To Configure User Data Load Balancer 2

• This procedure assumes that you have already installed a load balancer.

• The load balancer hardware and software used in the lab facility for this deployment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information.

• Contact your network administrator to obtain an available virtual IP address for the load balancer you want to configure.

• Know the IP address of the load balancer hardware, the URL for the load balancer login page, and a username and password for logging in to the load balancer application.

• Get the IP addresses for Directory Server 1 and Directory Server 2 by running the following command on each host machine:

  # ifconfig -a

1. Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.

2. Log in using the following information:

   User name:

   username

   Password:

   password

3. Click Configure your BIG-IP (R) using the Configuration Utility.

4. Create a Pool.

   A pool contains all the backend server instances.

   1. In the left pane, click Pools.

   2. On the Pools tab, click Add.

   3. In the Add Pool dialog, provide the following information:

      Pool Name

      DirectoryServer-UserData-Pool

      Load Balancing Method

      Round Robin

      Resources

      Add the IP address and port number of both Directory Server hosts: DirectoryServer-1:1489 and DirectoryServer-2:1489.

   4. Click Done.

5. Add a Virtual Server.

   This step defines instances of the load balancer.

   ---

   Tip –

   If you encounter JavaScript^TM errors or otherwise cannot proceed to create a virtual server, try using Internet Explorer.

   ---

   1. In the left frame, click Virtual Servers.

   2. On the Virtual Servers tab, click Add.

   3. In the Add a Virtual Server dialog box, provide the following information:

      Address

      Enter the IP address for LoadBalancer-2.example.com

      Service

      489

      Pool

      DirectoryServer-UserData-Pool

   4. Continue to click Next until you reach the Pool Selection dialog box.

   5. In the Pool Selection dialog box, assign DirectoryServer-UserData-Pool to the virtual server.

   6. Click Done.

6. Add Monitors

   Monitors are required for the load balancer to detect the backend server failures.

   1. In the left frame, click Monitors.

   2. Click the Basic Associations tab.

   3. Add an LDAP monitor for the Directory Server 1 node.

      In the Node column, locate the IP address and port number, DirectoryServer-1:1489, and select the Add checkbox.

   4. Add an LDAP monitor for the Directory Server 2 node.

      In the Node column, locate the IP address and port number, DirectoryServer–2:1489, and select the Add checkbox.

   5. At the top of the Node column, in the drop-down list, choose ldap-tcp.

   6. Click Apply.

7. Configure the load balancer for persistence.

   The user data load balancer is configured for simple persistence. With simple persistence, all requests sent within a specified interval are processed by the same Directory Server instance, ensuring complete replication of entries. For example, when a request requires information to be written to Directory Server 1, that information must also be replicated to Directory Server 2. As the replication takes time to complete, if a related request is directed by the load balancer to Directory Server 2 during the replication process itself, the request may fail as the entry might only be partially created. When properly configured, simple persistence ensures that both requests are routed to Directory Server 1 and processed in consecutive order; the first request is finished before the second request begins processing. Simple persistence ensures that within the specified interval, no errors or delays occur due to replication time or redirects when retrieving data. Simple persistence tracks connections based only on the client IP address.

   1. In the left frame, click Pools.

   2. Click the name of the pool you want to configure.

      In this example, DirectoryServer-UserData-Pool.

   3. Click the Persistence tab.

   4. Under Persistence Type, select Simple.

   5. Enter 300 seconds for the Timeout interval.

   6. Click Apply.

8. Verify the Directory Server load balancer configuration.

   1. Log in as a root user to the host machine of each Directory Server instance.

   2. On each Directory Server host machine, use the tail command to monitor the Directory Server access log.

      # cd /var/opt/mps/am-users/logs # tail -f access

      You should see connections to the load balancer IP address opening and closing. For example:

      [12/Oct/2006:13:10:20-0700] conn=54 op=-1 msgId=-1 — 
      fd=22 slot=22 LDAP connection from IP_address to IP_address
      [12/Oct/2006:13:10:20-0700] conn=54 op=-1 msgId=-1 — closing — B1
      [12/Oct/2006:13:10:20-0700] conn=54 op=-1 msgId=-1 — closed.

   3. Execute the following LDAP search against the Directory Server load balancer.

      # ldapsearch -h LoadBalancer-2.example.com -p 489 -b "dc=company,dc=com" -D "cn=directory manager" -w d1rm4n4ger "(objectclass=*)"

      The ldapsearch operation should return entries. Make sure they display in the access log on only one Directory Server.

   4. Run dsadm stop to stop Directory Server 1.

      # cd /var/opt/mps/serverroot/ds6/bin # ./dsadm stop /var/opt/mps/am-users

   5. Again perform the following LDAP search against the Directory Server load balancer.

      # ldapsearch -h LoadBalancer-2.example.com -p 489 -b "dc=company,dc=com" -D "cn=directory manager" -w d1rm4n4ger "(objectclass=*)"

      The ldapsearch operation should return entries. Verify that the entries display in the access log on only Directory Server 2.

      ---

      Note –

      You may encounter the following error message:

      ldap_simple_bind: Cant' connect to the LDAP 
      server — Connection refused

      This means that the load balancer may not fully detect that Directory Server 1 is stopped. In this case, you may have started the search too soon based on the polling interval setting. For example, if the polling interval is set to 10 seconds, you should wait ten seconds to start the search. You can reset the timeout properties to a lower value using the following procedure.

      1. Click the Monitors tab.

      2. Click the ldap-tcp monitor name.

      3. In the Interval field, set the value to 5.

         This tells the load balancer to poll the server every 5 seconds.

      4. In the Timeout field, set the value to 16.

      5. Click Apply and repeat the LDAP search.

      See your load balancer documentation for more information on the timeout property.

      ---

   6. Start Directory Server 1.

      # ./dsadm start /var/opt/mps/am-users

   7. Stop Directory Server 2.

      # cd /var/opt/mps/serverroot/ds6/bin # ./dsadm stop /var/opt/mps/am-users

   8. Perform the following LDAP search against the Directory Server load balancer to confirm that the request is forwarded to the running Directory Server 1.

      # ldapsearch -h LoadBalancer-2.example.com -p 489 -b "dc=company,dc=com" -D "cn=Directory Manager" - w d1rm4n4ger "(objectclass=*)"

      The ldapsearch operation should return entries. Make sure the entries display in the access log on only Directory Server 1.

   9. Start Directory Server 2.

      # ./dsadm start /var/opt/mps/am-users

   10. Log out of both Directory Server host machines and the load balancer console.