ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere DataPower » Datapower XI52 - Application Optimization (AO) Network

Post new topic  Reply to topic
 Datapower XI52 - Application Optimization (AO) Network « View previous topic :: View next topic » 
Author Message
uditara
PostPosted: Fri Jun 13, 2014 5:47 am    Post subject: Datapower XI52 - Application Optimization (AO) Network Reply with quote

Apprentice

Joined: 18 Nov 2013
Posts: 36

Hi All,

This is the POC task related to setup Application Optimization (AO) in WebSphere Datapower XI52 - SOA Appliance.

We have two WebSphere Datapower XI52 Appliances in production environment with the Application Optimization feature in place for the services load balancing between two datapower boxes.
At present, multiple services are already running in production using Application Optimization (AO) - all services are equally distributed between two XI52 appliances.

Present IP Scenarios (All three IP's are in the same network subnet):-
DP1 Box - Eth10 Interface - 10.19.0.15
DP2 Box - Eth10 Interface - 10.19.0.5
AO VIP - 10.19.0.1 (participating in the self load balancing feature)
DP Application Domain Name - WSMCSIVAPP

Now there is new requirement to host new web service application in new application domain and publish over the internet using DMZ to access from outside (public internet).......
The DP physical ethernet interface and AO VIP will be different for this requirement. (We are not going to touch the existing interfaces and AO VIP - as mentioned above)

This new web service will be also load balance between two datapower appliances using Application Optimization feature....

Below is the IP Address plan is for new web service and AO configuration (Eth12 Interfaces IP's and AO VIP from different network subnet) :-
DP1 Box - Eth12 Interface - 10.19.0.11
DP2 Box - Eth12 Interface - 10.19.0.12
AO VIP - 10.87.2XX.XX (This AO VIP will be participate in the self load balancing feature for new web service)
DP Application Domain Name - WSMCSIBSAPP

Note - ETH12 Physical Interfaces IP's and AO VIP are NOT in the same network subnet.

I have read in multiple datapower forum and as per the Datapower AO pre-requisites :-
The two appliances participating in the AO will need to each have an interface that is on the same subnet. So, if you have Eth12 configured on each appliance to receive traffic, then those interfaces IP's and AO VIP need to be on the same subnet.

Since this new services will be publish over the internet using DMZ IP to access from public internet.
Network team has provided DMZ IP - 10.87.2XX.XX. We do not have 10.19 series IP in the DMZ zone.
Datapower ETH12 interfaces - Standby Control Option - Virtual IP Address will be the DMZ IP - 10.87.2XX.XX.
This DMZ IP will be act as AO VIP and distribute the service request to ETH12 interface on both the boxes.
External public user will hit DMZ IP to access web service and same traffic will be redirect to ETH12 interface on both the boxes.

The overall flow like it is -
Internet -----> Firewall---> 10.87.2XX.XX (port 9443) ------> Datapower ETH12 interface IP on both boxes.....


My Question is :-
In Datapower AO - Why ETH interfaces IP's and AO Vitual IP need to be same subnet? Any specific reason?
How the load balance will be work if the AO VIP and ETH12 interfaces ip's are in different network subnet.
How AO (Application Optimization) will be work if IP's are in different subnet.
The plan is to have 3 new IP's from DMZ zone (10.87.2XX.XX series) and allocate two ip's for ETH12 interfaces on both boxes and one ip will be configure as AO VIP.

Kindly suggest the way forward....
UdiTara
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Jun 13, 2014 8:05 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

I think you may be mixing up front end load balancing / failover with backend load balancing.

Your Web service is obviously to be considered as back end from a DP perspective, whereas the Internet would be considered front end...

That should clear up your subnet / ip dilemma
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
uditara
PostPosted: Mon Jun 16, 2014 12:25 am    Post subject: Reply with quote

Apprentice

Joined: 18 Nov 2013
Posts: 36

Hi,

fjb_saper,

Thanks for the response.

As per datapower AO network configuration pre-requisities :-
Datapower Ethernet Interface and AO Virtual IP (Standby Control VIP for both ETH12 Interfaces) should be in the same network subnet.

In our case :-
Datapower ETH12 interfaces IP's belong to 10.19.0.11(DP1 box) and 10.19.0.11 (DP2)
AO VIP (Standby Control VIP for both ETH12 Interfaces) belong to 10.87.2XX.XX

DP Ethernet Interface and AO VIP are not in the same network subnet / same VLAN.

Why we keep AO Vitual IP in the different network subnet than local DP ethernet12 interfaces :-
The AO VIP 10.87.2XX.XX is the DMZ Mode IP (Provided by network team)
The plan is to expose a web service over the internet using DMZ IP
This DMZ IP will be use as Datapower AO Vitual IP
The internet public user can access web service using DMZ IP and it will load balance between two datapower boxes (eth12 interfaces)...

As I mentioned in my original post, we have already similar kind of setup and it is running fine..The only difference is in our existing setup all three IP's belongs to same subnet (AO VIP and eth10 interface belongs to 10.19.0.x sunbet.)

My only worries is that how DP Application Optimization or Load Balancer will be work your DP loal ETH12 interfaces and AO VIP are in different subnet...
As I mentioned, In multiple forum and articles it has mentioned that AO VIP and DP ethnernet interfaces IP's belong to same subnet or same VAN...

Thanks in Advance.
BR
Uditara
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jun 16, 2014 4:33 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Again, you are mixing front end and back end IPs.

Anything visible from the internet is front end IP. Anything visible from the application is back-end IP.

So you're telling me that your DPs have a virtual IP that communicates with the back end but have no individual IP on the back-end network?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
uditara
PostPosted: Mon Jun 16, 2014 6:47 am    Post subject: Reply with quote

Apprentice

Joined: 18 Nov 2013
Posts: 36

In my case :-

Front end IP - 10.87.241.XX (DMZ IP)
Back-end IP - 10.19.0.11(DP1 ETH12 Interface) and 10.19.0.11 (DP2 ETH12 Interface).

A new webservice will be publish over the internet using "www.maha.com" registered with Front end IP - 10.87.241.XX (DMZ IP).

This DMZ IP will be act as datapower load balancer IP (AO VIP) for back-end interfaces for both the datapower boxes.

The internet web service request traffic receives on DMZ IP and same traffic will be equally distributed to datapower back-end interface (ETH12) on both the boxes...

My Question :-
Front end IP -and Back end IP's are not in the same network subnet.
How datapower load balancing (AO feature) will work if Front end (AO VIP) and back end interfaces ip's are in different network segment.

I hope this clarification will understand my conern.

Thanks,
BR
UdiTara
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Mon Jun 16, 2014 7:18 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Specially in the DMZ, front end and back end IP's are not supposed to be part of the same network / subnet.
That's why you have multiple network cards on the appliance.

I believe it would benefit you to go and see your local friendly network engineer and ask about some help....

have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere DataPower » Datapower XI52 - Application Optimization (AO) Network
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.