Intel 7280 and 7110 Configuration and Testing Page
Created by Yu Cai on Oct. 1, 2002 at UCCS.
For questions or comments, email: ycai@uccs.edu
Table of Content
Part 1: Intel 7280 XML Director Content Switch Test
(plain text):
Part 2: Intel 7280 XML Director Content Switch Test
(with SSL):
Part 3: Intel 7280 XML Director Configuration:
Part 4: Intel 7110 SSL Accelator Configuration:
Part 5: Intel 7110 and 7280 testing report:
Part 1: Intel 7280 XML Director Content Switch Test
(plain text):
Intel 7280 is configured as fladnag.uccs.edu (128.198.60.171),
and it switch content to two backend web servers,
frodo.uccs.edu (128.198.60.183) and eca.uccs.edu(128.198.60.188).
1) Content switch on URL
Switch to frodo: http://fladnag.uccs.edu/cs522/
Switch to eca : http://fladnag.uccs.edu/cs301/
The XML pattern rule on 7280 is "/cs522/*" and "/cs301/*"
2) Content switch on XML:
Switch Logic is as below:
If (for all items, subTotal <=50000) then go to frodo,
If (for all items, subTotal >50000) then go to eca,
If (for some items, subTotal <=50000, for some items, subTotal
>50000),
then switch
between eca and frodo.
The XML pattern rule on 7280 is "/cgi-bin/* & //item[subTotal>50000]"
and "/cgi-bin/* & //item[subTotal<=50000]"
For example, the following will be switched to eca:
For example, the following will be switched to frodo:
For example, the following will be switched between frodo and eca.
(Click submit button several times, and each time you will go to different
server):
Part 2: Intel 7280 XML Director Content Switch Test
(with SSL):
1) Content switch on URL
Switch to frodo: https://fladnag.uccs.edu/cs522/
Switch to eca : https://fladnag.uccs.edu/cs301/
2) Content switch on XML:
Switch Logic is as below:
If (for all items, subTotal <=50000) then go to frodo,
If (for all items, subTotal >50000) then go to eca,
If (for some items, subTotal <=50000, for some items, subTotal
>50000),
then switch
between eca and frodo.
For example, the following will be switched to eca:
For example, the following will be switched to frodo:
For example, the following will be switched between frodo and eca.
(Click submit button several times, and each time you will go to different
server):
Part 3: Intel 7280 XML Director
Configuration:
The
demo page of Intel 7280 XML Director Content Switch is:
http://cs.uccs.edu/~chow/pub/master/ycai/doc/csdemo.html
Click here to download the Intel
7280 Manual from Intel site.
We use the setup scenario 5 on page 266 on the 7280 Manual:
7280 is configured as a machine named liam (128.198.60.170),
and it hosts a virtual web server named fladnag (128.198.60.171),
7280 do the SSL processing, and content switch, and transfer
the content to the back end servers, like frodo(128.198.60.183)
and eca (128.198.60.188).
The clients access fladnag, instead of frodo or eca directly.
Below is the network topology:
Setup step by step:
1) Link 7280 network port to switch by network cable. Leave the server port
open.
2) Boot 7280, the Boot Monitor prompt appears, as shown below:
monitor>
3) type in "setup", and config 7280, see below:
monitor>setup
Enable dual NIC operation(yes,no)? [no] ---> no
Autoconfigure the Network side NIC speed and duplex?
(yes,no)? [yes] --->yes
Autoconfigure the Server side NIC speed and
duplex? (yes,no)? [yes] --->yes
DHCP is disabled for NIC operation.
Enter the hostname you would like to assign to the
Network NIC: --->Liam
Enter the IP address for the Network side NIC
--->128.198.60.170
Enter the Netmask for the Network side NIC
--->255.255.255.128
Enter default gateway: --->128.198.60.1
Would you like to configure DNS (yes, no)? [no]
--->DNS not configured.
Specify failover method (disabled, serial, route):
[disabled] --->disabled
Set Autoboot? (yes,no) [no] --->yes
monitor>dns
Would you like to configure DNS (yes, no)? --> yes,
Enter domain name --> uccs.edu
Enter IP address of the primary name server --> 128.198.1.117
Specify additional name server --> 128.198.1.250
Specify additional name server (return to end)-->(hit return key)
monitor>save
List of currently save configuration files
......
Configuration Saved.
monitor>boot
....
please stand by, the system is being booted.
....
done
4) After reboot, you enter into 7280 command line
prompt.
default username "admin", default password "admin".
Then at commond line prompt, type the following to enable GUI interface:
Intel 7280 # config sys security mode open
5) Open your browser, in its Address or Location field, type the 7280’s
address and specify port
1095.
For example:
http://liam:1095/
You will see the login screen.
6) For the following steps, you can either do it in GUI or command line prompt.
For GUI interface, make sure your java version is NOT earlier than 1.1,
becasue
it doesn't work with Java 1.4. You might need to download Java plug-in to
be
able to view the GUI interface.
I choose command line prompt:
6.1) To move the prompt to the xml policy group, type this command:
Intel 7280# config policygroup xml
6.2) To add the new service to the xml policy
group, type this command:
Intel 7280/config/policygroup/xml# service create SSL vip 128.198.60.171 port
443 type RICH_HTTP
Service SSL created.
(Noted we have already made fladnag's IP address to be 128.198.60.171 at DNS
server setting)
6.3)To move the prompt to the service SSL level, type
this command:
Intel 7280/config/policygroup/xml# service SSL
6.4) To create the RSA private key, type this
command:
Intel 7280/config/policygroup/xml/service/SSL#key create 1024
Finished creating key. Key strength is 1024.
6.5)Type:
Intel 7280/config/policygroup/xml/service/SSL# key certificate create
Certificate created (Expires in 30 days).
The service is SSL enabled. Define the servers to start processing.
6.6) Intel 7280/config/policygroup/xml/service/SSL#
server create eca.uccs.com port 80
Server eca.uccs.com port 80 has been created.
Intel 7280/config/policygroup/xml/service/SSL# server create frodo.uccs.com port
80
Server frodo.uccs.com port 80 has been created.
7) Then you can input the XML rules, you can do it
in GUI prompt.
The GUI interface is very straight forward. For details, please refer to
7280 mannual. Below are some short tips:
7.1) You need to add policygroup, then service under it, then
servers under service.
7.2) "Rich Expression" is close to URL, like
"\cs522\*" means switch on URL
whose URL is "http:\\fladnag\cs522\".
7.3) "Doc #" is used only when you submit multiple
XML documents.
7.4) "XML expression" is the rule to switch on XML,
like "//item[subtotal<5000]" means
for all "item" tags, whose "subtotal"
subtag is smaller than 5000.
A bad things for GUI interface is that: you can't really modify the settings
once you did it, you
will have to delete everything and start from scratch if you want to make
modification. Very
inconvenient.
8) This might be a bug of 7280:
When
you reboot the 7280, some configuration information might get lost.
You have to
use “config save” at commond line interface before your
reboot, then after reboot, use “restore”
to restore the previously saved
configuration. (The default configuration file
name is active.cfg)
Below is the screen shot of GUI interface:
1) First page in the GUI interface.
2) Server settings screen:
3) Policy Manager screen to config XML rule. See step by step instruction 7
for details.
Part 4: Intel 7110 SSL
Accelator Configuration:
For 7110 product manual, please click here.
We are using the scenario 1 at page 51 in the manual.
Below is the network topology:
Step by step configuration:
1) Use network cable to connect "network" port to switch, use another
network cable to connect "server" to the real web server, like viva
(128.198.60.192).
In the case, the client will access viva, and he won't know anything about 7110.
This is the difference between 7110 and 7280.
2) Use a serial cable to connect the device’s serial port (the left-hand
serial port labeled "Console") to the serial port of a configuration
machine. (A PC running Window with HyperTerminal software, like wind
(128.198.60.204)).
3) HyperTerminal software in windows is typically at "programs --
accessories -- communication -- HyperTerminal".
3.1) Type an appropriate name like
"Intel 7110", in the Name field of the Connection Description window ,
and then click the OK button. The Phone Number panel appears.
3.2) In the Connect Using… field specify "Direct to
COM1", (or the serial port through which the PC is connected to the 7110 if
different from COM1).
3.3) Click the OK button. The COM1 Properties panel appears.
Set the values displayed here to 9600, 8, none, 1, and none.
3.4). Click the OK button.
4) Boot 7110, and the password prompt appears, use admin as default password:
Password: admin (password is not echoed at
prompt)
Current date: 2000 08/28 05:01
Intel 7115>
5) You should be able to access https://viva.uccs.edu, and if you click the
certification icon on the right bottom of the browser, you will see that the SSL
key is replaced by 7110 to be something different than original SSL key on viva,
this means 7110 take the SSL processing job.
6) If you want to create your own SSL key, here is the Procedure:
6.1. Create a key as follows:
Intel 7115> create key
Enter the key strength [512,1024]: 512
New keyID [001]: 001
Keypair was created for keyID: 001
6.2. Enter the create cert command with the keyID
Intel 7115> create cert 001
You are about to be asked to enter information…
Enter the information for the certificate,
as prompted:
• Country
• State
• Locality
• Organization
• Organization unit
• Common name (for example, www.uccs.edu)
• E-mail address.
6.3. Create a server mapping. Use the create map command to
specify the server IP address, ports, and keyID.
Intel 7115> create map
Server IP (0.0.0.0): 128.198.60.192
SSL (network) port [443]: <Enter>
Cleartext (server) port [80]: <Enter>
KeyID to use for mapping: 001
6.4. Intel 7115>list maps
Map Net Ser Cipher Re- Client
ID KeyID Server IP Port Port Suites direct Auth
== ===== ========= ==== ==== ====== ===== ====
1 001 128.198.60.188 443 80 med(v2+v3) n n
Intel 7115>
6.5. Save the configuration when the server has been mapped.
Intel 7115>config save
Saving configuration to flash...
Configuration saved to flash
Intel 7115>
7)
This might be a bug of 7110: the 7110 cascading didn’t show any improvement on
system performance. Here
is what we observed during the test: The traffic light of the first 7110 flashed
green, and the overload light flashed orange to steady. But the traffic light
and the overload light of the second 7110 didn’t flash at all. If the lights
give us the correct information, this means the first 7110 is overloaded, but no
requests are passed to second 7110. It seems that intel 7110 cascading didn’t
work as we expected.
Part 5: Intel 7110
and 7280 testing report:
7110
testing report.
7280 testing report.
XML size test report.