beautypg.com

Gslb message content randomization, Configuring secure gslb, Configuring secure-communication on the controller – Brocade Virtual ADX Global Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 63

background image

Brocade Virtual ADX Global Server Load Balancing Guide

53

53-1003245-01

Secure GSLB

1

From Site ADX device to GSLB Controller:

Site ADX device uses the public key of the GSLB controller to encrypt a random sequence of
bytes.

The site ADX device sends these encrypted bytes to the GSLB controller.

The GSLB controller uses its private key to decrypt the bytes.

The GSLB controller sends the decrypted bytes back to the site ADX device.

The site ADX device compares the decrypted bytes to the original bytes it sent to the GSLB
controller.

If the two sets of bytes match, it means that the GSLB controller's private key corresponds to an
authorized public key, and the GSLB controller is authenticated.

NOTE

The above two exchanges are independent of each other. The decrypted bytes are sent back using
TCP/IP protocol.

GSLB message content randomization

An implicit sequence number along with changing GSLB protocol data ensures the packet data
changes from packet to packet resulting in a substantially different MAC for each packet.

Although, few of the GSLB protocol packets may have a relatively constant pattern. Therefore, the
system introduces a random 8-bit data value in each packet. This value changes for each GSLB
protocol packet resulting in a substantially different hash digest for every packet.

Configuring secure GSLB

The minimum required configuration for Secure GSLB includes the following tasks:

Configure secure communication on the controller.

Generate RSA Key Pair

Exchange the Public Keys

Configuring secure-communication on the controller

On the GSLB controller, to enable the secure protocol instead of the standard one, enter
commands such as the following.

SLB-Ctrl-Virtual ADX(config)#gslb site sfo

SLB-Ctrl-Virtual ADX(config-gslb-site-sfo)#si slb-1 10.1.1.3 secure-communication

Syntax: si si-name si-ip-address secure-communication

The GSLB site ADX device will automatically understand the secure protocol. There is no CLI
command required to enable the feature on the site.

If you want the GSLB site ADX device to accept only the secure protocol and reject the standard
GSLB connection request, then enter the following command on the site ADX device.

SLB-Site-Virtual ADX(config)#gslb auth-encrypt-communication secure-only

Syntax: gslb auth-encrypt-communication secure-only

See also other documents in the category Brocade Computer Accessories: