This section describes how you can use the ilbadm command to create, delete, and list the load-balancing rules.
ILB algorithms control traffic distribution and provide various characteristics for load distribution and server selection.
ILB provides the following algorithms for the two modes of operation:
Round-robin – In a round-robin algorithm, the load balancer assigns the requests to a server group on a rotating basis. After a server is assigned a request, the server is moved to the end of the list.
src-IP hash – In the source IP hash method, the load balancer selects a server based on the hash value of the source IP address of the incoming request.
src-IP, port hash – In the source IP, port hash method, the load balancer selects a server based on the hash value of the source IP address and the source port of the incoming request.
src-IP, VIP hash – In the source IP, VIP hash method, the load balancer selects a server based on the hash value of the source IP address and the destination IP address of the incoming request.
In ILB, a virtual service is represented by a load-balancing rule and is defined by the following parameters:
Virtual IP address
Transport protocol: TCP or UDP
Port number (or a port range)
Load-balancing algorithm
Load-balancing mode (DSR, full-NAT, or half-NAT)
Server group consisting of a set of back-end servers
Optional server health checks that can be executed for each server in the server group
Optional port to use for health checks
Rule name to represent a virtual service
Before you can create a rule, you must do the following:
Create a server group that includes the appropriate back-end servers. For information, see Defining Server Groups and Back-End Servers in ILB.
Create a health check to associate the server health check with the rule. For information, see Creating a Health Check.
Identify the VIP, port, and optional protocol that are to be associated with the rule.
Identify the operation you want to use (DSR, half-NAT, or full-NAT).
Identify the load-balancing algorithm to be used. For more information, see ILB Algorithms.
You create an ILB rule by using the ilbadm create-rule command. For more information about using the ilbadm create-rule command, see the ilbadm (1M) man page.
The syntax is as follows:
# ilbadm create-rule -e -i vip=IPaddr,port=port,protocol=protocol \ -m lbalg=lb-algorithm,type=topology-type,proxy-src=IPaddr1-IPaddr2,\ pmask=value -h hc-name=hc1-o servergroup=sg rule1
This example creates a health check called hc1 and a server group called sg1. The server group consists of two servers, each with a range of ports. The last command creates and enables a rule called rule1 and associates the rule to the server group and the health check. This rule implements the full-NAT mode of operation. Note that the creation of the server group and health check must precede the creation of the rule.
# ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,\ hc-count=3,hc-interval=10 hc1 # ilbadm create-servergroup -s server=192.168.0.10:6000-6009,192.168.0.11:7000-7009 sg1 # ilbadm create-rule -e -p -i vip=10.0.0.10,port=5000-5009,\ protocol=tcp -m lbalg=rr,type=NAT,proxy-src=192.168.0.101-192.168.0.104,pmask=24 \ -h hc-name=hc1 -o servergroup=sg1 rule1
When you create persistent mapping, subsequent requests for connections, packets, or both, to a virtual service with a matching source IP address of the client are forwarded to the same back-end server. The prefix length in Classless Inter-Domain Routing (CIDR) notation is a value between 0-32 for IPv4 and 0-128 for IPv6.
When creating a half-NAT or a full-NAT rule, specify the value for the connection-drain timeout. The default value of conn-drain timeout is 0, which means that connection draining keeps waiting until a connection is gracefully shut down.
To list the configuration details of a rule, issue the following command. If no rule name is specified, information is provided for all rules.
# ilbadm show-rule RULENAME STATUS LBALG TYPE PROTOCOL VIP PORT rule-http E hash-ip-port NAT TCP 10.0.0.1 80 rule-dns D hash-ip NAT UDP 10.0.0.1 53 rule-abc D roundrobin NAT TCP 2001:db8::1 1024 rule-xyz E ip-vip NAT TCP 2001:db8::1 2048-2050
You use the ilbadm delete-rule command to delete a rule. Add the -a option to delete all rules. The following example deletes the rule called rule1.
# ilbadm delete-rule rule1