Overview

Let us scale multi-dimensional enterprise-grade systems while maintaining high availability with SKUDONET ADC. This means no benchmark limitations on memory, CPU cores, or throughput.

You might have noticed these limitations hindering your network from scaling if you are considering other alternatives besides Kemp. SKUDONET Community and Enterprise editions are designed to scale regardless of the deployment platform, whether hardware, Virtual environments, cloud infrastructure, or bare metal.

This article will discuss setting up an instance of SKUDONET’s load balancer based on Kemp LoadMaster configurations.

Prerequisites

To follow this guide, you must:

1. Have an active instance of SKUDONET ADC on your workstation or a cloud platform. If an instance is not installed, request an evaluation.
2. Be familiar with KEMP Loadmaster concepts.
3. Have access to the SKUDONET web panel. If you don’t, follow this quick installation guide.
4. Have knowledge about creating a Virtual server in SKUDONET ADC. Follow this guide: Layer 4 and layer 7 virtual server configuration.

Basic concepts

Virtual service: A virtual service in Kemp’s load balancer is a point of contact from external networks. This interface has a virtual IP and port through which all traffic from the web flows. A virtual service in Kemp’s LoadMaster is the same as a Farm when using SKUDONET’s load balancer.

subVS: Use a subVS when segmenting traffic from the WEB and sending it to various requested resources. These resources could be HTML files or download files from FTP servers. A subVS is where you create a pool of backend servers and assign them a role. A subVS is the same as a Service in SKUDONET ADC.

Scheduling method: These are methods used when deciding how often clients should access resources from the backend servers. A scheduling method is the same as a Load balancing scheduler in SKUDONET ADC.

Real server check methods: Load balancers must monitor the health of nodes serving an application by sending probe signals. These signals check whether a node and its service are healthy. SKUDONET ADC uses a set of inbuilt plugins called Farmguardian for health monitoring.

Interfaces: Interfaces are necessary when dividing a local network into various network segments. Network segmentation calls for VLANs. SKUDONET load balancer comes with a Network section that allows you to manage different VLANs and assign them IPs through virtual interfaces.

Global balancing: This module provides DNS-level load-balancing schemes. Used when distributing traffic between data centers. The GSLB module does a similar thing in SKUDONET ADC, but with more advanced security measures besides enforcing WAF rules.

Real Servers: Real servers are the hosts within a local network. These hosts process all requests from the web and send back a response through a reverse proxy. A real server is the same as a Backend in the SKUDONET load balancer.

IPS/IDS: This module provides layer 7 protection when using the Kemp load balancer. It includes a set of WAF rules that protect against any of the top 10 OWASP security attacks. SKUDONET uses the IPDS module that provides network security at layers 3, 4, to 7.

Operation: These are commands you give a load balancer to do tasks like creating, editing, deleting, or restarting services. Operations are the same as Actions in the SKUDONET load balancer.

Service Type / subVS Type: These options determine whether a service is HTTP or HTTPS. On an HTTP profile in SKUDONET ADC, the listener has the protocols, HTTP and HTTPS. The options Service Type and subVS Type are the same as Listeners when using SKUDONET ADC.

Pro/protocol: These determine whether a network should transmit UDP or TCP packets. SKUDONET ADC has more protocols that cater to layers 4 and 7.

ACME certificates: This protocol automates the interactions between CAs when you need an SSL certificate signed. SKUDONET’s load balancer comes with an inbuilt OpenSSL generator with the Let’s Encrypt program.

Example configurations: Content switching

Websites serve two types of content, dynamic and static. Static content like images, audio, gifs, etc can be accessed directly from databases while dynamic content usually requires more server resources to process based on a user’s behavior. Therefore, we must access these resources differently to maintain high-speed delivery.

Two service groups must be created on a virtual server. In these example configurations, we shall create the service groups serviceDynamic and serviceStatic to demonstrate content switching with Kemp and how you can achieve that with SKUDONET ADC.

Kemp configurations

1. 1. To do content switching, you will need at least two active subVS within a Virtual service.

1. 1. One must define Content Rules.

1. 1. After creating content rules, enable that rule on a subVS that you want to match. Click the Modify button on a Virtual Service. Scroll till you reach the Advanced properties setting and click the Enable button aside from content switching.
   2. Scroll to the table at the bottom. Within the column with the heading Rules, click the one with None to add a rule.

1. After adding a rule, the status will change from None to 1. For this example, all the traffic that matches this rule will be forwarded to a subVS with static content. All traffic that does match this condition will be forwarded to the subVS with dynamic content.

SKUDONET configurations

1. 1. To enable content switching, you will need at least two services on an HTTP Farm.

1. 1. For this example, we will click and edit the serviceStatic service.
   2. To load balance on static content, one must use a URL Pattern to match the static files. In this example, we will use the same pattern as with KEMP.

      .(jpg|jpeg|png|gif|ico|css|js|html|htm|avi|mov|mp3|svg)$

1. Session persistence is optional. You might leave the field unchanged. However, you must enable health checks. Within Farmguardian, enable http health checks with the flag check_http.
2. Save the configurations by clicking the Apply button.
3. Create Backends to distribute static resources.

All the traffic from the web that matches the conditional within the URL pattern parameter will get distributed among the listed Backends. Those that do not match will be forwarded to the service serviceDynamic. Make sure to enable session persistence.

Example configurations: SSL Offloading

SSL offloading can be used to improve the performance of a website by relieving the origin server of the processing burden of encrypting and decrypting traffic. It can also be used to centralize SSL/TLS management and to enable features such as content filtering. When implementing SSL offloading, it is important to ensure that the decrypted traffic is not visible to unauthorized parties and that the traffic is properly encrypted when it leaves the offload device.

In this section, we will show the configurations for setting up SSL offloading on Kemp’s load balancer and how you can achieve the same with SKUDONET.

Kemp configurations

To enable SSL offloading, you must have an ssl cert loaded on the load balancer. This could be one issued by a Certificate Authority or a self-signed certificate.

These are the configurations to enable ssl offloading with the Kemp load balancer.

1. 1. Click virtual services on the menu.
   2. Click view/modify services.
   3. Click the Modify button under the operations of the selected service.
   4. Scroll till you reach the SSL properties.
   5. Enable SSL acceleration.

1. Assign the Available certificate in use by shifting it from the Available certificates box to the Assigned Certificates box and click the Set certificates button.

The Kemp load balancer should be able to handle SSL Offloading with this configuration.

SKUDONET configurations

1. 1. To enable SSL offloading, go to LSLB
   2. Click the Farms button.
   3. Click the Edit button on an HTTP or HTTPS Farm.
   4. Change the listener from HTTP to HTTPS.
   5. Change the virtual port to 443.

1. 1. Under Ciphers, change the option from All to SSL Offloading.
   2. Click on the Available certificate you want to use.
   3. Click the greater than Arrow (>) to shift the certificate from Available certificates to Enabled certificates.

1. Save the configurations by clicking the Apply button.
2. Restart the Farm for the changes to take effect.

Suppose you don’t have an SSL certificate installed on the load balancer, A *.zencert.pem wildcard certificate will be used.

To upload an SSL certificate on SKUDONET ADC, read this Article: LSLB | SSL Certificates
To generate an auto ca-signed certificate through the Let’s encrypt program, read this article: LSLB | Let’s Encrypt

Additional Resources

Using the Let’s encrypt program to autogenerate an SSL certificate.
Datalink/Uplink load balancing With SKUDONET ADC.
DNS load balancing with SKUDONET ADC.
Protection from DDoS attacks.
Application, Health and Network Monitoring in SKUDONET ADC.
Web Application Firewall configuration.
Configuring SSL certificates for the load balancer.