Coyote Point Systems Equalizer Especificaciones Pagina 309
- Pagina / 594
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Front-End-Https: on
7. Select commit to modify the cluster.
Performance Considerations for HTTPS Clusters
Layer 7 HTTPS clusters have several options that can have a significant impact on the performance and behavior
of the cluster:
1. The injection of a customheader to provide transaction-specific information to the server. For example, to
tell the server that Equalizer terminated the HTTPS connection and performed SSL processing on the
incoming request (see the previous section, above).
2. The "munging", or translation, of HTTP redirects to HTTPS redirects (see the description of the no header
rewrite flag under Modifying a Layer 7 Virtual Cluster).
3. The once only flag. This flag is present to speed up processing of HTTP requests by only looking at the
first request, but since HTTPS has a lot of overhead associated with it anyway, turning this flag off does not
reduce HTTPS performance. Furthermore, having this flag on for HTTPS clusters causes some
applications to not function as needed.
In general, it is recommended to turn the once only flag off for HTTPS clusters. In order to inject custom headers
and rewrite headers in every transaction in a connection, turning off once only is required.
HTTPS Performance and Xcel SSL Acceleration
The E650GX and E450GX include the Xcel SSL Accelerator Card. Equalizer models without Xcel (E250GX and
E350GX) performs all SSL processing in software using the system CPU. Equalizers with Xcel perform all SSL
processing using the dedicated processor on the Xcel card. This allows the system CPU to concentrate on non-
SSL traffic. For most applications, Xcel will process several hundred HTTPS transactions per second with no
noticeable degradation in performance either for the HTTPS cluster or for Equalizer as a whole.
In terms of bulk data throughput, the theoretical maximum throughput for Xcel/HTTPS is roughly 50% of that for
the Equalizer in HTTP mode: Equalizer models with gigabit Ethernet can move HTTP traffic at wire speed
(1Gbit/s) for large transfers, while Xcel can encrypt only approximately 400Mbit/s with 3DES/SHA1 or 600Mbit/s
with RC4/MD5. This reflects the fact that Xcel is primarily a transaction accelerator, not a bulk data encryption
device. It is noteworthy, however, that even when moving bulk data at 600Mbit/s, Xcel removes the entire load of
HTTPS/SSL processing from the server pool in the cluster.
One final issue to be aware of is that Xcel supports only 3DES and RC4 encryption; it does not support AES. It
also does not support SSL or TLS cipher suites that use ephemeral or anonymous Diffie-Hellman exchange (cipher
suites whose names contain "EDH", "DHE", or "ADH").
The default configuration for HTTPS clusters created with Xcel enabled will not use the modes described above.
If, however, one either modifies the cluster’s cipher suite string to use them, it is possible that they may be
negotiated with clients. This will not lead to incorrect operation of the system, but encryption for these cipher
suites will occur in software instead of taking advantage of the improved performance provided by the Xcel
hardware.
HTTPS Header Injection
Copyright © 2013 Coyote Point Systems. A subsidiary of Fortinet, Inc.
All Rights Reserved.
309
Equalizer Administration Guide
- Equalizer 1
- Administration Guide 1
- Table of Contents 3
- Upgrading and Downgrading 57 4
- Licensing Equalizer 67 4
- Configuring Access 73 4
- Network Configuration 77 4
- Working in the CLI 127 5
- Using the GUI 191 7
- Servers 243 8
- Clusters 259 9
- Match Rules 317 10
- Logging 399 13
- Failover 423 13
- Alerts 483 14
- Using SNMP Traps 493 14
- User and Group Management 499 15
- Using Envoy 513 15
- Glossary 577 17
- Chapter 1 19
- Introduction 19
- Chapter Summary 20
- Using the WebHelp 22
- Glossary 24
- Server pools 25
- Typographical Conventions 26
- Where to Go for More Help 27
- Chapter 2 29
- Equalizer Overview 29
- About Equalizer 30
- Intelligent Load Balancing 30
- Load Balancing Configuration 31
- How a Server is Selected 33
- Server Selection Process Flow 35
- Persistence 37
- Geographic Load Balancing 39
- Sizing of Equalizer Objects 40
- Chapter 3 41
- Installation 41
- Warnings and Precautions 42
- Power Requirements 43
- Power Consumption 43
- Operating Environment 45
- Regulatory Certification 45
- Hardware Installation 46
- Chapter 4 49
- Chapter 5 57
- Upgrading and Downgrading 57
- Version 8.6 Upgrade Procedure 58
- Downgrading to Version 8.6 62
- Chapter 6 67
- Licensing Equalizer 67
- Removing Licenses 69
- Chapter 7 73
- Configuring Access 73
- Default Login 74
- Creating Additional Logins 74
- Serial Access 74
- Network Access 74
- VLAN Subnet Network Services 75
- Chapter 8 77
- Networking Conventions 78
- Networking Technologies 78
- Blank Configuration 82
- Single VLAN/Subnet 82
- Rules 4 and 5 84
- Dual VLAN/Network 85
- Rules 5 and 6 86
- Networks 95
- Configuring VLANs 100
- All Rights Reserved 101
- Configuring Subnets 103
- About Permitted Subnets 104
- Configuring Outbound NAT 105
- Managing Interface Ports 107
- Network Configuration 108
- Displaying Port Statistics 109
- Policy Routing 110
- Source Selection 113
- Source Routing Scenarios 115
- Source, Destination Specified 119
- Generated by Equalizer 120
- Enabling DNS 121
- Configuring NTP 121
- NTP and Plotting 122
- Default NTP Configuration 122
- Selecting an NTP Server 122
- Managing NTP 123
- Default Source Selection 124
- Source Routing Table 124
- IP Filter Rules 124
- Network Troubleshooting Tools 126
- Chapter 9 127
- Working in the CLI 127
- Starting the CLI 128
- Exiting the CLI 129
- Object Relationships 132
- Command Line Editing 133
- Enabling and Disabling Flags 134
- Queued Commands 137
- Context Help 138
- Global Parameters 139
- Context Command Summaries 140
- Global Commands 141
- Licensing Commands 143
- Certificate Commands 144
- Cluster Flags 150
- External Services Commands 155
- GeoCluster Context Commands 156
- Geosite Instance Flags 157
- GeoSite Commands 159
- Interface Commands 160
- TransmitCounters 161
- Receive Counters 161
- Object List Commands 163
- Peer Commands 164
- Peer Context Commands 165
- Peer Context Command Flags 165
- Responder Commands 166
- (quotes are optional) 167
- Server Commands 168
- Server Instance Flags 171
- Health Check Instance Flags 172
- Load Balancing Policies 173
- Aggressive Load Balancing 175
- Dynamic Weight Oscillations 175
- SNMP Commands 176
- Enabling SNMP (CLI) 177
- 172net:Default 178
- Tunnel Commands 179
- User Commands 180
- User-alertContext Commands 181
- User Alert Notify Type Flags 181
- User Flags 182
- Setting the Locale 182
- Creating a User 182
- Deleting a User 183
- User Passwords 183
- User Permissions 183
- Displaying User Information 185
- VLAN and Subnet Commands 186
- VLAN Subnet Flags 187
- VLAN and Subnet Command Notes 188
- VLAN Subnets 189
- VLAN IP Addresses 189
- VLAN Services 189
- Routing Between VLANs 189
- Chapter 11 191
- Using the GUI 191
- Logging In 192
- 1. Left Navigational Pane 193
- 2. Help Buttons/Options 195
- Global Settings 196
- Failover Section 197
- Global Service Settings Flags 198
- MIB Compliance 200
- Certificates 201
- Certificate Revocation Lists 202
- Events Log 205
- Export to CSV 206
- Filtering Status Details 206
- Remote Syslog 206
- External Services 207
- VLB Manager 208
- Maintenance 210
- Licensing 211
- Manage Software 211
- Current Boot Image 212
- EQ/OS Release Status 212
- Interfaces 215
- Modifying Port Settings 217
- Reporting 220
- Chapter 12 223
- Configuring an IPv6 Tunnel 223
- IPv6 Tunnel Overview 224
- Chapter 13 229
- Managing Server Pools 230
- Server Pool Summary (GUI) 233
- Adding Server Instances(GUI) 236
- Adding Server Instances (CLI) 239
- > context 240
- Deleting a Server Pool (GUI) 241
- Deleting a Server Pool (CLI) 242
- Chapter 14 243
- Spoof Controls SNAT 245
- How Spoof Influences Routing 245
- Managing Servers 246
- Layer 7 HTTPS 247
- "Maximum Connections 248
- Adding a Server (CLI) 249
- Modifying a Server (CLI) 249
- Server Summary Screen 250
- Server Software Configuration 250
- Adding a Server to a Cluster 251
- Processing 255
- Deleting a Server 257
- Chapter 15 259
- Clusters 259
- Cluster Connection Timeouts 261
- Layer 4 Connection Timeouts 265
- Application Server Timeouts 266
- Adding and Deleting Clusters 267
- Cluster Summary 270
- Customizing the Display 271
- "Configuring 274
- TCP Cluster Persistence 275
- TCP Cluster Timeouts 276
- Layer 7 TCP Cluster Settings 288
- Persistence Methods 291
- Cookie Parameters 292
- Source IP Parameters 293
- Layer 7 Cluster Reporting 296
- Server Name Indication 299
- Security > 300
- About Passive FTP Translation 303
- Enabling Sticky Connections 303
- HTTPS Header Injection 309
- FTP Cluster Configuration 311
- Chapter 16 317
- Match Rules 317
- Using Match Rules 318
- How Match Rules are Processed 319
- Match Rule Order 319
- Match Rule Expressions 321
- Match Bodies 323
- Match Rule Functions 324
- Match Rule Operators 327
- Match Rule Definitions 327
- /var/eq/eq.conf 328
- Match Rule Expression Notes 329
- Regular Expressions 330
- Supported Headers 330
- HTTPS Protocol Matching 331
- Supported Characters in URIs 331
- Managing Match Rules 332
- Creating a New Match Rule 333
- Modifying a Match Rule 336
- Removing a Match Rule 336
- Example Match Rules 337
- Selective SNAT Example 340
- Add Match Rule form 342
- Chapter 17 347
- Automatic Cluster Responders 347
- Overview 348
- Managing Responders 348
- Modifying a Responder 350
- More Responder Examples 356
- Responders and Hot Spares 356
- Chapter 18 359
- HTTP Multiplexing 360
- Outbound NAT 362
- Direct Server Return (DSR) 363
- /etc/sysctl: 366
- Chapter 19 369
- Server Health Check Probes 369
- Layer 3 ICMP Probes 370
- Requests 371
- L4 UDP Probes 372
- L4 TCP/IP Probes 373
- Enabling/Disabling ACV Probes 374
- Testing ACV Probes 375
- Simple Health Check Probes 378
- Server Agents 382
- Sample Server Agent 383
- VLB Health Check Probes 384
- Configure VLB Managers 386
- Add health checks 388
- Add Health Checks 392
- Health Check Timeouts 394
- Chapter 20 399
- Displaying Logs 400
- Remote System Logging 400
- Chapter 21 403
- CLI Term GUITerm Definition 405
- Statistics pane on the 409
- (CLI and GUI) 410
- Reporting tab to display 416
- Server Statistic Definitions 417
- Chapter 22 423
- Failover 423
- Understanding Failover 424
- Both Units Using EQ/OS 10 425
- Active/Passive Failover 432
- Active/Active Failover 432
- Failover Modes 433
- Failover Status display: 434
- Global Failover Parameters: 437
- Between Two EQ/OS 10 Systems 439
- 172net is displayed 442
- Perform Steps 1 and 2 on 443
- Equalizers 443
- Perform Step 3 on the 444
- Perform Steps 4 and 5 on the 445
- Perform Step 6 on the 446
- Perform Step 7 on 447
- Failover flag 451
- Perform Steps 7 on 453
- Failover is not configured.: 455
- Two EQ/OS 10 Systems 456
- Primary Equalizer 457
- Backup Equalizer 457
- 10 Systems 460
- Configuration 461
- Monitoring N+1 Failover 462
- Rebalancing 466
- Eq-B and Eq-C: 468
- Eq-A and Eq-B: 470
- Eq-A or Eq-B 470
- Eq-A, Eq-C, and Eq-D: 480
- Chapter 23 483
- Overview of Alerts 484
- Alert Object Names 484
- Alert Types and Object Types 484
- Alert Notification Types 485
- Configuring Alerts 486
- Configuring Alerts in the CLI 487
- Alert Parameters 488
- Server Instance Alerts 488
- Server Alerts 488
- AlertNotifications 489
- Displaying Notifications 490
- Setting the Interval 491
- Removing Notification Alerts 491
- Chapter 24 493
- Using SNMP Traps 493
- Setting Up SNMP Traps 494
- Enabling SNMP 495
- Enabling SNMP Traps 497
- Chapter 25 499
- User and Group Management 499
- Practices 500
- Object Permission Types 500
- Administrative Setup 507
- Chapter 26 513
- Using Envoy 513
- Balancing 514
- DNSConfiguration 515
- Using Envoy with NAT Devices 517
- Configuring GeoClusters 518
- Adding a GeoCluster (GUI) 521
- Deleting a GeoCluster (GUI) 522
- Adding a GeoCluster (CLI) 522
- Deleting a GeoCluster (CLI) 522
- Configuring GeoSites 526
- Adding a GeoSite (GUI) 527
- Deleting a GeoSite (GUI) 528
- Adding a GeoSite (CLI) 528
- Deleting GeoSite (CLI) 528
- GeoSite Instance Parameters 528
- Resources 534
- Name a GeoSite Resource (GUI) 536
- Name a GeoSite Resource (CLI) 537
- Chapter 27 541
- Backup and Restore 541
- Backup (GUI) 542
- Backup (CLI) 543
- Restore (GUI) 544
- Restore (CLI) 545
- Chapter 28 547
- Regular Expression Terms 548
- Learning About Atoms 548
- Creating a Bracket Expression 549
- Appendix A 553
- Physical Dimensions 553
- Appendix B 555
- Using the File Editor 555
- Editing Files 556
- Main and Submenu Commands 557
- Appendix C 559
- Conversion Process 560
- _000 and _001 561
- Migration Process 562
- Appendix D 567
- Equalizer OnDemand 567
- What is Equalizer OnDemand? 568
- OnDemand 570
- Licensing Equalizer OnDemand 573
- Upgrading Equalizer OnDemand 575
Relacionado con productos y manuales para Ecualizadores de audio Coyote Point Systems Equalizer
(22 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.410 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales