1. Overview
Barracuda Load Balancer ADC is a good for any organizations looking for a high-performance with a cost-effective application delivery and security solution. With the broadest range of hardware and virtual models, the Barracuda Load Balancer ADC provides maximum flexibility for organizations looking to build highly secure and scalable application infrastructure, whether it’s deployed on-premises or in the cloud.
In this article will show you how to configure configuring Barracuda Load Balancer ADC Vx, an virtual appliance model V440, on VMware workstation.
2. Prerequisites
In this article, it is assumed that:
a. You already have VMware Workstation 11 up and running on your computer.
b. You have internet access on your computer
c. It is already configured SSL for HTTPS protocol on the both web servers. For how to configure SSL on Apache web server, please refer to this link. Installing And Configuring Apache Web Server on RHEL/CentOS 7
3. System Architecture Diagram
We will set up the Barracuda Load Balancer ADC as show in the following diagram. There two virtual appliances of Barracuda Load Balancer ADC and it be configured clustering for high availability purpose. We have separate network for management/clustering and services or VIP. Management subnet is 192.168.299.0/24 and it is also use for configuring high availability. Network 192.168.171.0/24 is for services and we will use virtual IP (VIP) within this subnet too. We have two server for test load balancing server SSH and Web services.
4. Request A Free Eval Of Barracuda Load Balancer ADC
To request a free eval of Barracua Load Balancer ADC Vx, we need to access to website of Barracuda www.barracuda.com and the go “Purchase” tap and then click on “Free Eval”. On the drop-down list “Select a Product” choose “Barracua Load Balancer ADC Vx” and on “Select Edition” choose “V440”, fill in the rest of the columns and then click “Submit Request”.
After a successful request fo a free evaluation, you should redirect for page with the license token formation page and it should look something as the following. You also get a email about this license token formation from Barracuda. This evaluation license token is last for 30 day only and it should be enough for testing purpose. Then, we we click the link to download Barracua Load Balancer ADC Vx virtual appliance, in our case now let us the link for ESX name “Esx-Vbox”.
5. Import Barracuda Load Balancer ADC OVF File Into VMware Workstation
After finish downloading, you need to extract the zip file. The downloaded Barracua Load Balancer ADC Vx virtual appliance is in OVF format, so what we need to do is just import it to VMware workstation. Start VMware workstation, choose “File” and then click on “Open…”.
Browse to the location where you had recently just downloaded Barracua Load Balancer ADC Vx to, and then click on “Import”.
6. Configure MGMT IP Addresses
We can login the the console of Barracua Load Balancer ADC Vx virtual appliance using username and password as “admin/admin” and configure its management IP.
The following is the screen short from the primary devices and IP address 192.168.226.10/24 is configured for it.
The following is the screen short from the standby devices and IP address 192.168.226.11/24 is configured for it.
7. Active The License Token
To active the license token for both Barracua Load Balancer ADC Vx virtual appliance, login the the console of Barracua Load Balancer ADC Vx virtual appliance and go to “Licensing”. Please do this on both devices Barracua Load Balancer ADC Vx virtual appliance.
Now open your favorite web browser and access to management IP address of both devices using port 8000, http://192.168.266.10:8000 and http://192.168.266.11:8000. The user account login is the same as console login “admin/admin”.
After your successful login, scroll down and at bottom of page you see the following screen. In put your information and click “Accept”
8. Configuring High Availability Clustering
Let start by configuring the a host name for each device first. On Barracuda Load Balancer ADC web interface go to “BASIC” tap and the click “IP Configuration”.
Login to the second unit of Barracuda Load Balancer ADC Vx and do the same to configure its host name.
To configure high availability clustering for Barracuda Load Balancer ADC Vx, login to web interface and go to “ADVANCED” tap and then click on “High Availability”. Under “Cluster Settings” section, select “Yes” as the option of “Enable High Availability”. Then, in the “Cluster Shared Secret” box type in any of your secret for this cluster. On “Failback Mode” select “Automatic”, select an interface for “Monitor Links” and then click “Save”.
Login to the web interface of the second unit of Barracuda Load Balancer ADC Vx, go to “ADVANCED” tap and then click on “High Availability”. Under “Cluster Settings” section, select “Yes” as the option of “Enable High Availability”. Then, in the “Cluster Shared Secret” box type in the secret key exactly the same the primary unit. On “Failback Mode” select “Automatic”, select an interface for “Monitor Links” and then click “Save”.
Now we can joint the second unit into the cluster so, it will become the standby unit. Login to the web interface of the second unit of Barracuda Load Balancer ADC Vx, go to “ADVANCED” tap and then click on “High Availability”. Under “Clustered Systems” section, enter the IP address of of the primary unit for “Peer Management IP Address” and then click “Join Cluster”.
The process of clustering may take awhile. To see the running process, click on “Task Manager” you see that the clustering process is running there.
After the clustering process is finished, under the “Clustered Systems”, you should now see both Barracuda Load Balancer ADC Vx is clustered and the device with IP 192.168.229.10 is active and the device with 192.168.229.11 is passive.
9. Configure Network Setting
We need to configure the gateway for the interface that connect the subnet with VIP network. Login to the web interface of the primary unit of Barracuda Load Balancer ADC Vx, go to “NETWORK” tap and then click on “Routers”, enter as the following, and the click “Save”
10. Configure Barracuda Load Balancer Services
A Service is a combination of a Virtual IP (VIP) address and one or more TCP/UDP ports. Traffic arriving at the designated port(s) for the specified Virtual IP address is directed to one of the Real Servers associated with that particular Service. The Barracuda Load Balancer determines which connections or requests are distributed to each Real Server based on the scheduling policy selected for the Service.
10.1 Configure Service For SSH
Login to the primary unit http://192.168.229.10:800, go to “BASIC” tap and the click “Services” and the click “Add Service”. Enter a name for this service and choose “TCP Proxy” for “Type” option, then enter the VIP and port for this service, and then click “Create”.
Then, we need to add the real server IP address for this VIP by clicking on “Add Server” bottom.
Enter name for the real server and then enter the IP address and port of the real server, and then click “Create”.
Then, let add the second server. Enter a name for the second real server and then enter the IP address and port of the second real server. For the second real server let use as a backup server by check the option “Backup Server” and then click “Create”.
Right now the VIP 192.168.171.15 is mapped to two real servers with IP addresses of 192.168.171.14 and 192.168.171.12 with port 22.
Now let test ping the VIP to make that sure that it work. First let ping to VIP from client computer and we should get a successful result as the following.
C:\Users>ping 192.168.171.15 Pinging 192.168.171.15 with 32 bytes of data: Reply from 192.168.171.15: bytes=32 time<1ms TTL=64 Reply from 192.168.171.15: bytes=32 time<1ms TTL=64 Reply from 192.168.171.15: bytes=32 time<1ms TTL=64 Reply from 192.168.171.15: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.171.15: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Then, let test telnet port 22 on the VIP and we should get a successful result as the following.
C:\Users>telnet 192.168.171.15 22 SSH-2.0-OpenSSH_6.6.1
Now let test remote SSH to the VIP. After the successful login if we check the IP address of this server it should be 192.168.171.14 is since it is the active server.
[root@vkcent-web01 ~]# ip route
default via 192.168.171.2 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
192.168.171.0/24 dev eth0 proto kernel scope link src 192.168.171.14
[root@vkcent-web01 ~]#
Now let set the active real server into maintenance mode.
Let test remote SSH to the VIP again. After the successful login if we check the IP address of this server it should be 192.168.171.14 is since the active server is set into maintenance mode.
[root@vkcent-web02 ~]# ip route
default via 192.168.171.2 dev eth0
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.10
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
192.168.171.0/24 dev eth0 proto kernel scope link src 192.168.171.12
[root@vkcent-web02 ~]#
10.2 Configure Service for Redirect From HTTP to HTTPS
Login to the primary unit http://192.168.229.10:800, go to “BASIC” tap and the click “Services” and the click “Add Service”. Enter a name for this service and choose “Instant SSL” for “Type” option, then enter the VIP and the real port for this service. In the “HTTP Redirect Port” box type in 80 to redirect from this port, port 80, to port 443 on the real servers.
Scroll always down to the “Secure Site Domain” box and type in your domain for the web service, in our case I type type int “*.techspacekh.com” , and then click “Create”.
After adding service with the VIP, then we need to add the real server IP address for this VIP by clicking on “Add Server” bottom.
Enter name for the real server and then enter the IP address and port of the real server. Under SSL section, choose “On” option for “Server Uses SSL” and then click “Create”.
Then, let add the second server. Enter a name for the second real server and then enter the IP address and port of the second real server. Under SSL section, choose “On” option for “Server Uses SSL” and then click “Create”.
Right now the VIP 192.168.171.16 is mapped to two real servers with IP addresses of 192.168.171.14 and 192.168.171.12 with port 443 with redirect option from 80. So, when user access to VIP 192.168.171.16 port 80, the it will automatically redirect to port 443. We set both servers to be active, so these server is working together at the same time to serve the the client request.
Now let test ping the VIP to make that sure that it work. First let ping to VIP from client computer and we should get a successful result as the following.
C:\Users>ping 192.168.171.16 Pinging 192.168.171.16 with 32 bytes of data: Reply from 192.168.171.16: bytes=32 time=30ms TTL=64 Reply from 192.168.171.16: bytes=32 time<1ms TTL=64 Reply from 192.168.171.16: bytes=32 time<1ms TTL=64 Reply from 192.168.171.16: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.171.16: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 30ms, Average = 7ms
Then, let test telnet port 80 and port 443 on the VIP and we should get a successful result.
C:\Users>telnet 192.168.171.16 80 C:\Users>telnet 192.168.171.16 44
Now, let test by accessing the web service from your favorite web browser by using the VIP and we should get a respond from one of our real web server. As in the following we get the respond form Web Server 01.
If we try to refresh the web page, we should get another respond from second real web server. As in the following we get the respond form Web Server 02.
11. Conclusion
That is all about configuring Barracuda Load Balancer ADC. I hope that now you can start work with it by yourself. It is really great, isn’t it? If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them. Thank you and have a great day.
