a basic real server on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers.
7 Real servers • Backup: Select the Enable check box to designate the real server to be a backup server if all the primary servers are unavailable for the requested application. • Use Learned MAC Address: Select the Enable check box to enable MAC Address learning on the real server. 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values.
Real servers 7 6. Under Enhanced Weight, enter the following information: Least Connection Weight: Enter the weight of the real server relative to other real servers in terms of the number of connections on the server. The weight is based on the number of session table entries for TCP or UDP sessions with the real server. 7. Click the Advanced tab to configure advanced parameters for the real server configuration. The Advanced tab is displayed, as shown in Figure 67.
7 Real servers • Ping Health Check: Select the Enable check box to enable Layer 3 health checks to the real server IP addresses. • Source NAT: Select the Enable check box to allow the device to use a source IP address as the source for packets sent to the real server.
Real servers 7 4. Click the Ports button to display the Real Server Ports tab for the selected real server entry. FIGURE 68 Real Server ports page From this tab, you can add, edit, enable, disable or monitor a real server port. Creating a real server port To configure a basic real server port on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3.
7 Real servers FIGURE 69 Configuring real server port 5. Under Basic, provide the following information: • Real Server Name: Displays the name of the real server. • Port: Select an application port from the list to add under the real servers. • Admin State: Select the appropriate check boxes to enable the port, set the port as backup, and clear the sessions when the port is up.
Real servers 7 Configuring health check parameters for a real server port To configure the health check parameters for a real server port on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3. Select the real server from the list in Real Servers page and click Port. 4. Click New at the bottom of the Real Servers page. 5. Click Health Check tab.
7 Server groups • URL: Enter the URL name to specify whether the HTTP health check performs a GET or HEAD request while customizing the Layer 7 information sent with the health check. • Status Codes: Enter the status code for the four groups to change the HTTP status codes that the Brocade Virtual ADX accepts as valid responses. The range is from 100 through 999.
Server groups FIGURE 71 7 Server group summary The Server Groups page displays a list of configured real server groups. Each entry in the list includes name of the group, ports added, bound virtual server and ports, and number of real servers. 3. Click New at the bottom of the Server Groups page. The Configure Server Group page tab is displayed, as shown in Figure 72. FIGURE 72 Configuring a server group 4. Provide the following information: • Server Group Name: Enter the name of the server group.
7 Server groups Binding a server group To bind a server group with a virtual server port on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Server Groups. The Server Groups page is displayed. 3. Select a server group entry from the list in the Server Group page and click Bind. The Virtual Server Bindings page is displayed, as shown in Figure 73. FIGURE 73 Binding server groups 4.
Source NAT IPs 7 Source NAT IPs You can define source IP addresses on a Brocade Virtual ADX system running switch code to place it in a multi-netted environment. These source IP addresses can potentially be used as default gateways for real servers. You can also define source NAT IP addresses while using source NAT. To add a source NAT IP addresses to the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Source NAT IPs.
7 Source NAT IPs 3. Click New at the bottom of the Summary page. The Source NAT IPs - new tab is displayed. See Figure 75. FIGURE 75 Source NAT IPs - new tab 4. Provide the following information: • IP Address: Enter the source IP address. • Subnet Mask: For an IPv4 address, enter the subnet mask in a class-based format. If you prefer to use a prefix, click Use Prefix to enable field to enter the prefix as an integer from 1 to 128. For an IPv6 address, enter the prefix.
Health checks 7 For more information on the static routes, refer to the Brocade Virtual ADX Server Load Balancing Guide. Health checks The Brocade Virtual ADX uses Layer 3, and Layer 4 or Layer 7 health checks to verify the availability of real servers and the applications on the real servers. Enabling Layer 2 to Layer 4 health checks The Brocade Virtual ADX uses Layer 2 health check to verify whether the real server is reachable through the network using the Address Resolution Protocol (ARP) request.
7 Health checks 4. Under Layer 3 Ping Check, provide the following information: • Real Server: Select the Enable check box to enable Layer 3 ping check on the real server. The Brocade Virtual ADX uses the IP ping to determine whether the slowed response time indicates loss of the real server If the time between the last packet sent to the real server and the last packet received from the real server increases.
Health checks 7 To create a port profile on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Port Profiles. The Port Profiles page is displayed, as shown in Figure 77. FIGURE 77 Port profile summary 3. Click New at the bottom of the Port Profiles page. 4. The Port Profile - new page tab is displayed, as shown in Figure 78. FIGURE 78 Creating port profile 5.
7 Health checks • • • • Type: Click TCP or UDP to globally define the type for the port. Keep Alive Port: Choose the port for the health check. Keep Alive Protocol: Choose the protocol for the health check. Age: Specifies the number of minutes a TCP or UDP session table entry can remain inactive before the Brocade Virtual ADX times out the entry. Edit the age in minutes. The range is from 2 through 60 minutes. The default is 30 minutes. • Multiplier: Enter the multiplier. The range is from 2 through 20.
Health checks 7 The Advanced tab is displayed, as shown in Figure 79. FIGURE 79 Configuring advanced parameters 5. Provide the following information: • Use Master Port Health Check: Select the Enable check box for the usage of master port health check. • Fast Port Bringup: Select the Enable check box to increase the speed of the bringup process by sending more health checks at a time. • L4 Interval: Specify the interval at which the Brocade Virtual ADX must perform the Layer 4 check.
7 Health checks The Port Policies page is displayed, as shown in Figure 80. FIGURE 80 Port policies 3. Click New at the bottom of the Port Policies page. The Port Policy – new page is displayed, as shown in Figure 81. FIGURE 81 Configuring port policies 4. Provide the following information: • Port Policy Name: Enter the name of the port policy. • Health Check Interval: Enter the health check interval in seconds. The range is from 1 through 120 seconds. For SSL, the range is from 5 to 120.
Health checks 7 • Retries: Specifies the number of times the policy will be tried before the Brocade Virtual ADX marks the port as UP or DOWN. Enter the number of health check retries. The range is from 1 through 5. The default value is 2. • L4 Check Only: Select the Enable check box for Layer 4 checks. • Port: Specifies the port that will be checked by the policy. Optionally, select the port from the list. • Content Check Match List: Select the match from the list.
7 Health checks TABLE 21 Protocols (Continued) Protocol Function Your Action RADIUS Specifies the RADIUS protocol to be checked on the traffic passes through the port. Under Settings for RADIUS, provide the following information: • User Name: Enter an authentication user name on the server. • Password: Enter an authentication password on the server • Key: Enter an authentication key on the server.
Health checks 7 Viewing the element health check summary To view an element health check summary, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Health Checks, and then select Element Health Checks. The Element Health Checks page is displayed, as shown in Figure 82. FIGURE 82 Element health check summary 3. Review the following information on the Element Health Checks page: • Name: The name for the health check.
7 Health checks For more information about element health checks, refer to the Brocade Virtual ADX Server Load Balancing Guide. Configuring element health checks To configure an element health check policy on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Health Checks, and then select Element Health Checks. The Element Health Checks page is displayed, as shown in Figure 82. 3. Click New Element Health Check.
Health checks 7 • Health Check State: Select the Enable check box to enable health check. By default, the health check is enabled. • Health Check Interval: Specifies the interval at with the Brocade Virtual ADX should perform the health check. Enter the health check interval in seconds. • For TCP and UDP, the range is from 1 through 120 seconds. The default is 5 seconds. • For ICMP, the range is from 400 to 10000. The default is 400.
7 Health checks • Settings for protocol: The settings for some of the protocols can be customized. Table 22 describes the settings and your action for those protocols. TABLE 22 Health check settings for protocols Protocol Element health check settings DNS Under Settings for DNS, provide the following information: • Zone: Enter the name of the Domain Name System (DNS) zone that sends a Source-of-Authority (SOA) request for the zone name.
Health checks 7 To configure a boolean health check policy on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Health Checks, and then select Element Health Checks. 3. Click New Boolean Health Check at the bottom of the Element Health Checks page. The Boolean Health Check - new page is displayed, as shown in Figure 84. FIGURE 84 Configuring boolean health check 4.
7 Health checks 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. To modify the configured boolean health checks, in the summary table, select an entry and click Edit or double-click the entry. You can also delete a configuration by clicking Delete. However, you cannot edit or delete the boolean health check policies if they are in use.
Health checks 7 Configuring a match list policy The Brocade Virtual ADX currently supports compound and simple content-matching statements under the match-list configuration. This enhancement adds support for “start” and “end” statements in the match-list configuration. You can configure a match list policy to mark the server port up or down when the rule defined in the match list is met. To create a match list policy on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1.
7 Content switching • Select Simple String Match and enter the following details: • Matches: Enter the string. • Logging: Select the Enable check box. • Select Compound String Match and enter the following details: • Starts With: Enter the string that must match with the beginning string of response sent by the real server. • Ends With: Enter the string that must match with the string present at the end text of the of response sent by the real server.
Content switching 7 To create a content switching policy on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching. The steps to provision the Layer 7 Content Switching (CSW) policy page are displayed, as shown in Figure 87.
7 Content switching Request rules You can create request rules for the Brocade Virtual ADX to process incoming traffic. To view the list of Layer 7 request rules for incoming traffic on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching, and then select Request Rules. The Request Rules page is displayed, as shown in Figure 88.
Content switching 7 3. Click New on the bottom of the Request Rules page. The Request Rule - new page tab is displayed, as shown in Figure 89. FIGURE 89 Creating a request rule 4. Provide the following information: • Rule Name: Enter the name of the request rule. The rule name can be up to 80 alphabetic characters in length. • Ignore Case: Select the check box if you want to the rule to be case insensitive.
7 Content switching TABLE 23 110 Rule type settings Rule Type Function Your Action URL Allows the Brocade Virtual ADX to make a load-balancing decision based on the contents of the URL string in an incoming packet. Under the Settings for URL Rule, provide the following information: • Operator: Select one of the following operators from the list: - Prefix — To match if the URL string begins with the specified prefix. - Suffix — To match if the URL string ends with the specified suffix.
Content switching TABLE 23 7 Rule type settings (Continued) Rule Type Function Your Action HTTP Header Allows the Brocade Virtual ADX to make a load balancing decision based on the contents of an HTTP header field in an incoming packet. Under Settings for HTTP Header Rule, provide the following information: • Header Type: Click one of the following: - Well Known HTTP Header: Select a well known header using which you want the Brocade Virtual ADX to make a load balancing decision.
7 Content switching TABLE 23 112 Rule type settings (Continued) Rule Type Function Your Action XML TAG Allows the Brocade Virtual ADX to make a load balancing decision based on the contents of an XML tag in an incoming packet. Under the Setting for XML Tag Rule, provide the following information: • XML Tag Name: Enter the name of the XML tag. • Operator: Select one of the following operators from the list: - Prefix — To match if the XML tag begins with the specified prefix.
Content switching TABLE 23 7 Rule type settings (Continued) Rule Type Function Your Action Nested Allows you to combine rules with logical operators to create nested rules. Up to four rules can be combined in single role. Under the Settings for Nested Rule, provide the following information to build or directly input the expression: 1 Select a rule from the Rule list. 2 Select an operator AND or OR from the Operator list.
7 Content switching The Response Rules page is displayed, as shown in Figure 90. FIGURE 90 Response rules summary The Response Rules page displays the list of the configured response rules for outgoing traffic. Creating response rules The Brocade Virtual ADX can perform content rewrite on the server responses. In other words, the Brocade Virtual ADX can not only modify requests in the forward direction, but also the responses in reverse direction.
Content switching 7 3. Click New at the bottom of Response Rules page. The Response Rule - new page is displayed, as shown in Figure 91. FIGURE 91 Creating a response rule 4. Provide the following information: • Rule Name: Enter the name of the response rule. • Ignore Case: Select the check box if you want to the rule to be case insensitive. • Rule Type: Click one of the rule types described in the Table 24.
7 Content switching TABLE 24 Rule type settings (Continued) Rule Type Function Your Action Response Header Allows the Brocade Virtual ADX to inspect the response based on the contents of an HTTP header field in the response. • • • Response Body 116 Allows the Brocade Virtual ADX to inspect the response based on the string in the response body.
Content switching 7 5. Click Apply to save your entries. Click Reset to revert the configuration to the previous configured values. To modify the configured response rules, in the summary table, select an entry and click Edit or double-click the entry. You can also delete a configuration by clicking Delete. For more information on configuring content switching rules, refer to the Brocade Virtual ADX Server Load Balancing Guide.
7 Content switching 3. Click New at the bottom of the Request Policies page. The Request Policy - new page tab is displayed, as shown in Figure 93. FIGURE 93 Creating request policy 4. Provide the following information: • Policy Name: Enter the name of the request policy. • Select a protocol and perform the following actions as described in Table 25.
Content switching TABLE 25 . 7 Protocol settings Protocol Function Your Action HTTP Allows the device to make load balancing decisions about HTTP traffic based on information in a URL, cookie, or SSL session ID. Under Rule-Action List, select the rule name from the Rule Name list and select one of the following option in the Action list: • Forward: Allows the device to forward packets matching a specified rule to a specified real server or server group.
7 Content switching TABLE 25 120 Protocol settings (Continued) Protocol Function Your Action DNS Allows the ADX device to provide DNS attack protection to VIP traffic. This protection is provided by performing a deep packet scan and then classifying DNS requests based on the query type, query name, RD flag or the DNSSEC “OK” bit in the EDNS0 header.
Content switching 7 • Select the Log check box to write a message to system log when the specified rule is matched, and specify the log format. • Click Add to create a rule-action list. The rule-actions list is displayed in the table. Select a rule in the table and click Remove to delete the rule and the action from the list. Click the UP or DOWN button to arrange the rule-action list in desired order. 5. Click Apply to save your entries.
7 Content switching Creating response policies A response policy associates request rules with one or more actions that specify how the Brocade Virtual ADX handles outgoing traffic matching the rule. For more information on creating response rules, refer to “Creating response rules” on page 114. To create a Layer 7 response policy for outgoing traffic on the Brocade Virtual ADX, perform the following steps within the Configure tab: 1. Click Traffic on the menu bar. 2.
Content switching 7 3. Provide the following information: • Policy Name: Enter the name of the response policy. • Rewrite Type: Click one of the rewrite type and set the parameters based on the rewrite type selected as described in Table 26. TABLE 26 Rewrite type settings Rewrite Type Function Your Action HTTP Header Allows the feature to be used in an SSL-Offload environment when the real servers send redirect messages to the incoming clients.
7 Content switching For information on binding response policies, refer to “Binding response policies”. Binding policies After creating the content switching policies, you must apply the policy to the incoming and outgoing traffic by binding the policy to the virtual server ports. Binding request policies After creating a request rule and request policy, you need apply the request policy to the incoming traffic by binding it to virtual ports.
OpenScript 7 The page is displayed, as shown in Figure 97. FIGURE 97 Binding response policies 4. Select the virtual servers to bind with the request policy from the Available VS-Ports list and click Bind to move them to the Bound VS-Ports list. To unbind the VIPs or ports, select the ports you want to unbind from the Bound VS-Ports list and click Unbind. To unbind all the ports, click Unbind All.
7 OpenScript The Configure Scripts page is displayed, as shown in Figure 98. FIGURE 98 Configure Scripts Creating scripts To create an OpenScript on the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select OpenScripts. The Configure Scripts page is displayed, as shown in Figure 98. 3. Click New at the bottom of the Configure Scripts page. The Script Details - new page, as described in Step 4, is displayed.
OpenScript FIGURE 99 7 Script details - new: script name 4. Provide one of the following: • Script name: Enter the name of the script stored in the device. • Script code: Enter the executable code of the script. Select Enable Auto Complete for a drop down selection of available API options. For example, when Enable Auto Complete is selected, typing “O” in the editor, returns a drop down selection of available API options that start with “O”.
7 OpenScript Click Reset to revert the configuration to the previous configured values. For more information on configuring scripts, refer to the Brocade Virtual ADX OpenScript Guide. Uploading and downloading scripts To upload a script to the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select OpenScript. The Configure Scripts page is displayed, as shown in Figure 98. 3.
OpenScript 7 4. Provide the following information: • Script Profile: Select the profile from the list to apply the previously configured script profile to the script being bound. • Select the virtual server ports from the Available VS-Ports list and click Bind to move the port that has to be bound to a script. 5. Click Unbind to unbound the virtual server port or services from the script. Alternatively, click Unbind All to unbound all the server ports or services.
7 OpenScript 3. Click New at the bottom of the Configure Script Profiles page. The Script Profiles - new page tab is displayed, as shown in Figure 103. FIGURE 103 Configuring script profile 4. Provide the following information: • Profile name: Enter the name of the script profile that you want to create or update. • Memory Limit (bytes): Enter the memory limit for any script that is bound to the script profile. The range is from 1 through 1073741824 bytes. The default value is 1,048,576 bytes.
Chapter 8 GSLB Settings GSLB Site The GSLB protocol is disabled by default. You must enable the GSLB protocol for an ADX to behave as a site ADX device. After you enable the GSLB protocol, the device performs server load balancng and exchanges information with the GSLB controller through the GSLB protocol. To configure the settings for the global server load balancing (GSLB) site in the Brocade Virtual ADX, perform the following steps within the Configure tab. 1. Click GSLB on the menu bar. 2.
8 GSLB Site • Max VIP List Port: Specify the maximum number of ports per VIP address in a VIP address list message. By default, each site Brocade Virtual ADX can send up to 10 ports for each VIP address. You can configure the site Brocade Virtual ADX to send health status from 5 to 30 ports per VIP address in a VIP address list message. • Don’t Send VIP List: Select the Enable check box to globally stop the sending of the VIP list.
GSLB Site 8 • Timeout, configures the peer public keys to be valid for a specific duration of seconds independent of how many TCP connection setup and tear down events occur during this time. If the TCP connection is not established for the user-configured period of time, or if the connection to the peer is lost for this duration of time, these keys time out (expire). This setting enables the Peer Public Key Expiry Interval.
8 134 GSLB Site Brocade Virtual ADX Graphical User Interface Guide 53-1003242-01
Chapter 9 Security Settings In this chapter • SSL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SSL private keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SSL certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SSL profile bindings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9 SSL private keys • Click Generate to generate an SSL key. See “Uploading private keys”. Generating private keys To generate an SSL key, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL. The Setup SSL page is displayed, as shown in Figure 106.
SSL private keys 9 3. Click SSL Keys. The SSL Keys page is displayed, as shown in Figure 107. The summary of configured SSL keys is displayed. FIGURE 107 SSL key summary 4. Click Generate at the bottom of SSL Keys page. The Generate Key task pane is displayed, as shown in Figure 108. FIGURE 108 Generating SSL key 5. Provide the following information: • Encryption: Displays the encryption type as RSA. • Encryption Password: Enter the password for the SSL certificate.
9 SSL certificates Uploading private keys To upload an existing SSL key to the device, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Keys. 3. Click Upload at the bottom of the SSL Keys page. The Upload Key task pane is displayed, as shown in Figure 109. FIGURE 109 Uploading SSL key 4. Provide the following information: • Format: Displays the supported format of the server certificates.
SSL certificates 9 All configuration options used with the SSL features of the device require you to obtain a certificate and upload it to the device. There are different methods to create a certificates: • Generating CSRs. • Generating self-signed certificates. For more information on self-signed certificates, refer to “Generating self-signed certificates”. To generate a request for a certificate that will be sent to a CA to be digitally signed, perform the following steps within the Configure tab. 1.
9 SSL certificates 3. Click Generate CSR at the bottom of SSL Certificates page. The Generate CSR page is displayed, as shown in Figure 111. FIGURE 111 Generating a CSR 4. Provide the following information: • • • • • • • • Key File: Select the private keys you generated. Organization: Enter the name of your organization; for example, Brocade. Domain: Enter the name of your domain; for example, www.brocade.com. Department: Enter the name of the department; for example, Web Administration.
SSL certificates 9 3. Click Upload at the bottom of SSL Certificates page. The Upload page is displayed, as shown in Figure 112. FIGURE 112 Uploading the SSL certificate 4. Provide the following information: • Format: Click PEM or PKCS12 to specify the format of the certificate. The default is PEM. • Encryption Password: Optionally, enter the password for the SSL certificate.
9 SSL profiles 3. Click Generate Certificate at the bottom of SSL Certificates page. The Generate Certificate page is displayed, as shown in Figure 113. FIGURE 113 Generating SSL certificate 4. Provide the following information: • Certificate Name: Enter the name of the file that is used to stored the self-signed generated certificate. • • • • • • • • • Key File: Select the RSA key pair that is used to build and sign the certificate.
SSL profiles 9 To create an SSL profile, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Profiles. The SSL Profiles page is displayed, as shown in Figure 114. FIGURE 114 SSL profile summary 3. Click New at the bottom of SSL Profiles page. The Configure SSL Profile page tab is displayed, as shown in Figure 115. FIGURE 115 Configuring a profile 4.
9 SSL profiles • Chaining: Select the Enable check box to configure the device to send the entire certificate chain including the root CA certificate and any intermediate CA certificates when presenting the certificate to the client. • SSL 2.0: Select the Enable check box to enable SSL 2.0. By default, the device supports SSL 3.0. • Select the cipher suites you want in the Available Ciphers list and click Add to add to the Selected Ciphers list, to control the security strength of the SSL handshakes. 5.
SSL profiles 7. 9 Click Advanced tab to configure advanced parameters for the SSL profile. The Advanced tab is displayed, as shown in Figure 117. FIGURE 117 Configuring advanced parameters 8. Provide the following information: • CLOSE-NOTIFY Alert: Select the Enable check box to configure the device to send an alert before closing an SSL session.
9 SSL profiles Managing the TCP profile To manage the TCP profile, perform the following steps. 1. Click Manage TCP Profile to create or edit a profile. The TCP Profiles page is displayed, as shown in Figure 118. FIGURE 118 Managing TCP profiles 2. Select a profile you want to edit from the list or click New to create a new profile. 3. Provide the following information: • Profile Name: Enter the name of the TCP profile.
SSL profile bindings 9 SSL profile bindings The SSL Profile Bindings tab displays SSL profile bindings configured on the device. Each entry lists the virtual server name, port, mode, server SSL profile, client SSL profile, and TCP profile. To view SSL profile bindings, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select SSL, and then select SSL Profile Bindings. The SSL Profile Bindings tab is displayed.
9 SSL profile bindings The SSL Profile Bindings page is displayed, as shown in Figure 119. FIGURE 119 Binding the profile To be supplied 3. Click Bind SSL Profiles at the bottom of SSL Profile Bindings page. The Add Profile Bindings page is displayed, as shown in Figure 120. FIGURE 120 Adding profile bindings 4. Under Bind VIP Port to a Profile, select Terminate, enter the following information: • Server Profile: Select an SSL profile from the list. • TCP Profile: Select a TCP profile from the list.
SSL certificate revocation lists 9 SSL certificate revocation lists The certificate revocation lists (CRL) contain the list of SSL certificates that have been revoked by a CA. The CA revokes an SSL certificate for many reasons. These lists are typically maintained on the CA web site and can be downloaded using Hypertext Transfer Protocol (HTTP). The SSL CRL tab displays SSL CRLs configured on the device. Each entry lists SSL CRL name, URL, file format, refresh interval, state, size, and download time.
9 Access Control Lists 3. Click New at the bottom of SSL CRLs page. The Configure SSL CRL - new page is displayed, as shown in Figure 122. FIGURE 122 Configuring SSL CRL 4. Provide the following information: • CRL Name: Enter the name of the SSL CRL record. • URL: Enter the location where the CRL is located. You can enter an IP address or a domain name. • CRL File Format: Click one of the following options: • PEM — To direct the CRL to be downloaded in the PEM format.
Access Control Lists 9 Configuring standard ACLs To configure a standard ACL on the device, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select ACL. The ACL Summary page is displayed, as shown in Figure 123. FIGURE 123 ACL summary 3. Click New IPv4 Standard ACL at the bottom of the ACLs page. The ACL IPv4 Standard - new page is displayed, as shown in Figure 124.
9 Access Control Lists 4. Provide the following information: • ACL ID / Name: Select one of the following options: • ID#: Enter the number to identify a collection of individual ACL entries. By default, ACL ID is enabled. • Name: Enter the name of the ACL. • Action: Click one of the following options: • Permit — Permits the packets that match the ACL policy. • Deny — Denies the packets that match the ACL policy.
Access Control Lists 9 3. Click New IPv4 Extended ACL at the bottom of the ACL Summary page. The ACL IPv4 Extended - new page is displayed, as shown in Figure 125. FIGURE 125 Configuring extended ACL 4. Provide the following information: • ACL ID / Name: Select one of the following options: • ID#: Enter the number to identify a collection of individual ACL entries. The range is from 100 through 199. By default, ACL ID is enabled. • Name: Enter the name of the ACL.
9 Access Control Lists 5. Under Source, provide the following information: • Any: Select the check box for ACL to use any source IP or host. • Click Source IP or Source Host. • Source IP: Enter the source IP address based on which a standard ACL permits or denies the packets. NOTE The Source IP field is enabled if you select the Source IP option. • Source Host: Enter the name of the source host. NOTE The Source Host field is enabled if you select the Source Host option.
Access Control Lists 9 6. Under Destination, provide the following information: • Any: Select the check box for ACL to use any destination IP or host. • Click Destination IP or Destination Host. • Destination IP: Enter the destination IP address based on which a standard ACL permits or denies the packets. NOTE The Destination IP field is enabled if you select the Destination IP option. • Destination Host: Enter the name of the destination host.
9 Access Control Lists Configuring IPv6-based ACLs The device supports IPv6-based ACLs. You can configure an IPv6 ACL on a global basis and then apply to the incoming IPv6 packets on specified interface. To configure an ACL for IPv6 on the device, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select ACL. 3. Click New IPv6 ACL at the bottom of the ACL Summary page. The ACL IPv6 - new page is displayed, as shown in Figure 126.
Access Control Lists 9 5. Under Source, provide the following information: • Source IP: Enter the source IP address based on which the ACL permits or denies the packets. • Source Mask: Enter the subnet mask of the source IP address. • Any: Select the check box to enable the ACL policy to match on all source IP addresses. • Port Operator: Select one of the following options to specify a comparison operator for the TCP or UDP port number.
9 Access Control Lists 6. Under Destination, provide the following information: • Destination IP: Enter the Destination IP address on which a standard ACL permits or denies the packet. • Destination Mask: Enter the subnet mask of the destination IP address. • Any: Select the check box for ACL to use any destination IP or host. • Port Operator: Select one of the following options to specify a comparison operator for the TCP or UDP port number.
SYN-Proxy settings 9 SYN-Proxy settings This panel provides controls for configuring SYN-Cookie and SYN-Proxy, and has two tabs: Settings and Per-IPMSS. To edit the device Syn-Proxy settings, perform the following steps within the Configure tab. 1. Click Security on the menu bar. 2. From the sidebar, select Syn-Proxy to display the SYN-Proxy controls.
9 SYN-Proxy server tasks TABLE 27 Syn-Proxy Settings tab controls (Continued) Control Description SYN Cookie Controls SYN Cookie Attack Rate threshold (range: 1–10000000, default is 1000), and SYN Cookie Attack trap interval (range 1–1000, default is 60). TCP MSS value (V4) Value for the IPv4 TCP MSS.Select one of the values from the menu. TCP MSS value (V6) Value for the IPv6 TCP MSS. (range: 1004–1440) TCP MSS minimum (V6) Minimum value for the IPv6 TCP MSS.
SYN-Proxy server tasks 9 • For Auto Control, mark the Enable checkbox if Auto Control is to be active, and if it is, set the On Threshold and Off Threshold values. • • • • • • For SYN Cookie, set the Attack Rate Threshold and Attack Trap Interval values. Set the TCP MSS value (V4). Set the Attack Detection Interval. Set the SYN-ACK Window Size. Set the ACK Validate Multiplier. Mark the Set Source MAC address to the ADX MAC and Send Reset using Client MAC checkboxes if these feature are to be active.
9 SYN-Proxy server tasks Table 28 describes the Per-IP MSS tab controls and their functions. TABLE 28 Per-IP MSS tab controls Control Description Version Click either IPv4 or IPv6 for the IP address type. Destination Address Enter the destination IP address. MSS Value Select the maximum segment size (MSS) that can be used. Range Enter the range to be accepted. (range: 1–64) Selecting a single row in the table populates the associated editing fields with the contents of that row.
RADIUS controls 9 There is no confirmation message; once the entry is deleted, it is permanently removed. Editing an IP-MSS entry To change the information for an entry on this list: 1. Select the Configure tab. 2. Click Security in the tab menu bar. 3. From the sidebar, select SYN-Proxy. 4. In the Server tab, click Edit. This opens the Edit tab for that server. 5. Change the settings you want to be different. 6.
9 RADIUS controls RADIUS Settings tab The RADIUS Settings tab lets you set the basic RADIUS settings. See Figure 129. FIGURE 129 RADIUS Settings tab Table 29 describes the RADIUS Settings tab controls and their functions. TABLE 29 164 RADIUS Settings tab controls Control Description Key Enter a RADIUS password key up to 32 characters. Encryption Select this check box to enable encryption of the key. Timeout Time delay before the connection times out.
RADIUS servers 9 RADIUS servers To view the RADIUS Servers tab, click Servers at the bottom of the window. This tab displays a list of available RADIUS servers. The maximum number of servers that can be shown is eight (8). It also provides access to controls to let you add, delete, and modify the listed servers. See Figure 130. FIGURE 130 RADIUS Servers tab Table 30 describes the RADIUS Servers tab controls and their functions.
9 RADIUS servers Creating and editing a RADIUS server The RADIUS server - new tab allows you to create and edit the settings for a RADIUS server. See Figure 131. FIGURE 131 RADIUS server - new tab Table 31 describes the RADIUS server - new tab controls and their functions. TABLE 31 RADIUS server creation/ editing tab controls Control Description RADIUS Server host IP IP address of the RADIUS server RADIUS Key RADIUS password key.
TACACS controls 9 5. At the bottom of the RADIUS Servers tab, perform either of the following: • To create a new server, click New to open the new server tab. NOTE If there are already 8 servers listed, the New button will be dimmed and not available. You will have to delete a server from the list before you can add a new one. • To edit an existing server, select the server entry that you want to modify, and click Edit. This opens the Edit tab for that server. 6.
9 TACACS controls TACACS Settings tab The TACACS Settings tab lets you configure the basic settings for a TACACS Server. See Figure 132. FIGURE 132 TACACS Settings tab Table 32 describes the TACACS Settings tab controls and their functions. TABLE 32 TACACS Settings tab controls Control Description Key Enter a TACACS password key up to 32 characters. Encryption Select this check box to enable encryption of the key. Timeout Time delay before the connection times out.
TACACS Servers 9 4. On the TACACS Settings tab, set the following values: • • • • • Set the Timeout value. Set the Retransmit value. Set the Dead Time value. Select the VLAN ID. This is optional. Select the Source Interface. This is optional. 5. Click Apply at the bottom right corner of the window to create and activate the server, or click Reset to discard all changes. TACACS Servers The TACACS Servers tab displays a list of available TACACS servers.
9 TACACS Servers Use the TACACS Servers tab to: • Click New to open the TACACS Servers - new tab and create a new TACACS server. • Select an entry and click Edit to edit the selected server’s settings. • Select an entry and click Delete to delete the server from the table. You are prompted to confirm this deletion. Click OK to confirm or Cancel to cancel the deletion. Adding or editing a TACACS server To add or editing a TACACS server, perform the following steps: 1. Select the Configure tab. 2.
Chapter Monitoring Overview 10 In this chapter • Navigating the monitor tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Navigating the monitor tab The Monitor tab is the third tab in the Brocade Virtual ADX web interface. You can use the Monitor tab to monitor the system, network, traffic, or security settings on a Brocade Virtual ADX.
10 Navigating the monitor tab In graphical view, some of the graphs appear by default. To view or hide the graphs based on various networking parameters, select or clear the check boxes corresponding to the graphs that you want to view from the Select Graph list displayed in top right corner of the Details page. You can also click the close button that is displayed on the each individual graphs to close the graph. Select the legend check boxes to plot the relevant statistics data on the graph.
Chapter Viewing System Information 11 In this chapter • System summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 • System logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 System summary You can monitor the percentage of CPU utilization and memory currently used by the Brocade Virtual ADX, software, and module-related information in the Summary page.
11 System summary The following table describes the fields available in the Overview pane. TABLE 35 Overview pane Field Description System Overall Health Displays the overall health of the Brocade Virtual ADX calculated based on various factors including memory, and CPU utilization on all Barrel Processors (BP) and Management Processor (MP).
System logs 11 The following table describes the fields available in the Software Information pane. TABLE 36 Software Information pane Field Description Image Displays the image types installed on the Brocade Virtual ADX. The image types are as follows: • Running - Indicates the current image running on the Brocade Virtual ADX. • Boot - Displays the boot version of the Brocade Virtual ADX. Version Displays the release version of the software running on the Brocade Virtual ADX.
11 System logs The following table describes the fields available in the System Log page. TABLE 37 System Log page Field Description Timestamp Displays the date and time when the entry was logged. Severity Displays the severity of the event occurring on the Brocade Virtual ADX. The severity can be one of the following: • Alert • Critical • Debugging • Emergency • Error • Informational • Notification • Warning Messages Displays the log message.
Chapter 12 Viewing Network Status In this chapter • Interface statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IP statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IPv6 Neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12 Interface statistics The following table describes the fields available in the Interface page. TABLE 38 Interface page - fields and descriptions Field Description Port Displays the name of the port. Status Displays the status of the interface. The interface status can be one of the following: • Up • Down Trunk Displays the trunk group, if the interface is a member of any trunk group. Rx Packets Displays the total number of packets received by the interface.
Interface statistics 12 NOTE You can collapse or expand individual tables by clicking the ▼ in that table’s header. FIGURE 138 Displaying the interface details The following table describes the fields available in the Interface Details page. TABLE 39 Interface Details page Field Description Attributes Port Displays the port of the selected interface. Name Displays the configured name of the selected interface. Status Displays the status of the selected interface.
12 Interface statistics TABLE 39 Interface Details page (Continued) Field Description Speed Displays the current speed on the selected interface. Duplex Type Displays the current type of duplex on the selected interface. Active Trunk Displays the state of active trunk on the selected interface. The active trunk status can be one of the following: • Enabled • Disabled Tag Mode Displays whether the selected interface is tagged or untagged.
Interface statistics 12 IPv4 interface Clicking IPv4 under Interfaces displays all the active IPv4 interfaces on the Brocade Virtual ADX. This tab displays a table listing all active IPv4 connections with their associated values. TABLE 40 IPv4 Interfaces tab Column Content Interface Interface used by this IP address. IP Address IPv4 address of the route's destination. IP Configured IP address configured. Options are Yes or No. Method The IP address is saved and entry is NVRAM.
12 Interface statistics IPv6 interface Clicking IPv6 under Interfaces displays the active IPv6 interfaces on the device. This tab displays a table listing all active IPv6 connections with their associated values: TABLE 42 IPv6 Interface tab Column Content IP Address IPv6 address of the route's destination. Next Hop IP address of the next-hop router for this path. Type The interface type for this IP address. (BGP, OSPF, Static) Router Interface Router interface used by this IP address.
IP statistics 12 IP statistics To view the IP statistics, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select IP Traffic. The IP page is displayed, as shown in Figure 139. To view the IP statistics in the graphical format, click Graph. To switch the view between tabular and graphical format, click the Details or Graph on top right corner of the IP page.
12 IP statistics TABLE 44 IP page- fields and descriptions (Continued) Field Description Rawout Displays the total number of raw IP packets generated by the device. Bad Header Displays the total number of IP packets dropped by the device due to bad packet header. Bad Version Displays the total number of IP packets dropped by the device due to wrong IP version. Bad Scope Displays the total number of IP packets dropped by the device due to scope error.
IP statistics 12 ICMP Statistics To view the Internet Control Message Protocol (ICMP) sent and received information, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select IP Traffic, and then select ICMP. The ICMP page is displayed, as shown in Figure 140. By default, Received Messages tab is displayed in the ICMP page, which provides information on the messages received by the Brocade Virtual ADX.
12 IP statistics TABLE 45 186 ICMP Received, Sent, and Sent Error Messages - fields and descriptions (Continued) Field Description Source Quench Displays the total number of ICMP source quench messages received/sent by the device. Redirect Displays the total number of ICMP redirect messages received/sent by the device. Echo Request Displays the total number of IC MP echo request messages received/sent by the device.
IP statistics TABLE 45 12 ICMP Received, Sent, and Sent Error Messages - fields and descriptions (Continued) Field Description Bad Length Error (Receive Message only) Displays the total number of ICMPv6 bad length error messages received by the device. Bad Hop Count Error (Receive Message only) Displays the total number of ICMPv6 bad hop count error messages received by the device.
12 IP statistics TCP statistics To view the TCP statistics on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select IP, and then select TCP. The TCP page is displayed, as shown in Figure 141. The total and the individual counts of IPv4 and IPv6 packets for the statistic types are displayed. To view the TCP statistics in the graphical format, click Graph.
IP statistics TABLE 46 12 TCP page - fields and descriptions (Continued) Field Description Received Segments Displays the number of TCP segments received by the Brocade Virtual ADX. Sent Segments Displays the number of TCP segments sent by the Brocade Virtual ADX. Retransmitted Segments Displays the number of segments that the Brocade Virtual ADX retransmitted before the Brocade Virtual ADX at the other end of the connection had acknowledged receipt of the segment.
12 IPv6 Neighbor The following table describes the fields available in the UDP page. TABLE 47 UDP page - fields and descriptions Field Description Received Displays the number of UDP packets received. Sent Displays the number of UDP packets sent. Invalid Port Displays the number of UDP packets dropped because of invalid UDP port number. For more information on UDP statistics, refer to the Brocade Virtual ADX Switch and Router Guide.
Routes 12 Routes Routing controls allow you to view how an Brocade Virtual ADX device is transferring data when the device is in a “Router” configuration. Displays are provided for IPv4, IPv6, OSPF, OSPF V3, and BGP4 Plus protocols. To display routing information: 1. Select the Monitor tab. 2. Click Routes in the left menu. The Active V4 tab is displayed. To see only the routing for a specific protocol, click the button for that protocol at the bottom of the panel.
12 Routes IPv6 routing Clicking the IPv6 button at the bottom of the Routing panel displays the routing information for interfaces using the IPv6 protocol. This tab contains a table listing all active IPv6 routing connections with their associated values. TABLE 50 IPv6 routing connections and associated values Column Content IP Address IPv6 address of the route's destination. Mask Subnet mask for the IP address. Next Hop IP address of the next-hop router for this path.
Routes TABLE 51 12 OSPF routing connections and associated values (Continued) Column Content Out Port Router port through which the device reaches the next hop for this route path. Type Route type, either OSPF or Static Replaced by OSPF. OSPF route details The following additional information for the selected routing appears below the main table. NOTE You can collapse or expand the table by clicking the ▼ in the table’s header.
12 Routes TABLE 52 Information for the selected OSPF routing (Continued) Field Title Contents Paths The number of paths to the destination. ARP Index The index position in the ARP table of the ARP entry for this path's IP address. OSPF V3 Routing Clicking the OSPF V3 button at the bottom of the Routing panel displays the routing information for interfaces using the OSPF V3 protocol. This tab displays a table listing all the active OSPF V3 routes with their associated values.
Routes TABLE 54 12 Information for the selected OSPF V3 routing (Continued) Field Title Contents Type1 Cost The type 1 cost of this path. Type2 Cost The type 2 cost of this path. Mask Network mask for the route. Routes Number of routes being used. Intra Intranet routes being used. Inter Internet routes being used. External External routes being used. Outgoing Port Router port through which the device reaches the next hop for this route path.
12 Routes TABLE 55 Column Status AS Path BGP4 routes and associated values (Continued) Content The route status, which can be one or more of the following: A – AGGREGATE.The route is an aggregate route for multiple networks. B – BEST. BGP4 has determined that this is the optimal route to the destination. If the “b” is lowercase, the software was not able to install the route in the IP route table. • b – NOT-INSTALLED-BEST.
Routes TABLE 56 Column Status AS Path 12 BGP4 Plus routes and associated values (Continued) Content The route status, which can be one or more of the following: A – AGGREGATE.The route is an aggregate route for multiple networks. B – BEST. BGP4 has determined that this is the optimal route to the destination. If the “b” is lowercase, the software was not able to install the route in the IP route table. • b – NOT-INSTALLED-BEST.
12 ARP cache statistics ARP cache statistics To view the Address Resolution Protocol (ARP) cache statistics on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select ARP. The ARP page is displayed, as shown in Figure 143. FIGURE 143 Displaying the ARP The ARP page displays both the statistics and cache information. The ARP Cache table shows IP to MAC address association.
ARP cache statistics 12 The following table describes the fields available in the ARP page. TABLE 57 ARP page - fields and descriptions Field Description Statistics Requests Received Displays the total number of incoming requests. Requests Sent Displays the total number of requests sent. Packets Received Displays the total number of packets received. Replies Sent Displays the total number of replies sent.
12 MAC statistics MAC statistics To view all the MAC addresses learned or configured on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Network on the menu bar. 2. From the sidebar, select MAC. The MAC page is displayed, as shown in Figure 144. FIGURE 144 Displaying the MAC statistics The MAC page displays the Layer 2 MAC table information. The table shows the association between a MAC address and a system port.
Chapter 13 Viewing Traffic Statistics In this chapter • Global traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Virtual servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Real servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Content switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13 Global traffic The following table describes the fields available in the Global Traffic page. TABLE 59 Global Traffic page - fields and descriptions Field Description Session Traffic New Session Syncs Sent Displays the new synchronized packets sent for new sessions. New Session Syncs Received Displays the new synchronized packets received for new sessions. Sessions Removed Displays the number of sessions removed from the delete queue.
Virtual servers TABLE 59 13 Global Traffic page - fields and descriptions (Continued) Field Description Fast Packets VPort Not Found Displays the number of unsuccessful virtual-port searches using an improved (faster) method. VPort Found Displays the number of successful virtual port searches using an improved (faster) method. Forward FIN Displays the number of client-to-sever FIN packets passing through a non-optimized path.
13 Virtual servers Virtual server statistics To view the virtual server statistics on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Server. The Virtual Servers page is displayed, as shown in Figure 146. FIGURE 146 Displaying the virtual servers The following table describes the fields available in the Virtual Servers page.
Virtual servers TABLE 60 13 Virtual Servers page - fields and descriptions (Continued) Field Description Rx (Bytes) Displays the number of bytes received by the virtual servers. Tx (Bytes) Displays the number of bytes transmitted by the virtual servers. Virtual server details To view the details of a virtual server configured on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Servers. 3.
13 Virtual servers TABLE 61 Virtual Server Details page - fields and descriptions (Continued) Field Description Status Displays the runtime health of the virtual server. The status can be one of the following: • Enabled • Disabled • Not Healthy • Healthy • Not Bound Admin State Displays the admin state of the virtual server. The status can be one of the following: • Enabled • Disabled Predictor Displays the load balancing metric that is used to select a given real server among variable options.
Virtual servers 13 Virtual server ports To view the virtual server port statistics on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Servers. 3. Click Ports at the bottom of the Virtual Servers page. A new All Virtual Server Ports page is displayed, as shown in Figure 148. FIGURE 148 Displaying the virtual server ports The following table describes the fields available in the Virtual Server Ports page.
13 Virtual servers Virtual server port details To view the details of a virtual server port configured on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Virtual Servers. 3. Select a configuration from the Virtual Servers page and click Port. 4. Select a port configuration from the All Virtual Servers Ports page and click Details. A new Virtual Server Port Details page tab is displayed, as shown in Figure 149.
Virtual servers TABLE 63 13 Virtual Server Port Details page - fields and descriptions (Continued) Field Description Status Displays the runtime health of the virtual server port. The status can be one of the following: • Healthy • Unhealthy Admin State Displays the admin state of the virtual server port. The status can be one of the following: • Enabled • Disabled Concurrent Displays the state of the concurrent sessions that are additionally opened.
13 Real servers For more information on virtual server statistics, refer to the Brocade Virtual ADX Server Load Balancing Guide. Real servers You can view the summary and detailed statistics of all the configured real servers and ports. • Real server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 • Real server ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Real servers 13 The following table describes the fields available in the Real Servers page. TABLE 64 Real Servers page - fields and descriptions Field Description Name Displays the name of the real servers. IP Address Displays the IP address of the real servers. Status Displays the runtime health of the real servers, based on the Layer 3 health checks. The status can be one of the following: • Enabled • Disabled Admin State Displays the admin state of the real servers.
13 Real servers The following table describes the fields available in the Real Server Details page. TABLE 65 212 Real Server Details page - fields and descriptions Field Description Real Server Name Displays the name of the real server. IP Address Displays the IP address of the real server. MAC Displays the MAC address of the real server. Weight Displays the weight assigned to the real server relative to other real servers in terms of the number of connections on the server.
Real servers 13 Real server ports To view the statistics of all the real server ports configured on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Real Servers. 3. Select a configuration from the Real Servers page and click Port. 4. Select a port configuration from the All Real Servers Ports page and click Details. The All Real Server Ports page is displayed, as shown in Figure 152.
13 Real servers The following table describes the fields available in the Real Server Ports page. TABLE 66 Real Servers Ports page - fields and descriptions Field Description Name Displays the name of the real server ports. Status Displays the health of the real server ports. The status can be one of the following: • Enabled • Disabled • Not Healthy • Healthy • Not Bound Admin State Displays the status of the real server ports.
Real servers 13 4. Click Details to view the detailed statistics of that real server port. A new Real Server Port Details page is displayed, as shown in Figure 153. To view the port details in the graphical format, click Graph.
13 Real servers TABLE 67 Real Server Port Details page - fields and descriptions (Continued) Field Description Transmit Packets Displays the total number of packets transmitted by the port. Received Bytes Displays the total number of bytes received on the port. Transmit Bytes Displays the total number of bytes transmitted by the port. Rx (kbps) Displays the number of packets received by the port in kilobits per second.
Content switching 13 Content switching You can view the summary of all the Layer 7 content switching rules and policies configured on the Brocade Virtual ADX. Content switching policies To display the statistics of all the content switching policies configured on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching. The CSW Policy tab is displayed, as shown in Figure 154.
13 Content switching TABLE 68 CSW Policy tab - fields and descriptions (Continued) Field Description Mirror Packets Display the total number of mirror packets for this policy. Redirect Packets Displays the total number of redirect packets for this policy. CSW policy details On the CSW Policy tab, select a policy and click Details at the bottom of the tab. The details of the CSW Policy Rules tab appears. The following table describes the fields available in the CSW Policy Rules tab.
Content switching 13 DNS DPI policy Click DNS DPI Policy tab to view the statistics of the DNS DPI policies and the rules associated with each policy. Select the policy from the table to view the rules associated with this policy. The DNS DPI Policy tab is displayed. The following table describes the fields available in the DNS DPI policy tab. TABLE 70 DNS DPI policy tab - fields and descriptions Field Description Name Displays the name of the DNS policy.
13 Content switching Basic content switching statistics To display the statistics of the basic content switching, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching, and then Basic Statistics. The Basic Statistics page is displayed. The following table describes the fields available in the Basic Statistics page.
Content switching 13 Content rewrite statistics To display the rewrite content switching statistics, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Content Switching, and then select Rewrite Statistics. The Rewrite Statistics page is displayed, as shown in Figure 155. FIGURE 155 Rewrite Statistics page The following table describes the fields available in the Rewrite Statistics page.
13 OpenScript TABLE 73 Rewrite Statistics page - fields and descriptions (Continued) Field Description Cookies Deleted Displays the total number of cookies deleted in HTTP requests. Cookies Deletion Errors Displays the number of error that occurred when deleting the cookies in HTTP requests. Cookies Destroyed Displays the number of cookies destroyed during HTTP requests. Cookies Destroyed Errors Displays the number of error that occurred while destroying the cookies in HTTP requests.
OpenScript 13 The following table describes the fields available in the OpenScript page. TABLE 74 OpenScript page - fields and descriptions Field Description Name Displays the name of the script. Virtual Server Displays the name of the virtual server. Port Displays the name of the port to which the script is bound. Script Status Displays the status of the script.
13 Session information The following table describes the fields available in the Details page. TABLE 75 Details page - fields and descriptions Field Description Basic Details Script Bytes Displays the total number of bytes for the script. Last Updated Displays the time at which the last update was performed. Current Connections Displays the current connections open on the server. Current Connection Rate Displays the current connection rate on the server.
Session information 13 Session summary To display the session summary on the Brocade Virtual ADX, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Sessions. The Sessions page is displayed, as shown in Figure 158. FIGURE 158 Displaying the sessions The Sessions page displays the summary of the server and client connections, session distribution on BP, and real servers session.
13 Session information Filtering the session table To filter the sessions, perform the following steps within the Monitor tab. 1. Click Traffic on the menu bar. 2. From the sidebar, select Sessions, and then select Sessions Lookup. The Sessions Lookup page is displayed, as shown in Figure 159. FIGURE 159 Session Lookup The Session Lookup page displays the search criteria with specific fields. Enter your search criteria based on your requirement and click Search.
Chapter Viewing Security Statistics 14 In this chapter • DoS protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 • SSL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 DoS protection To view the Denial of Service (DoS) attack details, perform the following steps within the Monitor tab. 1. Click Security on the menu bar. 2. From the sidebar, select DoS Protection.
14 DoS protection Displaying SYN attack details To display SYN attack details, perform the following steps within the Monitor tab. 1. Click Security on the menu bar. 2. From the sidebar, select DoS Protection, and then select SYN Attacks Details. The SYN Attacks Details page is displayed, as shown in Figure 161. FIGURE 161 Monitoring the SYN attack details The following table escribes the fields available in the SYN Attacks Details page.
DoS protection TABLE 78 14 SYN Attacks Details page - fields and descriptions (Continued) Field Description SYN Proxy Hardware Statistics SYNs Processed Displays the number of SYNs that have the SYN-proxy enabled, received and processed by the hardware. SYN ACKs Sent Displays the number of SYN ACKs sent to the client from the hardware. Valid ACKs Received Displays the number of valid ACKs from the client received by the hardware.
14 SSL statistics The following table describes the fields available in the Other Attacks Details page. TABLE 79 Other Attacks Details page -fields and descriptions Field Description Statistics Attack Packets Dropped Displays the total number of attack packets dropped based on individual attack packet types. Attack Packets Logged Displays the total number of attack packets logged. Attack Types Attack Type Displays the type of the attack.
SSL statistics FIGURE 163 14 Displaying the SSL The following table describes the fields available in the SSL page. TABLE 80 SSL page - fields and descriptions Field Description Statistics SSL Current Connections Displays the number of SSL connections currently alive. SSL Attempted Renegotiations Displays the number of SSL renegotiations attempted. SSL Handshakes Completed Displays the number of SSL handshakes completed.
14 SSL statistics TABLE 80 SSL page - fields and descriptions (Continued) Field Description Hash Statistics MD5 Raw Hash Calls Displays the number of calls made by the device using Message Digest (MD5) raw hash algorithm. SHA1 Raw Hash Calls Displays the number of calls made by the device using Secure Hash (SHA1) raw hash algorithm. SSL MAC MD5 Calls Displays the number of SSL calls made by the device using MAC MD5.
SSL statistics 14 The SSL Alerts page displays the decoded status counter of the fatal and warning alerts received and transmitted by the device in tabular format. The following table describes the fields available in the SSL Alerts page. TABLE 81 SSL Alerts page - fields and descriptions Field Description Level 2 (Fatal) Alerts Total Level 2 Alerts Displays the total number of level 2 (Fatal) alerts received and transmitted by the device.
14 SSL statistics TABLE 81 SSL Alerts page - fields and descriptions (Continued) Field Description Bad Certificate Displays the number of alerts received and transmitted by the device for bad certificates. Unsupported Certificate Displays the number of alerts received by the device for unsupported certificates. Certificate Revoked Displays the number of alerts received and transmitted by the device for revoked certificates.
SSL statistics 14 The following table describes the fields available in the SSL Profiles page. TABLE 82 SSL Profiles page - fields and descriptions Field Description Profile name Displays the name of the SSL profile. Session Cache Items Displays the number of session cache items. Session Cache Hits Displays the number of session cache hits. Session Cache Misses Displays the number of session cache missed. Session Cache Timeouts Displays the number of the session cache timeouts.
14 SSL statistics TABLE 83 SSL Client Details page - fields and descriptions (Continued) Field Description SSL Connections Failed Displays the number of attempts failed during SSL connect. Client Authorization Successful Displays the number of sessions authorized by the client. Client Authorization Failed Displays the number of sessions failed during client authorization. SSL Session Reuse Attempts Displays the number of attempts for SSL session reuse.
Chapter Maintenance Overview 15 In this chapter • Navigating the maintain tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Navigating the maintain tab The Maintain tab is the fourth or last tab in the Brocade Virtual ADX web interface.
15 238 Navigating the maintain tab Brocade Virtual ADX Graphical User Interface Guide 53-1003242-01
Chapter Managing Software Images 16 In this chapter • Uploading the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 Uploading the software You can upload a software image on the device from a Trivial File Transfer Protocol (TFTP) server. While uploading the image, make sure that there are no power failures. To upload the software image from the TFTP server, perform the following steps within the Maintain tab. 1. Click System on the menu bar. 2.
16 Uploading the software 4. Click Upload to start uploading the software image from the TFTP server to the selected image flash. The system continuously polls for the upload complete status. After upload is complete, the page gets auto refreshed to show the latest information. The system polls for 4 minutes maximum to server to respond and in case of no response from the server, the system prompts you to try again. 5.
Chapter Restarting the System 17 In this chapter • System restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 System restart To reboot the Brocade Virtual ADX, perform the following steps within the Maintain tab. 1. Click System from the menu bar. 2. From the sidebar, select Reboot. The Reboot page is displayed, as shown in Figure 168. FIGURE 168 Rebooting theBrocade Virtual ADX 3. Select Primary or Secondary for image file.
17 System restart During device reboot, the application continuously polls for the reboot success status for 3 minutes maximum. After reboot is complete, the application is reloaded. If there is no response during polling, you are warned to re-login to the application to access the latest information.
Chapter License Management 18 In this chapter • License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 License Brocade and its suppliers grant to you a limited, non-exclusive, non-transferable, non-assignable, license to use the licensed features solely for internal purposes and solely for the purposes set forth in the Product documentation.
18 License The License page displays a summary of the active and expired licenses installed on the device. Table 84 describes the fields in the License page. TABLE 84 License fields Field Description Package Name Displays the name of the license package. License ID Displays the ID of the License. This number is embedded in the Brocade device. License Type License Period Status Displays the type of the license, which can be one of the following: Normal - Indicates that the license is permanent.
Chapter Packet Capture 19 In this chapter • Packet capture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Packet capture Take the following steps within the Maintain tab to perform Packet Capture: 1. Select the Maintain tab. 2. Click Tools on the menu bar. 3. From the sidebar, select Packet Capture to display the Packet Capture Summary tab.
19 Packet capture The Packet Capture Summary tab displays the following fields described in Table 85. TABLE 85 Packet Capture Summary tab - fields and descriptions Field Description Applied Filter The applied filter. Applied On The default is for the filter to be applied on BP and MP. Buffer Size The total allotted buffer size is 32768 kb. Packet Size 64-9234 Status Indicates if a packet capture session is running. Port The default is for the filter to be applied on all ports.
Packet capture 19 4. In the Packet Capture Summary tab, choose the Edit Filter button to display the Edit Filter tab. FIGURE 171 Packet Capture - Edit Filter tab Use the Edit Filter tab to configure packet capture and set parameters for the following filters: • • • • • • • • MAC Filter IP Filter ICMP Filter IPv6 Filter ICMPv6 Filter TCP Filter UDP Filter Pattern Filter Click the Apply button in the lower right hand corner of the Edit Filter tab to apply filter properties.
19 Packet capture 4. In the Packet Capture Summary tab, choose the Apply Filter button to display the Apply Filter tab. FIGURE 172 Packet Capture - Apply Filter tab The Apply Filter tab allows you to populate the following fields of filter properties: After populating the fields with filter properties, continue to use the Apply Filter tab to perform the functions described in Table 86.
Packet capture 19 To save and download the capture to the Virtual ADX MP or BP, click the Save & Download button. The CPU Selection dialog box appears. FIGURE 173 Save & Download - CPU Selection dialog box Select the MP or BP button, and then click Ok.
19 250 Packet capture Brocade Virtual ADX Graphical User Interface Guide 53-1003242-01
Chapter Accessing the CLI 20 In this chapter • CLI access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 CLI access The Brocade Virtual ADX web interface enables you to run CLI commands to configure the features that are not supported in the web interface. You can use the CLI access feature available in the web interface to run the CLI commands in a batch to request and change the configuration information on Brocade Virtual ADX.
20 CLI access 3. Enter the CLI commands in the field under the Enter a batch of up to 10 CLI commands that you would like to send to the Brocade Virtual ADX. NOTE The maximum number of CLI Commands that you can run from the web interface is 10. However, if any command fails to execute, the Brocade Virtual ADX will continue to process the remaining commands and return the response of the commands that are executed. NOTE The rconsole command is not supported via the CLI Access page. 4.
Chapter Retrieving System Information for Technical Support 21 In this chapter • Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Technical support The Brocade Virtual ADX allows you to view and save the Brocade Virtual ADX information that can help the Brocade Technical support team to troubleshoot your system. To view the Brocade Virtual ADX information, perform the following steps within the Monitor tab. 1. Click Support on the menu bar.
21 Technical support To contact Brocade Technical Support, go to http://www.brocade.com/services-support/index.html for the latest e-mail and telephone contact information.
Appendix A Troubleshooting In this appendix • Unable to open web interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 • Web interface does not reflect changes based on the latest image . . . . . 256 • RSL error (#2032 Stream Error) when launching the web interface . . . . . 256 Unable to open web interface Problem The Brocade Virtual ADX web interface does not open.
A Web interface does not reflect changes based on the latest image • Make sure that you have installed Flash Player 10.2 or higher in the system. You can download the Flash Player from www.adobe.com. • Make sure that you open the web interface using one of the following web browsers: Google Chrome, Internet Explorer, and Mozilla Firefox web browsers. You can also use other web browsers such as Safari, Opera and so on to open the web interface if they have flash installed in the system.
Appendix Config Template XML Schema B In this appendix • Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 • XML schema element reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Overview The XML Schema for the Config Templates allows you to define the Brocade Virtual ADX configuration.
B Overview Variables The XML Schema includes support for variables that allow late binding of configuration values. For example, instead of having a hard-coded value for a virtual server IP address, you can enter a value before the template is executed. Then, the variable mechanism injects the value into the template. The use of these variables is limited to specific data elements, including server names and addresses.
Overview B Variables in Repeaters When a variable is referenced within a repeater, it is used in an iterative, looping manner if there is a reasonable way to do so. This behavior makes it possible for repeaters to loop through a list in a scalable manner. The following rules determine how variables are handled: • Count attribute: This attribute determines how many times the repeater iterates.
B Overview Example 1 This example has several different uses of variables inside a repeater. The variables with the default values are defined as follows: RS_NAMES stringList rs1, rs2, rs3 RS_IPS ipAddressList 10.100.0.2, 10.100.0.22, 10.100.0.
Overview B Example 2 In this example, the iteration of IP addresses is done differently through “autoIncrement” with the following variables: RS_COUNT integerNonZero 4 RS_PREFIX string rs true
B Overview The results of the variables and repeater created the real servers in the following table. Real Server name IP Address Server ID rs-1 20.1.1.100 1024 rs-2 20.1.1.101 1025 rs-3 20.1.1.102 1026 rs-4 20.1.1.103 1027 Note that the RS_COUNT variable can easily be changed to create more real servers. However, they will have IP addresses that are strictly sequential (unlike the previous example, where IP addresses were hard-coded are more flexible).
XML schema element reference B XML schema element reference This section is the detailed reference for all the elements supported in the Config Templates XML Schema. NOTE The XML reference is subject to change and will likely be changed in the future. Check with Brocade for updates. The following naming conventions are used: • aaa.bbb refers to a bbb child element contained in an aaa parent element to help clarify the parent-child structures, for example: • aaa.
B XML schema element reference Example XML content: Top-level schema elements Test Everything Everything under the sun 1.5 12.6.
XML schema element reference TABLE 88 B Variable schema elements (Continued) Element Type Description Rules / Notes variable.dataType enumerated string The variable data type: • "xxxList" types are comma-separated strings • "xxxNonBlank" types do not allow empty strings • "predictor" is an enumerated predictor type • "portOrProtocol" is either a well-known port or valid protocol number. See “templateVariableDataTypeEnum” in the Brocade Virtual ADX XML Programmer’s Guide.
B XML schema element reference TABLE 88 Variable schema elements (Continued) Element Type Description Rules / Notes string The name of another variable whose state determines if this variable should be shown for user input The name of another variable, which must be boolean, which determines if this variable will be shown for user input container A collection of variables that should be functionally grouped together in a user interface layout Multiple "variableGroup" elements are allowed up to
XML schema element reference B Example XML content: Variable schema elements VS_IPADDRESS ipAddress 1 IP Address of the Virtual Server Enter the IP Address where the Virtual Server is to be found 10.100.0.
B XML schema element reference System schema elements TABLE 89 System schema elements Element Type Description Rules / Notes ADXTemplate.system container The section for ADX system settings Optional system.hostname string The host name for the ADX system Optional system.hostname.@variable string attribute The name of a variable that will provide the hostname of the ADX system Must refer to an existing variable of type "string" or "stringNoWhiteSpace"; optional system.
XML schema element reference B Example XML content: System schema elements brocade true 99 3 0012.f27c.
B XML schema element reference TABLE 90 Network schema elements (Continued) Element Type Description Rules / Notes container A collection of Static Route definitions Optional container A single Static Route Multiple "staticRoute" elements are allowed; up to 32 maximum staticRoute.destinationIp IP address The address of the route staticRoute.subnetMask IP address The subnet mask of the route staticRoute.route container The details of the route route.
XML schema element reference TABLE 90 B Network schema elements (Continued) Element Type Description Rules / Notes portRange.from integer The beginning number in a range of tagged ethernet port 1 to 64, or possible less than 64 depending on the valid port numbers of the current ADX; also must be less than "to" portRange.
B XML schema element reference TABLE 90 Network schema elements (Continued) Element Type Description Rules / Notes IP subnet The VLAN IP subnet's mask in address form 15 characters maximum; if provided, cannot be blank; "length" and "subnet" are mutually-exclusive ipSubnet.name string The VLAN IP subnet name 32 characters maximum; optional ipSubnet.
XML schema element reference TABLE 90 B Network schema elements (Continued) Element Type Description Rules / Notes container A single TCP Profile Multiple "tcpProfile" elements are allowed tcpProfile.name string The TCP Profile name 64 characters maximum tcpProfile.enableNagleAlgorithm boolean The "Nagle algorithm" flag Default false, optional tcpProfile.enableDelayedAckAlgorit hm boolean The "Delayed ACK algorithm" flag Default false, optional tcpProfile.
B XML schema element reference Example XML content: Network schema elements 10.0.0.0 255.240.0.0 10.4.51.
XML schema element reference B 16 true 16 true 111.111.111.111 255.255.255.
B XML schema element reference 2 7 3 64 my-tcp-profile true 444444 5000 my-tcp-profile2
XML schema element reference B Example XML content: SLB schema elements PAGE 290B XML schema element reference TABLE 92 Real server schema elements (Continued) Element Type Description Rules / Notes container A collection of Real Ports Optional container A single Real Server Port Multiple "realPort" elements are allowed up to 32 maximum port-or-protocol -number The name of a well known port or a protocol number • • • • • • • • • • string attribute The name of a variable that provides the port name or protocol number Must refer to an existing variable of type "portOrP
XML schema element reference TABLE 92 B Real server schema elements (Continued) Element Type Description Rules / Notes string attribute The name of a variable that provides an ending group ID Must refer to an existing variable of type "integer" or "integerNonZero" whose value is 0 to 1023; "to" must not be less than "from"; optional container HTTP-specific settings for the port Used only if the port is "http", "ssl" or a port number, but not for any other named port but not for any other named
B XML schema element reference http 11 HEAD / ssl 11 135
XML schema element reference TABLE 93 B Virtual server schema elements (Continued) Element Type Description Rules / Notes string attribute The name of a variable that provides the Virtual Server IP Address Must refer to an existing variable of type "ipAddress" or "ipAddressNonBlank"; optional virtual.context string The context in which to create the Virtual Server If unspecified, "default" context is used; optional virtual.predictor predictor The Virtual Server predictor • • virtual.ip.
B XML schema element reference TABLE 93 Virtual server schema elements (Continued) Element Type Description Rules / Notes port-or-protocolnumber The name of a well known port or a protocol number • • • • • • • • • • string attribute The name of a variable that provides the port name or protocol number Must refer to an existing variable of type "portOrProtocol"; optional virtualPort.portType enumerated string The type of port • • • tcp udp both Optional virtualPort.
XML schema element reference TABLE 93 B Virtual server schema elements (Continued) Element Type Description Rules / Notes virtualPort.tcpProfile string The name of a TCP Profile for the port 64 characters maximum, must match the name of a TCP Profile profile defined within this template; optional virtualPort.script string The name of a script for the port 12 characters maximum, must match the name of a script defined within this template; optional virtualPort.
B XML schema element reference TABLE 93 Virtual server schema elements (Continued) Element Type Description Rules / Notes port-or-protocolnumber The name of a well known port or a protocol number for the bound Real Server • • • • • • • • • • string attribute The name of a variable that provides the Real Port name or number Must refer to an existing variable of type "portOrProtocol"; optional port-or-protocolnumber The name of a well known port or a protocol number of an associated port on the
XML schema element reference B Example XML content: Virtual schema elements PAGE 298B XML schema element reference CSW schema elements TABLE 94 CSW schema elements Element Type Description Rules / Notes ADXTemplate.slb container The section for SLB Optional container The section for CSW Configuration Optional csw.requestRules container A collection of Request Rules Optional csw.requestPolicies container A collection of Request Policies Optional csw.responseRules container A collection of Response Rules Optional csw.
XML schema element reference B CSW request rules schema elements TABLE 95 CSW request rules schema elements Element Type Description Rules / Notes csw.requestRules container A collection of Request Rules Optional container A single Request Rule Multiple "requestRule" elements are allowed; unlimited except for available dynamically-allocated memory requestRule.name string The Request Rule name 80 characters maximum requestRule.
B XML schema element reference TABLE 95 CSW request rules schema elements (Continued) Element Type Description Rules / Notes container The details for "nested"-type rules This element is used for rules of both types: "nested-content-rule "nested-rule nested.expression string The nested rule expression to evaluate 255 characters maximum. This text should be packaged in a CDATA for ease of handling with special characters like "&" nested.
XML schema element reference TABLE 95 B CSW request rules schema elements (Continued) Element Type Description Rules / Notes integer The length of the content in question 1 to 65535 integer The details for "udp content"-type rules udpContent.dns boolean The "udp content" rule is for DNS deep packet inspection When this element is used, the value should always be "true" udpContent.
B XML schema element reference Example XML Content: CSW request rules schema elements PAGE 303XML schema element reference TABLE 96 B CSW request policies schema elements (Continued) Element Type Description Rules / Notes requestPolicy.name string The Request Policy name 80 characters maximum requestPolicy.type enumerated string The Request Policy type • • • requestPolicy.context string The context in which to create the policy If unspecified, "default" context is used; optional requestPolicy.
B XML schema element reference TABLE 96 CSW request policies schema elements (Continued) Element Type Description Rules / Notes container The details of the action to perform Must contain exactly one of the following sub-elements, based on the "action type": • forward • persist • redirect • rewrite • hashPersist • httpTrl Action types "reply-error" and "reset-client" have no details, so in those cases this "details" element should be omitted. details.
XML schema element reference TABLE 96 B CSW request policies schema elements (Continued) Element persist. realPort Type Description Rules / Notes container The "Real Port" of a "persist" action Optional realPort.port port-or-protocol The name of a well known -number port or a protocol number • • • • • • • • • • realPort.failClose boolean The "fail close" flag "failClose" and "portFailover" are mutually exclusive, both cannot be used together; optional realPort.
B XML schema element reference TABLE 96 CSW request policies schema elements (Continued) Element Type Rules / Notes • • • • • • • • • • redirect.port port-or-protocol The name of a well known -number port or a protocol number http https ssl dns ftp "dap ldaps tftp ssh 1 to 65535 Optional redirect.
XML schema element reference TABLE 96 B CSW request policies schema elements (Continued) Element Type Description Rules / Notes container The custom string details of a "request insert" rewrite action If this element is used, then these other elements must not be used: • clientCert • clientIp • header They are mutually exclusive. customString. string string The custom string text to use in the rewrite action 80 characters maximum customString.
B XML schema element reference TABLE 96 CSW request policies schema elements (Continued) Element Type Description Rules / Notes container The header details of a "request insert" rewrite action If this element is used, then these other elements must not be used: • customString • clientCert • clientIp They are mutually exclusive. header. headerName string The header name 80 characters maximum header.
XML schema element reference TABLE 96 B CSW request policies schema elements (Continued) Element Type Description Rules / Notes hashPersist.type enumerated string The type of "hash persist" action • • • • • • • • hashPersist.search container The search details of a "hash persist" action This element is only used for types "url search host" and "url search url" search.string string The search string 80 characters maximum search.offset integer The search offset 0 to 1024 search.
B XML schema element reference TABLE 96 CSW request policies schema elements (Continued) Element Type Description Rules / Notes boolean The "default rule" flag If "true", the rule name is ignored and the rule is treated as a "default rule" match action.actionType enumerated string The type of action to perform drop "rate-limit "redirect action.
XML schema element reference TABLE 96 B CSW request policies schema elements (Continued) Element Type Description Rules / Notes string The name of a Request Rule 80 characters maximum; must match the name of an existing Request Rule within this template boolean The "default rule" flag If "true", the rule name is ignored and the rule is treated as a "default rule" match action.actionType enumerated string The type of action to perform • • • • • • • • action.
B XML schema element reference TABLE 96 CSW request policies schema elements (Continued) Element Type Description Rules / Notes container The log action details Only used if the action type is "log" string The log message format 127 characters maximum; optional container The persist action details Only used if the action type is "persist" persist.offset integer The persist offset 0 to 1024 persist.
XML schema element reference B Example XML Content: CSW request policies schema elements PAGE 314B XML schema element reference CSW response rules schema elements TABLE 97 CSW response rules schema elements Element Type Description Rules / Notes csw.responseRules container A collection of Response Rules Optional container A single Response Rule Multiple "responseRule" elements are allowed; unlimited except for available dynamically-allocated memory responseRule.name string The Response Rule name 80 characters maximum responseRule.
XML schema element reference TABLE 97 B CSW response rules schema elements (Continued) Element Type Description Rules / Notes body.operation enumerated string The kind of test operation to perform on the body • • • • • • body.value string The value to test for in the operation Required for all operation types except "exists" boolean The case-insensitive flag Default is false; optional responseRule.
B XML schema element reference CSW response policies schema elements TABLE 98 CSW response policies schema elements Element Type Description Rules / Notes csw.responsePolicies container A collection of Response Policies Optional container A single Response Policy Multiple responsePolicy elements are allowed; unlimited except for available dynamically-allocated memory responsePolicy.name string The Response Policy name 80 characters maximum responsePolicy.
XML schema element reference B Example XML Content: CSW response policies schema elements PAGE 318B XML schema element reference TABLE 99 CSW OpenScript schema elements (Continued) Element Type Description Rules / Notes container A single script profile Multiple scriptProfile elements are allowed; 4 maximum scriptProfile.name string The script profile name 30 characters maximum scriptProfile. memoryLimitBytes integer The memory limit in bytes 1 to 1073741824, default is 1048576; optional scriptProfile.
XML schema element reference B Example XML content: CSW OpenScript schema elements
