- 15 Oct 2023
- 1 Minute to read
Load Balancing CTERA Portal Servers
- Updated on 15 Oct 2023
- 1 Minute to read
General Load Balancing Best Practice
Probing to test tomcat reachability: Most load balancers have a health check/probing mechanism that checks for ports and services availability. The best scenario is to only use port tests that check if the port is available (checking ports 995 and 443). If a more accurate probing is required, use port 995 probe. With HTTPS use:
Using F5 Load Balancer
If you are not using F5 software for load balancing, the basic principles outlined here can still be applied.
The following describes setting up load balancing based on F5 software. If your version of the F5 software is different to the version described below, contact CTERA support for help with your configuration.
Using F5 load balancing to perform SSL offloading requires the following configuration:
- Create an F5 iRule to add Secure and HttpOnly flags to the JSESSIONID cookie.
- Create an F5 iRule to add HSTS flags.
- Disable old insecure encryption algorithms like RC4.
- If F5 is configured to use TLS 1.0, you must change it.
The following best practices are recommended by CTERA:
Configure the tcp TCP protocol profile.
- If Idle Timeout is configured, make sure the value is at least 5 minutes, 300 seconds, as CTERA handles its own TCP sessions with keep alives.
- If Keep Alive Interval is configured, make sure the value is greater than the value specified for Send CTTP keepalive messages every in the virtual portal settings. Send CTTP keepalive messages every prevents proxy or load balancer servers from preemptively terminating connection between a CTERA Agent and the CTERA Portal. CTERA recommends setting Send CTTP keepalive messages every less than half the value specified for Keep Alive Interval.
- If Zero window Timeout is configured, make sure it is as high as possible. For example, 30000.
The following shows recommended F5 settings for the tcp TCP protocol profile.
Configure the source_addr Persistence profile.
The following shows recommended F5 settings for source_addr Persistence profile.
After setting the profiles, set up the load balancing for the CTERA virtual servers.