Perform ICMP ping.

To perform ICMP ping on a Loadmaster a ping can be used to confirm connectivity to a real server or loadmaster default gateway or real server.

  1. Go to System Configuration.
  2. Logging Options –> Log Files -> Debug Options.
  3. Under Ping Host input the IP address you wish to ping and select ping.

Templates for the LoadMaster

Templates are available to add services to the Loadmaster for example services like MAPI, SMTP, and HTTP/HTTPS. To add templates first go to the Kemp documentation site at the following link https://www.kemptechnologies.com/documentation under templates download the templates that you require. The templates will have a .tmpl extension when downloaded.

To add the templates to the Loadmaster.

  1. Go to Virtual Services – Manage Templates.
  2. To import the templates go to Choose File. This open link to your local machine.
  3. Next select the location where you downloaded the .tmpl files.
  4. Next select Add New Template
  5. A popup will appear and show new templates have been installed.

Next select Add New under Virtual Services and select Use Template to select the templates you require.

Add Radius server to the Load Master

Load master supports Radius (Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management of network devices). To add radius server to the load master.

  1. Go to System Configuration – Miscellaneous Options.
  2. Next go to Remote Access.
  3. Under Radius Server add the following features.
  4. The address of the RADIUS Server that is to be used to validate User access to the Loadmaster and click Radius Server.
  5. After you set the radius server IP address input the shared secret
  6. The shared secret specifies the shared secret used to access the radius server.
  7. Next set the revalidation interval the standard is 60 seconds. This sets how often the user credentials will be revalidated with the radius server.

SSH access

To control remote access to the load master using the SSH protocol. SSH or Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers

  1. Go to System Configuration – Miscellaneous Options.
  2. Under allow remote ssh access, the default setting is “All Networks”. This can be change to specify a particular interface e.g. eth0 or eth1
  3. Under port the default is 22 this can also be changed.
  4. Also you can disable SSH V1 prot which is an older and insecure version of ssh.

Rollback to previous version of the firmware on the load master

Sometimes it may be necessary to roll back to a previous version of firmware.

To rollback to previous version of firmware

  1. Go to System Configuration – System Administration – Update Software.
  2. To restore to the previous firmware select restore software. This will roll back to the previous version e.g. Current 6.0-34. to Restore previous version: 6.0-28.

Disable Real Server

To disable a real server perform the following.

1. Go to real Servers.

  1. Under real server select the real server you wish to disable and select disable.
  2. When you select disable the real server will disabled. This means that existing connections will still be on the server but no new connections will go to the real server, persistence records associated with the server will be removed when the L7 Drain Time (Under System Configuration -> Miscellaneous Options -> L7 Configuration) is reached, active connections will remain after the drain time.
  3. To confirm the server is disabled go to View/ Modify Services and the real server status shows disabled and the real server IP will show orange to confirm it is disabled.
  4. To re-enable this real server select enable and the real server will go to green and display enabled.

Provide Log Files to support

To download log files to the load master and view the files on the load master.

  1. Go to System Configuration - Logging Options - Log Files
  2. Next go to downloads log files which provide a full copy of all log files.
  3. Under this you can view the boot, warning and system message by clicking on the individual buttons.

Issue with Outlook timeouts using MAPI

Outlooks clients are timing out when connecting to their exchange 2010 servers via the Loadmaster, or Outlook Clients are not responding when a CAS server fails. To correct this problem please perform the following.

  1. Enable drop connection on RS failure (Real Server Failure). This feature can be found under System Configuration – Miscellaneous Options – L7 Configuration. Click enable. This feature will cause all connections between the client and Loadmaster to be immediately dropped on Real Server failure.
  2. Under Network Options increase the Connection timeout value to 86400. This will increase the idle connection timeout to 1 day.

How does drain time connections work?

L7 Connection Drain Time impacts only new connections. Existing connections will continue relaying application data to a disabled server until that connection is terminated, unless the Drop at Drain Time End checkbox is selected.
Setting the L7 Connection Drain Time (secs) to ‘0’ will force all the connections to be dropped immediately when a Real Server is disabled. When a new connection is received, the first thing that is checked is whether persistence is enabled. If it is not, the connection is scheduled to a server which is enabled and healthy. If it is, the connection is checked to see if it matches an existing persistence record. If it does not, the connection is scheduled to a server which is enabled and healthy and a new persistence record is created. If the persistence record exists, the persistent server state is checked.

If the server is down, the persistence record is discarded, the connection is scheduled to an enabled and healthy server and a new persistence record is created. If the server is up, the connection is sent to the specified server and the persistence record is refreshed. If the server is disabled, we then check the service type.

If the service is operating at Layer 4, drain stop does not apply. In this case, the persistence record is discarded, the connection is scheduled to an enabled and healthy server and a new persistence record is created. If the service is operating at Layer 7, we then check the Drain Stop timer. If the timer is not expired, the connection is sent to the specified server and the persistence record is refreshed. If the Drain Stop timer has expired, the persistence record is discarded, the connection is scheduled to an enabled and healthy server and a new persistence record is created.

In short, new TCP connections will be sent to disabled servers if:

  • Persistence is on
  • A persistence record exists and is not expired
  • The persistence record specifies a server which is disabled
  • The service is operating at Layer 7
  • The Drain Stop timer has not expired

The Drain Stop timer (currently) does not impact existing connections.

What is a Reverse Proxy?

A reverse proxy is a network service that is designed to receive and handle access requests to backend application and web servers. These requests are predominantly from client devices, but can also be from other servers and services on the network. Applications and web services hosted on the backend servers are published and advertised with the reverse proxy server address as the host protecting them and allowing the proxy to server as a go-between layer.

  • Kemp LoadMaster application load balancers also serve as fully functional reverse proxy servers. Additionally, LoadMaster also delivers several other functions as discussed below.

What firmware do I need to license a new subscription record?

Users can only license a new subscription record if firmware version is 7.2.38 or above. Once licensed, user can easily upgrade or downgrade the firmware.