Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 등장 배경  인터넷 수요 증가  사용 application 의 다양화와 요구 대역폭 증가  WWW 트래픽 폭증, 전자 상거래, 인터넷 금융, , MPEG 등 다양한 멀티미디어 서비스  WAN 대역폭의 한계  인기 웹 사이트의 집중화 현상  라우터 경로의 집중화 현상  트래픽 폭주 시 응답 속도 증가 1.2 Cache 의 개념  기존에 액세스한 서버의 자료를 Cache Server 에 저장해 두었다가 다음 번에 동일한 서버에 대한 액세스가 요구될 때 WAN 트래픽을 발생시키지 않고 캐시 서버에 저장된 데이터를 제공하는 장비  요청한 서버에 대한 자료가 없을 경우 서버에 접속해서 데이터를 제공 받고 이를 Cache Server 에 저장  자주 요청되는 서버의 데이터들을 가까이 둠으로써 전체적인 응답시간 향상  원격지 서버들의 대규모 데이터들을 저장할 수 있어야 하고, 지역 사용자들에게 빠르게 서비스할 수 있어야 함 1. Cache

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Caching 방법  Passive Caching 개념 : Request 가 있을 때마다 content server 의 content 들의 변화 유무를 확인함 장점 : 가장 최근의 정보를 제공함 단점 : 오버헤드와 반응 시간 소요를 동반하며, 이를 극복하기 위해, 먼저 번 요청 이후 일정 시간을 초과하지 않은 경우에는 Cache 에서 object 를 제공하는 방법 사용  Active Caching 개념 : 일정 시간이 지나면 content server 의 content 들의 변화 유무를 확인하며, Scheduled caching, Automated active caching 으로 구분 Scheduled caching : 운영자가 미리 자주 이용되는 사이트를 설정하여 일정 시간마다 그 사이트의 object 를 검색하도록 함 Automated active caching : 알고리즘을 이용하여 다시 요구될 가능성이 있는 object 와 그 object 의 내용이 변화할 가능성을 계산하고 이 결과를 바탕으로 object 검색 1. Cache

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Cache deployment ( 계속 )  Proxy mode 개념 : Client 와 직접적으로 cache server 가 통신을 하는 방식 특징 Client 는 proxy server 로 동작하는 cache 를 명시적으로 지정하도록 설정해야 함 모든 client 들의 browser 에서 (Web cache 의 경우 ) 수작업으로 일일이 proxy server 설정을 해 주어야 함 Cache server 다운 시에 인터넷 사용 불가 Proxy mode 개념 도해 1. Cache 캐시 서버 웹 서버사용자 단말 Internet

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Cache deployment  Transparent mode 개념 : Client 는 cache 서버와 직접적으로 통신하지 않고 중간의 다른 장비가 트래픽에 따라 cache 서버로 traffic redirection 해 주는 방식 특징 Client 는 자신의 환경에 아무런 설정 변경 없이, 직접 application server 에 접속하는 것처럼 cache server 를 사용할 수 있음 Redirection 기능을 지원하는 L4 switch, WCCP 기반의 router 가 있어야 구현 가능 Cache server 다운 시 cache 서버를 거치지 않고 bypass 되므로 안정적인 인터넷 서비스 보장 가능 Transparent mode 개념 도해 1. Cache 캐시 서버 웹 서버 사용자 단말 L4 switch 또는 WCCP based router

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Cache protocol  WCCP (Web Cache Control Protocol) Transparent caching 을 지원하기 위해 cache server 와 Cisco IOS 기반의 라우터가 연동하도록 지원하는 protocol WCCP 를 지원하는 router 의 경우 HTTP, NNTP, MMS, RTSP 등의 protocol 들을 다중 cache server 들 사이에 분배해 주는 기 능 수행 다중 cache server 환경에서 임의의 cache 가 다운되는 경우에 HTTP, NNTP, MMS, RSTP 트래픽을 나머지 cache server 들 에게 재분배 할 수 있도록 해 줌  ICP (Internet Cache Protocol) Cache server 들이 cache 된 object 가 어느 cache server 에 저장되어 있는지를 알기 위한 정보를 교환하는 protocol UDP 를 기반으로 함  CARP (Cache Array Routing Protocol) 다중의 cache server 들을 동기화 시키는데 사용되는 protocol 1. Cache

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Layer 4 Switch 의 개념  어플리케이션의 특성을 인식하여 처리하는 기능을 가진 장비  Layer 4 이상의 field 들까지 읽고 packet forwarding 결정을 내릴 수 있음 2.2 Layer 4 Switch 의 일반적인 기능  Layer 2 switching : 패킷의 MAC address 와 MAC table 에 근거한 broadcast 제한  Layer 3 switching : 패킷의 Destination IP 와 Routing table 에 근거한 IP packet forwarding 기능  Layer 4 switching : IP address TCP, UDP port number 에 따른 packet forwarding 기능  L2, L3, L4 이상의 protocol field 값들에 대한 Access List 적용으로 광범위한 traffic filtering 지원  모든 종류의 application data flow 에 대한 redirection 기능 지원 Routing table 과 관계 없이 destination IP 와 TCP, UDP port number 에 따라 특정 network 로 packet 을 forwarding 하는 기법 주로 transparent cache server, DNS 에 대해 적용  서버들 간에 운용되는 application 들에 대한 Load balancing 지원 세션이 끝날 때까지 같은 서버로 해당 세션의 패킷들을 forwarding 함 2. L4 switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Layer 4 Switch 적용 범례 2. L4 switch Cache Cluster VPN Farm Firewall Farm HTTP, FTP Server Farm DNSRadius

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Aplication Redirection  개요 특정 Application(DNS, HTTP 등 ) 으로 향하는 패킷이 들어오면 목적지 IP 와는 별도의 특정 포트로 forwarding 하는 기술 주로 Web Cache, DNS server 등을 지원하기 위해 쓰임  Web Cache Redirection Web Cache 의 개념 사용자가 처음 방문하는 사이트는 Web cache 에 저장해 놓고 다음에 웹 페이지에 대한 요청이 들어 오게 되면 Web cache 에서 대신 응답을 함 HTTP 트래픽에 대한 응답시간 감소 WAN 구간 트래픽 감소 Web Cache 와 L4 switch redirection L4 switch 를 거쳐가는 HTTP 요청을 cache 서버로 분산 각 웹 서버로 가는 트래픽은 항상 동일한 cache 로 보내짐 Server 와 client 에 특별한 설정 없이 web cache 시스템 구현 가능 2. L4 switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Aplication Redirection ( 계속 )  DNS Redirection 개요 DNS request 에 대한 유연성 향상을 위해 실제 목적지 IP 의 DNS 이외에도 여러 DNS 로 요청을 보낼 수 있도록 L4 스위치에 redirection 기능 수행 DNS redirection 의 이점 DNS 를 변경하거나 새로운 DNS 도입 시 사용자들에게 개별적으로 통보하고 사용자가 설정을 바꾸는 번거로운 과정이 필요 없어짐 사용자가 잘못된 DNS 주소를 입력하거나 심지어 DNS 주소를 입력하지 않아도 DNS 서비스를 받을 수 있음 분산되어 있는 여러 DNS 서버로부터 골고루 DNS 서비스를 받을 수 있게 해 줌으로써 응답시간이 감소하고 DNS 들에 대한 load 가 줄어 듬 Mobile 사용자들에게 수시로 DNS 를 변경하는 어려움을 들어 줌 2. L4 switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Aplication Redirection ( 계속 ) 2. L4 switch Host B Host C Host A HTTP To A HTTP To B HTTP To C Cache Servers

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Server Load Balancing (SLB)  작동 원리 Load balancing 시키고자 하는 서버들에 하나의 가상 IP 를 부여 가상 IP 로 서비스를 받는 세션이 시작되면 L4 스위치에서 이를 탐지 L4 스위치는 Load 가 가장 적은 서버로 새로운 세션을 forwarding 함 세션이 끝날 때까지 같은 서버로 해당 세션의 패킷들을 forwarding 함 서버들과 application 들은 지속적인 감시를 받음  L4 스위치 사용 이전에 가능하던 Server Load balancing 기법들 Round Robin 서버들에 대한 요청을 돌아가면서 골고루 분배 Active 서버를 확인할 수 있는 feed back loop 부재 (black hole 발생 가능 ) 서버들의 performance 에 따른 load 분배 기능 없음 Weighted Round Robin Round Robin 기법에서 패킷의 특정 필드에 따른 가중치를 적용하는 기법 서버들의 performance 변화에 따른 load 분배 변화 기능 없음 2. L4 switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Server Load Balancing (SLB) ( 계속 )  L4 스위치를 이용한 Server Load balancing 의 이점 L4 스위치에서 서버들을 지속적으로 감시함으로써 black hole 현상 방지 Server 들의 performance 변화에 따른 load 분배 가능 Application 서버 (HTTP, FTP, DNS, RADIUS 등등 ) 들에 대한 backup server 구성을 용이하게 함 ASP(Application Service Provider) 들에게 server farm 을 통한 대형 사이트를 구축할 수 있는 핵심 기술 제공  Server Load Balancing 개념도 2. L4 switch Clients HTTP DNS FTP HTTP Remote Backup/Overflow DNS FTP To VIP

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Firewall Load Balancing (FLB)  개요 새로운 세션들을 각 fireWall 에 골고루 분산시켜 줌 각 fireWall 에서 처리하던 세션들은 계속해서 같은 fireWall 에서 처리 일반적으로 Source IP, Destination IP 의 hash 값으로 forwarding 할 fireWall 결정 FireWall 양 쪽 단의 L4 switch 가 같은 세션을 같은 fireWall 로 forwarding 할 수 있음 일반적으로 ICMP echo message 등을 통해서 FireWall 인터페이스에 대한 지속적인 검사 수행 2. L4 switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Firewall Load Balancing (FLB) ( 계속 )  2 대의 스위치 FLB  4 대의 스위치 FLB (L4 스위치 이중화로 장애 상황 대처 가능 ) 2. L4 switch Internet FireWalls L4 Switch Internet Secured Network L4 Switch FireWalls L4 Switch Secured Network L4 Switch

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 장비 개요  용량 (backplane) : 8G  메모리 : 20MB DRAM 10/100 Mbps 8 Port * 2 Mbyte Uplink 2 Mbyte Management 2 Mbyte  Interface : 10/100base-Tx  8port, 1000base-Sx  1port  최소 초당 Connection : 296K Connection 3. AceDirector 3 (AD3)

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 내부 구조 및 구현 방법  중앙의 메인 CPU 를 중심으로 각 포트마다 ASIC(WebIC) 가 8Gbps 백플래인을 통해 연결되어 있는 분산 아키텍쳐  각 RISC 칩은 Pentium CPU 2 개에 해당하는 Packet 처리 Performance 를 지원하며, 관리 모듈의 Flash 를 통해 장비 Configuration 과 OS 를 저장  L4 이상의 트래픽은 각 포트의 RISC 칩을 통해 처리되며, L3 Packet 은 Forward Engine 을 통해 출력 포트로 백플레인 을 통해 스위칭  L4 이상의 트래픽 처리시 Session 정보와 패킷 파싱을 위해 각 포트 마다 할당되어 2 Mbyte 의 SDRAM 이 활용  분산 구조의 H/W 를 운용하기 위하여 별도의 Web Os 를 구축 적용하며, Web OS 는 각 포트의 ASIC 에 정책의 전달과 모티너링, MAC 정보 등의 전달을 수행 3. AceDirector 3 (AD3) Multi-Gigabit switch backplane Management Module 4MB SRAM2MB Flash Switch Modules Uplink Module RISC 2MB ASIC 2MB RISC Fwd ASIC..... RISC Engine Fwd Engine RISC 2MB ASIC RISC Fwd Engine

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 최대 지원 가능한 처리 용량 3. AceDirector 3 (AD3) Feature Set 최대 Session SLB(Server Load Balancing)336 K SLB with NAT168 K WCT with NAT168 K WCR256 K Dynamic NAT168 K URL Parsing168 K Filters256 K

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 주요 기능  Auto, Half, Full Duplex 기능 지원  ACE Director 3 의 10/100Mbps Port 는 802.3(10Mbps), 802.3u(100Mbps) 802.3x(Flow Control) 을 지원  802.2(LLC) 및 802.1d(Spanning Tree) 를 지원  ACE Director 3 는 RIP 과 Static 등의 Routing Protocol 을 지원  Load Balancing 기능 지원  하나 또는 다수의 VIP 와 함께 운영되는 각 업무 서버의 부하 분산  부하분산 방식 : Round-Robin, Hash, Least-Connections, Min-Miss 등  Web Cache Redirection 기능 지원  효율적인 관리를 위한 EMS 기능 지원  GUI 형태의 네트워크 View 기능 지원  연결 관리, 성능 관리, 보안 관리 및 장애 관리 기능 지원  SNMP 표준 MIB 제공 3. AceDirector 3 (AD3)

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 구성도 4. Configuration Cache server Client Port 5

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved console 연결하기 4. Configuration Speed : 9600 Data bit : 8 Parity bit : none Stop bit : 1 Flow Cntl : none To AD3 (Male)To PC (female)

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 초기 화면 4. Configuration Boot version Press for maintenance kernel.... ACEdirector 3 Rebooted because of power cycle. Booting complete 23:51:08 Fri Dec 14, 2001: Version from FLASH image1, factory default config block. Enter password: admin < 화면에 표시되지 않음 System Information at 23:51:12 Fri Dec 14, 2001 ACEdirector 3 sysName: sysLocation: Last boot: 23:51:08 Fri Dec 14, 2001 (power cycle) MAC address: 00:60:cf:42:61:90 IP (If 1) address: Hardware Revision: A Hardware Part No: a02 Software Version (FLASH image1), factory default configuration. Boot version Press for maintenance kernel.... ACEdirector 3 Rebooted because of power cycle. Booting complete 23:51:08 Fri Dec 14, 2001: Version from FLASH image1, factory default config block. Enter password: admin < 화면에 표시되지 않음 System Information at 23:51:12 Fri Dec 14, 2001 ACEdirector 3 sysName: sysLocation: Last boot: 23:51:08 Fri Dec 14, 2001 (power cycle) MAC address: 00:60:cf:42:61:90 IP (If 1) address: Hardware Revision: A Hardware Part No: a02 Software Version (FLASH image1), factory default configuration. The switch is booted with factory default configuration. To ease the configuration of the switch, a "Set Up" facility which will prompt you with those configuration items that are essential to the operation of the switch is provided. Would you like to run "Set Up" to configure the switch? [y/n] n [Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available] >> Main# The switch is booted with factory default configuration. To ease the configuration of the switch, a "Set Up" facility which will prompt you with those configuration items that are essential to the operation of the switch is provided. Would you like to run "Set Up" to configure the switch? [y/n] n [Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available] >> Main#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved help 메뉴 보기 4. Configuration >> Main# [Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available] >> Main# [Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available] Tab

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved L4 switch IP address 정의 하기 4. Configuration >> Main# /cfg/ip/if [IP Interface 1 Menu] addr - Set IP address mask - Set subnet mask broad - Set broadcast address vlan - Set VLAN number ena - Enable IP interface dis - Disable IP interface del - Delete IP interface cur - Display current interface configuration >> IP Interface 1# addr Current IP address: New pending IP address: Pending new subnet mask: Pending new broadcast address: Switch is set to use BOOTP for IP address assignment. Do you want to DISABLE the use of BOOTP? [y/n] n Use of BOOTP not changed. >> Main# /cfg/ip/if [IP Interface 1 Menu] addr - Set IP address mask - Set subnet mask broad - Set broadcast address vlan - Set VLAN number ena - Enable IP interface dis - Disable IP interface del - Delete IP interface cur - Display current interface configuration >> IP Interface 1# addr Current IP address: New pending IP address: Pending new subnet mask: Pending new broadcast address: Switch is set to use BOOTP for IP address assignment. Do you want to DISABLE the use of BOOTP? [y/n] n Use of BOOTP not changed. >> IP Interface 1# ena Current status: disabled New status: enabled >> IP Interface 1# apply Apply complete; don't forget to "save" updated configuration. Also note that the following changes are still pending, waiting for a reset of the switch to take effect: Current value... new value Use of BOOTP enabled => disabled >> IP Interface 1# >> IP Interface 1# ena Current status: disabled New status: enabled >> IP Interface 1# apply Apply complete; don't forget to "save" updated configuration. Also note that the following changes are still pending, waiting for a reset of the switch to take effect: Current value... new value Use of BOOTP enabled => disabled >> IP Interface 1#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Cache server IP 정의하기 4. Configuration >> IP Interface 1# /cfg/slb/real [Real server 1 Menu] rip - Set IP addr of real server name - Set server name weight - Set server weight maxcon - Set maximum number of connections tmout - Set minutes inactive connection remains open backup - Set backup real server inter - Set interval between health checks retry - Set number of failed attempts to declare server DOWN restr - Set number of successful attempts to declare server UP addlb - Add URL path for URL load balance remlb - Remove URL path for URL load balance remote - Enable/disable remote site operation proxy - Enable/disable client proxy operation submac - Enable/disable source MAC address substitution nocook - Enable/disable no available URL cookie operation exclude - Enable/disable exclusionary string matching >> IP Interface 1# /cfg/slb/real [Real server 1 Menu] rip - Set IP addr of real server name - Set server name weight - Set server weight maxcon - Set maximum number of connections tmout - Set minutes inactive connection remains open backup - Set backup real server inter - Set interval between health checks retry - Set number of failed attempts to declare server DOWN restr - Set number of successful attempts to declare server UP addlb - Add URL path for URL load balance remlb - Remove URL path for URL load balance remote - Enable/disable remote site operation proxy - Enable/disable client proxy operation submac - Enable/disable source MAC address substitution nocook - Enable/disable no available URL cookie operation exclude - Enable/disable exclusionary string matching ena - Enable real server dis - Disable real server del - Delete real server cur - Display current real server configuration >> Real server 1 # rip  cache server 의 IP Current real server IP address: New pending real server IP address: Warning: server did not respond to ping. >> Real server 1 # ena Current status: disabled New status: enabled >> Real server 1 # apply Apply complete; don't forget to "save" updated configuration. >> Real server 1 # ena - Enable real server dis - Disable real server del - Delete real server cur - Display current real server configuration >> Real server 1 # rip  cache server 의 IP Current real server IP address: New pending real server IP address: Warning: server did not respond to ping. >> Real server 1 # ena Current status: disabled New status: enabled >> Real server 1 # apply Apply complete; don't forget to "save" updated configuration. >> Real server 1 #

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Real server group 정의하기 4. Configuration >> Real server 1 # /cfg/slb/group [Real server group 1 Menu] metric - Set metric used to select next server in group content - Set health check content health - Set health check type backup - Set backup real server or group name - Set real server group name realthr - Set real server failure threshold add - Add real server rem - Remove real server del - Delete real server group cur - Display current group configuration >> Real server group 1# add 1 Real server 1 added to real server group 1. >> Real server group 1# apply Apply complete; don't forget to "save" updated configuration. >> Real server group 1# >> Real server 1 # /cfg/slb/group [Real server group 1 Menu] metric - Set metric used to select next server in group content - Set health check content health - Set health check type backup - Set backup real server or group name - Set real server group name realthr - Set real server failure threshold add - Add real server rem - Remove real server del - Delete real server group cur - Display current group configuration >> Real server group 1# add 1 Real server 1 added to real server group 1. >> Real server group 1# apply Apply complete; don't forget to "save" updated configuration. >> Real server group 1#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Client 의 http request 를 redirection 하기 위한 filter 생성하기 4. Configuration >> Real server group 1# /cfg/slb/filt [Filter 2 Menu] adv - Filter Advanced Menu smac - Set source MAC address dmac - Set destination MAC address sip - Set source IP address smask - Set source IP mask dip - Set destination IP address dmask - Set destination IP mask proto - Set IP protocol sport - Set source TCP/UDP port or range dport - Set destination TCP/UDP port or range action - Set action group - Set real server group for redirection rport - Set real server port for redirection nat - Set which addresses are network address translated invert - Enable/disable filter inversion ena - Enable filter dis - Disable filter del - Delete filter cur - Display current filter configuration >> Real server group 1# /cfg/slb/filt [Filter 2 Menu] adv - Filter Advanced Menu smac - Set source MAC address dmac - Set destination MAC address sip - Set source IP address smask - Set source IP mask dip - Set destination IP address dmask - Set destination IP mask proto - Set IP protocol sport - Set source TCP/UDP port or range dport - Set destination TCP/UDP port or range action - Set action group - Set real server group for redirection rport - Set real server port for redirection nat - Set which addresses are network address translated invert - Enable/disable filter inversion ena - Enable filter dis - Disable filter del - Delete filter cur - Display current filter configuration

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Client 의 http request 를 redirection 하기 위한 filter 생성하기 ( 계속 ) 4. Configuration >> Filter 2 # sip any  모든 source IP Current source address: any New pending source address: any >> Filter 2 # dip any  모든 destination IP Current destination address: any New pending destination address: any >> Filter 2 # proto tcp  tcp protocol Current protocol: any Pending new protocol: tcp >> Filter 2 # sport any  모든 source port Current source port or range: any Pending new source port or range: any >> Filter 2 # dport http  destination service port Current destination port or range: any Pending new destination port or range: http >> Filter 2 # sip any  모든 source IP Current source address: any New pending source address: any >> Filter 2 # dip any  모든 destination IP Current destination address: any New pending destination address: any >> Filter 2 # proto tcp  tcp protocol Current protocol: any Pending new protocol: tcp >> Filter 2 # sport any  모든 source port Current source port or range: any Pending new source port or range: any >> Filter 2 # dport http  destination service port Current destination port or range: any Pending new destination port or range: http >> Filter 2 # action redir  동작 방식 정의 Current action: allow Pending new action: redir >> Filter 2 # rport http  redirection port Current real server port: 0 New pending real server port: http >> Filter 2 # group 1  이 filter 에 적용할 group 번호 Current real server group: 1 New pending real server group: 1 >> Filter 2 # ena Current status: disabled New status: enabled >> Filter 2 # apply Apply complete; don't forget to "save" updated configuration. >> Filter 2 # >> Filter 2 # action redir  동작 방식 정의 Current action: allow Pending new action: redir >> Filter 2 # rport http  redirection port Current real server port: 0 New pending real server port: http >> Filter 2 # group 1  이 filter 에 적용할 group 번호 Current real server group: 1 New pending real server group: 1 >> Filter 2 # ena Current status: disabled New status: enabled >> Filter 2 # apply Apply complete; don't forget to "save" updated configuration. >> Filter 2 #

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Non-cached traffic 의 bypass 를 위한 default filter 생성하기 4. Configuration >> Filter 2 #../filt [Filter 224 Menu] adv - Filter Advanced Menu smac - Set source MAC address dmac - Set destination MAC address sip - Set source IP address smask - Set source IP mask dip - Set destination IP address dmask - Set destination IP mask proto - Set IP protocol sport - Set source TCP/UDP port or range dport - Set destination TCP/UDP port or range action - Set action group - Set real server group for redirection rport - Set real server port for redirection nat - Set which addresses are network address translated invert - Enable/disable filter inversion ena - Enable filter dis - Disable filter del - Delete filter cur - Display current filter configuration >> Filter 2 #../filt [Filter 224 Menu] adv - Filter Advanced Menu smac - Set source MAC address dmac - Set destination MAC address sip - Set source IP address smask - Set source IP mask dip - Set destination IP address dmask - Set destination IP mask proto - Set IP protocol sport - Set source TCP/UDP port or range dport - Set destination TCP/UDP port or range action - Set action group - Set real server group for redirection rport - Set real server port for redirection nat - Set which addresses are network address translated invert - Enable/disable filter inversion ena - Enable filter dis - Disable filter del - Delete filter cur - Display current filter configuration >> Filter 224 # sip any Current source address: any New pending source address: any >> Filter 224 # dip any Current destination address: any New pending destination address: any >> Filter 224 # proto any Current protocol: any Pending new protocol: any >> Filter 224 # action allow Current action: allow Pending new action: allow >> Filter 224 # ena Current status: disabled New status: enabled >> Filter 224 # apply Apply complete; don't forget to "save" updated configuration. >> Filter 224 # >> Filter 224 # sip any Current source address: any New pending source address: any >> Filter 224 # dip any Current destination address: any New pending destination address: any >> Filter 224 # proto any Current protocol: any Pending new protocol: any >> Filter 224 # action allow Current action: allow Pending new action: allow >> Filter 224 # ena Current status: disabled New status: enabled >> Filter 224 # apply Apply complete; don't forget to "save" updated configuration. >> Filter 224 #

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved Client 가 연결되는 port 에 filter 적용하기 4. Configuration >> Filter 224 #../port 5  client 가 연결되어 있는 port [SLB port 5 Menu] client - Enable/disable client processing server - Enable/disable server processing hotstan - Enable/disable hot-standby processing intersw - Enable/disable inter-switch processing proxy - Enable/disable use of PIP for ingress traffic pip - Set Proxy IP address for port filt - Enable/disable filtering add - Add filter to port rem - Remove filter from port cur - Display current port configuration >> Filter 224 #../port 5  client 가 연결되어 있는 port [SLB port 5 Menu] client - Enable/disable client processing server - Enable/disable server processing hotstan - Enable/disable hot-standby processing intersw - Enable/disable inter-switch processing proxy - Enable/disable use of PIP for ingress traffic pip - Set Proxy IP address for port filt - Enable/disable filtering add - Add filter to port rem - Remove filter from port cur - Display current port configuration >> SLB port 5# add 2  filter 2 추가 Filter 2 added to port 5. >> SLB port 5# add 224  filter 224 추가 Filter 224 added to port 5. >> SLB port 5# filt enable Current port 5 filtering: disabled New port 5 filtering: enabled >> SLB port 5# apply Apply complete; don't forget to "save" updated configuration. Also note that the following changes are still pending, waiting for a reset of the switch to take effect: Current value... new value Filtering: Filter 2: Filter 224: >> SLB port 5# >> SLB port 5# add 2  filter 2 추가 Filter 2 added to port 5. >> SLB port 5# add 224  filter 224 추가 Filter 224 added to port 5. >> SLB port 5# filt enable Current port 5 filtering: disabled New port 5 filtering: enabled >> SLB port 5# apply Apply complete; don't forget to "save" updated configuration. Also note that the following changes are still pending, waiting for a reset of the switch to take effect: Current value... new value Filtering: Filter 2: Filter 224: >> SLB port 5#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 적용하기 4. Configuration >> SLB port 5#..  상위 메뉴 (layer 4) 로 이동 [Layer 4 Menu] real - Real Server Menu group - Real Server Group Menu virt - Virtual Server Menu filt - Filtering Menu port - Layer 4 Port Menu gslb - Global SLB Menu url - URL Resource Definition Menu sync - Config Synch Menu adv - Layer 4 Advanced Menu on - Globally turn Layer 4 processing ON off - Globally turn Layer 4 processing OFF cur - Display current Layer 4 configuration >> SLB port 5#..  상위 메뉴 (layer 4) 로 이동 [Layer 4 Menu] real - Real Server Menu group - Real Server Group Menu virt - Virtual Server Menu filt - Filtering Menu port - Layer 4 Port Menu gslb - Global SLB Menu url - URL Resource Definition Menu sync - Config Synch Menu adv - Layer 4 Advanced Menu on - Globally turn Layer 4 processing ON off - Globally turn Layer 4 processing OFF cur - Display current Layer 4 configuration >> Layer 4# on Current status: OFF New status: ON >> Layer 4# apply Apply complete; don't forget to "save" updated configuration. >> Layer 4# >> Layer 4# on Current status: OFF New status: ON >> Layer 4# apply Apply complete; don't forget to "save" updated configuration. >> Layer 4#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 저장하기 4. Configuration >> Layer 4# save Request will first copy the FLASH "active" config to "backup", then overlay FLASH "active" with new config. Confirm saving to FLASH [y/n]: y Compressing FLASH New config successfully saved to FLASH. Switch is currently set to use factory default config block on next boot. Do you want to change that to the active config block? [y/n] y Next boot will use active config block. >> Layer 4# >> Layer 4# save Request will first copy the FLASH "active" config to "backup", then overlay FLASH "active" with new config. Confirm saving to FLASH [y/n]: y Compressing FLASH New config successfully saved to FLASH. Switch is currently set to use factory default config block on next boot. Do you want to change that to the active config block? [y/n] y Next boot will use active config block. >> Layer 4#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved 상태보기 4. Configuration >> Main# /info/slb  slb 모드로 이동 [Server Load Balancing Information Menu] sess - Session Table Information Menu real - Show real server information virt - Show virtual server information filt - Show redirect filter information port - Show port information gslb - Show GSLB information dump - Show all layer 4 information >> Main# /info/slb  slb 모드로 이동 [Server Load Balancing Information Menu] sess - Session Table Information Menu real - Show real server information virt - Show virtual server information filt - Show redirect filter information port - Show port information gslb - Show GSLB information dump - Show all layer 4 information

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 4. Configuration >> Main# /cfg/dump script start "ACEdirector 3" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 3:21:16 Sat Dec 15, 2001 /* Version , Base MAC address 00:60:cf:42:61:90 /* /cfg/sys idle 5 bootp ena snmp w http ena wport 80 /* >> Main# /cfg/dump script start "ACEdirector 3" 4 /**** DO NOT EDIT THIS LINE! /* Configuration dump taken 3:21:16 Sat Dec 15, 2001 /* Version , Base MAC address 00:60:cf:42:61:90 /* /cfg/sys idle 5 bootp ena snmp w http ena wport 80 /* /cfg/port 1 ena tag dis pvid 1 cont 256 /cfg/port 1/fast speed any fctl both mode any auto on /cfg/port 2 ena tag dis pvid 1 cont 256 /cfg/port 2/fast speed any fctl both mode any auto on /cfg/port 1 ena tag dis pvid 1 cont 256 /cfg/port 1/fast speed any fctl both mode any auto on /cfg/port 2 ena tag dis pvid 1 cont 256 /cfg/port 2/fast speed any fctl both mode any auto on

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 ( 계속 ) 4. Configuration /cfg/port 3 ena tag dis pvid 1 cont 256 /cfg/port 3/fast speed any fctl both mode any auto on /cfg/port 4 ena tag dis pvid 1 cont 256 /cfg/port 4/fast speed 0? fctl none mode 0? auto off /cfg/port 3 ena tag dis pvid 1 cont 256 /cfg/port 3/fast speed any fctl both mode any auto on /cfg/port 4 ena tag dis pvid 1 cont 256 /cfg/port 4/fast speed 0? fctl none mode 0? auto off /cfg/port 5 ena tag dis pvid 1 cont 256 /cfg/port 5/fast speed any fctl both mode any auto on /cfg/port 6 ena tag dis pvid 1 cont 256 /cfg/port 6/fast speed any fctl both mode any auto on /cfg/port 5 ena tag dis pvid 1 cont 256 /cfg/port 5/fast speed any fctl both mode any auto on /cfg/port 6 ena tag dis pvid 1 cont 256 /cfg/port 6/fast speed any fctl both mode any auto on

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 ( 계속 ) 4. Configuration /cfg/port 7 ena tag dis pvid 1 cont 256 /cfg/port 7/fast speed any fctl both mode any auto on /cfg/port 8 ena tag dis pvid 1 cont 256 /cfg/port 8/fast speed any fctl both mode any auto on /cfg/port 7 ena tag dis pvid 1 cont 256 /cfg/port 7/fast speed any fctl both mode any auto on /cfg/port 8 ena tag dis pvid 1 cont 256 /cfg/port 8/fast speed any fctl both mode any auto on /cfg/port 9 ena tag dis pvid 1 cont 256 /cfg/port 9/gig fctl both auto on /* /cfg/port 9 ena tag dis pvid 1 cont 256 /cfg/port 9/gig fctl both auto on /*

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 ( 계속 ) 4. Configuration /cfg/ip rearp 10 metrc strict /cfg/ip/if 1 ena addr mask broad vlan 1 /cfg/ip/frwd/on dirbr disabled /* /cfg/slb/url/redir cooki dis urlal ena nocache ena hash disable header dis host /cfg/ip rearp 10 metrc strict /cfg/ip/if 1 ena addr mask broad vlan 1 /cfg/ip/frwd/on dirbr disabled /* /cfg/slb/url/redir cooki dis urlal ena nocache ena hash disable header dis host /cfg/slb/url/lb add "any" /* /cfg/slb on /cfg/slb/adv direc dis imask mnet mmask pmask grace dis btshf 0 matrix ena /cfg/slb/real 1 ena rip weight 1 maxcon /cfg/slb/url/lb add "any" /* /cfg/slb on /cfg/slb/adv direc dis imask mnet mmask pmask grace dis btshf 0 matrix ena /cfg/slb/real 1 ena rip weight 1 maxcon

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 ( 계속 ) 4. Configuration backup none inter 2 remot dis tmout 10 retry 4 restr 8 proxy ena submac dis nocook dis exclude dis /cfg/slb/group 1 metric leastconns backup none healt tcp realthr 0 add 1 /* /cfg/slb/gslb/lookup lookups disabled backup none inter 2 remot dis tmout 10 retry 4 restr 8 proxy ena submac dis nocook dis exclude dis /cfg/slb/group 1 metric leastconns backup none healt tcp realthr 0 add 1 /* /cfg/slb/gslb/lookup lookups disabled /* /cfg/slb/filt 2 ena actio redir sip any smask dip any dmask proto tcp sport any dport http group 1 rport 80 /cfg/slb/filt 2/adv /* /cfg/slb/filt 2 ena actio redir sip any smask dip any dmask proto tcp sport any dport http group 1 rport 80 /cfg/slb/filt 2/adv

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration 모두 보기 ( 계속 ) 4. Configuration /cfg/slb/filt 224 ena actio allow sip any smask dip any dmask proto any /cfg/slb/filt 224/adv /cfg/slb/port 5/ filt ena add 2 add 224 /* /script end /**** DO NOT EDIT THIS LINE! >> Configuration# /cfg/slb/filt 224 ena actio allow sip any smask dip any dmask proto any /cfg/slb/filt 224/adv /cfg/slb/port 5/ filt ena add 2 add 224 /* /script end /**** DO NOT EDIT THIS LINE! >> Configuration#

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved configuration backup 하기  4.13 절에서 dump 한 것을 text file 로 저장하면 된다.  또한, 이 file 을 필요한 부분만 편집하여 별도 file 로 만든 후 다른 장비의 console 에서 붙혀 넣기를 하면 간편하게 configuration 할 수 있다. 4. Configuration

Copyrights© 2001 by Comtec Informations Co., Ltd. All rights reserved default configuration 으로 만들기 4. Configuration >> Main# boot [Boot Options Menu] image - Select software image to use on next boot conf - Select config block to use on next boot tftp - Download new software image via TFTP reset - Reset switch [WARNING: Restarts Spanning Tree] cur - Display current boot options >> Boot Options# conf Currently set to use active config block on next boot. Specify new block to use ["active"/"backup"/"factory"]: factory Next boot will use factory default config block instead of active. >> Boot Options# reset Reset will use software "image1" and the factory default config block. >> Note that this will RESTART the Spanning Tree, >> which will likely cause an interruption in network service. Confirm reset [y/n]: y Resetting at 4:27:18 Sat Dec 15, >> Main# boot [Boot Options Menu] image - Select software image to use on next boot conf - Select config block to use on next boot tftp - Download new software image via TFTP reset - Reset switch [WARNING: Restarts Spanning Tree] cur - Display current boot options >> Boot Options# conf Currently set to use active config block on next boot. Specify new block to use ["active"/"backup"/"factory"]: factory Next boot will use factory default config block instead of active. >> Boot Options# reset Reset will use software "image1" and the factory default config block. >> Note that this will RESTART the Spanning Tree, >> which will likely cause an interruption in network service. Confirm reset [y/n]: y Resetting at 4:27:18 Sat Dec 15,