12.9.3. Configuring load balancing

You configure load balancing rules at the network-policy load-balancing level. Load balancing for TCP/UDP, ICAP, and the reverse proxy will be considered below.

To display information about all load balancers, use the following command:

Admin@UGOS# show network-policy load-balancing

12.9.3.1. Configuring TCP/UDP load balancers

You configure this section at the network-policy load-balancing tcp-udp level.

To create a TCP/UDP load balancer, use the following command:

Admin@UGOS# create network-policy load-balancing tcp-udp

Provide the following parameters:

Parameter

Description

name

Balancer name.

enabled

Enable/disable the balancer.

description

Balancer description.

virtual-ip

Virtual server IP address.

port

The port for which load balancing is to be performed.

protocol

The protocol (TCP or UDP) for which load balancing is to be performed.

scheduler

Load balancing methods for real servers:

  • rr: round robin: each new connection is passed to the next server in the list, evenly loading all servers.

  • wrr: weighted round robin: similar to round robin, but the real servers are loaded taking their weights into account, which allows you to distribute the load allowing the performance of each server to be taken into account.

  • lc: least connections: a new connection is sent to the server which currently has the least number of connections.

  • wlc: weighted least connections: similar to least connections, but the real servers are loaded taking their weights into account, which allows the performance of each server to be taken into account.

real-servers

Real servers to which traffic will be redirected. You need to specify the following for a server:

  • ip: server IP address.

  • port: server port to which requests from users will be redirected.

  • weight: weight to be used for uneven load distribution on real servers.

  • mode: operating mode:

    • gate: gateway mode: use routing to redirect traffic to the virtual server.

    • masq: use DNAT to redirect traffic to the virtual server.

    • masq-snat: masq mode with the source IP overridden: similar to masq mode, but UserGate will substitute the source IP address with its own.

Important! It is recommended to specify the real servers last because once you specify the real server parameters, you cannot go back to specify the other balancer parameters.

To update an existing load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing tcp-udp <balancer-name>

In addition to the parameters available when creating a load balancer, you can also update the following ones:

Parameter

Description

fallback

Configure fallback:

  • enabled: enable/disable fallback.

  • ip: server IP address.

  • port: server port to which requests from users will be forwarded.

  • mode: operating mode:

    • gate: gateway mode: use routing to redirect traffic to the virtual server.

    • masq: use DNAT to redirect traffic to the virtual server.

    • masq-snat: masq mode with the source IP overridden: similar to masq mode, but UserGate will substitute the source IP address with its own.

monitoring

Configure real server monitoring:

  • kind: type of checking:

  • ping: check if the node is reachable using the ping utility.

  • connect: check if the node is up and running by establishing a TCP connection to a specific port.

  • negotiate: check if the node is up and running by sending a certain HTTP or DNS request and comparing the answer received with the expected one.

  • service: specify (HTTP or DNS) if the checking type is negotiate.

  • request: must be specified if the checking type is negotiate.

  • response: expected response. Must be specified if the checking type is negotiate.

  • interval: time interval for which the checking is carried out.

  • timeout: response check interval.

  • max-failures: maximum number of attempts to check real servers, after which a server is considered inoperable and excluded from balancing.

To delete an existing load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing tcp-udp <balancer-name>

You can also delete individual real servers used in the balancer (you need to specify one or more real server parameters):

Admin@UGOS# set network-policy load-balancing tcp-udp <balancer-name> real-servers

To display information about all TCP/UDP load balancers, use the following command:

Admin@UGOS# set network-policy load-balancing tcp-udp

To display information about a specific TCP/UDP load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing tcp-udp <balancer-name>

12.9.3.2. Configuring ICAP load balancers

You configure this section at the network-policy load-balancing icap level.

To create an ICAP load balancer, use the following command:

Admin@UGOS# create network-policy load-balancing icap

Provide the following parameters:

Parameter

Description

enabled

Enable/disable the ICAP server balancer:

  • on.

  • off.

name

Balancer name.

description

A description of the balancing rule.

icap-server

Specify ICAP profiles of servers to which the load will be distributed. For more details about how to create and configure ICAP servers using CLI, see Configuring ICAP servers.

To update parameters for an ICAP load balancer, use the following command:

Admin@UGOS# create network-policy load-balancing icap <balancer-name>

The parameters available to update are the same as those for creating an ICAP server balancer.

To delete an existing load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing icap <balancer-name>

You can also delete individual real servers used in the balancer (you need to specify ICAP server names):

Admin@UGOS# set network-policy load-balancing icap <balancer-name> real-servers

To display information about all ICAP load balancers, use the following command:

Admin@UGOS# set network-policy load-balancing icap

To display information about a specific ICAP load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing icap <balancer-name>

12.9.3.3. Configuring reverse proxy load balancer

You configure reverse proxy balancing rules at the network-policy load-balancing reverse-proxy level.

To create a reverse proxy load balancing rule, use the following command:

Admin@UGOS# create network-policy load-balancing reverse-proxy

Provide the following parameters:

Parameter

Description

enabled

Enable/disable the reverse proxy server balancer:

  • on.

  • off.

name

Balancer name.

description

A description of the balancing rule.

reverse-proxy-servers

Select a reverse proxy server.

For more details about how to create and configure reverse proxy servers using CLI, see Configuring reverse proxy servers.

To update parameters for a reverse proxy load balancer, use the following command:

Admin@UGOS# set network-policy load-balancing reverse-proxy <balancer-name>

The parameters available to update are the same as those for creating a reverse proxy server balancer.

To delete an existing load balancer, use the following command:

Admin@UGOS# delete network-policy load-balancing reverse-proxy <balancer-name>

You can also delete individual real servers used in the balancer (you need to specify reverse proxy server names):

Admin@UGOS# delete network-policy load-balancing reverse-proxy <balancer-name> real-servers

To display information about all reverse proxy load balancers, use the following command:

Admin@UGOS# show network-policy load-balancing reverse-proxy

To display information about a specific reverse proxy load balancer, use the following command:

Admin@UGOS# show network-policy load-balancing reverse-proxy <balancer-name>