 Print-friendly Version
Setting Up F5 Networks' BIG-IP System With Sun Java System Application ServerPrashanth Abbagani with contributions from Vivek Sedhumadhavan, September 2006 Abstract: This deployment guide shows how to direct traffic for Sun Java System Application Server deployments using the BIG-IP system from F5 Networks. Contents:
Sun Microsystems and F5 Networks have developed an effective way to direct traffic for Sun Java System Application Server deployments using the BIG-IP application traffic management device. When deployed with the Java System Application Server, the BIG-IP product can offer fast delivery, always-on access, peak security, and easy expansion for applications running on the Application Server. F5 Networks' award-winning application traffic management products are designed to give enterprises increased security and higher uptime. With Java System Application Server, these products can provide better performance from applications that are based on the Application Server, as well as an improved return on investment for e-business infrastructures. For more information on the BIG-IP system, see the F5 Networks web site. For further information on Sun Java System Application Server, see Sun.com. Prerequisites and General Configuration InformationThe following are prerequisites for using this deployment guide:
Note: All of the configuration procedures in this document are performed on the BIG-IP system. For specific information on how to configure Sun Java System Application Server, consult the documentation provided by Sun. This article is written with the assumption that you are familiar with both the BIG-IP system and Sun Java System Application Server. For more information on configuring these products, consult the appropriate documentation. Configuration Example The BIG-IP system provides intelligent traffic management and high availability for Sun Java System Application Server deployments. Through advanced health-checking capabilities, the BIG-IP product recognizes when resources are unavailable or under-performing and directs traffic to another resource. The BIG-IP device tracks Java System Application Server end-user sessions, which helps the client maintain session state with the servers. The following diagram shows an example deployment with Java System Application Server and the BIG-IP system. To deploy this sample application, a horizontally scalable, tiered network architecture will be used. The goal is to load-balance requests across a group of application servers.
Figure 1: Deployment and Configuration of Sample Application Server Cluster Options for Application Server Option I, Project GlassFish: Since Project GlassFish is targeted at developers, it does not provide support for multi-machine administration and failover. However, you will install Project Glassfish on two hosts and cluster them with the BIG-IP system. Option II, Sun Java System Application Server, Enterprise Edition: You will install the application server, create a cluster with two application server instances running on two different hosts, and deploy the sample application to this cluster. You will then cluster these two instances with the BIG-IP system. Sample Application
The sample application Executed From Server: server-10.foo.com Hardware Setup Do the following to configure the hardware:
Configuring BIG-IP System for Deployment With Sun Java System Application ServerTo configure the BIG-IP product to load-balance instances of Sun Java System Application Server, complete the procedures covered in the following sections:
Important: If your Java System Application Server deployment uses SSL, follow the procedures in the section below called Configuring the BIG-IP System for Sun Java System Application Server Deployments With SSL Traffic. The BIG-IP system offers both web-based and command-line configuration tools so that users can work in the environment with which they are most comfortable. This deployment guide contains procedures to configure the BIG-IP system using the BIG-IP web-based Configuration utility. If you are familiar with using the bigpipe command-line interface, you can use the command line to configure the BIG-IP device. However, it is recommended that you use the Configuration utility. Connecting to the BIG-IP DeviceThe first step in this configuration is to connect to the BIG-IP system. The following procedures show how to access the BIG-IP web-based Configuration utility using a web browser. Connecting to the BIG-IP System Using the Configuration Utility 1. In a browser, type the following URL: 2. Type your user name and password, and click OK. The Configuration Status screen opens. Once you are logged onto the BIG-IP system, the initial screen, called the Configuration Status page, displays. From the Configuration Status page, you can access the Configuration utility, documentation such as manuals and release notes, and software downloads. 3. From the Configuration Status screen, click Configure your BIG-IP using the Configuration utility. The Configuration utility opens to the Network Map screen. Creating the PoolThe first procedure in this configuration is to configure a pool for the instances of Java System Application Server. A BIG-IP pool is a set of devices grouped together to receive traffic according to a load-balancing method. In this example, you configure one pool for your Application Server instances. For this pool you use cookie persistence Insert mode, the recommended persistence method for Java System Application Server. Creating the Pool From the Configuration Utility 1. In the navigation pane, click Pools. The Pools screen opens. 2. Click the Add button. The Add Pool screen opens.
3. In the Pool Name box, enter a name for your pool. In this example 4. In the Load Balancing Method box, enter your preferred load-balancing method (different load-balancing methods may yield optimal results for a particular network). In this example, Round Robin (member) is selected, where connections are distributed evenly across all members in the pool. 5. In the Resources section, add the web servers to the pool.
6. The other fields in the Add Pool screen are optional. Configure these fields as applicable for your network. (For additional information about configuring a pool, click the Help button.) 7. Click the Done button.
Figure 2: Creating the Pool
8. In the Pool screen, from the Pool Name list, click the name of the pool you just created. In this example 9. Click the Persistence tab. The Persistence screen for the pool opens. 10. In the Persistence Type section, click the option button for Active HTTP Cookie. 11. From the Method list, select Insert. 12. In the Expiration box, type an expiration for the cookie. In this example, 30 is typed in the Minutes box. Important: The cookie expiration should be at least equal to the application session timeout for the instances of Java System Application Server. The default application session timeout is 30 minutes. You could also leave the Expiration blank, and the cookie will expire when the browser is closed. 13. Click the Apply button.
Figure 3: Configuring the Cookie Persistence Command-Line Configuration If you are using the command line, type the following:
app-bigip:~# b pool sjsas_http { member 122.10.10.1:38080 member
122.10.10.2:38080 lb_method rr persist cookie cookie_mode insert
cookie_expiration 0d 00:30:00}
The command-line alternative substitutes for steps 1 through 13 above. The command should be entered on one line. Creating the Virtual ServerThe next step in this configuration is to define a virtual server that references the pool you just created. Creating the HTTP Virtual Server Using the Configuration Utility 1. In the navigation pane, click Virtual Servers. The Virtual Servers screen opens. 2. Click the Add button. The Add Virtual Server screen opens.
3. Enter the IP address and service for the virtual server, then click the Next button. In this example
4. Click the Pool option button, and from the list select the pool
you created in the Creating the Pool section. In this example
Figure 4: Creating the Virtual Server 5. Click the Done button. For additional information about configuring a virtual server, click the Help button. To view the virtual server, click the virtual server in the list. In this example the virtual server properties are shown in Figure 5.
Figure 5: Configuring the Virtual Server Command-Line Configuration If you are using the command line, type the following: app-bigip:~# b virtual 192.10.10.1:80 use pool sjsas_http The command-line alternative substitutes for steps 1 through 5 above. Configuring an HTTP Health MonitorNow configure the optional HTTP Extended Content Verification (ECV) monitor. In this example an HTTP ECV monitor is configured for the instances of Java System Application Server. 1. In the navigation pane, click Monitors. The Network Monitors screen opens. 2. Click the Add button. The Add Monitor dialog box opens.
3. In the Add Monitor screen, type the name of your monitor (it must
be different from the monitor template name). In this example,
Figure 6: Creating the HTTP Monitor 4. In the Configure Basic Properties section, type an Interval and Timeout value. We recommend at least a 1:3 +1 ratio between the interval and the timeout (for example, the default setting has an interval of 5 and a timeout of 16). A slightly higher ratio is recommended. In this example, 30 is entered for the Interval and 91 for the Timeout. Click the Next button. The Configure ECV HTTP Monitor screen opens. 5. In the Configure ECV HTTP Monitor screen, you can add a Send String and Receive Rule specific to that application. Complete the relevant information, and click the Done button. The Add Monitor dialog box closes, and you return to the Network Monitors screen.
Figure 7: Configuring the HTTP Monitor Command-Line Configuration If you are using the command line, type the following: app-bigip:~# b monitor sjsas_http_monitor '{use http
interval 30 timeout 91 send
"GET /index.html HTTP/1.0" recv "" }'
The command-line alternative substitutes for steps 1 through 5 above. 6. From the Network Monitors screen, click the Basic Associations tab. The Basic Association screen opens.
7. In the Node section, select from the list the name of the monitor you created in Step 3. In this example
8. In the Node column, locate the Java System Application Server nodes relevant to this monitor, and make a check mark in the Add box for each node.
In this example, we checked the Add box for
Figure 8: Associating the Monitor to the Nodes
9. Click Apply. You now see the Command-Line Configuration If you are using the command line, type the following: app-bigip:~# b node 122.10.10.1:38080 122.10.10.2:38080 monitor use sjsas_http_monitor The command-line alternative substitutes for steps 6 through 9 above. Configuring the BIG-IP System for Sun Java System Application Server Deployments With SSL TrafficIf your Java System Application Server deployment requires SSL, the configuration on the BIG-IP system is slightly different. For Application Server deployments using SSL, you need to configure an SSL proxy and a loopback virtual server on the BIG-IP system, in addition to creating the pool and health monitor. Note: If you are not using SSL in your deployment, you do not need to perform these steps. To configure the BIG-IP for directing SSL traffic to the instances of Java System Application Server, you need to complete the following procedures from the earlier sections of this document: Then follow these additional procedures: Creating the Loopback Virtual Server for the SSL ProxyThe SSL proxy uses a loopback virtual server for the SSL proxy. To create this loopback virtual server, use the following steps. Note: Before you configure the virtual server, you must have already configured the pool (see Creating the Pool). To create the loopback virtual server, do the following: 1. In the navigation pane, click Virtual Servers. The Virtual Servers screen opens. 2. Click the Add button. The Add Virtual Server screen opens.
3. Enter the IP address and service for the loopback virtual server, then click the Next button. In this example
4. Click the Pool option button, and from the list, select the pool you created in the Creating the Pool section. In this example 5. Click the Done button. For additional information about configuring a virtual server, click the Help button. 6. To view the virtual server, click the virtual server in the list. For more information on configuring the proxy addresses, refer to the BIG-IP Reference Guide. Command-Line Configuration If you are using the command line, type the following: app-bigip:~# b virtual 150.10.10.1:80 use pool sjsas_http The command-line alternative substitutes for steps 1 through 6 above. Creating the SSL ProxyThe next step is to create an SSL proxy. An SSL proxy is a gateway for decrypting HTTP requests to an HTTP server and encrypting the reply. The SSL proxy on the BIG-IP system offloads the task of SSL encryption/decryption from the server, which frees processing cycles for those servers, and provides a central location for certificate management. Important: Before creating the SSL proxy on the BIG-IP system, you should have a certificate issued by a recognized certificate authority. To create an SSL proxy from the Configuration utility, do the following: 1. From the navigation pane, click Proxies. The Proxies screen opens. 2. Click the Add button. The Add Proxy screen appears. 3. In the Proxy Type section, make a check mark in the SSL box.
4. In the Proxy Address box, type the originating (source) IP address. This must be a valid IP address or host name. For a web site, use the registered address to which your clients connect. In this example
5. In the Proxy Service box, type 6. In the Destination Address box, type the address of the loopback virtual server you created in the Creating the Loopback Virtual Server for the SSL Proxy section.
7. In this example
8. In the Destination Service box, type the same port you used for the pool in the Creating the Pool section. In this example 9. In the SSL Certificate box, type the name of the SSL certificate for the server, or select it from the list. 10. In the SSL Key box, type the SSL key for the server, or select it from the list of installed keys. Be sure to choose the key that you used to create the certificate you selected in the SSL Certificate box.
Figure 9: Adding the SSL Proxy 11. Click the Next button. 12. From the Rewrite Redirects list, select All. When you select All, the proxy always rewrites URIs as if they matched the originally requested URIs. 13. The other fields in the Add Proxy window are optional. Configure these fields as applicable for your network. (For additional information about configuring a Proxy, click the Help button.) 14. Click the Done button to add the Proxy. Command-Line Configuration If you are using the command line, type the following: app-bigip:~# b proxy 192.10.10.2:https target virtual 150.10.10.1:http clientssl enable clientssl key sjsas_key clientssl cert sjsas_certificate The command-line alternative substitutes for the steps above. Important: Be sure to perform the procedures in the section Configuring an HTTP Health Monitor before finishing the configuration. TestingTesting the Setup
1. In the browser (for example, Mozilla), go to Here is an example: Executed From Server: server-10.foo.com
2. Establish a new session. On a different machine or in a browser (for example, Firefox), go to
If the response cites another Application Server instance (in the example in Step 1, the other instance might be Testing the Load Balancer Algorithm The plan is to use the sticky-round-robin algorithm. To verify that this algorithm is functioning properly on both browser windows, enter values in the two text fields for Name and Value of Attributes and click the Add Session Data button. The second request in each session must land in the same Application Server instance that processed the first request. If the Application Server instance name in the response for the second request is the same as that for the first response, the sticky algorithm is in working order. Verification of Failover To verify that the failover capability is functioning properly, do the following:
1. In a new browser window, go to
2. Enter values in the two text fields for Name and Value of Attributes and click the Add Session Data button. The browser prints the session data in a response. Note the Application Server instance name cited in the response beginning 3. Stop that Application Server instance. Type the following: Application_Server_install_dir/bin/asadmin stop-instance --host DAS_hostname--port DAS_port_number instance_name In the preceding, DAS_hostname and DAS_port_number are the host name and port number, respectively, for the Application Server's Administration Server. instance_name is the name of the instance in the Application Server cluster to be stopped. Repeat Step 2. This scenario would indicate a smooth go. The BIG-IP system assigns this request to an instance that is running, which then checks if the ID of the requested session is valid. If so, the instance acquires the ID from the high availability database (HADB). Finally, the response posts the data for both the current and the pre-failover sessions. Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License. |
 |
 | |
