load balance rule redirect
Creates load-balancing redirect rules.
Syntax
load balance rule redirect addrs <ip-address> [src <subnet>/<mask>] [dest <subnet>/<mask> dest-port <port>] [peer {<ip-address> | any | probe-only | non-probe}] [rulenum <rule-number>] [description "<description>"] [vlan <vlan-number>] [fair-peering {yes | no}]
Parameters
addrs <ip-address> | Specifies a comma-separated list of SteelHead IP addresses to which traffic can be redirected. (Specify the IP address for the SteelHead inpath0_0 interface.) • For IPv4 addresses, use this format: XXX.XXX.XXX.XXX/XX • For IPv6 addresses, use this format: X:X:X::X/XXX If a rule matches, connections are redirected to a SteelHead in the list according to the load-balancing algorithm. This parameter is not required for rules of type pass. You must also configure Interceptor-to-SteelHead communication and SteelHead-to-Interceptor communication for peering between appliances. For detailed information, see
steelhead communication interface. |
src <subnet>/<mask> | Specifies the IP address for the source network. • For IPv4 addresses, use this format: XXX.XXX.XXX.XXX/XX • For IPv6 addresses, use this format: X:X:X::X/XXX |
dest <subnet>/<mask> | Specifies the IP address for the destination network. • For IPv4 addresses, use this format: XXX.XXX.XXX.XXX/XX • For IPv6 addresses, use this format: X:X:X::X/XXX |
dest-port <port> | Specifies a port number or port label. |
peer <ip-address> | Specifies the peer IP address to apply pass-through load-balancing rules to this IP address only. |
peer any | Applies the pass-through rule to any SYN packet and probe. |
peer probe-only | Applies the pass-through rule to any probes from any router. |
peer non-probe | Applies the pass-through rule to any SYN packet without a probe. |
rulenum <rule-number> | Specifies the rule number. The rule is inserted before the existing pass-through load-balancing rule. |
description "<description>" | Specifies a description of the rule. |
vlan <vlan-number> | Specifies the VLAN tag identification number (ID). |
fair-peering {yes | no} | Adds (yes) or removes (no) fair peering for the load-balancing rule. |
Usage
Load-balancing rules define the characteristics by which traffic is selected for load balancing and the availability of the LAN-side SteelHead for such traffic.
Typically, your rules list should:
• account for traffic over all subnets and ports that have been selected for redirection.
• account for all SteelHeads you have configured as neighbor peers to be targets of redirect rules or reserved for the automatic load-balancing rule.
• manage neighbor SteelHeads in one of these ways:
– If a neighbor SteelHead is specified as a target for a rule, it is reserved for traffic that matches that rule and is not available to the pool used for automatic load balancing.
– If a neighbor SteelHead is not specified as a target for a rule, it is available for automatic load balancing.
• account for second-preference cases where you would rather pass through traffic than tax the autoload-balancing pool.
The SteelHead Interceptor processes load-balancing rules as follows:
1. The redirect rule matches and the target SteelHead is available: Redirects to a target appliance according to the load-balancing algorithm.
2. The redirect rule matches but none of the target SteelHeads for the rules are available: Consults the next rule in list.
3. The pass-through rule matches: Traffic traverses Riverbed routes but is unoptimized.
4. The redirect rule matches but there’s no capacity and it does not match a pass-through rule: Automatically balances load among neighbor SteelHeads not reserved by other rules.
5. No rules match or no rules are specified. Target SteelHeads are chosen based on the following rules:
– Peer affinity - Prefers a target SteelHead that has had a previous connection with the source SteelHead. If no SteelHead has peer affinity, the connection is redirected to the SteelHead with the least current connections.
– Least connections - If more than one target SteelHead has peer affinity, the connection is redirected to one that has the least current connections.
– No peer affinity - If no SteelHead has peer affinity, the connection is redirected to the SteelHead with the least current connections.
You can enter either IPv4 or IPv6 addresses. However, if you have enabled IPv6 connection forwarding, you must enter an IPv6 address. For more information about enabling IPv6 connection forwarding, see the SteelHead Interceptor User Guide.
Example
amnesiac (config) # load balance rule redirect addrs 10.0.0.1,10.0.0.2 src 10.0.0.1/16 dest 10.0.0.2/16 dest-port 1240 description test vlan 12
Product
Interceptor
Related Commands
Interceptor peering and redirect commands