Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Creating and Managing TLB Service Templates

 

Before you configure the traffic load balancer (TLB) software, install the TLB application package on the services PIC used for the server health monitoring function. Once you have installed the application package, you can configure or re-configure TLB as needed. To create a complete application, you must also define interfaces and routing information. You can optionally define firewall filters and policy options in order to differentiate TLB traffic.

You can perform the following tasks with the Service Designer page for TLB:

  • Create a TLB service template with attributes and settings for load balancing operations.

  • Modify an existing TLB template to meet the network needs and deployment scenarios.

  • Delete an existing template.

Creating a TLB Service Template

To configure a new TLB service template:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates. The Manage Service Templates page is displayed.
  4. Click the TLB button.

    The list of TLB service templates is displayed.

    The Service Designer page displays a bar graph in the top pane of the page. The count of service templates of each type is displayed on the vertical axis and the service type is shown on the horizontal axis. A color-coding format is used to represent the bars on the graph. Published service templates are shown in olive green color and unpublished service templates are shown in blue color. Mouse over each bar in the chart to highlight and display the number of templates published or unpublished for each type of service.

  5. Click the Add icon. The Select Version dialog box is displayed.
  6. Select Junos 12.1 if you want to create a template based on the Junos OS Release 12.1. Alternatively, select Junos 14.1 if you want to create a template based on the Junos OS Release 14.1. Note

    All the service template components described in this section can be created for templates that are based on both the Junos OS Releases 12.1 and 14.1. The service elements or components that are additionally available for configuration when you select the Junos OS 14.1 version are explicitly mentioned in the relevant steps of the procedure.

    The Create a TLB Planning Template window appears.

    Figure 1: Create TLB Service Template Window
    Create TLB Service Template Window
  7. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  8. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  9. Instead of creating a new template entirely, you can import the parameters defined for a previous TLB service instance and customize only the settings that are necessary. Imported templates are created without any device assigned to them. To use these templates, you must associate a device with the policy. To clone an existing template by importing it, click the Import button.

    The Import Services dialog box is displayed. See Importing a TLB Service Template for step-wise details on importing a TLB service template.

  10. The Create a TLB Planning Template window displays the individual elements or components of the service with a graphical icon for each of the service elements and the corresponding names in separate boxes. You can add, edit, or delete these service elements in a template.

    The Property View tab and the Config View tab are displayed on the right pane of the template window. The Property View tab provides a tree-based structure of the parameters defined in a service template. You can expand the tree and view details of each component. A key value pair representation is shown. Each of the components can be treated as categories of the service template shown in the property view.

    The Config View tab displays the elements or components specified for a service template in the form of configuration stanzas and hierarchy levels. This display is similar to the show command that you can use at a certain [edit] hierarchy level to view the defined settings. Each level in the hierarchy is indented to indicate each statement's relative position in the hierarchy. Each level is generally set off with braces, with an open brace ({) at the beginning of each hierarchy level and a closing brace (}) at the end. If the statement at a hierarchy level is empty, the braces are not displayed. Each leaf statement ends with a semicolon (;), as does the last statement in the hierarchy.

    1. Click the green tick mark (✓) displayed at the top-right corner of each of the service element boxes to create a new element. If the green tick mark is not shown, it indicates that the user role does not have the permission to create an element.

    2. Click the red cross mark (x) displayed at the top-right corner of the icons of each element if you want to delete the existing configuration. The user with designer role has permissions to remove or edit elements.

    3. if the red cross mark is not displayed beside a particular icon, it signifies that the element cannot be deleted.

    4. The diamond icon that contains an orange tick mark within it at the top-right corner of the service component name denotes that the particular element can be modified. The absence of this icon denotes that the user does not have permissions to modify the attributes of the service component.

    5. Double-click each icon pertaining to a service element to view or edit its settings. If you do not possess the permission to modify the element, a view-only dialog box with the attributes of the selected element is shown. Otherwise, an editable dialog box enables you to modify the settings.

    6. Click Save to save the service template configuration. Else, click Close to discard the changes to the template.

    7. Click the Maximize icon displayed at the top-right corner of the rectangle or box that shows all of the values or entities of a particular component of a service template. The specified component or attribute is displayed as a separate dialog box, listing all of the values of the particular component. You can add, modify, or delete the listed values.

    8. While creating the new service template, the designer can add or modify service parameter values and also restrict the access level for each service parameter for the operator. The designer can set following access levels for each service parameters to operator in planning template. Click the new icon (cascading files icon) displayed at the top-left corner of each of the element boxes to open the shortcut menu. You can click one of the following radio buttons:

      • Read-only (the configuration parameter is read-only for operator as part of provisioning)

      • Editable (the configuration parameter is editable as part of provisioning)

      • Device-Specific (the configuration parameter value needs to be entered by the operator for each device during deployment)

    9. Click Save & Publish to save and publish the service template configuration. The designer must publish the service templates to the operator to use in the creation of deployment plans. After a filter or policy is published, it goes for peer review and approval. After approval, the filter or policy is deployed to device.

Creating a Deployment Plan

You must have previously defined service templates and policy or filter templates before you can create a deployment plan.

To create a deployment plan and assigning devices to it:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Edit.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of TLB service templates is displayed.

  5. Select the check boxes next to the SDGs or SDG groups that you want to assign to the plan. Based on your selection of a service or a policy template, the components or attributes are shown for the corresponding device.
  6. From the boxes that show the components of a service template, you can edit, delete, or add elements to it. If you do not have permissions to update a template, the corresponding icons are not shown.
  7. Click the down arrow in the Actions menu and select Send for Deployment to create a deployment plan for the particular service template and save the plan.
    • If you create a deployment plan from Gateway view of Deploy mode, the Deployment Plan Summary dialog box appears, with the service name, type, and status listed.

      Click Send to create a deployment plan.

    • If you create a deployment plan from Service view of Deploy mode, the Edit Service Instance page is displayed. You can modify the SDGs associated with the service instance and also modify the service instance attributes as necessary by either clicking the buttons corresponding to the various settings at the top of the wizard page to directly traverse to the page you want to modify or clicking the navigation buttons at the bottom of the wizard page to go to the different pages of the wizard. Click Finish to create a deployment plan.

    A deploy plan is created for the service template with the devices that are assigned to it when you view the Deployment Plans page.

  8. Alternatively, you can select Discard changes from the Actions menu to ignore the modifications done to a policy or filter template.
  9. From the Deployment plans page, you can select Reject or Approve from the Actions drop-down list to reject or approve the deployment plan and make it available for commissioning to the devices.

Modifying TLB Service Templates

On the Service Designer page, you can view the collection of service templates defined for several applications, such as stateful firewall or CGNAT.

To modify service template instances, such as ADC, SFW, CGNAT, or TLB templates:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Deploy icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Deploy Service > Service Edit.

    The Service Instances page is displayed in the right pane, listing all the previously defined service templates.

  4. From the View pane, perform one of the following tasks:
    • Click the ADC button.

      The list of ADC service templates is displayed. You need not click this button if you are launching the Service Designer page for the first time or are navigating to this page from another mode or a different page. You need to click this button only if you are viewing the other service templates, such as CGNAT or TLB.

    • Click the SFW button.

      The list of SFW templates is displayed.

    • Click the TLB button.

      The list of TLB templates is displayed.

    • Click the CGNAT button.

      The list of CGNAT templates is displayed.

  5. In the main window, click the plus sign (+) next to the SDG pairs to expand the tree and view the pair of devices in the SDG group or pair. Select the check box next to the SDG pair or individual SDG for which you want to modify settings. In an SDG pair, you can select a single SDG or both the SDGs in the in the redundancy pair of devices.Note

    Alternatively, you can also modify service templates from Service View in Build Mode by selecting the Service Templates > Manage Service Templates from the task pane, selecting a service instance, and clicking the Modify button. You can also modify ADC and TLB service templates from Gateway View in Deploy mode by selecting the SDG pair or SDG from the View pane, selecting Service Edit from the task pane, and selecting the TLB service from the main window that displays all the previously configured template instances to lock and modify it.

  6. Click the Lock icon above the table of listed packet filters. The Select Reference Config dialog box is displayed.
    Figure 2: Select Reference Config Dialog Box
    Select Reference Config Dialog Box
  7. From the Service Gateway Name drop-down list, select the SDG group to which the packet filter must be applied.
  8. From the Host Name drop-down list, select the hostname of the SDG.
  9. In the Select Common Components section, select the check boxes beside the service modules or components, such as packet filters, SFW rules, or CGNAT rules, that are displayed. The displayed components depend on the attributes that are previously defined for that selected packet filter. For example, if the service policy is for stateful firewall, SFW rules and SFW rule sets are shown. Select the check box beside Config Category to select all the service components.
  10. Click Save to save the modified association.
  11. Select the check box beside the template you want to modify.
  12. Open the Modify menu above the list of templates to modify an existing template, and select the component or service attribute, such as application or rule, that you want to edit.
  13. Perform one of the following from the drop-down menu displayed for each component:
    • To retrieve the service component and import into the database of Edge Services Director, select Import Object. The Import Services dialog box appears. You can import the service templates assigned to SDGs or choose from a list of all of the predefined templates in the database. Also, you can either import all of the components of a service or specific components.

    • To create the component afresh, select Create New. The Create page corresponding to the service component appears. You can define the attributes for the service component in the same manner as you define the elements during the creation of a service template.

Importing a TLB Service Template

To create a clone of an existing TLB template by importing it:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of TLB service templates is displayed. You need not click this button if you are launching the Service Designer page for the first time or are navigating to this page from another mode or a different page. You need to click this button only if you are viewing the other service templates, such as CGNAT or TLB.

  5. Click the Add icon.

    The Create a TLB Planning Template window appears.

  6. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  7. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  8. Click the Import button. The Import Services dialog box appears.

    You can import the service templates assigned to SDGs or choose from a list of all of the predefined templates in the database. Also, you can either import all of the components of a service or specific components.

  9. Do one of the following for the Import section:
    • Select the From Existing Service Gateway radio button if you want to import the CGNAT rule from SDGs that are present in the Edge Services Director database.

    • Select the From XML radio button if you want to import the CGNAT rule from an XML configuration file on an external system.

  10. If you selected the option to import the object from SDGs, do the following:
    • Click the Normal View tab to view the list of SDGs. You can search for specific SDGs by entering a search item and clicking the Search icon.

      Alternatively, click the Group View tab to view the list of SDG groups. You can search for specific SDG groups by entering a search item and clicking the Search icon.

    • Click the plus sign (+) next to the All Service Gateways item to expand the tree structure that displays the list of SDGs or SDG groups. If the SDG pair is configured, you can select one of the devices, master or standby, from which you want to import the object.

      Alternatively, if you selected the Group View tab, you can select an SDG from the groups displayed from which you want to import the object.

    • Click Import. The object is added to the database and can be used during configuration of services or policies.

  11. If you selected the option to import from an XML file, do the following:
    • Click Browse beside the File Name field to navigate to the path where an XML file is available to be imported.

    • Click Upload. The service template is added to the database and can be used during configuration of services or policies.

  12. Do one of the following to import all components of a selected template or only a particular component of a template. For the components that are not imported, you need to specify the definitions of the components afresh.
    • Select the check boxes next to all of the service instances that are displayed for the selected SDG or SDG group, or for the XML file that you uploaded. In such a case, all of the elements or parameters of the selected template or instance are imported.

    • Alternatively, select the check box next to a particular or group of service instances to import only a specific component of the selected template

  13. Similarly, you can select other components and import them to the template. Save the imported components to add them to the template you are creating by using the imported template as a base.

Creating a Real Server

To create a real server as a component for the TLB template:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of TLB service templates is displayed.

  5. Click the Add icon.

    The Create a TLB Planning Template window appears.

  6. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  7. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  8. Click the green plus sign in the Real Servers box. The Addition of Real Server dialog box appears.Note

    For the service elements that you can configure using the Object Builder workspace, such as applications and rules, when you click the green plus sign (+) at the top-right corner of each of the service element boxes, the shortcut menu is displayed. Click the Create New radio button to create the service component afresh. Alternatively, click the Import from Object Builder radio button to open a dialog box that enables you to select from the list of service elements that are present in the database of Edge Services Director and import them into the service template.

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  9. In the Name field, enter the name to identify the real server. Make sure the servers are connected via a router interface that is defined as a server-facing interface for the adc-instance. For each real server, you must assign a real-server name and specify its actual IP address.
  10. In the Address Family field, select IPv4 to specify an IPv4 address, or select IPv6 to enter the IPv6 address of the real server.
  11. In the IP Address field, specify the IP address of the real server.
  12. Click Save to save the service template configuration. Else, click Close to discard the changes to the template.

Creating a Group for Real Servers

Define the group and assign real servers to it. The real servers in any given group must have an IP address accessible to the module that performs the SLB functions. This IP routing is most easily accomplished by placing the servers on a network local to the router. Routing to the server can be used as long as it does not violate the topology rules outlined.

A group is a collection of multiple servers with the same content, so that client requests can be load-balanced between them.

To create a group of real servers:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of TLB service templates is displayed.

  5. Click the Add icon.

    The Create a TLB Planning Template window appears.

  6. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  7. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  8. Click the green plus sign in the Server Groups box. The Addition of Group dialog box appears.Note

    For the service elements that you can configure using the Object Builder workspace, such as applications and rules, when you click the green plus sign (+) at the top-right corner of each of the service element boxes, the shortcut menu is displayed. Click the Create New radio button to create the service component afresh. Alternatively, click the Import from Object Builder radio button to open a dialog box that enables you to select from the list of service elements that are present in the database of Edge Services Director and import them into the service template.

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  9. In the Name field, enter the name for the real servers group.
  10. Do the following in the Routing Instance section:

    1. Select the Routing Instance Selection check box to configure a routing instance for TLB to steer traffic.
    2. Click the green plus sign next to the Routing Instance field. The Routing Instances dialog box appears.
    3. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
    4. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
    5. In the MS Interfaces section, select the check box next to the routing instance of the SDG that must be used for packets arriving from clients or users. All the routing instances from the inventory of devices are listed.
  11. Select the Real service rejoin options check box to allow a server to rejoin the group automatically when it comes up. When a previously down server is returned to service, all flows belonging to that server based on hashing return to it, impacting performance for the returned flows. For this reason, the automatic rejoining of a server to an active group can be disabled.
  12. From the Health Check Interface Sub Unit list, select the subunit to be used for health monitoring. Select the number of the unit to edit. A health-check source address must be set for each unit on which real servers are configured, in order to allow sending health checks to the servers.This field is applicable only for Junos OS 14.1 version.
  13. From the Real Server IP Type field, select IPv4 or IPv6 to configure an IPv4 or IPv6 addresses for real servers.
  14. In the Real Servers section, assign the real servers to be part of the group. Select the real servers from the Available column and click the right arrow to move the server to the Selected column.
  15. In the Network Monitoring Profiles section, select the profile from the Available column and click the right arrow to move the profile to the Selected column.
  16. Click Save to save the service template configuration. Else, click Close to discard the changes to the template.

Creating a Services PIC for a TLB Service Template

Multiservices (ms-) interfaces are the physical multiservices interfaces of a device that are used to run the load-balancing instance application. The more multiservices interfaces used for a loadbalancing instance, the more capacity and processing power the instance has. At least one MS interface must be specified for each adc-instance, up to eight interfaces can run the same instance. A multiservices interface is associated exclusively to a single load-balancing instance (it cannot be shared between instances).

To assign a services interface to a TLB template:

  1. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  3. Click the TLB button.

    The list of TLB service templates is displayed.

  4. Click the Add icon.

    The Create a TLB Planning Template window appears.

  5. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  6. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  7. Click the green plus sign in the Service Pics box.

    The Service Pic dialog box appears.

    Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  8. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
  9. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
  10. Select the check box next to the ms- interface of an SDG that must be assigned to the TLB template.
  11. Click OK to save the settings. Else, click Cancel to discard the configuration.

Creating a Network Monitor Profile for a TLB Service Template

To configure a network monitor profile to perform health and welfare validation of servers for a TLB template:

  1. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  3. Click the TLB button.

    The list of TLB service templates is displayed.

  4. Click the Add icon.

    The Create a TLB Planning Template window appears.

  5. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  6. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  7. Click the green plus sign in the Network Monitor Profile box. The Addition of Network Monitor Profile dialog box appears.Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  8. In the Name field, enter the name of the network monitor profile used to monitor the health of servers in the group.
  9. In the Probe Interval field, specify the amount of time, in seconds, between polls of the real server by the router. Note

    The ADC software monitors the servers in the real-server group and the load-balanced applications running on them. If a router detects that a server or application has failed, it will not direct any new connection requests to that server. When a service fails, the ADC software can remove the individual service from the load-balancing algorithm without affecting other services provided by that server. By default, the router checks the status of each service on each real server every five (5) seconds. Sometimes, the real server can be too busy processing connections to respond to health checks. If a service does not respond to four consecutive health checks, the router, by default, declares the service unavailable. You can modify both the health check interval and the number of retries.

  10. In the Failure Retries field, specify the number of times the router will attempt its check on the real server before marking the server as unavailable.
  11. In the Recover Retries field, specify the number of times the router will attempt to recover the real-server connection.
  12. In the TCP Choices drop-down list, select one of the supported health checking protocols, such as TCP, HTTP, or ICMP.
  13. In the TCP Choices section, do one of the following:
    1. Select the HTTP radio button to select HTTP for health checks. Specify the name of the host, HTTP method such as PUT, GET, OPTIONS, or POST, the URL for which health check needs to be performed, and the port to be used for server health monitoring.
    2. Select the ICMP radio button to select ICMP for health check probes.
    3. Select the TCP radio button to select TCP for health check probes. Specify the port number to be used for monitoring the health and welfare of the server or URL using the SSL-based health probes in the Port field. You can specify this value only if you create the TLB service template based on the Junos OS 14.1 version.
    4. Select the SSLHELLO radio button to sets Secure Sockets Layer (SSL) hello health-check parameters. SSL version 2 (SSLv2) is used for the SSL health check. Specify the port number to be used for monitoring the health and welfare of the server or URL using the SSL-based health probes in the Port field. You can specify this the SSL-hello health check setting only if you create the TLB service template based on the Junos OS 14.1 version.
    5. Select the CUSTOM radio button to create a custom-based health check. From the Protocol field, specify tcp or udp as the protocol for the script to use in a custom health check. A script is made up of one or more TCP or UDP command containers. A script can contain any number of these containers, up to the allowable number of characters that a script supports.

      In the Command ID field, specify the command ID for the commands to be used. Multiple command lines are usually required in order to specify a full script.

      In the Port field, specify the port number to be used for custom-based health check mechanism.

      Health check scripts dynamically verify application and content availability by executing a sequence of tests based on send and expect commands. See the Creating a Command for Script-Based Health Checks section for detailed information.

  14. Click Save to save the settings. Else, click Cancel to discard the configuration.

Creating a Command for Script-Based Health Checks

You can create commands for building a script-based health check. You can configure this service element only if you create a TLB service template using the Junos OS 14.1 version.

To create a custom network monitoring profile command for script-based health checks.

  1. In the Create Networking Profile dialog box, select the check box next to the SEND or EXPECT row under the Command column of the table.
  2. Click the pencil icon to specify the command attributes. The Create Custom Networking Profile Command dialog box appears.
  3. If you selected the SEND type, it is displayed in the Command Type field.
  4. In the Send Type list, perform either of the following:
    • Select BINARY to specify binary content (in hexadecimal format) for the request packet.

    • Select ASCII to specify ASCII content (in hexadecimal format) for the request packet.

  5. In the Value field, specify the content to be sent in raw hexidecimal format or the binary content to send using raw hexadecimal format for the request packet.
  6. If you selected the EXPECT type, it is displayed in the Command Type field.
  7. In the Send Type list, perform either of the following:
    • Select BINARY to specify binary content (in hexadecimal format) to be expected from the server response packet.

    • Select ASCII to specify ASCII content (in hexadecimal format) to be expected from the server response packet.

  8. In the Value field, specify the content to be returned in the server response packet in raw hexidecimal format or the binary content to receive using raw hexadecimal format for the response packet.
  9. For binary content only, in the Offset field, specify the offset from the beginning of the binary data area to start matching the content specified in the binary-expect command. The offset command is supported for both UDP and TCP-based health checks. If this value is not present, an offset of zero is assumed.
  10. For binary content only, in the Length field, specify the number of bytes in the IP packet that should be examined. If no offset value is specified, depth is specified from the beginning of the packet. When depth is not specified, it is the length of the content. This means that the content is expected exactly at the offset specified (or 0 when the offset is not specified).
  11. Click Save to save the custom network monitor profile configuration. Else, click Close to discard the changes to the custom health check profile.

Creating a Server Bypass Filter

You can configure this service element only if you create a TLB service template using the Junos OS 14.1 version.

To configure a virtual service for a TLB template:

  1. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  3. Click the TLB button.

    The list of TLB service templates is displayed.

  4. Click the Add icon.

    The Create a TLB Planning Template window appears.

  5. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  6. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  7. Click the green plus sign in the Server Bypass Filters box. The Create Server Bypass Filter dialog box appears.Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  8. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
  9. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
  10. From the table, select the check boxes beside the filters to specify the filters used to bypass rephrase as health-check traffic from real servers.
  11. Click Save to save the settings. Else, click Cancel to discard the configuration.

Creating a Virtual Service for a TLB Service Template

The virtual service provides an address that is associated with a the group of servers to which traffic is directed as determined by hash-based session distribution and server health monitoring. You may optionally specify filters and routing instances to steer traffic for TLB.

The virtual service configuration identifies:

  • The group of servers to which sessions are distributed

  • The session distribution hashing method

TLB doesn't require a specific virtual IP. VIPs 0.0.0.0 or 0::0 are acceptable.

To configure a virtual service for a TLB template:

  1. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  2. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  3. Click the TLB button.

    The list of TLB service templates is displayed.

  4. Click the Add icon.

    The Create a TLB Planning Template window appears.

  5. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  6. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  7. Click the green plus sign in the Virtual Service box. The Addition of Virtual Service dialog box appears.Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  8. In the Name field, specify the name of the virtual service.
  9. In the Address field, specify a non-zero address for the virtual service.
  10. From the Mode field, select one of the following:
    • translated—In complex network topologies, the TLB software functions can be managed using a client Network Address Translation (NAT) IP address on the server-facing interfaces traffic. When the client requests services from the TLB software virtual server, the client sends its own IP address for use as a return address. If a NAT IP address is configured for the Multiservices-DPC NPU, the TLB software replaces the client's source IP address with the TLB software NAT IP address before sending the request to the real server. This process is called client NAT. The real server uses the NAT IP address as the destination address for any response. Load-balancing traffic is forced to return through the TLB software and through the same Multiservices-DPC NPU, regardless of alternate paths. Once the TLB software receives the translated IP address, it puts the original client IP address into the destination address and sends the packet to the client. This process is transparent to the client.

    • direct-server-return—Direct Server Return health checks are used to verify the existence of a server-provided service where the server replies directly back to the client without responding through the virtual-server IP address. In this configuration, the server is configured with a real-server IP address and virtualserver IP address. The virtual-server IP address is configured to be the same address as your virtual-server IP address. When Direct Server Return health checks are used, the specified health check is sent originating from the configured health check address. It is destined for the virtualserver IP address with the MAC address that was acquired from the real-server IP Address Resolution Protocol (ARP) entry. Direct Server Return is configured at the group level. If a group is configured with “direct-server-return” the health check performed is sent to the virtual IP and not to the actual server IPs. The TLB software lets you to perform health checks for Direct Server Return configurations (for more information, see Direct Server Return). The router is able to verify that the server correctly responds to requests made to the virtual-server IP address, as required in Direct Server Return configurations. To perform this function, the real-server IP address is replaced with the virtualserver IP address in the health check packets that are forwarded to the real servers for health checking. With this feature enabled, the health check will fail if the real server is not properly configured with the virtual-server IP address.

    • layer2-direct-server-return—Use transparent mode processing with Layer 2 direct server return (DSR). Some clients may need the Direct Server Return (DSR) feature, which allows the server to respond directly to the client. This capability is useful for sites where large amounts of data flows from servers to clients, such as with content providers or portal sites that typically have asymmetric traffic patterns. DSR and content-intelligent Layer 7 routing cannot be performed at the same time because content intelligent routing requires that all frames return to the router for connection splicing. DSR requires that the server be set up to receive frames that have a destination IP address that is equal to the virtual-server IP address.

  11. From the Group list, select the name of a real server group configured to be used for this virtual service.
  12. Select the Routing Instance Selection check box to specify a routing instance to be used for this application type of virtual service.
  13. Do the following in the Routing Instance section:

    1. Click the green plus sign next to the Routing Instance field. The Routing Instances dialog box appears.
    2. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
    3. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
    4. In the MS Interfaces section, select the check box next to the routing instance of the SDG that must be used for packets arriving from clients or users. All the routing instances from the inventory of devices are listed.
  14. In the Rebalance threshold field, specify the limit for rebalancing of traffic. This field is applicable only for Junos OS 12.1 version.
  15. In the Route metric field, specify a routing metric for the virtual service. This field is applicable only for Junos OS 12.1 version.
  16. In the Server Protocol section, do the following. This section and the associated fields are applicable only for Junos OS 14.1 version.
    • In the Name field, specify a service name to denote the translated mode details for the specified service. Packets destined to this virtual ip-address + virtual-port + protocol are load balanced to the appropriate server. The destination IP address and port are replaced by the real services IP address and the server-listening-port (configured here).

    • In the Virtual Port field, specify the virtual port number for the virtual service.

    • In the Server Listening Port field, specify the port number the server uses to listen or receive connection requests. The range is from 0 through 65,534. You can change the destination port of traffic to a specific port by using this field setting.

    • From the Protocol list, select TCP or UDP to specify the protocol type of virtual service.

  17. From the Server Interfaces section, select the interfaces from the Available column and click the right arrow to move the hash method to the Selected column.
  18. From the Load balance method list, select the hash method used for enhanced ECMP load balancing from the Available column and click the right arrow to move the hash method to the Selected column. You can specify source-ip, destination-ip, or protocol
    • destination-ip—Hash based on destination IP address.

    • protocol—Hash based on protocol.

    • source-ip—Hash based on source IP address.

  19. Click Save to save the settings. Else, click Cancel to discard the configuration.

Creating a Client-Facing Interface and Routing Instance

You can configure this service element only if you create a TLB service template using the Junos OS 14.1 version.

Clients and servers can be connected through the same router port. Each port in use on the router can be configured to process client requests, server traffic, or both:

Client-facing interfaces—Router ports through which client requests to the virtual server are received.

Server-facing interfaces—Router ports to which servers are connected (directly or through routing). Responses to clients are received on the router through these ports.

To assign a client-facing instance and interface to an ADC template:

Note

Starting with Edge Services Director Release 1.1, you can specify multiple client-facing and server-facing virtual routing and forwarding (VRF) instances when you create or modify a TLB service template that is based on Junos OS Release 14.1. You can select the check boxes beside multiple routing instances in the Create Client Facing and Server Facing dialog boxes that you can open from the Create TLB Service Template window in Gateway View of Build mode. You can also associate multiple client-facing and server-facing VRF instances from the enhanced service edit mode (which you can access from Service View of Deploy mode, with TLB selected in View pane and Service Edit selected in the Tasks pane, and selecting the check boxes beside the Server-Facing and Client-Facing modules in the Select Common Components section).

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of ADC service templates is displayed.

  5. Click the Add icon.

    The Create an ADC Planning Template window appears.

  6. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  7. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  8. Click the green plus sign in the Client-Facing box. The Client facing dialog box appears.Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  9. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
  10. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
  11. In the Routing Instances section, select the check box next to the routing instance of the SDG that must be used for packets arriving from clients or users. All the routing instances from the inventory of devices are listed.
  12. In the Interfaces section, select the check box next to the interface instance of the SDG that must be used for packets arriving from clients or users. All of the interfaces from the inventory of devices are listed.
  13. Click OK to save the settings. Else, click Cancel to discard the configuration.

Creating a Server-Facing Interface and Routing Instance

You can configure this service element only if you create a TLB service template using the Junos OS 14.1 version.

Clients and servers can be connected through the same router port. Each port in use on the router can be configured to process client requests, server traffic, or both:

Client-facing interfaces—Router ports through which client requests to the virtual server are received.

Server-facing interfaces—Router ports to which servers are connected (directly or through routing). Responses to clients are received on the router through these ports.

To assign a server-facing instance and interface to an ADC template:

  1. From the View selector, select Service View. The workspaces that are applicable to this view are displayed.
  2. From the Junos Space user interface, click the Build icon on the Edge Services Director banner.

    The functionalities that you can configure in this mode are displayed in the task pane.
  3. From the task pane, select Service Templates.

    The Manage Service Templates page is displayed.

  4. Click the TLB button.

    The list of TLB service templates is displayed.

  5. Click the Add icon.

    The Create an ADC Planning Template window appears.

  6. In the Template Name field, enter a name for the service template or profile (limit of 63 alphanumeric characters without spaces).
  7. In the Instance Name field, enter a meaningful, easily-identifiable name for the service instance (limit of 255 characters). Each service instance you define can be applied to a single or multiple SDGs.
  8. Click the green plus sign in the Server-Facing box. The Server facing dialog box appears.Note

    If a green tick mark is shown beside a field in the dialog box, it denotes that you can add attributes for that component. A red cross mark shows that you can delete that particular attribute for that component.

  9. From the Service Gateway Name field, select the SDG group with which the service element must be associated.
  10. From the Host Name field, select the SDG in the SDG high-availability pair of active and standby SDGs.
  11. In the Device Inventory Routing Instances section, select the check box next to the routing instance of the SDG that must be used for packets traversing to the servers. All the routing instances from the inventory of devices are listed.
  12. In the Device Inventory Interfaces section, select the check box next to the interface instance of the SDG that must be used for packets to be sent to the servers. All of the interfaces from the inventory of devices are listed.
  13. Click OK to save the settings. Else, click Cancel to discard the configuration.