Upload
massimiliano-galizia
View
232
Download
0
Embed Size (px)
Citation preview
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
1/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS1
MIGRATION PLAN DOCUMENT
OF
RADWARE Link Proof Link Load Balancer &
Internet WAN Switch
MCA- DC
INFOSYSVersion1.1
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
2/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS2
ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THISMANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTEDWITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
INTELLECTUAL PROPERTY RIGHTS:
THIS DOCUMENT CONTAINS VALUABLE AND CONFIDENTIAL
INFORMATION ON MIGRATION OF DMZ SWITCHES IN THE DATA
CENTER OF MINISTRY OF CORPORATE AFFAIRS, (MCA) DELHI. AND
SHALL NOT BE DISCLOSED TO ANY PERSON, ORGANIZATION, ORENTITY UNLESS SUCH DISCLOSURE IS SUBJECT TO THE PROVISIONS
OF A NONDISCLOSURE AND PROPRIETARY RIGHTS AGREEMENT
APPROVED BY MINISTRY OF CORPORATE AFFAIRS (MCA).
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
3/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS3
Document Information
AUTHOR : Chandra Bhanu Panigrahi
CHANGE AUTHORITY : INTEGRATED COMMUNICATION SERVICES
CHANGE FORECAST : MEDIUM
ORGANIZATION : IBM INDIA (P) LTD
Review
ORGANIZATION NAME TITLEINFOSYS ANIL KUMAR AKELLA
INFOSYS MANOJ KUMAR YADAV
Modification History
REV. DATE ORIGINATOR STATUS COMMENT
1.0 12/07/2013 Chandra Bhanu Initial Version
1.1 17/12/2013 Chandra Bhanu Updated
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
4/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS4
Document Acceptance Signoff
FOR IBM INDIA (P) LTD
NAME …………………………………………………………………..
TITLE ……………………………………………………………………
COMPANY …………………………………………………………….
SIGNATURE & STAMP ………………………………………………………..
DATE ………………………………………………………………….
FOR INFOSYS
NAME …………………………………………………………………..
TITLE ……………………………………………………………………
COMPANY …………………………………………………………….
SIGNATURE & STAMP ………………………………………………………..
DATE ………………………………………………………………….
Note: Acceptance can be in the form of written / or email
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
5/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
6/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS6
1.0 Radware Link Proof migration plan for MCA DC Internet
Segment consists of following
1.1 Network Changes Required for Migrating Existing LB’s.
Presently the subnet 10.64.21.0/24 provides connectivity between
Internet Router and LinkProof LBs.
As Secondary Internet Link will be terminated at Second Router,
Public LAN IP address provided by TCIL and Bharti will beconfigured at each Internet Router’s LAN interfaces.
So the connectivity between LBs and Internet router will bethrough Public IP Addresses provided by both ISPs.
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
7/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS7
Presently Internet Router LAN, LBs interfaces and Checkpoint
Firewalls are all connected to DMZ switch. So two Cisco 2960-S
switches will be introduced to connect Internet Router LAN, LBsand Checkpoint Firewall Outside Interface and Managements
interfaces of Internet segment devices except Checkpoint and
DMZ switches.
Internet Routers, Cisco 2960-S wan switches, LinkProof’s
management interfaces will be connected at Cisco 2960-S
switches and specific LAN subnet will be routed for Management
access with 10.64.22.1 as next hop.The subnet 10.64.22.0/24 willbe used for this purpose.
Presently Linkproof1(LP1)’s LAN interface is connected to DMZ
switch through IPS4240.This will be connected as it but theconnectivity will be moved from DMZ switch to WAN switch.
1.2 Prerequisites for Internet Link Loadbalancer(LB) Migration
Second link details like WAN and LAN Public IP Address. Changes Required at Public DNS server at the time of activity. DNS A record entry for VPN host name.
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
8/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS8
1.3 Devices to be Installed/Replaced for this activity
Sl No. Location/Type Make / Model Device Type / Role Device Host Name
1 MCA DC Delhi Cisco 2960-S Switch FO Aggregation Switch 1 DELDCSWTAGRF01
2 MCA DC Delhi Cisco 2960-S Switch FO Aggregation Switch 2 DELDCSWTAGRF023 MCA DC Delhi Radware Link Proof 208 Internet Link Load Balancer 1 DELDCLLBACTF01
4 MCA DC Delhi Radware Link Proof 208 Internet Link Load Balancer 2 DELDCLLBSTBF02
1.4 Internet Link Loadbalancer (LB)
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
9/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
10/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS10
New Layer3 VLAN vlan 101 and vlan 102 would be used for
connecting Internet Router’s (Router-01 and Router-02) LAN
interface with LB outside interfaces through Cisco 2960-S WANSwitch.
Chapter 2.0 IP Address & VLAN details
Physical Connectivity Details
WAN Switch-01 VLAN
WANSwitch-
01Interface
WAN Switch Interface DescriptionsConnected
DeviceDevice
Interface
VLAN 101 Gi1/0/1## Connected to Internet Router-01 LANInterface(Gi0/0) ##
InternetRouter-01 Gi0/0
VLAN 101 Gi1/0/2 ## Connected to LP-01 LAN Interface(G2) ## LP-01 G2
VLAN 102 Gi1/0/3 ## Connected to LP-01 LAN Interface(G3) ## LP-01 G3
VLAN 59 Gi1/0/4## Connected to LP-01 LAN Interface(G1) throughDC-IPS4240 ## LP-01 G1
VLAN 22 Gi1/0/11## Connected to Internet Router-01 LANInterface(Gi0/3) - Management ##
InternetRouter-01 Gi0/3
VLAN 22 Gi1/0/12 ## Connected to LP-01 LAN Interface(MNG1) ## LP-01 MNG1
VLAN 22 Gi1/0/22 ## Connected to DMZ SW-01 - Port 43 ## DMZSW Gi1/0/43
Trunk (59,101, 102) Gi1/0/23 ## Connected to WAN Switch-02 - Gi1/0/23 ##
WANSwitch-02 Gi1/0/23
Trunk (59,101, 102) Gi1/0/24 ## Connected to WAN Switch-02 - Gi1/0/24 ##
WANSwitch-02 Gi1/0/24
WAN Switch-02 VLAN
WANSwitch-
02Interface
WAN Switch Interface DescriptionsConnected
DeviceDevice
Interface
VLAN 102 Gi1/0/1## Connected to Internet Router-02 LANInterface(Gi0/0) ##
InternetRouter-02 Gi0/0
VLAN 101 Gi1/0/2 ## Connected to LP-02 LAN Interface(G2) ## LP-02 G2
VLAN 102 Gi1/0/3 ## Connected to LP-02 LAN Interface(G3) ## LP-02 G3
VLAN 59 Gi1/0/4 ## Connected to LP-02 LAN Interface(G1) ## LP-02 G1
VLAN 22 Gi1/0/11## Connected to Internet Router-02 LANInterface(Gi0/3) - Management ##
InternetRouter-02 Gi0/3
VLAN 22 Gi1/0/12 ## Connected to LP-01 LAN Interface(MNG1) ## LP-02 MNG1
VLAN 22 Gi1/0/22 ## Connected to DMZ SW-02 - Port 43 ## DMZSW Gi2/0/43
Trunk (59,101, 102) Gi1/0/23 ## Connected to WAN Switch-02 - Gi1/0/23 ##
WANSwitch-01 Gi1/0/23
Trunk (59,101, 102) Gi1/0/24 ## Connected to WAN Switch-02 - Gi1/0/24 ##
WANSwitch-01 Gi1/0/24
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
11/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS11
Chart# IPADD-2.0
VLAN ID L2/L3 Radware Physical Port
101 L3 G2
102 L3 G359 L3 G1
22 L3 MNG1
Primary Radware LP
RadwarePhysical Port
Radware Physical IPAddress
WAN Switch 1Physical Port
G1 59.165.200.11/24 Gi1/0/4G2 14.140.191.13/25 Gi1/0/2
G3 202.56.229.130/28 Gi1/0/3
MNG1 10.64.22.25/24 Gi1/0/12
Secondary Radware LP
RadwarePhysical Port
Radware Physical IPAddress
WAN Switch 1
Physical PortG1 59.165.200.12/24 Gi1/0/4
G2 14.140.191.14/25 Gi1/0/2
G3 202.56.229.131/28 Gi1/0/3
MNG1 10.64.22.26/24 Gi1/0/12
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
12/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
13/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS13
3.1 Radware LB Configuration Details
3.1.1 Farm Details
Sl. No. FARMs Dispatch Method
1 MCA-FARM1 Cyclic
2 MCA-FARM2 Cyclic
3 MCA-DEFAULT-FARM3 Cyclic
4 MCA-DEFAULT-FARM4 Cyclic
LB Load Balancing Algorithm
Dispatch method in Radware LB decides how to distribute traffic to realservers/Internet Link. In this deployment scenario there is no use of
dispatch method as farms will forward to only one Link for outgoing orin coming traffic in Primary / Redundant mode.
3.1.2 Router Farm Details
Sl. No. Routers Router IP Address
1 MCA-FM1-RTR-TCIL 14.140.191.1
2 MCA-FM1-RTR-BHARTI 202.56.229.1293 MCA-FM2-RTR-TCIL 14.140.191.1
4 MCA-FM2-RTR-BHARTI 202.56.229.129
5 MCA-DEFAULT-FM3-RTR-TCIL 14.140.191.1
6 MCA-DEFAULT-FM4-RTR-BHARTI 202.56.229.129
3.1.3 Host network/classes Details
Sl.
No. Networks IP Address1 mca.gov.in 59.165.200.120
2 mca21.gov.in 59.165.200.120
3 servicedesk.mca 59.165.200.103
4 www.mca.gov.in/XBRL 59.165.200.113
5 dcdeldns2.mca.gov.in 59.165.200.3
6 vpn.mca.gov.in 59.165.200.59
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
14/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
15/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS15
3 59.165.200.10 59.165.200.10 14.140.191.1 14.140.191.10 14.140.191.10
4 59.165.200.15 59.165.200.15 14.140.191.1 14.140.191.15 14.140.191.15
5 59.165.200.16 59.165.200.16 14.140.191.1 14.140.191.16 14.140.191.16
6 59.165.200.21 59.165.200.21 14.140.191.1 14.140.191.21 14.140.191.21
7 59.165.200.22 59.165.200.22 14.140.191.1 14.140.191.22 14.140.191.22
8 59.165.200.23 59.165.200.23 14.140.191.1 14.140.191.23 14.140.191.23
9 59.165.200.24 59.165.200.24 14.140.191.1 14.140.191.24 14.140.191.24
10 59.165.200.25 59.165.200.25 14.140.191.1 14.140.191.25 14.140.191.25
11 59.165.200.26 59.165.200.26 14.140.191.1 14.140.191.26 14.140.191.26
12 59.165.200.27 59.165.200.27 14.140.191.1 14.140.191.27 14.140.191.27
13 59.165.200.28 59.165.200.28 14.140.191.1 14.140.191.28 14.140.191.28
14 59.165.200.29 59.165.200.29 14.140.191.1 14.140.191.29 14.140.191.29
15 59.165.200.32 59.165.200.32 14.140.191.1 14.140.191.32 14.140.191.32
16 59.165.200.33 59.165.200.33 14.140.191.1 14.140.191.33 14.140.191.33
17 59.165.200.34 59.165.200.34 14.140.191.1 14.140.191.34 14.140.191.34
18 59.165.200.37 59.165.200.37 14.140.191.1 14.140.191.37 14.140.191.37
19 59.165.200.38 59.165.200.38 14.140.191.1 14.140.191.38 14.140.191.38
20 59.165.200.39 59.165.200.39 14.140.191.1 14.140.191.39 14.140.191.3921 59.165.200.40 59.165.200.40 14.140.191.1 14.140.191.40 14.140.191.40
22 59.165.200.42 59.165.200.42 14.140.191.1 14.140.191.42 14.140.191.42
23 59.165.200.43 59.165.200.43 14.140.191.1 14.140.191.43 14.140.191.43
24 59.165.200.57 59.165.200.57 14.140.191.1 14.140.191.57 14.140.191.57
25 59.165.200.90 59.165.200.90 14.140.191.1 14.140.191.90 14.140.191.90
26 59.165.200.103 59.165.200.103 14.140.191.1 14.140.191.103 14.140.191.103
27 59.165.200.105 59.165.200.105 14.140.191.1 14.140.191.105 14.140.191.105
28 59.165.200.106 59.165.200.106 14.140.191.1 14.140.191.106 14.140.191.106
29 59.165.200.107 59.165.200.107 14.140.191.1 14.140.191.107 14.140.191.107
30 59.165.200.108 59.165.200.108 14.140.191.1 14.140.191.108 14.140.191.108
31 59.165.200.109 59.165.200.109 14.140.191.1 14.140.191.109 14.140.191.109
32 59.165.200.110 59.165.200.110 14.140.191.1 14.140.191.110 14.140.191.110
33 59.165.200.111 59.165.200.111 14.140.191.1 14.140.191.111 14.140.191.111
34 59.165.200.112 59.165.200.112 14.140.191.1 14.140.191.112 14.140.191.112
35 59.165.200.113 59.165.200.113 14.140.191.1 14.140.191.113 14.140.191.113
36 59.165.200.114 59.165.200.114 14.140.191.1 14.140.191.114 14.140.191.114
37 59.165.200.115 59.165.200.115 14.140.191.1 14.140.191.115 14.140.191.115
38 59.165.200.116 59.165.200.116 14.140.191.1 14.140.191.116 14.140.191.116
39 59.165.200.117 59.165.200.117 14.140.191.1 14.140.191.117 14.140.191.117
40 59.165.200.118 59.165.200.118 14.140.191.1 14.140.191.118 14.140.191.118
41 59.165.200.120 59.165.200.120 14.140.191.1 14.140.191.120 14.140.191.120
42 59.165.200.121 59.165.200.121 14.140.191.1 14.140.191.121 14.140.191.121
43 59.165.200.122 59.165.200.122 14.140.191.1 14.140.191.122 14.140.191.12244 59.165.200.126 59.165.200.126 14.140.191.1 14.140.191.126 14.140.191.126
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
16/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
17/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS17
Management Connectivity Diagram
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
18/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
19/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS19
Redindancy Configuration
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
20/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS20
Configure NHR Tracking Table
1. Select Services > Tuning > Device. 2. In the NHR Tracking Table text box, type the limit on the number of entries in the
NHR Table. Default: 100,000. 3. Click Set. 4. Select LinkProof > Global Configuration > General.
5. Configure the following parameters: NHR Tracking Table Status & NHR TrackingTable Aging 6. Click Set.
LinkProof > Global Configuration > General
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
21/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS21
Static NAT Configuration
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
22/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS22
Dynamic NAT Configuration
For Inbound web traffic.
Existing TCIL Internet Link will be used for inbound web traffic.
Second internet Link will be used for Inbound SSL VPN traffic.
Outgoing Internet, patch management etc will use Second Internet Link.
LinkProof > Farms > Farm Table
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
23/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS23
LinkProof > Servers > Logical Routers Table
Classes > Modify > Networks
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
24/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS24
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
25/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS25
LinkProof > DNS Configuration > Name to Local IP
LinkProof > Flow Management > Farms Flow Table (To Configure Flow Management)
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
26/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS26
LinkProof > Flow Management > Modify policies (To Configure Flow Policies)
LinkProof > Smart NAT > Static NAT Table (To Configure Static NAT)
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
27/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS27
DNS Changes
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
28/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS28
5.0: Traffic flow Through Link Loadbalancer
5.1: Traffic flow diagram in all working conditions: In all working
condition primary Radware LB will process all traffic.
Traffic flow classification in case of stable scenarios:
In coming Traffic for MCA web application will use TCIL ISP link
only. In coming Traffic for SSL VPN access will use Bharti ISP link only. All outgoing traffic linke patchmanagement or internet
requirement for DC ,Bharti ISP link will be used as primary and
TCIL as Backup.
Note : In case of any ISP link not available , all traffic (incoming &
outgoing ) will be through other available ISP link.
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
29/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS29
5.2 Traffic flow when a Primary Radware LB Fails.
When Primary Radware LB fail or any one interface of primary LBfails ,secondary Radware box becomes active
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
30/32
MIGRATION PLAN DOCUMENT
IBM MCA- DATA CENTER INFOSYS30
6.0 Test cases: Test cases are based upon the ping,
http,nslookup,telnet and trace route of Radware vip/physical ip address
and natted servers.
Table 6.1- When Both Radware LP are up and running
Test case Ping/traceroute/telnet/HTTP response
When Both
Radware LB are up
and working.(before migration)
1. Nslookup the web application sites
like www.mca.gov.in ,
www.mca21.gov.in(14.140.191.120),servicedesk.mca.gov.in(14.140.191.103)
2. Ping corresponding public ip address
static natted with with realservers.Public ip address to ping areto be captured.
Ping Response will
confirm reach
ability of Natted IPaddress from theinternet
When Both
Radware LB are up
and working.(before migration)
Telnet public vip ip address on port 80
and 53
14.140.191.120 –port 8014.140.191.113- port 80
14.140.191.3 -port 53
Successful telnet
session
establishment willconfirm the
accessibility of
application through
Radware LP.
When BothRadware LB are up
and working.(before migration)
Ping both Radware physical interface ipaddress. Ping Response willconfirm reach
ability of Radwarephysical interface
and connectivity.
When Both
Radware LB are upand working.
(before migration)
http://www.mca.gov.in &
http://www.mca21.gov.in
Some Ping
response andnslookup to Web
site should have
14.140.191.120 as
ip address due toGSLB setup. Otherip would be of DR
Chennai ie
115.114.108.120
http://www.mca.gov.in/http://www.mca.gov.in/http://www.mca.gov.in/http://www.mca.gov.in/http://www.mca.gov.in/http://www.mca.gov.in/http://www.mca.gov.in/
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
31/32
8/17/2019 Radware Link Loadbalancer_MIGRATION PLAN_V1.1
32/32
MIGRATION PLAN DOCUMENT
Post Migration – Test Cases
Table 6.1 & 6.2 test cases will be performed post migration of new
Radware devices in Internet Segment.