hp traffic director server appliances user guide for the hp e-commerce traffic director server appliance sa8200/sa8220 and the hp traffic director server appliance sa7200/ sa7220
© Copyright 2001 Hewlett-Packard Company. All rights reserved. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 Publication Number 5971-0900 February 2001 Disclaimer The information contained in this document is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Contents Chapter 1: Introduction 1 Introduction to the Traffic Director Server Appliances . . . . . . . . . . . . . . . . . . . . . . . . 2 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP Traffic Director Server Appliances User Guide Sticky Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Sticky Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Sticky-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Server-timeout (SA8200/SA8220 only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 3: Boot Monitor 41 Using the Boot Monitor CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Accessing the Boot Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Interrupting the Bootup Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Using the Run Time CLI.
CONTENTS HP Traffic Director Server Appliances User Guide Administration Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Settings Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Software Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Nslookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Trace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP Traffic Director Server Appliances User Guide Run-Time CLI Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Global System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Admin Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 File Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Chapter 7: SNMP Support 233 Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Standards Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 HP MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Supported MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP Traffic Director Server Appliances User Guide Using Global Site Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Generating a Client CA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Regulatory Information 309 Taiwan Class A EMI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 VCCI Class A (Japan). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 VCCI Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Australia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTENTS HP Traffic Director Server Appliances User Guide Notes x
Introduction This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 1 HP Traffic Director Server Appliances User Guide Introduction to the Traffic Director Server Appliances The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and the HP Traffic Director Server Appliance SA7200/ SA7220s provide reliable load balancing, failover, and policy-based management to Web sites, Intranets, and e-Commerce sites. These models also include intelligent content routing, and are the best load balancing solution available for the reasons shown below.
CHAPTER 1 Assumptions Assumptions This User Guide assumes that you are a network administrator and that you have at least a basic understanding of the following: • Networking concepts and terminology • Network topologies • Networks and IP routing Benefits SA8220 benefits are listed below. Benefit Description Substantial performance boost and reliability for e-Commerce (SA8200/SA8220 only) The SA8220 can increase the speed, scalability, and reliability of multi-server e-Commerce sites.
CHAPTER 1 HP Traffic Director Server Appliances User Guide Benefit Description Substantial economic benefits (SA8200/SA8220 only) The SA8220 improves customer satisfaction by improving the response time for secure transactions. E-Commerce sites can now enjoy the benefits provided by having secure transactions participate in layer 7 intelligent traffic management.
CHAPTER 1 Benefits Benefit Description Intelligent content routing for SSL transactions (SA8200/SA8220 only) The SA8220 incorporates intelligent traffic management for secure transactions, dramatically improving an e-Commerce site’s responsiveness, reliability, and QoS.
CHAPTER 1 HP Traffic Director Server Appliances User Guide Specifications SA8220 specifications are listed below. Specification Description Servers supported System Administration 6 SA7200 SA7220 SA8200/ SA8220 Any Web server (Apache, Microsoft, Netscape, etc.) X X X Any operating system (UNIX*, Solaris*, Windows NT*, BSD*/BSDI*, AIX*, etc.) X X X Any server hardware (SUN, HP, IBM, Compaq, SGI, Intel-based platforms, etc.
CHAPTER 1 Specifications Specification Description Performance SA8220 is rated up to 1200 HTTPS connections/sec, 2500 RICH HTTP connections/sec, 3500 HOT connections/ sec, 95 Mb/sec. SA8200 is rated up to 600 HTTPS connections/sec, 1300 RICH HTTP connections/sec, 2800 HOT connections/ sec. Both the SA8200 and the SA8220 are rated up to 6600 Max HTTP/ HTTPS/sec.
CHAPTER 1 HP Traffic Director Server Appliances User Guide Specification Description Intelligent Content Routing Content: URL, file types such as *.GIF, file paths such as \ads\, file names such as Index.html X X Transactions: Transaction types such as *.
CHAPTER 1 Typographic Conventions Specification Description Security Features Supported SSL v2 and v3 for transaction security X X SSH for secure Command Line Interface X X IP filtering X X Serial port logon X X SA7200 SA7220 SA8200/ SA8220 Typographic Conventions The following typographic conventions are used throughout this manual. ONE MODEL NUMBER (SA8220): For ease of reading, all models are referred to as the SA8220 throughout this document.
CHAPTER 1 HP Traffic Director Server Appliances User Guide 4. To edit the configuration settings, press the Configure tab. COMMANDS are shown in the following ways: • Any command or command response text that appears on the terminal is presented in the courier font.
Theory of Operations This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. Also, all references to “RICH” functionality or “Expressions” in this chapter do not apply to the SA7200.
CHAPTER 2 HP Traffic Director Server Appliances User Guide General Operating Principles This chapter discusses the general operating principles for the HP eCommerce Traffic Director Server Appliance SA8200/SA8220s, and the Traffic Director Server Appliance SA7200/SA7220s. For details about the SA8220 command set, please see “Command Line Interface” in Chapter 5. For information about completing specific tasks, please see “Scenarios” in Chapter 6.
CHAPTER 2 Services Layer 4 (HOT) Services HOT services provide very fast brokering performance. HOT services are defined in full by their VIP and port number. In HOT or “Brokered” mode, the SA8220 performs Network Address Translation (NAT) on all incoming packets passing through the connection. NAT changes the destination IP address and port of incoming packets to those of the selected fulfillment server. The source IP address is modified to be that of the SA8220.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Out-of-Path Return (OPR) Ordinarily, the SA8220 processes all traffic in both directions between clients and the server farm. Viewing the server return traffic helps the SA8220 accurately determine server response times and handle HTTP errors. Often, the volume of data sent from the server to the client is much larger than the traffic from client to server, and checking for HTTP errors is not required.
CHAPTER 2 Sticky Options Sticky Options Some services operate best if all requests from a specific client during a single session are directed to the same fulfillment server. For example, if the server maintains a local database of client activity or context (shopping cart, registration info, navigation history, etc.), it is important that subsequent client requests go to the server with these database records. The SA8220's “sticky” options allow this to occur.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Sticky Persistence For source-ip based sticky, the relationship between the client IP address and the fulfillment server remains in effect for the entire time the SA8220 is online or until the sticky timeout value expires. In the event of failover, the sticky relationship is lost. Cookie sticky remains in effect while the browser is running or until the sticky timeout value expires.
CHAPTER 2 SSL Acceleration (SA8200/SA8220 only) SSL and Sticky (SA8200/SA8220 only) SSL (Secure Sockets Layer, or HTTPS)-enabled services can also be made sticky by specifying “sticky cookie” or “sticky src-ip” on the CLI. For SSL services, sticky cookie behaves exactly as it does for ordinary HTTP services. Source IP sticky uses the SSL session ID to maintain server context. The server relationship will not survive failover.
CHAPTER 2 HP Traffic Director Server Appliances User Guide SA8220’s dual NIC and packet filtering capabilities can be used to isolate the web servers from the Internet, further preventing unauthorized access. SSL Fundamentals (SA8200/ SA8220 only) SSL involves an interchange of keys used both to authenticate the parties and to provide information to securely encrypt confidential data. The keys distributed in this medium are “one way,” or asymmetric.
CHAPTER 2 SSL Fundamentals (SA8200/SA8220 only) are performed either at the server level, by web servers generally providing SSL functionality by way of standalone software components, or by embedded encryption software. The HP methodology places encryption processing on the network side, thus eliminating the need for processing on the servers (see the figure on the next page). The servers never see any of the SSL connection dialogue or the encrypted data.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Application Message Traffic Management The SA8220 was developed to perform load balancing in SSL environments. The SA8220 allows users to load balance based on application content (Layer 7, or RICH mode), as well as server address and port (Layer 4, or HOT mode). SSL management is handled independently of RICH mode processing.
CHAPTER 2 SSL Fundamentals (SA8200/SA8220 only) Fulfillment of each virtual service is load balanced across a number of real servers depending on the load balancing algorithm chosen.
CHAPTER 2 HP Traffic Director Server Appliances User Guide HTTP Header Option Fields Both the SA7220 and the SA8200/SA8220 can make the IP address of a requesting client available to a fulfillment server by constructing a custom HTTP header option, with the client’s IP as the value: HP_SOURCE_IP: SSL-related HTTP header option fields are only used by the SA8200/ SA8220 with any SSL service.
CHAPTER 2 Load Balancing Across Multiple Servers Load Balancing Across Multiple Servers Balancing Algorithms The SA8220 provides a choice of load balancing algorithms. Services can be separately configured to load balance using a round-robin or a response time algorithm. In most networks, the best performance results from use of the response time algorithm. Under this algorithm, the SA8220 measures the response time of each request to each server in the server farm.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Primary and Backup Servers Each server is identified as either a Primary or Backup for a given service. Primary servers are always considered first for request fulfillment. By default, Backup servers are considered for use only if a primary server goes down, though they can optionally be configured for use to maintain target response times.
CHAPTER 2 Server Configuration Options Multi-hop Source Address Preservation It is possible in sophisticated network topologies to require requests to pass through two SA8220s. In such configurations, the SA8220 topologically closest to the clients must be configured with the Multihop Source Address Preservation (MSAP) feature enabled. MSAP allows requests to pass through two cascaded SA8220s in different geographical areas.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Each server listed for fulfillment of a RICH_HTTP service can be configured to serve any number of specific rich expressions. Applicable expressions are listed below: • File type expressions, such as *.gif, or */index.html • Path expressions, such as /home/*, or /home/images/*, or /home/ images/a*. • Unique file expressions, such as /index.html • Wildcard expression, such as *. • Negation expressions, such as !*.gif or !*/index.
CHAPTER 2 Routing with Dual Interfaces Routing with Dual Interfaces Because the SA8220 has two network interfaces, it can act as a router in some contexts. This means that it can route between two subnets. To do this, you must designate the SA8220 as the default gateway for your fulfillment servers. Routes to the inside subnet are not advertised to the outside router, but host routes are advertised to the VIPs.
CHAPTER 2 Prioritization and Policy Groups HP Traffic Director Server Appliances User Guide Policy groups are containers used to organize services. Service prioritization uses policy group information to make decisions about which services should get more or less server resources. Although the assignment of services to policy groups can be arbitrarily determined by the operator, effective use requires that each policy group contain services related by their shared use of server resources.
CHAPTER 2 Prioritization and Policy Groups For example, the services HTTP and HTTPS are both assigned to a single policy group. HTTPS is designated the highest priority service, and HTTP the second priority. The SA8220 monitors the response time of each service, and if necessary re-prioritizes server resources of subordinate services to keep the response time for the highest priority service within the specified range.
CHAPTER 2 Routing Method for VIP Addresses HP Traffic Director Server Appliances User Guide After setting up the service, you must configure the SA8220 to route the VIP address to the Internet. There are two possibilities: • In single SA8220 installations, “Standalone” mode is preferred as it allows the VIP to be ARP-accessible from the router. • If there are multiple address spaces (such as a SA8220 on the 10.x.x.x network and a VIP on the 209.x.x.
CHAPTER 2 Error Detection Error Detection The SA8220 is capable of recognizing and reacting to server error conditions, detecting non-responsive (comatose) servers, and directing traffic to alternate resources until the server is back in operation. The SA8220 can also capture many HTTP errors before they reach the client, and redirect the request to an alternate server. Server Status Detection The SA8220 uses multiple means to monitor the status of the fulfillment servers.
CHAPTER 2 HP Traffic Director Server Appliances User Guide The dup-syn command uses the following syntax: config policygroup service dup-syn HTTP Error Detection NOTE: This section applies to all models except the SA7200. The SA8220 offers HTTP error detection for RICH services. When HTTP error detection is enabled, the SA8220 scans the headers of server responses for errors.
CHAPTER 2 Serial Cable Failover NOTE: DHCP is not available when serial cable failover is enabled. NOTE: You can log on to the Backup SA8220, but the full command set is not available.
CHAPTER 2 NOTE: The Online IP Address is the address used by the SA8220 that is currently accepting remote administration connections — this can be either the Primary or the Backup SA8220 (though it is typically the Primary). The Online IP Address is the address by which you can access the Online SA8220 using telnet for administration. HP Traffic Director Server Appliances User Guide 4.
CHAPTER 2 Serial Cable Failover 5. Save the Primary configuration. monitor>save List of currently saved configuration files(s). You may save over an existing configuration file or enter a new name. File name ---------active.cfg backup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter configuration file name (- to cancel): [active.cfg] ---> Configuration has been saved. 6. Boot the SA8220. monitor>boot Do you really want to continue boot? [y] ---> Boot which configuration? [active.
CHAPTER 2 HP Traffic Director Server Appliances User Guide IP Mac NOTE: Use the same Online IP Address and name for the Backup SA8220 as the Primary (these appear by default). : 13.1.1.20 : 0:1:c9:ed:a6:fb Is this machine Primary or Backup? [Backup] ---> Enter Online IP Address [13.1.1.20] ---> Enter Online Name [online13] ---> Serial failover successfully configured monitor> 4. Save the Backup configuration. monitor>save List of currently saved configuration file(s).
CHAPTER 2 Serial Cable Failover Replicating the Configuration The active configuration is replicated upon changes to the Backup SA8220 from the Primary. For most configurations, faults are detected within 3 seconds, and the Backup is fully online within 25 seconds. The latter interval increases as the number of services increases. Status Information You can display information about the SA8220s’ function and failover status either via the Command Line Interface or the GUI.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Failover Status Message Description The broker is PRIMARY and NIC_FAILED, and the remote’s state is ONLINE. Ethernet cable disconnected, or cable, NIC, or HUB port failure The broker is BACKUP and ONLINE, and the remote’s state is NIC_FAILED. The broker is PRIMARY and ONLINE, the connection to the remote has TIMED OUT. The broker is BACKUP and IP_IN_USE_ERROR, the connection to the remote has TIMED OUT.
CHAPTER 2 NOTE: The notation, PRIMARY/BACKUP indicates that either “PRIMARY” or “BACKUP” will be displayed. Serial Cable Failover The Failover Status messages in this table are not specific to the Primary or Backup SA8220s. Failover Status Message Description The broker is PRIMARY/ BACKUP and WAITING_FOR_SYNC One of the SA8220s has been restarted. This status persists while the configuration files are loaded from the online SA8220.
CHAPTER 2 HP Traffic Director Server Appliances User Guide Notes 40
Boot Monitor This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 3 HP Traffic Director Server Appliances User Guide Using the Boot Monitor CLI CAUTION: After configuring the SA8220 with the Boot Monitor, you must enable Autoboot with the autoboot command or the SA8220 will not operate. The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s’ and the HP Traffic Director Server Appliance SA7200/ SA7220s’ Boot Monitor Command Line Interface (CLI) allow you to configure boot options and manage boot configuration files.
CHAPTER 3 Accessing the Boot Monitor Using the Boot Monitor CLI You can access the Boot Monitor Command Line Interface in either of the two ways described in this section. Interrupting the Bootup Sequence 1. Interrupt the SA8220’s bootup sequence by pressing a key at the following prompt: Press any key to stop autoboot. In a few seconds the monitor> prompt displays, confirming that the Boot Monitor is running: Using the Run Time CLI 1. Type this command at the prompt: config sys autoboot disable 2.
CHAPTER 3 HP Traffic Director Server Appliances User Guide Boot Monitor Commands Boot Monitor CLI commands (listed below) are described in this chapter. • • • • • • • • • • • • autoboot autoboot boot delete dhcp dir dns dual factory_reset failover gateway help host • • • • • • • • • • • info interface ip load netmask rich_bias save settime setup static_routes version Enables or disables the Autoboot function.
CHAPTER 3 Using the Boot Monitor CLI Current active configuration ---------------------------Product: HP SA8220 Version: 2.7 Patch Level: 0.0 Build: 12 Current time: Tue Sep 12 17:02:05 2000 Hostname: CSLab7k ------------Network side NIC: IP Address: 10.6.3.21 Netmask: 255.255.255.0 MAC address: 0:a0:c9:ed:6c:cc ------------Service side NIC: IP Address 10.6.5.21 Netmask: 255.255.255.0 MAC address: 0:d0:b7:6:c1:85 ------------Default Gateway: 10.6.3.
CHAPTER 3 HP Traffic Director Server Appliances User Guide configuration, or choose among a list of previously saved configurations. Procedures for choosing among these options are organized within three groups, described below. 1. Type the boot command. 2. The Boot Monitor displays the changed configuration information and prompts you to save the new configuration, as shown in the example below: Current active configuration ---------------------------Product: HP SA8220 Version: 2.7 Patch Level: 0.
CHAPTER 3 Using the Boot Monitor CLI First Options: 1. If you select the default, y, the system allows you to save the configuration as either active.cfg or the last loaded filename. Configuration file name? [active.cfg] ---> NOTE: This list includes backup.cfg, a backup of the most recently booted configuration. This file is automatically created when you change the configuration and save. 2. You can either accept the default, active.cfg, or type a new filename.
CHAPTER 3 HP Traffic Director Server Appliances User Guide Third Options: 1. If there are any previously saved configurations on the system, you are offered a choice of configuration files to boot from. Select a boot configuration from the following files. active.cfg backup.cfg Boot configuration file name? [active.cfg] ---> 2. You can accept the offered default, active.cfg, or select another previously saved configuration. If you select active.cfg, the configuration is not redisplayed.
CHAPTER 3 Using the Boot Monitor CLI dhcp Enables or disables the SA8220’s use of DHCP. When DHCP is enabled, the SA8220 receives its configuration parameters from the DHCP server at startup. When DHCP is disabled, the SA8220 ignores the DHCP server, and so it must be manually configured at restart. Respond to the prompt with y to enable, or n to disable. DHCP is disabled by default. Example: monitor> dhcp Enable DHCP (yes, no)? [no] ---> dir dns Displays the list of saved boot configuration files.
CHAPTER 3 factory_reset NOTE: The first boot after a factory_reset command or a new installation will prompt you for the root password. Also, the factory_reset command does not delete saved configuration files. 50 HP Traffic Director Server Appliances User Guide Resets the system to factory defaults, listed below.
CHAPTER 3 Using the Boot Monitor CLI failover Specifies the SA8220’s failover method. Three failover options are available: • disabled: no failover method will be used • serial: serial cable failover will be used • route: router failover will be used Example: monitor>failover Specify failover method (disabled, serial, route): [disabled] --->serial Checking for failover unit... Failover unit not detected or may not be configured.
CHAPTER 3 HP Traffic Director Server Appliances User Guide host Sets the SA8220’s host name. Example: monitor>host Enter the hostname you would like to assign to the Network NIC: --->CSLab7k info interface Displays the current boot configuration. Configures Ethernet port parameters. Compatibility with some older switches, hubs, or routers, may require that you manually specify the Ethernet speed and duplex mode of the SA8220's network interface card.
CHAPTER 3 Using the Boot Monitor CLI load Loads a previously saved configuration file into memory. Example: monitor>load Select a configuration file to load from the following files. File name -------------active.cfg backup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter the configuration filename to load (- to cancel): [active.cfg] ---> Configuration loaded: active.cfg netmask Specifies the netmask. Example: monitor>netmask Enter Netmask for [255.255.255.0] Enter Netmask for [255.
CHAPTER 3 HP Traffic Director Server Appliances User Guide save Saves the current configuration. Changes made during the current Boot Monitor session are lost unless you use the save command. Example: monitor>save List of currently saved configuration file(s). You may save over an existing configuration file or enter a new name. File name ------------active.cfg bckup.cfg cris.cfg ‘active.cfg’ is the last booted configuration. Enter configuration file name (- to cancel): [active.
CHAPTER 3 Using the Boot Monitor CLI Select a TIMEZONE from the ‘GMT’ list.
CHAPTER 3 HP Traffic Director Server Appliances User Guide Selected TIMEZONE ‘Eastern’ The current time is now: Sat Oct 28 23:59:42 2000 Enter the year (YYYY): [2000]---> Enter the month(MM): [10]---> Enter the day (DD): [28]--->29 Enter the hour (HH): [23]--->01 Enter the minute (MM): [59]-->57 Enter the seconds (SS): [39]---> Sun Oct 29 01:57:39 EDT 2000 Example 3, without NTP (manual setting): NOTE: Example 3 is for setting the time using any timezone OTHER THAN GMT or US.
CHAPTER 3 Using the Boot Monitor CLI setup Initiates the SA8220’s setup procedure. The system displays prompts for all inputs necessary to initialize it. Example: monitor>setup Enable dual NIC operation(yes,no)? [no] ---> yes Autoconfigure the Network side NIC speed and duplex? (yes,no)? [yes] ---> Autoconfigure the Server side NIC speed and duplex? (yes,no)? [yes] ---> DHCP is disabled for dual NIC operation.
CHAPTER 3 static_routes HP Traffic Director Server Appliances User Guide Deletes and adds any number of static IP routes. Shows the current static IP routes (if any) when the function is entered. You are prompted for the destination and gateway IP addresses. The info command will show any static IP routes that are known to the Boot Monitor, and factory_reset will remove all static IP routes as part of its cleanup. Example: monitor>static_routes Static Route information.
Graphical User Interface This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Before You Begin NOTE: Some functions and features are not available in the GUI. The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and HP Traffic Director Server Appliance SA7200/ SA7220s have features and functions that are controlled through either the browser-based Graphical User Interface (GUI), as discussed in this chapter, or the Command Line Interface (CLI), as discussed in Chapter 5.
CHAPTER 4 Logon Screen Logon Screen To access the various GUI services available to you on the SA8220, you must first log on to the system as described in this section. Logging on to the GUI NOTE: If Internet Explorer* 5.01 (or later) is your browser, you must add a trailing slash (/) to the URL, as shown in step (2). Also, the default GUI port (1095) can be changed. For details, please see “GUI Tab” in this chapter. 1. Launch your browser. 2.
CHAPTER 4 NOTE: The factory default for both the user name and password is admin (lowercase required). To change them, please see “Users Tab” in this chapter. 62 HP Traffic Director Server Appliances User Guide 4. In the space provided, type your User name. 5. In the space provided, type your Password. 6. Click Logon. The Topology screen displays, as shown on the next page. The number of server icons varies, depending upon your network configuration.
CHAPTER 4 Topology Screen Topology Screen Topology Screen Using the Topology Screen Purposes of the Topology Screen • Displays a graphical representation of the current topological relationships between the SA8220 and network servers. The SA8220’s status and Serial Cable failover, if configured, are also reflected here. • Serves as a gateway to the Administration and Policy Manager screens, and the Configuration and Tools screens.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Topology Screen Toolbar Back Administration Configuration Policy Manager Tools Log File Statistics Topology Screen Toolbar Located at the top left of the window, the toolbar is shown above. The toolbar’s buttons, from left to right, are described below: • Back returns you to the previous screen. From the Topology screen, this will log you off the system and return you to the logon screen.
CHAPTER 4 Topology Screen Topology Screen Elements SA8220 Icon The SA8220 is represented onscreen by a horizontal "rack unit" icon, as shown above. • Right-clicking on the SA8220 icon displays a popup menu that can take you to other screens. • Double-clicking the SA8220 icon takes you to the Policy Management screen by default, but this can be changed in the Administration screen (please see “Administration Screen” in this chapter).
CHAPTER 4 HP Traffic Director Server Appliances User Guide Window Controls Slider Control To resize the Topology screen elements, click and drag the slider control located in the upper right hand corner of the screen, as shown above. • Move the slider control to the far right, as shown above, for the largest display. • Move the slider control to the far left for the smallest display.
CHAPTER 4 Policy Manager Screen Policy Manager Screen When you double-click a SA8220 icon in the Topology screen (or right-click and select Policy Management), the Policy Manager screen displays, as shown below. Policy Manager Screen The Policy Manager consists of a series of screens with multiple tabs that includes the controls used in the implementation of Policies.
CHAPTER 4 Policy Manager Controls and Displays HP Traffic Director Server Appliances User Guide The Policy Manager screen contains two main regions, as described below: • The Policies display, on the left side of the Policy Manager screen • The Details display, on the right side of the Policy Manager screen The relative sizes of the Policies and Details displays are adjustable by clicking and dragging the vertical line between the panels.
CHAPTER 4 Policy Manager Screen The Policy Manager toolbar contains three buttons for creating Policy Groups, Services and Servers, and one button to delete the currently selected item, regardless of its type. The toolbar’s buttons are enabled or disabled (dimmed) according to the type of item selected in the Policies display. Policy Manager’s Pop-up Menu You can display the Policy Manager’s pop-up menu, shown below, by right-clicking in the Policies display.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Creating Policy Groups You can create Policy Groups in either of two ways: 1. Click New Policy Group, in the left of the Policy Manager toolbar, or 2. Right-click to display the menu, then select the New Policy Group command. A new Policy Group icon and the Detail screen displays in the Policies display, as shown below. Adding a New Policy Group 3. Type a name for the new Policy Group in the Policy Group Name field.
CHAPTER 4 Policy Manager Screen Naming the New Policy Group 4. To accept the specified name, click Apply. The new Policy Group’s new name displays in the Policies display. When the new Policy Group name displays, Create Service (see above), becomes available. This reflects the fact that Services cannot be created unless at least one Policy Group already exists.
CHAPTER 4 Services HP Traffic Director Server Appliances User Guide Once a Policy Group exists, you can create Services. Creating Services Follow these steps to create a Service: 1. In the Policies display, click to select a Policy Group. 2. In the Policy Manager toolbar, click New Service, or right-click in the Policies display and select New Service from the pop-up menu. The Service Details tab displays in the Details screen, as shown below.
CHAPTER 4 Policy Manager Screen 5. From the Virtual IP pull-down menu, click the desired Virtual IP (VIP) address. If there are no VIPs in the menu, or if the desired one is absent, type it in. NOTE: The VIP/port combination must be unique. 6. Type a port in the Port field. The port is the listening port for incoming connections, and you can select port numbers between 1 and 65535. 7. When you have finished filling in the fields in the Service Details tab, click Apply.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Control or Display Description Insert Source IP in HTTP Header (RICH only on all models except the SA7200) This check box specifies whether or not the Source IP address is embedded within the HTTP header information. Sticky Mode The SA8220 is configured to maintain a session’s state so that serial requests from a single client are allocated to the same server. This is called a "sticky" port.
CHAPTER 4 Policy Manager Screen Balance Strategy HOT Services are assigned server resources according to either of two Balance Algorithms. Click the Balance Strategy tab of the Service Details screen to display the Balance Algorithm controls, as shown below. Service Balance Strategy Screen Two Balance Algorithms are available: • Response Time: Requests for a Service using the Response Time algorithm are forwarded to the server that can fulfill them within the shortest time.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Deleting Services To delete a Service: 1. In the Tree, click select the name of the Service to be deleted. 2. In the Policy Manager toolbar, click Delete, or right-click to display the menu and click the Delete Selected Item command. Servers After you create Services, you must designate, or "create" Servers to fulfill client requests for Services.
CHAPTER 4 Policy Manager Screen The Policy Manager’s Server Detail Screen 3. In the Server Name field, type an IP address or server name known to the SA8220 via DNS or static host table. This value cannot be changed after the server is created. 4. If appropriate, edit the Port field. The default value is the port number of the Service under which this Server displays in the Tree. This value cannot be changed after the server is created.
CHAPTER 4 HP Traffic Director Server Appliances User Guide 5. From the drop down menu, click to select the desired Server Type. Available types are listed below: • Primary: Primary servers are immediately available to accept client requests forwarded from the SA8220.
CHAPTER 4 Policy Manager Screen RICH Controls (all models except the SA7200) NOTE: OPR cannot be used in conjunction with Services of type RICH_HTTP. If the type of the Service under which you create a Server is RICH_HTTP, the Server Details tab displays some additional controls, as shown below.
CHAPTER 4 HP Traffic Director Server Appliances User Guide • HTTP Error Detection: When HTTP Error Detection is enabled, requests that generate HTTP errors 401-405 and 500503 are rerouted, transparently to the client, to the next available server. When disabled, these errors are sent back to the requesting client. • RICH Expression List: Expressions allow the SA8220 to parse requests at the levels of path name, file type, and filename and direct them to the appropriate server.
CHAPTER 4 Policy Manager Screen Order of Expressions (all models except the SA7200) When using expressions in Layer 7 (RICH) operations, the order of expressions is significant only when the "not" (!) operator is used. Expressions are described below. Expression Yields !*.gif;* All non-GIF files *;!*.gif All files, because after specifying “all” (*), the !*.gif expression is never reached !*.html;/home/* Matches all entries of the form “/home/*” except HTML files /home/*;!*.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Administration Screen The Administration Screen is a set of ten tabs containing the functions used to manage the SA8220. Each tab includes controls and displays related to a specific category of administration tasks. Administration Screen — Settings Tab Settings Tab The Settings tab includes controls used to set the following: • 82 System ID: Edit this field to set the unit identifier.
CHAPTER 4 Administration Screen • Server Verification Interval: Edit this field to change the interval in seconds at which servers are "pinged" to verify they are available and able to handle traffic requests. (See "IRV" in the Command Line Interface chapter). The valid range for this field is 0 to 99999. A value of 0 disables IRV.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Administration Screen — Software Tab (System Software View) System Software The SA8220 provides sufficient local storage for five software images (though at any time, only one image is active and executing.
CHAPTER 4 Administration Screen • Product version number • Patch number • Build number Agent Software The SA8220 can interface with other HP units by using Agent Software images. The SA8220 provides sufficient local storage for at least five Agent software images (though at any time, only one image is enabled). To display the "Agent Software" area of the Software tab, click Agent Software, which displays the list of currently installed Multi-Site Director Agent images, as shown below.
CHAPTER 4 HP Traffic Director Server Appliances User Guide • Product version number • Patch number • Build number • Compatible Multi-Site Traffic Director version number Specifying the Active System Software Image To change the active system image: 1. Click System Software. 2. In the System Software box, click the image you want to activate. 3. Click Boot. The SA8220 displays a message prompting you to proceed but warning you that the SA8220 will reboot as shown below.
CHAPTER 4 Administration Screen Installing Software Images You can download and install new system and agent software images for the SA8220 using the controls in the Update Software box at the bottom of the Software tab. Downloading a System Software Update NOTE: A key is not required to obtain Agent Software. 1. To download the new image, contact HP Customer Support or your System Administrator to obtain the URL, Key, User, and Password information.
CHAPTER 4 HP Traffic Director Server Appliances User Guide 4. Click Yes. If you selected Agent Software, the prompt shown below displays. Delete Image Confirmation (Agent View) 5. Click Yes.
CHAPTER 4 Users Tab Administration Screen The Users tab contains controls and displays allowing you to perform the following tasks: • Add users • Modify user permissions and passwords • Delete users • View the user names and permissions of all authorized users • View the user names and permissions of all users currently logged on • Promote your permissions level • Log off all other users currently logged on. The Administration Screen’s Users tab is shown below.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Adding Users To add a user: 1. In the User Name field, type the new user’s User Name. 2. In the Password field, type the new user’s password. 3. In the Confirm Password field, re-enter the password. 4. In the User Permissions box, select the appropriate permission level: Read-only, Read-write, Read-write-all. Users with Readwrite-all permissions can add, modify, and delete other user logon entries. 5. Click Add. 6.
CHAPTER 4 Administration Screen Demotion and Promotion of Your Permissions NOTE: Use Promote with care. If you promote your permissions, be aware that conflicts may arise among multiple users who have ReadWrite-All permission. For example, administrative changes you make may be overwritten by another user.
CHAPTER 4 Routing Tab HP Traffic Director Server Appliances User Guide The Administration screen’s Routing tab (shown below) contains controls that allow you to manage the following: • System Role • Active Routing Protocol • OSPF Protocol • RIP Protocol Administration Screen’s Routing Tab 92
CHAPTER 4 Administration Screen System Role The choice of System Role (or simply "role") depends in part on your network’s topology and on the number of SA8220s installed. A single SA8220’s role must be "Standalone." If two SA8220s are employed, and you intend to use serial cable failover you must designate both SA8220s as "standalone." If two SA8220s are employed, and you intend to use Router Failover, one must be designated as the "Primary" and the other as the "Backup.
CHAPTER 4 HP Traffic Director Server Appliances User Guide OSPF Protocol NOTE: Unless the config route protocol command is set to ospf, OSPF protocol is not active. For more information, please see Chapter 5. NOTE: The Router Dead value must be at least four times the Hello interval. The Router tab’s OSPF Protocol box includes controls that allow you to specify the following values: • OSPF Area: This value must be set to the same OSPF area as the ingress router to which the SA8220 is talking.
CHAPTER 4 Security Tab Administration Screen The security screen (shown below) allows you to implement IP Packet Forwarding (IPFW) security policies. Three modes are available: • Closed • Open • Custom Administration Screen’s Security Tab Closed mode disables all remote administration capabilities. Open mode enables all remote administration capabilities, SA9200 agent traffic, and IP Forwarding. Custom mode allows you to specify filtering of traffic based on traffic port and source IP address.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Source IP Filtering The controls in the Security Tab’s Source IP dialog box allow you to filter administration access by source IP address. This dialog box contains a pair of buttons and combo box. To allow any IP address to perform administrative tasks, click Allow Any. To filter by source IP, click Allow List and type the IP addresses and/or subnets allowed administrative access into the IP Addresses/Subnets list.
CHAPTER 4 GUI Tab Administration Screen The GUI tab (shown below) includes controls that allow you to configure the following aspects of the SA8220’s Graphical User Interface (GUI): • Server port on which the GUI is accessible from the browser • Response Timeout Value • Choice of result from double-clicking the SA8220 icon in the Topology Screen • Choice of result from double-clicking the Server icon in the Topology Screen Administration Screen’s GUI Tab NOTE: After changing this setting your bro
CHAPTER 4 98 HP Traffic Director Server Appliances User Guide • The Broker Response timeout (sec): This field allows you to specify, in seconds, the time the GUI will wait for a response from the SA8220 before timing out. This value must be an integer between 0 and 120. A value of 0 disables timeout. The default value is 30.
CHAPTER 4 CLI Tab Administration Screen The CLI tab (shown below) includes controls that allow you to configure the following aspects of the SA8220’s Command Line Interface: • SSH Port • Telnet Port • Telnet Sessions • Timeout • Prompt • Login Attempts • Enable "more" for screen paging • Lines per screen Administration Screen’s CLI Tab 99
CHAPTER 4 HP Traffic Director Server Appliances User Guide • The CLI (SSH) Port field specifies the secure telnet port on which the CLI runs. Valid ports are port 22 (the default) or any unused port between 1024 and 65535. • The CLI (telnet) Port field allows you to specify the standard (unencrypted) telnet port on which the CLI runs. Valid ports are port 23 or any port between 1024 and 65535. The default is port 23.
CHAPTER 4 SNMP Tab Administration Screen The SNMP tab (shown below) includes controls for the SA8220’s Simple Network Management Protocol (SNMP) agent. Administration Screen’s SNMP Tab SNMP Agent The SNMP agent allows network management applications to monitor and retrieve the SA8220’s status and statistics via SNMP. NOTE: Ensure that the SA8220’s IP Filtering security mechanism allows IP access to SNMP, otherwise SNMP requests will not pass through the filter.
CHAPTER 4 HP Traffic Director Server Appliances User Guide • System Contact: corresponds to the MIB variable sysContact in MIB-II. System Contact (sysContact) is the name of the administrator of this SA8220. By default, sysContact is NULL. • System Name: corresponds to the MIB variable sysName in MIB-II. System Name (sysName) is the name of this SA8220. By default, sysName is the hostname of the SA8220.
CHAPTER 4 Administration Screen For example, the string: ip=209.218.240.5 community=NOC1 causes traps to be sent to IP address 209.218.240.5, and causes the SA8220 SNMP agent to put the community string, NOC1 in the trap sent to that address. Multi-Site Tab This tab contains controls for setting the port that communicates with the HP Multi-Site Traffic Director Server Appliance SA9200. Administration Screen Multi-Site Tab To specify the Multi-Site Agent’s port: 1.
CHAPTER 4 Logging Tab HP Traffic Director Server Appliances User Guide The Logging tab includes controls that allow you to specify (or filter) the kinds of information written to the SA8220’s log file. This file records operational events for troubleshooting information. You can enable or disable the logging of specific types of information, and specify the log file size. Administration Screen’s Logging Tab Specifying System Log Parameters The following log levels are available: 1.
CHAPTER 4 Administration Screen Viewing the Log File 1. To view the log file, click View Log. The System Log File displays, as shown below. Logging Tab’s File Contents Window The File Contents window’s Actions menu contains two items: • Filter • Mail To...
CHAPTER 4 HP Traffic Director Server Appliances User Guide Log File Filter Window The Filter dialog box (shown above) allows you to filter the view of the log displayed in the File Contents window. 1. Select or clear the appropriate check boxes to specify the types or categories of messages you want to display. 2. Click Apply, or Cancel to abort. Log Mail To Window The Mail To dialog box (shown above) allows you to email the contents of the log file. 1.
CHAPTER 4 Configuration Screen 2. In the Mail Host field, type the name or IP address of your network’s outgoing mail (SMTP) server. 3. Click OK, or Cancel to abort. Configuration Screen The Configuration screen (shown below) includes controls that allow you to save, restore, send, and receive SA8220 configuration information in individual ASCII files. You can save configuration files on the SA8220 and send them to a remote TFTP server or retrieve them.
CHAPTER 4 Saving Configuration Files HP Traffic Director Server Appliances User Guide To save the SA8220’s current configuration to a file: 1. In the Configuration Name field, type a filename. Valid characters include letters, digits, (-), (_), and (.). File names cannot begin with the (.) character. 2. Click Save. 3. Verify that the new file’s name displays in the Saved Configurations list. Restoring Configuration Files To restore a configuration file: 1.
CHAPTER 4 Deleting Configuration Files Configuration Screen To delete a configuration file: 1. In the Saved Configurations list, click the name of the file you want to delete. 2. Click Delete. A message displays prompting you to confirm the operation, as shown below. Delete Confirmation Window 3. To delete the file, click Yes, or No to abort. Copying Configuration Files To copy an existing configuration file under a new name: 1.
CHAPTER 4 Viewing Configuration Files HP Traffic Director Server Appliances User Guide To prevent certificates and keys from being displayed or transmitted as plain text across the network, the GUI View Configuration File function has been disabled on the SA8200/SA8220. This function is still available on the SA7200/SA7220. 1. In the Saved Configurations list, click the name of the file whose contents you want to view. 2. On the SA8200/SA8220: Click View>>.
CHAPTER 4 Configuration Screen 1. On the SA7200/SA7220: Click View>>. The right hand panel of the Configuration screen displays the contents of the selected file, as shown below. Configuration File View on the SA7200/SA7220 2. If the file is too large to fit entirely in the window, as shown above, use the scroll bars to navigate through the file. 3. Click View>> again to close the file contents display.
CHAPTER 4 Resetting the Factory Configuration HP Traffic Director Server Appliances User Guide This command allows you to reset the SA8220 to its original factory configuration. Reset deletes all policy groups, services, and servers. Original factory settings are listed below. Type Parameter Default Setting Route Role Standalone Protocol None OSPF-area Backbone Hello interval 10 seconds Dead interval 40 seconds RIP version 2.
CHAPTER 4 Configuration Screen Type Parameter Default Setting GUI broker-action 0 (Policy Manager) server-action 1 (Statistics) acl Cleared custom access-control Disabled custom forwarding Disabled custom ssh Enabled custom telnet Disabled custom gui Disabled custom snmp Disabled security mode Closed Security To restore the factory default configuration: 1. Click Reset. A message displays prompting you to confirm the operation, as shown below. Reset Confirmation Window 2.
CHAPTER 4 Sending and Retrieving Configuration Files HP Traffic Director Server Appliances User Guide By default, configuration files are saved on the SA8220 itself. You can also send them to and retrieve them from remote TFTP servers. To send a configuration file to a remote TFTP server: 1. In the Saved Configurations list, click the name of the file you want to send. 2. In the Send/Receive Configuration box, click Put. 3. In the tftp Host field, type the name of the host where you will send the file.
CHAPTER 4 Tools Screen Tools Screen The SA8220’s Tools screen (shown below) provides network diagnostic tools for your convenience: • ARP • Ether • Ping • Netstat • Nslookup • Reboot • Trace • Traceroute Tools Screen 115
CHAPTER 4 ARP HP Traffic Director Server Appliances User Guide This command displays the SA8220’s ARP table. To use the command: 1. From the Command menu, click arp. 2. Click Run. 3. After a few seconds, the ARP information displays in the Results window, as shown below. The Tools Screen Displaying ARP Results 4. To clear the Results window, click Clear.
CHAPTER 4 Ether Tools Screen This command displays the Ethernet interface values. To use the command: 1. From the Command menu, click ether. 2. Click Run. 3. The Ethernet interface information displays in the Results window, as shown below. Tools Screen Displaying Ether Results 4. To clear the Results window, click Clear.
CHAPTER 4 Ping HP Traffic Director Server Appliances User Guide The Ping command tests the network connection to another networking device by sending five ICMP packets from the SA8220 to the target device, which if it receives them, sends a reply. When the SA8220 receives the reply, it displays a message reflecting the response time from the target device. If the SA8220 receives no reply, it displays a message indicating that the target device is not responding. To "ping" a network device: 1.
CHAPTER 4 Netstat Tools Screen The Netstat command displays the SA8220’s routing tables. To run Netstat: 1. From the Command menu, click netstat. 2.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Tools Screen Displaying Netstat Results 4. To clear the Results window, click Clear.
CHAPTER 4 Nslookup Tools Screen The nslookup command identifies the IP address of a given host, or the host name of a given IP address. You can use this tool to determine whether the SA8220 can resolve a host name or address, or to get the IP address of a machine of which you know only the host name. To use nslookup: 1. From the Command menu, click nslookup. 2. In the Parameters field, type the host name or IP address of the target device. 3. Click Run.
CHAPTER 4 Reboot HP Traffic Director Server Appliances User Guide The Reboot command reboots the SA8220. This command requires no parameters, and when executed prompts for confirmation. Reboot Confirmation 1. To reboot click Yes, or No to abort. As the SA8220 reboots, the above screen displays and prompts you to close your browser window. Reboot Notification 2. Close all browser windows to ensure that your browser uses the newly activated administration application. 3.
CHAPTER 4 Tools Screen Trace The trace command captures traffic on a network that matches the given expression. The trace output can be helpful for troubleshooting network problems. NOTE: By default, trace will automatically exit after 60 seconds. If the GUI is configured for a shorter timeout, the trace information may be lost. For more details, please see “GUI Tab” in this chapter.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Switch Description -a Attempt to use the DNS to convert address to names -c Exit after receiving packets -D The TFTP path directory information. Required parameter. -e Print the link-level header on each dump line -f Print “foreign” Internet addresses numerically, rather than symbolically -F The filter expression file.
CHAPTER 4 Tools Screen Switch Description -v Slightly more verbose output -vv Even more verbose output -w The trace output file. Required parameter. -x Output each packet in hex -X Output each packet in hex and ASCII The next table lists the primitives for the filter expression file (-F ). • If the filter expression file is empty, all packets on the net will be captured.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Expression Evaluation dst host True if the IP destination field of the packet is src host True if the IP source field of the packet is host True if either the IP source or destination field of the packet is ether dst True if the ethernet destination address is ether src True if the ethernet source address is ether host True if either the ethernet source
CHAPTER 4 Tools Screen Traceroute The Traceroute command displays the route that packets travel to the specified network device. To trace the route from the SA8220 to another device: 1. From the Command menu, click traceroute. 2. In the Parameters field, type the host name or IP address of the target device. 3. Click Run. After a few seconds, the Traceroute information displays in the Results window, as shown below. Tools Screen Displaying Traceroute Results 4. To clear the Results window, click Clear.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Statistics Screen The SA8220 provides a screen where you can view four different statistical categories, in a variety of graphical display formats, at the levels of Device, Service, and Server. Statistical data series are defined in the main Screen, and subsequently displayed in a separate window.
CHAPTER 4 Statistics Screen Selection List Statistics Box Selection Buttons (Arrow Buttons) Graph Options Graph Button Window Options Statistics Screen Statistics Box The Statistics box contains controls for you to select the statistics you want to view graphically, as well as the graph format in which you want those statistics displayed. • Type: This pull-down list allows you to specify the type of statistics that are available: System, Server, or Service.
CHAPTER 4 NOTE: Statistics for open connections in RICH mode (on the SA8200/SA8220 and the SA7220) are not available. HP Traffic Director Server Appliances User Guide • Available Statistics: In this graphical display, you can specify which of the available statistics you want to view. These include Average Response Time, Average Connections per Second, CPU Utilization, Open Connections, and Uptime. The available statistics will depend on your selection from the Type pull-down list.
CHAPTER 4 Statistics Screen Selection List The Selection List reflects the item (System, Server, Service), statistical category, and graph type of each defined data series. These display in the List’s three columns, described below: • Items: The specific System, Server, or Service selected in the Statistics box's Items list. • Statistics: The statistical category selected in the Statistics box's Available Statistics list.
CHAPTER 4 HP Traffic Director Server Appliances User Guide Graphing Statistics NOTE: The graph parameters, including the Legend checkbox, can be changed on the fly, but the results will not be displayed in the graph window (shown here) until you stop and restart the graph process from the Statistics Screen. 1.
Command Line Interface This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 5 HP Traffic Director Server Appliances User Guide CLI Introduction The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and the HP Traffic Director Server Appliance SA7200/ SA7220s are fully configurable via the Command Line Interface (CLI). The CLI is accessible by using either Telnet or the serial port. Commands exist in a logical hierarchy. Secure Shell Support The SA8220 provides secure shell (SSH) versions 1 and 2 support. To use the secure shell: 1.
CHAPTER 5 Pipes Pipes Any command’s output can be "piped" using the ’|’ symbol with "grep" or "more." • Redirecting a command to more pages that command's output regardless of the config cli more setting. • Redirecting a command to grep displays only the command output's lines that contain the word specified after grep to be displayed. HP SA8220#info | grep SNMP The above command filters the output of the info command using grep such that only lines containing "SNMP" are displayed.
CHAPTER 5 Syntax 136 HP Traffic Director Server Appliances User Guide This section on the CLI uses the syntax shown below. Syntax Description Angled brackets (< >) Designates where you enter variable parameters Straight brackets ([ ]) Choices of parameters appear between straight brackets, separated by vertical bars. Braces ({ }) Optional commands or parameters appear between braces. Boldface Commands that you enter after the CLI prompt appear in boldface type.
CHAPTER 5 Global System Commands Categorical List of CLI Commands This section lists the SA8220’s CLI commands by functional category. For more complete details regarding CLI commands, please see “Run-Time CLI Command Reference” in this chapter. Global System Commands These commands manage general functions and are described later in this chapter. Admin Commands These commands are described in later in this chapter. ? !, !! Tab key arp back, ..
CHAPTER 5 HP Traffic Director Server Appliances User Guide File Management Commands Use these commands to view file-related information and manipulate files globally. These commands are described later in this chapter. CLI Commands These commands modify the CLI environment and are described later in this chapter. IRV Commands The Intelligent Resource Verification commands are described later in this chapter. GUI Commands These commands are described later in this chapter.
CHAPTER 5 Routing Commands Routing Commands These commands are described later in this chapter. Policy Group Commands These commands are described later in this chapter. Service Commands These commands are described later in this chapter.
CHAPTER 5 HP Traffic Director Server Appliances User Guide config policygroup service header-names [certificate | cipher-used | source-ip | ssl-id ] Server Commands These commands are described later in this chapter.
CHAPTER 5 Security Commands config sys software install {key } {user } {password } passive } config sys software ms-software info config sys software ms-software enable config sys software ms-software delete config sys software ms-software install Security Commands These commands are described later in this chapter.
CHAPTER 5 HP Traffic Director Server Appliances User Guide SNMP Commands These commands are described later in this chapter. SSL Commands (SA8200/ SA8220 only) These commands modify the SSL configuration. They can be used to set the defaults for configuring certificates in the policy group, and are described later in this chapter.
CHAPTER 5 Logging Commands config policygroup service key suite [ all | high | medium | low | export | ] config ssl info config ssl redirect [ | none] config ssl suite [all | high | medium | low | export | ] config ssl cache [enable|disable] config ssl dn [ name | email | locality | state | country | organization | unit ] Logging Commands These commands are described later in this chapt
CHAPTER 5 NOTE: Expressions do not apply to the SA7200.
CHAPTER 5 Global System Commands Run-Time CLI Command Reference Global System Commands Descriptive examples of the Global System commands are provided below. Command Description ? Displays the help command tree ! Enter ! followed by an index number from the history list to execute the indexed command.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description halt Halts the SA8220. help Displays help for the CLI commands. history Displays the command history. Use "!" or "h" to recall a command number from the history list.
CHAPTER 5 Global System Commands Command Description ping Tests the network connection to another networking device. The command sends an ICMP packet from the SA8220 to the target device, which (if it receives the packet), sends a ping reply. After the SA8220 receives the reply, it displays a message indicating that the specified IP address is alive. If the SA8220 receives no reply, it displays a message indicating that the target device is not responding.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description reset (continued) GUI Settings: • Response timeout is set to 30 seconds. • Broker-action is set to 0 (Policy Manager). • Server-action is set to 1 (Statistics) Multi-site Settings: • MSD port is set to 1999. Route Factory Settings: • Role is set to ‘standalone.’ • Protocol is set to ‘none’ • OSPF-area is set to ‘backbone.’ • Hello interval is set to 10 seconds. • Dead interval is set to 40 seconds. • RIP version is set to 2.
CHAPTER 5 Global System Commands Command Description reset (continued) SSL Settings: • Suite is set to ‘default.’ • Cache is set to ‘enable.’ • Redirect is set to ‘none.’ top [box, toplevel] Changes the prompt to the system's top or box level trace Displays TCP packets coming into or out of the SA8220. It can be helpful for troubleshooting network problems.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description trace (continued) • • -x Output each packet in hex. -X Output each packet in hex and ASCII. The has the same format as a "tcpdump" expression: If no is given all packets on the net will be output. primitives (listed below) can be combined using parentheses and '!' or 'not', '&&' or 'and', and '||' or 'or.
CHAPTER 5 Global System Commands Command Description trace (continued) • • • traceroute ip proto : true if the packet is an ip packet of protocol type , where is "icmp", "udp", or "tcp." ether broadcast : true if the packet is an ethernet broadcast packet. ip broadcast : true if the packet is an IP broadcast packet Displays the route that packets travel to the network host.
CHAPTER 5 Admin Commands HP Traffic Director Server Appliances User Guide The SA8220’s admin commands (see below) specify the server port where the Graphical User Interface is accessed and verify the current port. Command Description config admin info Displays the current Graphical User Interface (GUI) port config admin info config admin port Sets the Graphical User Interface (GUI) port number. This is the port where the admin GUI listens for connections.
CHAPTER 5 File Management Commands Command Description dir Displays a list of saved configuration files dir get Retrieves a configuration file from a TFTP server. Because the TFTP protocol has no user-logon or validation, sites that support it typically enforce some file access restrictions. Such restrictions are specific to each site and vary widely in scope and methods. get where tftpurl is the name of the TFTP server and file to retrieve.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description restore-verbose Same as restore but displays every line as it is restored restore-verbose {filename} NOTE: Username commands are not valid in where filename is the name of the configuration file to be configuration files, that is, restored (the default file name is default.cfg). save config and restore config operations do not include username data. Use the command config cli username to restore usernames.
CHAPTER 5 CLI Commands CLI Commands The Command Line Interface commands are described below. Command Description config Changes the prompt to the CLI config branch. config config cli delete Deletes the specified user. config cli delete config cli info Shows all current CLI settings at this level. config cli info config cli login-attempts Specifies the maximum allowable number of failed login attempts before closing the connection.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config cli prompt Changes the root level prompt. config cli prompt where prompt is the new prompt name. The default prompt is an abbreviation of the product’s name, such as "HP SA8220." The default prompt can be restored by entering "" (two double quotes with no space between them) as the prompt name. config cli screenlines Specifies the number of lines in the output display.
CHAPTER 5 CLI Commands Command Description config cli username Add, change, or delete the logon entry or password. The default user name, "admin" cannot be deleted. NOTE: Username commands are not valid in configuration files, that is, save config and restore config operations do not include username data.
CHAPTER 5 IRV Commands HP Traffic Director Server Appliances User Guide The Intelligent Resource Verification (IRV) commands. are described below. Command Description config irv Changes to the config/irv branch config irv config irv info Displays the current ping interval config irv info config irv ping-interval Sets the IRV ping interval config irv ping-interval [0] where is a the number of seconds from 0 to 100,000.
CHAPTER 5 GUI Commands Command Description config gui info Displays current Graphical User Interface (GUI) configuration information config gui info config gui responsetimeout Specifies the interval in seconds the GUI waits for a response from the SA8220 before it times out. config gui response-timeout where is an integer between 0 and 120. A value of 0 disables timeout, and the default value is 30.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Routing Commands The Routing Commands (described below) are used both in route failover mode and in serial failover mode. In serial failover mode, they advertise routes to the VIPs. NOTE: Latency exists in the refresh process of normal routing tables. If you configure OSPF routing protocol for a SA8220 on a specific router, VIP destinations may be inconsistent in the routing table.
CHAPTER 5 Routing Commands Command Description config route ospf-dead Changes the duration of the OSPF router dead interval. The router dead interval is the number of seconds the SA8220’s OSPF neighbors should wait before assuming that this OSPF SA8220 is down. This must match the router dead interval of the ingress router. Valid range is from 1 to 2,147,483,647, and the default is 40. This value must be at least four times the hello interval.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config route protocol Specifies the desired routing protocol. config route protocol [rip | ospf | disable] where: • rip enables Routing Information Protocol (RIP) on the SA8220 • ospf enables Open Shortest Path First (OSPF) routing protocol on the SA8220 • disable disables both RIP and OSPF protocols. config route rip-version Specifies the RIP version (1 or 2).
CHAPTER 5 Policy Group Commands NOTE: The names of existing Policy Groups cannot be changed. Policy Group Commands The Policy Group commands are described below. Policy Group names must adhere to the following conventions: • From 1 to 25 characters in length • Any alphanumeric character • Other eligible characters include hyphens ("-"), periods ("."), and underscores ("_") • Spaces must not be used.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup throttle Enables throttling of services to meet specified response times. NOTE: When throttling is activated, requests to eligible servers in lowerpriority services are throttled until response times are met or all eligible servers have been throttled. An eligible server is one that is shared by both a higher and lower priority service. Throttling affects all services within the Policy Group.
CHAPTER 5 Policy Group Commands Command Description config policygroup service balancing Changes the load balancing algorithm. The default algorithm is "load." config policygroup service balancing [robin | load] where: • policy-name is the name of an existing Policy Group • service-name is the name of the service • robin directs the service to use the round-robin load balancing algorithm • load directs the service to use the response time load balancing algorithm.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service disable Disables the specified service.
CHAPTER 5 Policy Group Commands Command Description config policygroup service header-name Sets the name used in the HeaderNameField of the HTTP headers inserted when header or header-certificate are enabled, on a per-service basis.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service priority Sets the priority level of the specified service. config policygroup service priority where: • policy-name is the name of an existing Policy Group • service-name is the name of the service • level is the service priority. You may specify a value from 1 (highest) to 5 (lowest), with 1 as the default.
CHAPTER 5 Policy Group Commands Command Description config policygroup service server create Creates a new server. config policygroup service server create NOTE: The server name and port must be unique. where: • policy-name is the name of an existing Policy Group • service-name is the name of the service • server-name is any valid server name config policygroup service server port 606 Enables or disables 606 error detection on the named server.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service server port expression create (not available on the SA7200) Expressions allow the SA8220 to parse requests at the levels of path name, file type, and filename and direct them to the appropriate server. Expressions can include wildcards. This command creates an expression in the specified Policy Group/ service/server.
CHAPTER 5 Policy Group Commands Command Description config policygroup service server port expression delete (not available on the SA7200) Deletes the named expression. The expression may be designated either by its own specification or by entering its index as displayed by the expression info command.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service server port http Enables or disables HTTP error detection on the named server. When HTTP error detection is enabled, requests that generate HTTP errors 401-405 and 500-503 are rerouted (transparently to the client), to the next available server. When disabled, these errors are sent back to the requesting client.
CHAPTER 5 Command Policy Group Commands Description config policygroup Enables or disables Multi-hop Source Address Preservation service server port msap (MSAP) on the named server.
CHAPTER 5 Command HP Traffic Director Server Appliances User Guide Description config policygroup service sticky The SA8220 can be configured to maintain a session’s state so that serial requests from a single client are allocated to the same server. This is called "sticky port" functionality. This command allows you to enable or disable the sticky port function. Sticky functionality is enabled in either of two modes.
CHAPTER 5 System Commands System Commands The System commands are described below. Command Description config sys Changes the prompt to the config/sys branch config sys config sys autoboot Enables or disables the Autoboot function. If Autoboot is enabled, the SA8220 prompts you to press a key during restart to enter the Boot Monitor command line interface. If you ignore the prompt, restart finishes with the SA8220 in normal operating mode.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config sys id Sets the unit identifier. The SA8220 is shipped pre-configured with the unit’s serial number in this field. This command can change the identifier if the site requires alternate asset tracking information. config sys id where identifier is an alphanumeric value from 1 to 64 characters.
CHAPTER 5 System Commands Command Description config sys software delete Deletes old versions of SA8220 software from local storage. It can be used to free local storage to install a version update or product upgrade. config sys software delete where index is a valid index of an installed software image, as displayed using the command, show sys software info config sys software install Downloads and installs SA8220 software updates or upgrades.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config sys software ms-software Specifies the multi-site software level. The parameters are used to show all installed multi-site agents, enable a multi-site agent, delete a multi-site agent, or install a new multi-site agent.
CHAPTER 5 Security Commands Security Commands The Security commands are described below. Command Description config sys security custom access-control Determines whether the access control list is enabled or disabled. Access control lists are configured with the commands acl add (ip or netmask) and acl delete (ip or netmask). If an IP or netmask is on the access control list they are allowed to connect with any of the enabled administrative methods.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config sys security custom Switches to custom security settings menu config sys security custom config sys security custom forwarding Enables or disables IP forwarding. If IP forwarding is enabled, the servers connected to the second interface of the SA8220 are directly accessible by their IP addresses. There is no restriction on direct access to the servers through the SA8220.
CHAPTER 5 Security Commands Command Description config sys security custom telnet Enables or disables administration using telnet. config sys security custom telnet [enable | disable] Disabled by default. config sys security info Displays the current state of the security system config sys security mode Specifies the security mode. The default mode is "closed.
CHAPTER 5 SNMP Commands HP Traffic Director Server Appliances User Guide The SNMP commands are described below. Command Description config sys snmp community create Specifies community strings that the SA8220 will accept on incoming SNMP requests. Up to 10 community strings can be created.
CHAPTER 5 SNMP Commands Command Description config sys snmp info Displays information about the SNMP port, sysContact, sysName, and sysLocation. config sys snmp info config sys snmp port Specifies the port where the SA8220 receives SNMP requests. config sys snmp port <#> where # is a number between 5020 and 65535 (the default is 161) config sys snmp sysContact Specifies a string for the MIB-II variable sysContact. The default is NULL.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config sys snmp trap create community Specifies the host to which SA8220 sends SNMP traps. Up to 10 trap receivers can be created. By default the trap receiver list is empty, that is, no traps are sent.
CHAPTER 5 SSL Commands (SA8200/ SA8220 only) SSL Commands (SA8200/SA8220 only) The Secure Transactions (SSL) commands unique to the SA8220. are described below. Command Description config policygroup service key certificate create Creates a certificate. A private key must be created prior to using this command. You can optionally provide distinguished name (DN) information. If no DN information is provided, the default DN information is used.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service key certificate delete Deletes a certificate. config policygroup service key certificate delete where: • policy-name is the name of a policy group • service-name is the name of a service NOTE: When the procedure is complete, you Example: can type info at the prompt to verify the certificate’s HP SA8220/.../service//# deletion.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config policygroup service key certificate import Imports an existing certificate. We recommend you copy the certificate (a block of ASCII text) from a server’s console window, then paste it into the SA8220’s console window when prompted. To paste in a certificate, type the import command and press . The CLI prompts you to paste in the certificate. When finished, type three periods ("...") on a separate line, then press .
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service key client-ca header-certificate Adds the PEM-encoded client certificate to the HTTP header of requests sent to the servers. The SSL session ID will also be sent. The config policygroup service header-names command may be used to configure the header names field for the client certificate and SSL session ID.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config policygroup service key client-ca revocation import Imports a CRL from a server. config policygroup service key client-ca revocation [import] where: • policy-name is the name of a policy group • service-name is the name of a service For example, you can copy the CRL (a block of ASCII text) from a certificate server's console window, then paste it into the SA8220's console window.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service key client-ca revocation mode Sets the mode to disable or enable. NOTE: When mode is disabled, the presence of a valid CRL is irrelevant, since no client certificate checking will occur. When mode is enabled, a missing or invalid CRL will cause the service to become disabled. Changing the mode to disabled, or importing a valid CRL, will re-enable the service.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config policygroup service key client-ca revocation url Retrieves the CRL. NOTE: If refresh is set to a non-zero value, and the URL is invalid (or specifies a non-valid CRL file), a message is entered into the system logs. We encourage network administrators to monitor these logs to ensure the SA8220 is receiving CRLs properly. Using the refresh now command causes the log message to be printed to the screen.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service key delete Deletes a private key. config policygroup service key delete NOTE: key delete deletes the certificate, signing request, and private where: • policy-name is the name of a policy group key associated with the • service-name is the name of a service service .When the procedure is complete, you can type info at the prompt to verify the key’s deletion.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config policygroup service key import Imports an existing private key. For example, you can copy the key (a block of ASCII text) from a server’s console window, then paste it into the SA8220’s console window, or the private key may be copied via ftp. To paste in a key, type the import command and press . The CLI prompts you to paste in the certificate. When finished, type three periods ("...") on a separate line, then press .
CHAPTER 5 Command HP Traffic Director Server Appliances User Guide Description config policygroup service key signrequest create Creates a signing request. Signing requests are used to obtain certificates from a Certificate Authority. Once created, the signing request is exported and emailed to the Certificate Authority, who will mail you a certificate for you to import into the SA8220. You can optionally include distinguished name (DN) information in the request.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config policygroup service key signrequest delete Deletes a signing request. config policygroup service key signrequest delete where: • policy-name is the name of a policy group • service-name is the name of a service NOTE: When the procedure is complete, you can type info at the prompt For example: to verify the signing HP SA8220/.../service//key># request’s deletion.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config policygroup service key suite Specifies a cipher suite for each type of service.
CHAPTER 5 SSL Commands (SA8200/SA8220 only) Command Description config ssl dn Sets the Distinguished Name (DN) configuration. This information will be incorporated into new certificate or signing requests unless otherwise specified. NOTE: A unique DN should be specified when generating certificates for each private key created or installed on the SA8220. This prevents potential certificate conflicts with cached certificates on the client’s browser.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config ssl suite Configures the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. The value applies to all SSL-enabled services. config ssl suite [ all | high | medium | low | export | ] NOTE: For more information about supported ciphers, please see “Using Ciphers with the SA8220” in Appendix B.
CHAPTER 5 Logging Commands Logging Commands The Logging commands are described below. Command Description config logging info Displays current logging configuration settings. config logging sys Displays system-level logging configuration. config logging output Log file viewing and configurations. config logging sys info Displays the current system logging mask settings and available logging mask.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description config logging output logsize Sets the maximum log file size. Range is 1024-600000. config logging output viewlog Allows review of the log file. An option filter value can be indicated to remove the logging mask from the log file upon review.
CHAPTER 5 Show Commands Show Commands The Show commands are described below.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description show policygroup service info To display configuration for ALL services in the specified policy group: show policygroup service info where policy-name is the name of the policy group whose service information you want to view To display configuration for a SPECIFIED service: show policygroup service info where: • policy-name is the name of the policy group • service-name is the na
CHAPTER 5 Show Commands Command Description show policygroup key sign-request info (SA8200/SA8220 only) Displays signing request information show policygroup service key sign-request info • • show policygroup key client-ca revocation (SA8200/SA8220 only) service-name is the name of the service Displays client-ca revocation information show policygroup service key client-ca revocation info • • show policygroup service server info policy-name
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description show policygroup service server port info Displays configured server ports show policygroup service server port info where: • policy-name is the name of the policy group • service-name is the name of the service • server-name is the name of the server show policygroup service server port expression info (not available on the SA7200) Displays the list of expressions for the specifi
CHAPTER 5 Show Commands Command Description show stats info Displays the SA8220’s statistics NOTE: Statistics for open connections in RICH and SSL modes (on the SA8220 and the SA7220) are not available.
CHAPTER 5 HP Traffic Director Server Appliances User Guide Command Description show sys software info Displays a list of installed software images, their image index, product, version, and build numbers show sys software info show sys software mssoftware info Displays all current installed multi-site software versions show sys software ms-software info 206
Scenarios This chapter covers the topics shown below: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 6 HP Traffic Director Server Appliances User Guide e-Commerce Appliance Scenarios This chapter contains five scenarios that demonstrate the HP eCommerce Traffic Director Server Appliance SA8200/SA8220s, the HP Traffic Director Server Appliance SA7200/7220s operation using “real world” contexts.
CHAPTER 6 e-Commerce Appliance Scenarios In Dual NIC mode, the SA8220 uses two Ethernet ports. One is connected to the router or switch on which client requests arrive, and the other is connected to the server-side subnet. By contrast, Single NIC mode refers to configurations in which the SA8220 communicates with the router or switch and the servers via a single Ethernet port. For more information, please see “Routing with Dual Interfaces” in Chapter 2.
CHAPTER 6 HP Traffic Director Server Appliances User Guide Specify failover method (disabled, serial, route): [disabled] ---> Enable Autoboot (yes,no) [no] ---> monitor>dns Would you like to configure DNS (yes,no)? [no] --->yes Enter Domain name (‘-’ to cancel) ---> tcslab.mycompany.com Enter the IP Address of the Primary name server (‘-’ to cancel)--->10.6.5.11 Specify additional name server ( to end ) ---> monitor>save List of currently saved configuration file(s).
CHAPTER 6 e-Commerce Appliance Scenarios Current active configuration -----------------------------Product: Version: Patch Level: Build Current time: HP_SA8220 2.7 0.0 38 Thu Oct 5 11:55:49 PDT 2000 Hostname: SA8220 -------------Network side NIC: IP Address: 10.6.2.99 Netmask: 255.255.255.0 MAC address: 0:90:27:f6:f6:22 --------------Server side NIC: IP Address: 10.6.4.99 Netmask: 255.255.255.0 MAC address: 0:d0:b7:7f:46:34 --------------Default Gateway: 10.6.2.1 Domain: tcslab.mycompany.
CHAPTER 6 HP Traffic Director Server Appliances User Guide Password: HP SA8220 e-Commerce Director command line interface Copyright (c) 2001 Hewlett-Packard Company All Rights Reserved. Please wait .. HP SA8220# Create a Policy Group 1. To create a policy group, first move the prompt to the CLI’s policy group level by typing this command: HP SA8220#config policygroup 2.
CHAPTER 6 e-Commerce Appliance Scenarios Add Servers to the HTTP Service 1. To add server “serv1.acme.com” to the HTTP service, type this command: HP SA8220/config/policygroup/gold/service/http# server create serv1.acme.com port 80 Server serv1.acme.com port 80 has been created. This command tells the SA8220 that serv1.acme.com can fulfill requests arriving at 30.1.1.201 on port 80. 2. To add server “serv2.acme.com,” type this command: HP SA8220/config/policygroup/gold/service/http# server create serv2.
CHAPTER 6 Scenario 2: Load Balancing Servers with Source Address Preservation HP Traffic Director Server Appliances User Guide In its default operating mode, the SA8220 alters source and destination packet addresses so that fulfillment servers see only the SA8220’s address. However, under some circumstances, administrators may want to preserve incoming clients’ addresses in the server log files.
CHAPTER 6 e-Commerce Appliance Scenarios Prerequisites for Scenario 2 NOTE: For each fulfillment, the server’s default gateway must be set to the SA8220’s real IP address. • At least one Web server • One client • One SA8220 must be physically installed on the network, and its Boot Monitor and routing protocol configurations must be complete (please see the “Getting Started Guide”). Procedure for Scenario 2 Connect to the SA8220 1. Telnet to the SA8220 and log on as the administrator (admin).
CHAPTER 6 HP Traffic Director Server Appliances User Guide 2. To move the prompt to the level of the specific service, type this command: HP SA8220/config/policygroup/saptest#service sap Add Servers to the SAP Service 1. To add the server “serv1” to the SAP service, type this command: HP SA8220/config/policygroup/saptest/service/ sap#server create serv1.prime.com port 80 Server serv1.prime.com port 80 has been created. This tells the SA8220 that serv1.prime.com can fulfill requests arriving at 30.1.1.
CHAPTER 6 Scenario 3: Routing Outbound Data Away from the SA8220 for OPR e-Commerce Appliance Scenarios You can configure the SA8220 to direct outbound data from the fulfillment servers to bypass the SA8220. Most requests to servers elicit a disproportionate amount of return data. Under some circumstances, it is desirable to avoid routing such volumes of content through the SA8220 as it returns to the client.
CHAPTER 6 HP Traffic Director Server Appliances User Guide Prerequisites for Scenario 3 Equipment • At least one Web server with an installed loopback adapter (for example, UNIX* or Windows* or NT*) • One SA8220 physically installed on the network, with its Boot Monitor and routing protocol configurations completed (please see the “Getting Started Guide”). Procedure for Scenario 3 Connect to the SA8220 1. Telnet to the SA8220 and log on as the administrator (admin).
CHAPTER 6 e-Commerce Appliance Scenarios Add HTTP Service and VIP 1. To add HTTP service (with a virtual IP address of 10.1.1.201 on port 80) to policy group oprtest, type this command: HP SA8220/config/policygroup/oprtest# service create OPR vip 30.1.1.201 port 80 This command creates a new service on the SA8220, using the HTTP protocol, at IP address 30.1.1.201, listening on TCP port 80. 2.
CHAPTER 6 Scenario 4: Content Routing (SA7220 and SA8200/ SA8220 only) HP Traffic Director Server Appliances User Guide Because the SA8220 can differentiate servers according to their content, it can apportion requests based on the type of content requested. For example, an administrator might choose to run the most processor-intensive processes (such as CGI scripts) on the most powerful servers while placing the less processor-bound files on slower servers.
CHAPTER 6 e-Commerce Appliance Scenarios Client Broker S erver S YN S Y N/ACK ACK Get UR L S YN S YN/ACK ACK Get UR L Data Data Data Flow Diagram for Scenario 4 Prerequisites for Scenario 4 • At least two Web servers • One for HTML and images • One for CGI scripts • One SA8220 physically installed on the network, and its Boot Monitor and routing protocol configurations must be complete (please see the “Getting Started Guide”). Procedure for Scenario 4 Connect to the SA8220 1.
CHAPTER 6 HP Traffic Director Server Appliances User Guide Create a Policy Group 1. To create a policy group, first move the prompt to the policy group level by typing this command: HP SA8220#config policygroup 2. To specify the new policy group's name (“richtest” in this example), type this command: HP SA8220/config/policygroup#create richtest 3. To move the prompt to the new policy group's level, type this command: HP SA8220/config/policygroup#richtest Add RICH_HTTP Service and VIP 1.
CHAPTER 6 e-Commerce Appliance Scenarios 2. To move the prompt to the server level, type this command: HP SA8220/config/policygroup/richtest/service/ rich#server serv1.prime.com port 80 Add Expressions to serv1’s Configuration 1. Finish the configuration by adding expressions to server Serv1.com to differentiate content by typing these commands: HP SA8220/config/policygroup/richtest/service/ rich/server/serv1.prime.com/port/80#expression create *.
CHAPTER 6 HP Traffic Director Server Appliances User Guide 4. To move the prompt, type this command: HP SA8220/config/policygroup/richtest/service/ rich/server#serv2.prime.com port 80 Add an Expression to serv2’s Configuration 1. Now add an expression to differentiate serv2’s content from that of serv1 by typing this command. In this example, serv2 contains CGI content: HP SA8220/config/policygroup/richtest/service/ rich/server/serv2.prime.com/port/80# expression create /cgi-bin/* 2.
CHAPTER 6 e-Commerce Appliance Scenarios When configuring routing on the SA8220, always match the router’s configuration. The SA8220 can be programmed to use RIP v1, RIP v2 or OSPF.
CHAPTER 6 Scenario 5: Using SSL Acceleration (SA8200/ SA8220 only) HP Traffic Director Server Appliances User Guide We now build upon Scenario 4 by adding a Layer 7 service using the SA8220’s SSL acceleration capabilities. As discussed earlier, the SA8220 can off load SSL processing from the web server, providing dramatically improved performance. The figure below shows the message flow when the SA8220 is used for SSL processing.
CHAPTER 6 e-Commerce Appliance Scenarios Procedure for Scenario 5 Using this procedure, you will add an SSL enabled service called “SSL” to the previously defined “Richtest” policy group. 1. Telnet to the SA8220 and log on as the administrator (admin). The Command Line prompt appears, as shown below: HP SA8220# 2. To move the prompt to the Richtest policy group, type this command: HP SA8220#config policygroup richtest 3.
CHAPTER 6 HP Traffic Director Server Appliances User Guide 6. To create a certificate, type these commands: HP SA8220/config/policygroup/richtest/service/ SSL# key certificate create Certificate created (Expires in 30 days). The service is SSL enabled. Define the servers to start processing. HP SA8220/config/policygroup/richtest/service/ SSL# server create serv2.prime.com port 80 Server serv2.prime.com port 80 has been created. HP SA8220/config/policygroup/richtest/service/ SSL# server create serv3.prime.
CHAPTER 6 e-Commerce Appliance Scenarios Procedure for Scenario 6 Using this procedure, you will configure the SA8220 to use a CRL. 1. Telnet to the SA8220 and log on as the administrator (admin). The Command Line prompt appears, as shown below: HP SA8220# 2. To move the prompt to the SSL service in the Richtest policy group, type this command: HP SA8220#config policygroup richtest service SSL You will see: HP SA8220/config/policygroup/richtest/service/ SSL# 3.
CHAPTER 6 HP Traffic Director Server Appliances User Guide 5. Paste in the certificate.
CHAPTER 6 e-Commerce Appliance Scenarios 7. To give the SA8220 the download address for the CRL, type the following command:
CHAPTER 6 HP Traffic Director Server Appliances User Guide 10.
SNMP Support This chapter covers the topics shown below: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 7 HP Traffic Director Server Appliances User Guide Using SNMP The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and the HP Traffic Director Server Appliance SA7200/ SA7220s include a fully compliant, embedded Simple Network Management Protocol (SNMP) agent that supports SNMPv1 and SNMPv2c requests. In addition to standard MIB-II, HP private enterprise MIBs provide the following capabilities: NOTE: To allow communications to the SNMP port, SNMP must be enabled.
CHAPTER 7 HP MIB Tree Using SNMP Refer to the figure below (HP’s MIB tree) for a better understanding of this section. HP’s MIB Tree All HP enterprise MIBs and MIB objects are defined under the management branch of the HP tree. All sysObjectIds that identify HP products are defined under the hpServer AppliancesSystem branch of the HP tree.
CHAPTER 7 HP Traffic Director Server Appliances User Guide Supported MIBs Management Information Base-II (MIB-II) HP Enterprise MIBs: hpserver-header.my hpbroker-mib.my hpl7-broker-mib.my hpssl-acceleration-mib.my hpuser-mib.my Where to find MIB Files Electronic copies of the HP MIB files used by the SA8220 are shipped with the product on CD-ROM and are available from HP’s web site: http://www.hp.
CHAPTER 7 Using SNMP hpbroker-mib.my hpbroker-mib.my defines objects and traps for Layer 4 load balancing. hpbroker-mib.my also contains objects and traps related to server availability, the SA8220’s CPU utilization, and its operational status. The hpbroker-mib.my objects and traps are discussed below. Server Availability (Ping) NOTE: The Intelligent Resource Verification (IRV) CLI command is config irv (default value is zero).
CHAPTER 7 HP Traffic Director Server Appliances User Guide Trap thresholds for server connection count can be configured so that a trap is sent if the connection count reaches a specified value. The serverConnCntAlert and serverConnCntNormal traps and applicable thresholds work similarly for server response time. Trap thresholds for server connections can be configured such that if the connection/second rate reaches a given value, a trap is sent.
CHAPTER 7 Using SNMP Trap thresholds for service connection can be configured such that if the connection/second rate reaches a value, a trap is sent. The serviceCpsAlert and serviceCpsNormal trap and applicable thresholds work similarly for service response time. Broker Connection Count, Connections/Second and CPU Utilization brokerConnCnt is the number of established TCP connections used for load balancing. This number aggregates all serviceConnCnt values in the serviceTcpTable.
CHAPTER 7 HP Traffic Director Server Appliances User Guide The traps redundantBrokerUp and redundantBrokerDown are sent to alert the administrator of any changes in the availability of the redundant Director. hpl7-broker-mib.my NOTE: This MIB is not available on the SA7200. hpl7-broker_mib.my defines objects and traps for Layer 7 load balancing. The hpl7-broker-mib.my objects and traps are discussed below. HTTP Monitor Table A 24-hour history of HTTP performance is maintained in httpMonTable.
CHAPTER 7 Using SNMP sequence until the HTTP request is fulfilled. If the HTTP request is fulfilled, the client sees a successful completion of the request. Otherwise, the client receives a 503 error from the Director. http606Redirects is the number of times during the hour that the Director redirected a request to a server. http606ErrsToClient is the number of times during the hour that a 503 error is returned to the client because all redirection attempts failed to fulfill an HTTP request.
CHAPTER 7 HP Traffic Director Server Appliances User Guide sslConnProcessed is the number of SSL connections handled by the SA8220 during the hour. sslTraffic indicates whether or not SSL traffic exceeded maximum capacity at least once during the 1-hour period. This object starts with the value "ok" and is changed to "overflow" at the first instance in which SSL traffic exceeds the capacity of the box. The value does not toggle back to "ok.
CHAPTER 7 Using SNMP brokerCpsNormal brokerConnCntAlert brokerConnCntNormal brokerCpuUtilAlert brokerCpuUtilNormal operationStateChanged redundantBrokerDown redundantBrokerUp NOTE: This MIB is not available on the SA7200. hpl7-broker-mib.my NOTE: This MIB is available only on the SA8200/SA8220. hpssl-acceleration-mib.my httpErrsToClientAlert http606ErrsToClientAlert sslTrafficOverflowAlert hpuser-mib.
CHAPTER 7 HP Traffic Director Server Appliances User Guide The following CLI commands are used to display and configure SNMP community strings. These parameters are also configurable in the Administration-SNMP tab of the Web-based GUI interface. config sys config sys address> config sys address> snmp community info snmp community create ip ip
CHAPTER 7 Using SNMP Configuring Trap Parameters Use the following CLI commands to display and configure SNMP trap parameters: NOTE: These parameters are also configurable in the Administration-SNMP tab of the Web-based GUI interface. By default, the UDP port used for sending traps is 162. The trap port can be changed to a number between 5020 and 65535, or left at 162.
CHAPTER 7 HP Traffic Director Server Appliances User Guide Notes 246
Software Updates This chapter covers the following topics: NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models.
CHAPTER 8 HP Traffic Director Server Appliances User Guide Updating Your System Software Your HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220 is shipped with the latest system software installed. After initial installation and setup, you may be eligible for, or choose to purchase, a software version update or product upgrade.
CHAPTER 8 Downloading and Installing the Software Downloading and Installing the Software The process for downloading and installing the software is the same whether the image is a version update, product upgrade, or patch. After the install file is on an ftp server, use the GUI or the CLI to download and install it onto the SA8220. Although it is possible to install software while the SA8220 is operating, it is recommended that you configure a backup SA8220 before installation to minimize your downtime.
CHAPTER 8 Rebooting with the New Image and Verifying Installation NOTE: If any errors occurred during installation, the show sys software info command may display the image as installed, but the downloaded image is not safe to use. Use config sys software delete to delete the image and repeat the installation before continuing. If the problem persists, contact HP Customer Support.
CHAPTER 8 Upgrading Under Serial Cable Failover Configuration Downloading and Installing the Software Upgrading software versions on two SA8220s (System A and System B) configured for serial cable failover presents a special case. This procedure ensures minimum downtime during upgrade. 1. At System A’s run time CLI, type the save command to save its current configuration in a file, such as beforeupgrade.cfg. 2.
CHAPTER 8 HP Traffic Director Server Appliances User Guide 11. At the prompt, type the new password. This password must also consist of 8 to 128 characters. 12.
Security Configuration Recommended Security Configuration This section describes configuration options to enhance the level of protection of your system. For more details, please see “Command Line Interface” in Chapter 5. 1. If you have not already done so, change the admin password by typing the config cli username command. 2. Set security to closed or custom mode typing the config sys security mode command. Closed mode restricts administration to the serial port.
APPENDIX A HP Traffic Director Server Appliances User Guide 3. With custom mode access, control lists can be used to further enhance administration security by restricting management functionality to either your IP or subnet. Type the commands as shown below: config sys security custom access-control enabled config sys security custom acl add ip For a subnet entirely under your control, type the following command: config sys security custom acl add netmask / 4.
SSL Configuration Obtaining Keys and Certificates NOTE: This chapter applies to the SA8200/ SA8220 only. The SA8220 comes with default keys and certificates for test purposes. However, certificates for production use must be obtained from a recognized Certificate Authority. Keys and certificates are necessary for the successful operation of the SA8220 for e-Commerce traffic processing.
APPENDIX B Copying and Pasting Keys and Certificates HP Traffic Director Server Appliances User Guide Copying and pasting is an integral part of the next several procedures. Below are steps required to perform these tasks using HyperTerminal*. If you use another terminal program, consult that product’s documentation for the appropriate procedures. To copy an item (key, certificate signing request, etc.) from HyperTerminal*: 1. Open the HyperTerminal* window. 2. Click and drag to select the item. 3.
APPENDIX B Obtaining a Certificate from Verisign or another CA Obtaining Keys and Certificates Use the policy manager key create command to create your key and the key signrequest create command to create a signing request to be sent to Verisign or another CA for authentication. The CA will return the certificate, but there may be a delay of 1-5 days. This method is used when certificate authentication is desired.
APPENDIX B Importing Keys into the SA8220 NOTE: Do not interrupt the import process. If you do interrupt the process, delete the key and start again. HP Traffic Director Server Appliances User Guide The recommended method for importing an existing key is to copy the key (a block of ASCII text) from your backup SA8200 key file, then paste it into the SA8220’s console window when prompted. For more details about copying and pasting, please see “Copying and Pasting Keys and Certificates” in this appendix.
APPENDIX B Obtaining Keys and Certificates Importing Certificates into the The recommended method for importing an existing certificate is to copy the certificate (a block of ASCII text) from your certificate server console window, then paste it into the SA8220’s console window when prompted. SA8220 For more details about copying and pasting, please see “Copying and Pasting Keys and Certificates” in this appendix. NOTE: Do not interrupt the import process.
APPENDIX B HP Traffic Director Server Appliances User Guide Creating a new Key/Certificate on the SA8220 Use the policy manager key create and key create certificate commands to create new keys and certificates for SA8220 operation. This procedure can be used when there are no existing keys and certificates on the server. The advantage is that this method is very fast, but a CA has not signed the certificates.
APPENDIX B Using Global Site Certificates Obtaining Keys and Certificates Overview The export versions of Internet Explorer and Netscape Communicator initiate an SSL connection to the SSL server to use 40-bit encryption, even though the browser is capable of 128-bit encryption. The server responds to the browser with a digital certificate. If the certificate is not a global site certificate, both the browser and server will continue the SSL handshake and use the 40bit key to encrypt application data.
APPENDIX B NOTE: There must be no white space before, between, or after certificates, and the “Begin...” headers and “End...” trailers must all be retained.
APPENDIX B Generating a Client CA Generating a Client CA NOTE: To acquire a copy of OpenSSL* for your environment, access the OpenSSL website at http://www.openssl.org. This procedure shows how to generate a client CA using OpenSSL: 1. Create a working directory where all the keys and certificates will be stored. 2. Copy the file openssl.cnf from the openSSL source directory. 3. Create a private key by typing this command: openssl genrsa -out key.pem 1024 4.
APPENDIX B HP Traffic Director Server Appliances User Guide Generating a CRL NOTE: To acquire a copy of OpenSSL for your environment, access the OpenSSL website at http://www.openssl.org. This procedure shows how to generate a Certificate Revocation List (CRL) using OpenSSL: NOTE: Most of these commands use the openssl.cnf file. Make sure the information presented in this file is accurate and that it reflects the directory structure used.
APPENDIX B Revoking a Certificate 12. Combine the clientkey1.pem and cert.pem files into one file by typing this command: cat clientkey1.pem cert.pem > all.pem 13. Convert to p12 format by typing this command: openssl pkcs12 -export -in all.pem -out .p12 -name “MY NAME” Revoking a Certificate 1. To revoke a certificate, type this command: openssl ca -revoke clientcertificate.pem 2. Generate a new CRL to incorporate the revoked certificate by typing this command: openssl ca -gencrl -out crl.
APPENDIX B HP Traffic Director Server Appliances User Guide The table below provides ciphers supported by the SA8220. Notice that the export version of the software supports only the ciphers marked “E” in the Profile column.
APPENDIX B HTTP Header Information HTTP Header Information NOTE: Only the SOURCE_IP parameter is supported by the SA7200 and SA7220. The SA8220 includes the client IP address and current encryption information in the HTTP request sent to the server. This information is provided below. Tag Value HP_CLIENT_ CERTIFICATE The client certificate in ASCII. HP_CIPHER_USED The cipher suite for the connection. For example: DES-CBC-SHA HP_SOURCE_IP The client's IP address in ASCII. For example: 209.249.194.
APPENDIX B HP Traffic Director Server Appliances User Guide Notes 268
Failover Method Dependencies Failover Modes NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. The failover modes are described below.
APPENDIX C HP Traffic Director Server Appliances User Guide The table below illustrates feature availability under different failover modes.
APPENDIX C Failover Mode Failover Modes Single Interface with “outside” router Dual Interface Dual Interface with “outside” router Dual Interface with “inside” and “outside” routers (3) N/A Same subnet, only on “outside” N/A Same subnet, only on “outside” No No No No Yes Yes Yes Yes (5) HOT and SAP Yes (1) Yes (1) Yes (1) Yes (1) (4) OPR Yes N/A Yes No RICH Yes Yes Yes Yes (5) RICH and SAP Yes (1) Yes (1) Yes (1) Yes (1) (4) Feature VIP ARPing Serial Cable Failover AND
APPENDIX C HP Traffic Director Server Appliances User Guide Notes 272
Configuring Out-ofPath Return Configure OPR for Windows* 2000* Set the Loopback NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. 1. From the Start menu, click Settings. 2. Open the Control Panel, as shown in the following figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Windows 2000 Control Panel 3. Double-click Add/Remove Hardware. 4. The Add/Remove Hardware Wizard appears, as show below.
APPENDIX D Configure OPR for Windows* 2000* Add/Remove Hardware Wizard 5. Click Next to bring up the Choose a Hardware Task screen, as shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Choose a Hardware Task Screen 6. Select Add/Troubleshoot a device. 7. Click Next to bring up a Devices list, as shown in the following figure.
APPENDIX D Configure OPR for Windows* 2000* Devices List 8. Highlight Add a new device. 9. Click Next to bring up the Find New Hardware screen, as shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Find New Hardware Screen 10. Select No to search for new hardware. 11. Click Next to bring up the Hardware Type screen, as shown in the next figure.
APPENDIX D Configure OPR for Windows* 2000* Hardware Type Screen 12. Click Network Adapters. 13. Click Next to bring up the Select Network Adapter screen, as shown in figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Select Network Adapter Screen 14. Under Manufacturers, scroll down to Microsoft. 15. Under Network Adapter, select Microsoft Loopback Adapter. 16. Click Next to bring up the Start Hardware Installation screen, as shown in the next figure.
APPENDIX D Configure OPR for Windows* 2000* Start Hardware Installation Screen 17. Click Next to bring up the Completing the Add/Remove Hardware Wizard screen, as shown below.
APPENDIX D HP Traffic Director Server Appliances User Guide Completing the Add/Remove Hardware Wizard Screen 18. Click Finish. 19. To configure the Loopback, open the Control Panel, as shown in the next figure.
APPENDIX D Configure OPR for Windows* 2000* Windows 2000 Control Panel 20. Double-click the Network and Dial-up Connections icon to bring up the next screen, shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Network and Dial-up Connections Screen 21. Highlight Local Area Connection 2 (the Loopback Adapter). 22. From the menu bar, select File | Properties to bring up the Properties screen, as shown in the next figure.
APPENDIX D Configure OPR for Windows* 2000* Location Area Connection 2 Properties Screen 23. Scroll down to Internet Protocol (TCP/IP), as shown in the next figure, and double-click.
APPENDIX D HP Traffic Director Server Appliances User Guide Select Internet Protocol (TCP/IP) 24.
APPENDIX D Configure OPR for Windows* 2000* Internet Protocol (TCP/IP) Properties Screen 25. In the IP address field, type the Virtual IP (VIP) address of the SA8220. 26. In the Subnet Mask field, type the subnet mask appropriate for your environment. 27. Leave the Default Gateway field blank. 28. Click OK. 29. Reboot the computer.
APPENDIX D HP Traffic Director Server Appliances User Guide Configure OPR for Windows* NT* Set the Loopback 1. From the Start menu, click on Settings, then open the Control Panel. 2. The Control Panel appears, as shown below. NOTE: OPR is not available for SSLenabled services. Windows NT Control Panel 3. Double-click on the Network icon. The Network dialog appears, as shown in the next figure.
APPENDIX D Configure OPR for Windows* NT* Network Adapter Setting 4. Click the Adapters tab. 5. Click Add. The Select Network Adapter dialog appears, as shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Choosing the MS Loopback Adapter 6. From the Network Adapter list, select MS Loopback Adapter and click OK. The MS Loopback Adapter Card Setup dialog appears, as shown in the next figure.
APPENDIX D Configure OPR for Windows* NT* 7. Choose the default Frame Type (802.3) and click OK. If the necessary files are not found on your system, the Windows NT Setup dialog appears, as shown in the next figure. Copying Windows NT Files 8. If necessary, specify where Windows NT can find the files and click Continue. The files will load on your system, and the MS Loopback Adapter appears in the Network Adapters list, as shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide MS Loopback Adapter Installed 9. Click the Protocols tab. The protocol settings appear, as shown in the next figure.
APPENDIX D Configure OPR for Windows* NT* Protocol Settings 10. From the Network Protocols list, click TCP/IP Protocol. 11. Click Properties.... The Microsoft TCP/IP Properties dialog appears, as shown in the next figure.
APPENDIX D HP Traffic Director Server Appliances User Guide Setting the TCP/IP Properties 12. From the Adapter pull-down menu, select the MS Loopback Adapter. 13. Click Specify an IP address. 14. In the IP address field, type the Virtual IP (VIP) address of the SA8220. 15. In the Subnet Mask field, type the subnet mask appropriate for your environment. 16. Leave the Default Gateway field blank. 17. Click Apply. 18. Click OK. 19. Reboot the computer.
APPENDIX D Configure OPR for Windows* NT* Run a Web Service on the Loopback Interface Using IIS 3.0 NOTE: If you cannot find Microsoft Internet Server (Common), you do not have IIS running on your server. Install IIS 3.0 and start this procedure again. 1. From the Start menu, click Programs and then Microsoft Internet Server (Common) to run the Internet Service Manager. 2. After the Microsoft Internet Service Manager console appears, double-click the WWW service.
APPENDIX D HP Traffic Director Server Appliances User Guide Run a Web Service on the Loopback Interface Using IIS 4.0 NOTE: If you cannot find Internet Service Manager, you do not have IIS running on your server. Download and install the Option Pack, then start this procedure again. 1. From the Start menu, click Programs, click Windows NT 4.0 Option Pack, and then click Microsoft Internet Information Server. 2. Run the Internet Service Manager. 3.
APPENDIX D Configuring OPR for Apache Web Server on a UNIX* machine Configuring OPR for Apache Web Server on a UNIX* machine This section reproduces the commands required to configure Out-ofPath Return for an Apache Web Server on a UNIX* machine. ifconfig lo0 add or ifconfig lo0 alias or ifconfig lo0:1 1. Add the appropriate command to an /etc/rc file to return this configuration at boot time. 2. Edit the httpd.
APPENDIX D HP Traffic Director Server Appliances User Guide Notes 298
Diagnostics and Troubleshooting Running Diagnostics NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. This section describes the available diagnostic information and infield diagnostics.
APPENDIX E Diagnostic LEDs HP Traffic Director Server Appliances User Guide The front panel’s LEDs provide information generated by the boottime power-on-self-test (POST) and application restart sequences. There are four LEDs on the front panel, as shown below. Power Status Act 1 Act 2 Diagnostic LEDs Power Indication The front panel Power LED connects directly to the unit’s power supply. If the Power LED is not illuminated, power is not connected to the unit, or the unit’s power supply has failed.
APPENDIX E Running Diagnostics Boot-time LED Diagnostics The front panel’s Status, Act 1 and Act 2 LEDs display the transition through a sequence of codes at boot time indicating the SA8220’s progress through the boot process. If the boot process aborts, terminates, or hangs before the SA8220 is online and functional, the state of the LEDs can help in diagnosing the problem. The table below describes the restart sequence and conditions.
APPENDIX E HP Traffic Director Server Appliances User Guide Activity LEDs The table below describes the run time behavior of the Activity LEDs (Act 1, Act 2).
APPENDIX E Troubleshooting Troubleshooting This section contains descriptions of possible difficulties followed by possible causes and suggestions for solutions. The table below contains the troubleshooting guide for the HP eCommerce Traffic Director Server Appliance SA8200/SA8220, the HP Traffic Director Server Appliance SA7200/SA7220. Problem Possible Cause Solution Cannot ping the VIP Route role/protocol configuration is incorrect. Ensure that the route role and protocol are set correctly.
APPENDIX E HP Traffic Director Server Appliances User Guide Problem Possible Cause Solution Slow client response from a web server through the SA8220 compared to response time directly from the web server Hostname/IP address resolution on the server may be misconfigured or incomplete, causing a delay in the server response. Add the hostname/real IP address of the SA8220 to the HOSTS file on the server to eliminate any delay in hostname/IP address resolution on the server.
APPENDIX E Troubleshooting Problem Possible Cause Solution Telnet connection to CLI on offline SA8220 in serial failover mode does not appear to connect, or, logon prompt does not appear immediately. DNS resolution is incomplete. The client machine’s host name must be DNSresolvable by the SA8220. If DNS is not used, use the config sys hosts add command at the CLI to add the client’s hostname to the SA8220’s local host file. The SA8220 also needs to be added to the client machine’s local hosts file.
APPENDIX E HP Traffic Director Server Appliances User Guide Problem Possible Cause Solution Client getting timeout or “service not found” errors Proxy servers inhibit use of sticky src-ip option. Some ISPs use proxy servers to load balance client sessions. When the sticky src-ip option is enabled and the client’s session is switched to another proxy server, the source IP address is changed. This may cause the SA8220 to route the request to a different server.
Cleaning the Dust Filter Background NOTE: For ease of reading, all models are referred to as the SA8220 throughout this document. Unless noted otherwise, all SA8220 references refer to all models. The HP e-Commerce Traffic Director Server Appliance SA8200/ SA8220s and HP Traffic Director Server Appliance SA7200/ SA7220s each have a dust filter element mounted behind the front grille and in front of the dual intake fans. This filter is washable and must be cleaned every six months at a minimum.
APPENDIX F HP Traffic Director Server Appliances User Guide Dust Filter Cleaning Procedure To clean the dust filter, follow the steps below: 1. Remove the two Phillips screws that secure the metal grille on the left side of the SA8220’s front panel. Remove the grille to expose the foam filter element. 2. Remove the foam filter element from its recess. 3. Replace the grille and its screws while the filter element is being cleaned. 4. Wash the filter in warm water and set aside to dry. 5.
Regulatory Information Taiwan Class A EMI Statement VCCI Class A (Japan)
REGULATORY HP Traffic Director Server Appliances User Guide VCCI Statement Class A ITE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. WARNING: This is a Class A product.
REGULATORY FCC Part 15 Compliance Statement FCC Part 15 Compliance Statement This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
REGULATORY HP Traffic Director Server Appliances User Guide Canada Compliance Statement (Industry Canada) Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur: "Appareils Numériques", NMB-003 édictée par le Ministre Canadien des Communications.
REGULATORY WARNING WARNING The system is designed to operate in a typical office environment. Choose a site that is: • Clean and free of airborne particles (other than normal room dust). • Well-ventilated and away from sources of heat including direct sunlight. • Away from sources of vibration or physical shock. • Isolated from strong electromagnetic fields produced by electrical devices.
REGULATORY HP Traffic Director Server Appliances User Guide AVERTISSEMENT Le système a été conçu pour fonctionner dans un cadre de travail normal. L’emplacement choisi doit être: • Propre et dépourvu de poussière en suspension (sauf la poussière normale). • Bien aéré et loin des sources de chaleur, y compris du soleil direct. • A l’abri des chocs et des sources de ibrations. • Isolé de forts champs magnétiques géenérés par des appareils électriques.
REGULATORY WARNUNG WARNUNG Das System wurde für den Betrieb in einer normalen Büroumgebung entwickelt. Der entwickelt.
REGULATORY HP Traffic Director Server Appliances User Guide AVVERTENZA Il sistema è progettato per funzionare in un ambiente di lavoro tipico. Scegliere una postazione che sia: • Pulita e libera da particelle in sospensione (a parte la normale polvere presente nell’ambiente). • Ben ventilata e lontana da fonti di calore, compresa la luce solare diretta. • Al riparo da urti e lontana da fonti divibrazione. • Isolata dai forti campi magnetici prodotti da dispositivi elettrici.
REGULATORY ADVERTENCIAS ADVERTENCIAS El sistema está diseñado para funcionar en un entorno de trabajo normal. Escoja un lugar: • Limpio y libre de partículas en suspensión (salvo el polvo normal). • Bien ventilado y alejado de fuentes de calor, incluida la luz solar directa. • Alejado de fuentes de vibración. • Aislado de campos electromagnéticos fuertes producidos por dispositivos eléctricos.
REGULATORY HP Traffic Director Server Appliances User Guide Wichtige Sicherheitshinweise 1. Bitte lesen Sie sich diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den spätern Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig- oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung. 4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind. 5.
REGULATORY Wichtige Sicherheitshinweise 15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einerqualifizierten Servicestelle zu überprüfen: a. Netzkabel oder Netzstecker sint beschädigt. b. Flüssigkeit ist in das Gerät eingedrungen. c. Das Gerät war Feuchtigkeit ausgesetzt. d. Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen. e.
REGULATORY HP Traffic Director Server Appliances User Guide Notes 320
Software License Agreements ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS SET FORTH BELOW. USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. IF YOU DO NOT ACCEPT THESE LICENSE TERMS, YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND. IF THE SOFTWARE IS BUNDLED WITH ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE UNUSED PRODUCT FOR A FULL REFUND. HP SOFTWARE LICENSE TERMS License Grant. HP grants you a license to Use one copy of the Software.
SOFTWARE HP Traffic Director Server Appliances User Guide Ownership. The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership and is not a sale of any rights in the Software, its documentation or the media on which they are recorded or printed. Third party suppliers may protect their rights in the Software in the event of any infringement. Copies and Adaptations.
SOFTWARE HP Traffic Director Server Appliances User Guide whichever is applicable. You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved.
SOFTWARE HP Traffic Director Server Appliances User Guide Notes 324
Glossary This section defines terms and acronyms used throughout the HP Traffic Director Server Appliances User Guide. Certificate A digitally-signed token in an SSL-encrypted transaction containing information including the issuer (Certificate Authority that issued the certificate), the organization that owns the certificate, public key, the validity period for the certificate, and the hostname.
GLOSSARY HP Traffic Director Server Appliances User Guide DNS Eligible Server A server in a lower priority service’s server pool. Fulfillment Server A server that stores content and runs applications to respond to user requests Heartbeat A signal acknowledging the existence/operation of SA8220. The heartbeat command enables the SA8220 to display a message on the console every heartbeat interval.
GLOSSARY HP Traffic Director Server Appliances User Guide MIB Management Information Base. A repository of characteristics and parameters managed in a network device, such as a NIC, hub, switch, or router. MSAP Multi-Hop Source Address Preservation. MSAP allows requests to pass through two cascaded SA8220s in different geographical areas. Similar to SAP, but with geographic dispersal. See also SAP. NIC Network Interface Card.
GLOSSARY HP Traffic Director Server Appliances User Guide SAP Service Signing Request SNMP Source Address Preservation. A SA8220 option which, when enabled, allows server logs to reflect the true IP addresses of requesting clients. A service is an IP application paired with a port number. For example: “HTTP:80.” This describes a service consisting of a server's HTTP application listening on port 80. Another example of a service: “FTP:21.
Support Services Support for your SA8220 U.S.
SUPPORT Europe HP Traffic Director Server Appliances User Guide For hardware service and telephone support, contact: • An HP-authorized reseller or • One of the following HP Customer Support Centers: Country and Number Austria – 0660 6386 Belgium (Dutch) – 02 626 8806 Belgium (French) – 02 626 8807 Czech Republic – 420 2 613 07 310 Denmark – 3929 4099 English (non-UK) – +44 20 7512 5202 Finland – 02 03 47 288 France – 01 43 62 3434 Germany – 0180 525 8143 Greece – +30 (0) 16196411 Hungary – 36 1 382
SUPPORT Asia HP Traffic Director Server Appliances User Guide For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Australia – 03-8877-8000 Hong Kong – 800-96-2598 India – 91-11-6826035 Indonesia – 0800-21511 Japan – 0120-220-119 Korea – +82-2-32700911 Malaysia – 60 3 2931811 or 1-800-881811 New Zealand – Upper North Island – 09-356-6640 Lower North Island – 04-499-2026 South Island – 03-365-9805 People’s Republic of China – 86-8
SUPPORT Latin America HP Traffic Director Server Appliances User Guide For hardware service and telephone support, contact an HPauthorized reseller or one of these support centers: Country and Number Argentina – (541) 4778-8380 Brazil – Sao Paulo – (11) 3747-7799 All Others – 0800-15-77-51 Chile – 800-360-9999 Columbia – 9-800-91-9477 Guatemala – 1-800-999-5305 Mexico – Ciudad de Mexico – 5258-9922 All Others – 800-472-6684 Peru – 0-800-10111 Puerto Rico – 1-877-232-0589 Venezuela – Caracas – 207-8488 Al
Index Numerics B 606 error detection 79 balance strategy 75 response time 75 round robin 76 boot monitor commands autoboot 44 boot 44 delete 48 dhcp 49 dns 49 dual 49 factory_reset 50 failover 51 gateway 51 help 51 host 52 info 52 ip 52 load 53 netmask 53 rich_bias 53 save 54 A admin commands 137, 152 config admin info 137 config admin port 137 administration screen CLI tab 99 GUI tab 97 logging tab 104 multi-site tab 103 routing tab 92 security screen 95 settings tab 82 SNMP tab 101 software tab 83 use
INDEX HP Traffic Director Server Appliances User Guide settime 54 setup 57 static_routes 58 version 58 boot monitor interface 42 accessing 43 interrupting 43 system requirements 42 C certificates & keys 255 copy and pasting 256 generating a client CA 263 generating a CRL 264 global site certificates 261 importing 259 obtaining from Verisign 257 revoking a certificate 265 cipher suite not supported by client 20 ciphers 265 cleaning dust filter 307 CLI commands 138, 155 ! 137 ? 134, 137 admin 134 arp 137 a
INDEX HP Traffic Director Server Appliances User Guide client does not support cipher suite 20 command line interface (see CLI commands) configuration file copying 109 deleting 109 restoring 108 retrieving and sending 114 saving 108 viewing 110 connecting to the SA8220 215, 218, 221 D diagnostics 299 boot-time LED 301 run time LED 301 display statistics 205 dust filter cleaning 307 E elements topology screen 65 error detection 31 dup-syn interval 31 HTTP 32 run time 302 server status detection 31 ethern
INDEX arp 137 back 137 box 137 ether 137 exit 137 force-rwa 137 halt 137 help 137 history 137 info 137 netstat 137 nslookup 137 ping 137 reboot 137 remove 137 reset 137 Tab key 137 trace 137 traceroute 137 who 137 graphical user interface (see GUI) GUI administration screen 82 arp table 116 balance strategy 75 commands 138, 158 configuration screen 107 ethernet interface value 117 logon 61 netstat 119 nslookup 121 ping 118 policy groups 69 policy manager 67 policy manager screen 67 reboot 122 RICH controls
INDEX HP Traffic Director Server Appliances User Guide L M Layer 4 HOT services 13 service 238 VIP 12 Layer 7 hp17-broker-mib.
INDEX HP Traffic Director Server Appliances User Guide P S packet and error count 119 packets dup-syn interval 31 ping 118, 237 pipes 135 policy group commands 139, 163 config policygroup 139 policy groups 12, 28, 69 creating 70, 212, 215, 218, 222 deleting 71 policy manager controls and displays 68 pop-up menu 69 PORT 238 prioritization 28 SAP 24, 214, 215 adding servers 216 secure shell support 96, 134 setting 99 Secure Sockets Layer (see SSL) security 253 configuration 253 security commands 141, 179
INDEX HP Traffic Director Server Appliances User Guide services 12, 72 deleting 76 HOT services 13 HOT TCP 72 RICH services 13, 32 RICH_HTTP 72 VIP 12 show commands 143, 201 show admin info 143 show cli info 143 show gui info 143 show irv info 143 show msd info 143 show policygroup 143 show route info 144 show ssl info 144 show stats info 144 show sys 144 show statistics 205 SNMP 96, 234 agent 101 traps 242 SNMP commands 142, 182 config sys 140 software agent 85 deleting an image 87 downloading 249 instal
INDEX topology screen elements 65 policy manager 67 troubleshooting 303 U upgrade failover configuration 251 system software 248 V VIP 73, 215, 238 adding 212, 219, 222 W Web Service loopback interface 295, 296 340 HP Traffic Director Server Appliances User Guide
