Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Chapter 17: Web Hosting Configuration Guide

234

SmartSwitch Router User Reference Manual

directed to the same load balancing server (for example, the server with IP address
10.1.1.1).

•

Sticky persistence: a binding is determined by matching the source and destination IP
addresses only. This allows all requests from a client to the same virtual address to be
directed to the same load balancing server. For example, both HTTP and HTTPS
requests from the client address 134.141.176.10 to the virtual destination address
207.135.89.16 would be directed to the same load balancing server (for example, the
server with IP address 10.1.1.1).

•

Virtual private network (VPN) persistence: for VPN traffic using Encapsulated
Security Payload (ESP) mode of IPSec, a binding is determined by matching the source
and destination IP addresses in the secure key transfer request to subsequent client
requests. This allows both the secure key transfer and subsequent data traffic from a
particular client to be directed to the same load balancing server. The default port
number recognized by the SSR for secure key transfer in VPN is 500; you can use the
load-balance set vpn-dest-port

command to specify a different port number.

You can use the load-balance show source-mappings command to display information
about the current list of bindings.

The binding between a client (source) and a load balancing server times out after a certain
period of non-activity. The default timeout depends upon the session persistence level
configured, as shown below:

You can change the timeout for a load balancing group with the load-balance set aging-
for-src-maps

command.

The SSR also supports netmask persistence, which can be used with any of the four levels of
session persistence. A netmask (configured with the load-balance set client-proxy-subnet
command) is applied to the source IP address and this address is compared to the list of
bindings: if a binding exists, the packet is sent to the same load balancing server
previously selected for this client; if there is not a match, a new binding is created. This
feature allows a range of source IP addresses (with different port numbers) to be sent to
the same load balancing server. This is useful where client requests may go through a
proxy that uses Network Address Translation or Port Address Translation or multiple
proxy servers. During a session, the source IP address can change to one of several
sequential addresses in the translation pool; the netmask allows client requests to be sent
to the same server.

Persistence

Level

Default Binding

Timeout

TCP

3 minutes

SSL

120 minutes

Sticky

120 minutes

VPN

3 minutes