Radware Link Loadbalancer MIGRATION PLAN V1 1 PDF

MIGRATION PLAN DOCUMENT
OF
RADWARE Link Proof Link Load Balancer &
Internet WAN Switch
MCA- DC
INFOSYS
Version1.1
IBM MCA- DATA CENTER INFOSYS

1
ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS

MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED
WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
INTELLECTUAL PROPERTY RIGHTS:
THIS DOCUMENT CONTAINS VALUABLE AND CONFIDENTIAL

INFORMATION ON MIGRATION OF DMZ SWITCHES IN THE DATA
CENTER OF MINISTRY OF CORPORATE AFFAIRS, (MCA) DELHI. AND
SHALL NOT BE DISCLOSED TO ANY PERSON, ORGANIZATION, OR
ENTITY UNLESS SUCH DISCLOSURE IS SUBJECT TO THE PROVISIONS
OF A NONDISCLOSURE AND PROPRIETARY RIGHTS AGREEMENT
APPROVED BY MINISTRY OF CORPORATE AFFAIRS (MCA).

2
Document Information
AUTHOR : Chandra Bhanu Panigrahi

CHANGE AUTHORITY : INTEGRATED COMMUNICATION SERVICES
CHANGE FORECAST : MEDIUM
ORGANIZATION : IBM INDIA (P) LTD
Review
ORGANIZATION NAME TITLE

INFOSYS ANIL KUMAR AKELLA
INFOSYS MANOJ KUMAR YADAV
Modification History
REV. DATE ORIGINATOR STATUS COMMENT

1.0 12/07/2013 Chandra Bhanu Initial Version
1.1 17/12/2013 Chandra Bhanu Updated

3
Document Acceptance Signoff
FOR IBM INDIA (P) LTD
NAME …………………………………………………………………..
TITLE ……………………………………………………………………
COMPANY …………………………………………………………….
SIGNATURE & STAMP ………………………………………………………..
DATE ………………………………………………………………….
FOR INFOSYS
NAME …………………………………………………………………..
TITLE ……………………………………………………………………
COMPANY …………………………………………………………….
SIGNATURE & STAMP ………………………………………………………..
DATE ………………………………………………………………….
Note: Acceptance can be in the form of written / or email

4
TABLE OF CONTENTS
Chapter Description Page

Number
1.0 Radware LinkProof Migration plan 06
2.0 VLAN & IP Address details 10
3.0 Radware LB Migration diagram & 12-11
configuration Details
3.1 Radware LB Configuration Details 12
3.1.1 Radware LB Farm Details 12
3.1.2 Radware LB Router Farm Details 13
3.1.3 Host network/classes Details 13
3.1.4 DNS Host/A record Details 14
3.1.5 Flow Management Details 14
3.1.6 Policy Details 14
3.1.7 Dynamic Nat – TCIL Public IP address 14
3.1.8 Dynamic Nat– TCIL Public IP address 14
3.1.9 Dynamic Nat – Bharti Public IP address 16
3.1.10 Dynamic Nat– Bharti Public IP address 16
3.1.11 Management IP address 16
4.0 Radware Configuration snapshoot 18
5.0 Radware Configuration snapshoot 28
Traffic Flow Analysis
5.1 Traffic flow in all working conditions 28
5.2 Traffic flow when a Primary Radware Fails 29
6.0 Test Cases 30

5
1.0 Radware Link Proof migration plan for MCA DC Internet
Segment consists of following
1.1 Network Changes Required for Migrating Existing LB’s.
 Presently the subnet 10.64.21.0/24 provides connectivity between

Internet Router and LinkProof LBs.
As Secondary Internet Link will be terminated at Second Router,

Public LAN IP address provided by TCIL and Bharti will be
configured at each Internet Router’s LAN interfaces.
So the connectivity between LBs and Internet router will be

through Public IP Addresses provided by both ISPs.

6
 Presently Internet Router LAN, LBs interfaces and Checkpoint
Firewalls are all connected to DMZ switch. So two Cisco 2960-S
switches will be introduced to connect Internet Router LAN, LBs
and Checkpoint Firewall Outside Interface and Managements
interfaces of Internet segment devices except Checkpoint and
DMZ switches.
 Internet Routers, Cisco 2960-S wan switches, LinkProof’s

management interfaces will be connected at Cisco 2960-S
switches and specific LAN subnet will be routed for Management
access with 10.64.22.1 as next hop.The subnet 10.64.22.0/24 will
be used for this purpose.
 Presently Linkproof1(LP1)’s LAN interface is connected to DMZ

switch through IPS4240.This will be connected as it but the
connectivity will be moved from DMZ switch to WAN switch.
1.2 Prerequisites for Internet Link Loadbalancer(LB) Migration
 Second link details like WAN and LAN Public IP Address.

 Changes Required at Public DNS server at the time of activity.
 DNS A record entry for VPN host name.

7
1.3 Devices to be Installed/Replaced for this activity
Sl No. Location/Type Make / Model Device Type / Role Device Host Name
1 MCA DC Delhi Cisco 2960-S Switch FO Aggregation Switch 1 DELDCSWTAGRF01
2 MCA DC Delhi Cisco 2960-S Switch FO Aggregation Switch 2 DELDCSWTAGRF02
3 MCA DC Delhi Radware Link Proof 208 Internet Link Load Balancer 1 DELDCLLBACTF01
4 MCA DC Delhi Radware Link Proof 208 Internet Link Load Balancer 2 DELDCLLBSTBF02
1.4 Internet Link Loadbalancer (LB)

8
 Existing IPS connectivity will be kept till McAfee IPS is deployed
fully.
 Replacement of existing two radware LB’s with a pair of Radware

LinkProof 208 load balancer in Internet Segment.
 Existing Configuration like Dynamic and static natting of Radware

LB would be migrated to new LB’s. Radware would be deployed in
routed mode.
 Configuration of Radware LB’s would include following activities.
1. Configure networking (IP interfaces, routing).
2. Configure WAN link load balancing:
 Add a router farm.
 Add logical router servers.
 Define health checks.
 Define flows and flow policies.
3. Configure outbound NAT called Dynamic NAT in LinkProof to

define for each router (WAN link) the NAT addresses to be used
when forwarding.
4. For Configuring inbound traffic load balancing :
a. Configure Static NAT to define for each internal server

that must be available for access from the external
network the IP address that will represent it via each
router (WAN link).
b. Map the URLs for which LinkProof is authoritative

server to the internal server IP addresses.
 Physical interface of LB would be connected to Cisco 2960-S WAN

Switch.

9
 New Layer3 VLAN vlan 101 and vlan 102 would be used for
connecting Internet Router’s (Router-01 and Router-02) LAN
interface with LB outside interfaces through Cisco 2960-S WAN
Switch.
Chapter 2.0 IP Address & VLAN details
Physical Connectivity Details
WAN
WAN Switch- Switch- Connected Device
WAN Switch Interface Descriptions
01 VLAN 01 Device Interface
Interface
## Connected to Internet Router-01 LAN Internet
VLAN 101 Gi1/0/1 Interface(Gi0/0) ## Router-01 Gi0/0
VLAN 101 Gi1/0/2 ## Connected to LP-01 LAN Interface(G2) ## LP-01 G2
## Connected to LP-01 LAN Interface(G1) through
VLAN 59 Gi1/0/4 DC-IPS4240 ## LP-01 G1
VLAN 22 Gi1/0/11 Interface(Gi0/3) - Management ## Router-01 Gi0/3
VLAN 22 Gi1/0/12 ## Connected to LP-01 LAN Interface(MNG1) ## LP-01 MNG1
VLAN 22 Gi1/0/22 ## Connected to DMZ SW-01 - Port 43 ## DMZSW Gi1/0/43
Trunk (59, WAN
101, 102) Gi1/0/23 ## Connected to WAN Switch-02 - Gi1/0/23 ## Switch-02 Gi1/0/23
Trunk (59, WAN
WAN
WAN Switch- Switch- Connected Device
WAN Switch Interface Descriptions
02 VLAN 02 Device Interface
Interface
VLAN 102 Gi1/0/1 Interface(Gi0/0) ## Router-02 Gi0/0
VLAN 22 Gi1/0/11 Interface(Gi0/3) - Management ## Router-02 Gi0/3
VLAN 22 Gi1/0/12 ## Connected to LP-01 LAN Interface(MNG1) ## LP-02 MNG1
VLAN 22 Gi1/0/22 ## Connected to DMZ SW-02 - Port 43 ## DMZSW Gi2/0/43
Trunk (59, WAN
Trunk (59, WAN

10
Chart# IPADD-2.0
VLAN ID L2/L3 Radware Physical Port

101 L3 G2
102 L3 G3
59 L3 G1
22 L3 MNG1
Primary Radware LP
Radware Radware Physical IP WAN Switch 1

Physical Port Address Physical Port
G1 59.165.200.11/24 Gi1/0/4
G2 14.140.191.13/25 Gi1/0/2
G3 202.56.229.130/28 Gi1/0/3
MNG1 10.64.22.25/24 Gi1/0/12
Secondary Radware LP
Radware Radware Physical IP WAN Switch 1

Physical Port Address Physical Port
G1 59.165.200.12/24 Gi1/0/4
G2 14.140.191.14/25 Gi1/0/2
G3 202.56.229.131/28 Gi1/0/3
MNG1 10.64.22.26/24 Gi1/0/12

11
3.0 Radware Migration diagram

12
3.1 Radware LB Configuration Details
3.1.1 Farm Details
Sl. No. FARMs Dispatch Method

1 MCA-FARM1 Cyclic
2 MCA-FARM2 Cyclic
3 MCA-DEFAULT-FARM3 Cyclic
4 MCA-DEFAULT-FARM4 Cyclic
LB Load Balancing Algorithm
Dispatch method in Radware LB decides how to distribute traffic to real

servers/Internet Link. In this deployment scenario there is no use of
dispatch method as farms will forward to only one Link for outgoing or
in coming traffic in Primary / Redundant mode.
3.1.2 Router Farm Details
Sl. No. Routers Router IP Address

1 MCA-FM1-RTR-TCIL 14.140.191.1
2 MCA-FM1-RTR-BHARTI 202.56.229.129
3 MCA-FM2-RTR-TCIL 14.140.191.1
4 MCA-FM2-RTR-BHARTI 202.56.229.129
5 MCA-DEFAULT-FM3-RTR-TCIL 14.140.191.1
6 MCA-DEFAULT-FM4-RTR-BHARTI 202.56.229.129
3.1.3 Host network/classes Details
Sl.
No. Networks IP Address
1 mca.gov.in 59.165.200.120
2 mca21.gov.in 59.165.200.120
3 servicedesk.mca 59.165.200.103
4 www.mca.gov.in/XBRL 59.165.200.113
5 dcdeldns2.mca.gov.in 59.165.200.3
6 vpn.mca.gov.in 59.165.200.59

13
3.1.4 DNS Host/A record Details
Sl.
No. DNS Host IP Address
1 www.mca.gov.in 59.165.200.120
2 www.mca21.gov.in 59.165.200.120
3 servicedesk.mca.gov.in 59.165.200.103
4 www.mca.gov.in/XBRL 59.165.200.113
5 dcdeldns2.mca.gov.in 59.165.200.3
6 www.vpn.mca.gov.in 59.165.200.59
3.1.5 Flow Management Details
Sl. No. Flow Management

1 ALL-HTTP-IN
2 NON-HTTP-IN
3 ALL-OUT
3.1.6 Policy Details
Sl. No. Flow Policy

1 ALL-HTTP-IN-Policy
2 NON-HTTP-IN-Policy
3 ALL-OUT-Policy
3.1.7 Dynamic Nat for TCIL ISP Link
Dynamic NAT Table

From Local Server Dynamic NAT Redundancy
Sl No To Local Server IP Router IP
IP IP Mode
1 59.165.200.35 59.165.200.35 14.140.191.1 14.140.191.35 Regular
2 59.165.200.55 59.165.200.55 14.140.191.1 14.140.191.55 Regular
3.1.8 Static Nat for TCIL ISP Link
Static NAT Table

From Local To Local From Static
Sl No Router IP To Static NAT IP
Server IP Server IP NAT IP
1 59.165.200.3 59.165.200.3 14.140.191.1 14.140.191.3 14.140.191.3
2 59.165.200.4 59.165.200.4 14.140.191.1 14.140.191.4 14.140.191.4

14
3 59.165.200.10 59.165.200.10 14.140.191.1 14.140.191.10 14.140.191.10
4 59.165.200.15 59.165.200.15 14.140.191.1 14.140.191.15 14.140.191.15
5 59.165.200.16 59.165.200.16 14.140.191.1 14.140.191.16 14.140.191.16
6 59.165.200.21 59.165.200.21 14.140.191.1 14.140.191.21 14.140.191.21
7 59.165.200.22 59.165.200.22 14.140.191.1 14.140.191.22 14.140.191.22
8 59.165.200.23 59.165.200.23 14.140.191.1 14.140.191.23 14.140.191.23
9 59.165.200.24 59.165.200.24 14.140.191.1 14.140.191.24 14.140.191.24
10 59.165.200.25 59.165.200.25 14.140.191.1 14.140.191.25 14.140.191.25
11 59.165.200.26 59.165.200.26 14.140.191.1 14.140.191.26 14.140.191.26
12 59.165.200.27 59.165.200.27 14.140.191.1 14.140.191.27 14.140.191.27
13 59.165.200.28 59.165.200.28 14.140.191.1 14.140.191.28 14.140.191.28
14 59.165.200.29 59.165.200.29 14.140.191.1 14.140.191.29 14.140.191.29
15 59.165.200.32 59.165.200.32 14.140.191.1 14.140.191.32 14.140.191.32
16 59.165.200.33 59.165.200.33 14.140.191.1 14.140.191.33 14.140.191.33
17 59.165.200.34 59.165.200.34 14.140.191.1 14.140.191.34 14.140.191.34
18 59.165.200.37 59.165.200.37 14.140.191.1 14.140.191.37 14.140.191.37
19 59.165.200.38 59.165.200.38 14.140.191.1 14.140.191.38 14.140.191.38
20 59.165.200.39 59.165.200.39 14.140.191.1 14.140.191.39 14.140.191.39
21 59.165.200.40 59.165.200.40 14.140.191.1 14.140.191.40 14.140.191.40
22 59.165.200.42 59.165.200.42 14.140.191.1 14.140.191.42 14.140.191.42
23 59.165.200.43 59.165.200.43 14.140.191.1 14.140.191.43 14.140.191.43
24 59.165.200.57 59.165.200.57 14.140.191.1 14.140.191.57 14.140.191.57
25 59.165.200.90 59.165.200.90 14.140.191.1 14.140.191.90 14.140.191.90
26 59.165.200.103 59.165.200.103 14.140.191.1 14.140.191.103 14.140.191.103
27 59.165.200.105 59.165.200.105 14.140.191.1 14.140.191.105 14.140.191.105
28 59.165.200.106 59.165.200.106 14.140.191.1 14.140.191.106 14.140.191.106
29 59.165.200.107 59.165.200.107 14.140.191.1 14.140.191.107 14.140.191.107
30 59.165.200.108 59.165.200.108 14.140.191.1 14.140.191.108 14.140.191.108
31 59.165.200.109 59.165.200.109 14.140.191.1 14.140.191.109 14.140.191.109
32 59.165.200.110 59.165.200.110 14.140.191.1 14.140.191.110 14.140.191.110
33 59.165.200.111 59.165.200.111 14.140.191.1 14.140.191.111 14.140.191.111
34 59.165.200.112 59.165.200.112 14.140.191.1 14.140.191.112 14.140.191.112
35 59.165.200.113 59.165.200.113 14.140.191.1 14.140.191.113 14.140.191.113
36 59.165.200.114 59.165.200.114 14.140.191.1 14.140.191.114 14.140.191.114
37 59.165.200.115 59.165.200.115 14.140.191.1 14.140.191.115 14.140.191.115
38 59.165.200.116 59.165.200.116 14.140.191.1 14.140.191.116 14.140.191.116
39 59.165.200.117 59.165.200.117 14.140.191.1 14.140.191.117 14.140.191.117
40 59.165.200.118 59.165.200.118 14.140.191.1 14.140.191.118 14.140.191.118
41 59.165.200.120 59.165.200.120 14.140.191.1 14.140.191.120 14.140.191.120
42 59.165.200.121 59.165.200.121 14.140.191.1 14.140.191.121 14.140.191.121
43 59.165.200.122 59.165.200.122 14.140.191.1 14.140.191.122 14.140.191.122
44 59.165.200.126 59.165.200.126 14.140.191.1 14.140.191.126 14.140.191.126

15
3.1.9 Dynamic Nat for Bharti ISP Link
Dynamic NAT Table

From Local Server Dynamic NAT Redundancy
Sl No To Local Server IP Router IP
IP IP Mode
1 59.165.200.35 59.165.200.35 202.56.229.129 202.56.229.141 Regular
2 59.165.200.55 59.165.200.55 202.56.229.129 202.56.229.142 Regular
3.1.10 Static Nat for Bharti ISP Link
Static NAT Table

From Local To Local From Static
Sl No Router IP To Static NAT IP
Server IP Server IP NAT IP
1 59.165.200.3 59.165.200.3 202.56.229.129 202.56.229.140 202.56.229.140
2 59.165.200.59 59.165.200.59 202.56.229.129 202.56.229.139 202.56.229.139
3 59.165.200.103 59.165.200.103 202.56.229.129 202.56.229.138 202.56.229.138
4 59.165.200.113 59.165.200.113 202.56.229.129 202.56.229.137 202.56.229.137
5 59.165.200.120 59.165.200.120 202.56.229.129 202.56.229.136 202.56.229.136
3.1.11 Management IP address
Management IP address - Internet Leg (Checkpoint - OUTSIDE)

Sl
No Device Host Name Interface / Port Mgmt IP address
1 FO Internet Router-01 (Cisco 3945) DELDCRTRPRIF01 Gig 0/3 10.64.22.21
2 FO Internet Router-02 (Cisco 3945) DELDCRTRSECF02 Gig 0/3 10.64.22.22
3 FO Aggregation Switch-01 (Cisco 2960-S) DELDCSWTAGRF01 Gi1/0/5 10.64.22.23
4 FO Aggregation Switch-02 (Cisco 2960-S) DELDCSWTAGRF02 Gi1/0/5 10.64.22.24
5 Radware Link Proof-01 DELDCLLBACTF01 MNG1 10.64.22.25
6 Radware Link Proof-02 DELDCLLBSTBF02 MNG1 10.64.22.26
Management IP address - Internet Leg (Checkpoint - INSIDE)

Sl
No Device Host Name Interface / Port Mgmt IP address
1 DMZ Switch Gi1/0/43
10.64.22.1
2 DMZ Switch Gi2/0/43
3 CheckPoint1 - inside Mgmt-smartnet DELDCFWLPRIF01 Port-8 10.64.22.2
4 CheckPoint2 - inside Mgmt-smartnet DELDCFWLSECF02 Port-8 10.64.22.3
5 McAfee M3050-01 DELDCIPSACTBO1 Management 10.64.22.4
6 McAfee M3050-02 DELDCIPSSTBBO1 Management 10.64.22.5
7 McAfee NSM Eth0 10.64.22.10

16
Management Connectivity Diagram

17
4.0 Radware Configuration snapshoot
LoadBalance Configuration Summary
Router > IP Router > Interface Parameters > Peer Address

18
Redindancy Configuration

19
Configure NHR Tracking Table
1. Select Services > Tuning > Device.

2. In the NHR Tracking Table text box, type the limit on the number of entries in the
NHR Table. Default: 100,000.
3. Click Set.
4. Select LinkProof > Global Configuration > General.
5. Configure the following parameters: NHR Tracking Table Status & NHR Tracking
Table Aging
6. Click Set.
LinkProof > Global Configuration > General

20
Static NAT Configuration

21
Dynamic NAT Configuration
For Inbound web traffic.
Existing TCIL Internet Link will be used for inbound web traffic.
Second internet Link will be used for Inbound SSL VPN traffic.
Outgoing Internet, patch management etc will use Second Internet Link.
LinkProof > Farms > Farm Table

22
LinkProof > Servers > Logical Routers Table
Classes > Modify > Networks

23

24
LinkProof > DNS Configuration > Name to Local IP
LinkProof > Flow Management > Farms Flow Table (To Configure Flow Management)

25
LinkProof > Flow Management > Modify policies (To Configure Flow Policies)
LinkProof > Smart NAT > Static NAT Table (To Configure Static NAT)

26
DNS Changes

27
5.0: Traffic flow Through Link Loadbalancer
5.1: Traffic flow diagram in all working conditions: In all working

condition primary Radware LB will process all traffic.
Traffic flow classification in case of stable scenarios:
 In coming Traffic for MCA web application will use TCIL ISP link
only.
 In coming Traffic for SSL VPN access will use Bharti ISP link only.
 All outgoing traffic linke patchmanagement or internet
requirement for DC ,Bharti ISP link will be used as primary and
TCIL as Backup.
Note : In case of any ISP link not available , all traffic (incoming &
outgoing ) will be through other available ISP link.

28
5.2 Traffic flow when a Primary Radware LB Fails.
When Primary Radware LB fail or any one interface of primary LB

fails ,secondary Radware box becomes active

29
6.0 Test cases: Test cases are based upon the ping,
http,nslookup,telnet and trace route of Radware vip/physical ip address
and natted servers.
Table 6.1- When Both Radware LP are up and running
Test case Ping/traceroute/telnet/HTTP response
When Both 1. Nslookup the web application sites Ping Response will
Radware LB are up like www.mca.gov.in , confirm reach
and working. www.mca21.gov.in ability of Natted IP
(before migration) (14.140.191.120), address from the
servicedesk.mca.gov.in(14.140.191. internet
103)
2. Ping corresponding public ip address
static natted with with real
servers.Public ip address to ping are
to be captured.
When Both Telnet public vip ip address on port 80 Successful telnet
Radware LB are up and 53 session
and working. 14.140.191.120 –port 80 establishment will
(before migration) 14.140.191.113- port 80 confirm the
14.140.191.3 -port 53 accessibility of
application through
Radware LP.
When Both Ping both Radware physical interface ip Ping Response will
Radware LB are up address. confirm reach
and working. ability of Radware
(before migration) physical interface
and connectivity.
When Both http://www.mca.gov.in & Some Ping
Radware LB are up http://www.mca21.gov.in response and
and working. nslookup to Web
(before migration) site should have
14.140.191.120 as
ip address due to
GSLB setup. Other
ip would be of DR
Chennai ie
115.114.108.120

30
Perform all test cases in table 6.1 when primary Radware is down . No
deviation in test result is expected while accessing all application using
secondary LB
Table 6.2 - When Primary Radware Appliance is down
Test case Ping/traceroute/telnet/HTTP response
When Primary 1. Nslookup the web application sites Ping Response will
Radware LB like www.mca.gov.in , confirm reach
Appliance is down www.mca21.gov.in ability of Natted IP
Secondary (14.140.191.120), address from the
Radware LP is servicedesk.mca.gov.in(14.140.191. internet
passing traffic. 103)
(before migration) 2. Ping corresponding public ip address
static natted with with real
servers.Public ip address to ping are
to be captured.
When Primary Telnet public vip ip address on port 80 Successful telnet
Radware LB and 53 session
Appliance is down 14.140.191.120 –port 80 establishment will
Secondary 14.140.191.113- port 80 confirm the
Radware LP is 14.140.191.3 -port 53 accessibility of
passing traffic. application through
(before migration) Radware LP.
When Primary Ping both Radware physical interface ip Ping Response will
Radware LB address. confirm reach
Appliance is down ability of Radware
Secondary physical interface
Radware LP is and connectivity.
passing traffic.
(before migration)
When Primary http://www.mca.gov.in & Some Ping
Radware LB http://www.mca21.gov.in response and
Appliance is down nslookup to Web
Secondary site should have
Radware LP is 14.140.191.120 as
passing traffic. ip address due to
(before migration) GSLB setup. Other
ip would be of DR
Chennai ie
115.114.108.120

31
Post Migration – Test Cases
Table 6.1 & 6.2 test cases will be performed post migration of new
Radware devices in Internet Segment.

32

Radware Link Loadbalancer MIGRATION PLAN V1 1 PDF

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Radware Link Loadbalancer MIGRATION PLAN V1 1 PDF

Enviado por

Direitos autorais:

Formatos disponíveis

MIGRATION PLAN DOCUMENT

MIGRATION PLAN DOCUMENT

IBM MCA- DATA CENTER INFOSYS

ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS

INTELLECTUAL PROPERTY RIGHTS:

THIS DOCUMENT CONTAINS VALUABLE AND CONFIDENTIAL

IBM MCA- DATA CENTER INFOSYS

AUTHOR : Chandra Bhanu Panigrahi

ORGANIZATION NAME TITLE

REV. DATE ORIGINATOR STATUS COMMENT

IBM MCA- DATA CENTER INFOSYS

FOR IBM INDIA (P) LTD

SIGNATURE & STAMP ………………………………………………………..

SIGNATURE & STAMP ………………………………………………………..

Note: Acceptance can be in the form of written / or email

IBM MCA- DATA CENTER INFOSYS

Chapter Description Page

IBM MCA- DATA CENTER INFOSYS

1.1 Network Changes Required for Migrating Existing LB’s.

 Presently the subnet 10.64.21.0/24 provides connectivity between

As Secondary Internet Link will be terminated at Second Router,

So the connectivity between LBs and Internet router will be

IBM MCA- DATA CENTER INFOSYS

 Internet Routers, Cisco 2960-S wan switches, LinkProof’s

 Presently Linkproof1(LP1)’s LAN interface is connected to DMZ

1.2 Prerequisites for Internet Link Loadbalancer(LB) Migration

 Second link details like WAN and LAN Public IP Address.

IBM MCA- DATA CENTER INFOSYS

1.3 Devices to be Installed/Replaced for this activity

1.4 Internet Link Loadbalancer (LB)

IBM MCA- DATA CENTER INFOSYS

 Replacement of existing two radware LB’s with a pair of Radware

 Existing Configuration like Dynamic and static natting of Radware

 Configuration of Radware LB’s would include following activities.

1. Configure networking (IP interfaces, routing).

2. Configure WAN link load balancing:

 Add a router farm.

 Add logical router servers.

 Define health checks.

 Define flows and flow policies.

3. Configure outbound NAT called Dynamic NAT in LinkProof to

4. For Configuring inbound traffic load balancing :

a. Configure Static NAT to define for each internal server

b. Map the URLs for which LinkProof is authoritative

 Physical interface of LB would be connected to Cisco 2960-S WAN

IBM MCA- DATA CENTER INFOSYS

Chapter 2.0 IP Address & VLAN details

Physical Connectivity Details

IBM MCA- DATA CENTER INFOSYS

VLAN ID L2/L3 Radware Physical Port

Radware Radware Physical IP WAN Switch 1

Radware Radware Physical IP WAN Switch 1

IBM MCA- DATA CENTER INFOSYS

3.0 Radware Migration diagram

IBM MCA- DATA CENTER INFOSYS

3.1 Radware LB Configuration Details

3.1.1 Farm Details

Sl. No. FARMs Dispatch Method

LB Load Balancing Algorithm

Dispatch method in Radware LB decides how to distribute traffic to real

3.1.2 Router Farm Details

Sl. No. Routers Router IP Address

3.1.3 Host network/classes Details