Dell EMC ECS

Contents

1 Introduction

The DELL EMC Elastic Cloud Storage (ECS) is a rack-based, flexible, and expandable object storage solution. The ECS is configured through a Web Management Interface frontend (HTTPS). In combination with a Kemp load balancer, an ECS can provide object storage using the protocols S3, Atmos, SWIFT, and Network File System (NFS) in addition to the Web Management Interface. Other protocols such as CAS are also possible but are published without load balancers.

1.1 Intended Audience

Anyone interested in configuring the Kemp LoadMaster to load balance Dell EMC ECS.

1.2 Document Purpose

This deployment guide provides instructions on how to configure the Kemp LoadMaster to load balance Dell EMC ECS services using Kemp LoadMaster application templates. This guide should only be used as a reference for the load balancing configuration of ECS services because each environment is unique and may have different requirements. This guide outlines the load balancing configuration using custom ECS ports in the Kemp LoadMaster application templates, but default ports can also be leveraged based on the environment. 

This guide outlines the configuration of Virtual Services (VSs) based on best practices. There are two approaches when publishing Dell EMC ECS through the Kemp LoadMaster:

Layer 4: When SSL/TLS offloading is not required, Layer 4 may be used to pass the traffic back to the ECS nodes. Transparency is automatically enabled when using Layer 4. This sends the original source IP address to the Real Servers. For more information, see the Transparency document on the Kemp Documentation page. Using Layer 4 has the following requirements:

  • The LoadMaster must be set up in a two-arm configuration.
  • ECS nodes must use the Kemp LoadMaster as the default gateway.
  • All connections to the ECS environment must be initiated from a different subnet.

Layer 7: When using SSL/TLS offloading or when the above requirements may not be met, you can leverage Layer 7. Layer 7 by default does not use transparency and therefore the IP address of the LoadMaster is used when accessing the ECS environment. The X-Forwarded-For header is leveraged to provide the original source IP address in the ECS logs for troubleshooting purposes. When a secure connection is used, a certificate must be installed on the LoadMaster to decrypt the traffic for the X-Forwarded-For header insertion. This traffic can then be re-encrypted or offloaded depending on the security requirements.

Contact Kemp Support for any questions regarding configuration options.

2 Template

Kemp has developed a template containing our recommended settings for this workload. You can install this template to help create Virtual Services (VSs) because it automatically populates the settings. You can use the template to easily create the required VSs with the recommended settings. You can remove templates after use and this will not affect deployed services. If needed, you can make changes to any of the VS settings after using the template.

Download released templates from the Templates section on the Kemp Documentation Page.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the Kemp Documentation Page.

3 Dell EMC ECS

Dell EMC ECS is a software-defined object storage solution that can be deployed as a complete storage appliance or leverage supported standard hardware. Dell EMC ECS consists of the following components:

  • ECS Portal and Provisioning Services
  • Data Services
  • Storage Engine
  • Fabric
  • Infrastructure
  • Hardware

The following table provides a list of the Dell EMC ECS default ports and protocols used for accessing the storage.

ECS Protocol

Transport Protocol or Daemon Service

Port

S3

HTTP

9020

HTTPS

9021

Atmos

HTTP

9022

HTTPS

9023

Swift

HTTP

9024

HTTPS

9025

NFS

Portmap

111

Mountd, nfsd

2049

Lockd

10000

 

image12.png

4 LoadMaster Global Settings

Before setting up the Virtual Services, the following global settings should be configured to support the workload.

4.1 Layer 4 Considerations before Deployment

For this application, if you are using an L4 service, it is automatically transparent. When using transparency, the following steps must be followed:

If clients are on the same subnet as the Real Server, returning traffic to the LoadMaster is instead sent to the client. This is asymmetric routing and causes the client to drop the connection because it is expecting it from the LoadMaster, not the Real Server. The diagram below shows the flow of traffic when this rule is not followed.

image.png

If the Real Servers' default gateway is not set to be the LoadMaster’s interface (the shared IP if the LoadMasters are in HA), traffic returning to the LoadMaster is instead sent to the gateway. This is asymmetric routing and causes the connection to drop because the connection should be sent from the LoadMaster, not the Real Server. The diagram below shows the flow of traffic when this rule is not followed.

image5.png

4.2 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

Because this application can run at Layer 4, transparency is enforced. Transparency takes a higher priority than Subnet Originating Requests. Therefore, if transparency is enabled on the Virtual Service and Subnet Originating Requests is enabled globally, the Virtual Service still uses transparency. The Real Server sees traffic from this virtual service originating with the client’s source IP address (transparency). See the Transparency document on the Kemp documentation page for more details.

081.png

 

In the diagram above, you can see the following details:

  • Client: 10.0.0.100/24
  • Virtual Service on eth0: 10.0.0.15/24
  • Real Server on eth1: 10.20.20.25/24

With Subnet Originating Requests enabled, the Real Server sees traffic originating from 10.20.20.21 (LoadMaster eth1 address) and responds correctly.

With Subnet Originating Requests disabled, the Real Server sees traffic originating from 10.0.0.15 (LoadMaster Virtual Service address on eth0) and responds to eth0 causing asymmetric routing

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Miscellaneous Options > Network Options.

2. Select the Subnet Originating Requests check box.

4.3 Enable Check Persist Globally

It is recommended that you change the Always Check Persist option to Yes – Accept Changes. Use the following steps:

1. Go to System Configuration > Miscellaneous Options > L7 Configuration.

275.png

2. Click the Always Check Persist drop-down arrow and select Yes – Accept Changes.

5 LoadMaster Virtual Services with Layer 4

This step-by-step setup of Virtual Services leverages the Kemp application template for Dell EMC ECS with Layer 4. Layer 4 has the following requirements:

  • The LoadMaster must be set up in a two-arm configuration.
  • ECS nodes must use the Kemp LoadMaster as the default gateway.
  • All connections to the ECS environment must be initiated from a different subnet.

The table in each section outlines the settings configured by the application template. You can use this information to manually configure Virtual Services or use the Kemp LoadMaster Application Programming Interface (API) and automation tools.

5.1 Create a Virtual Service using a Template

To configure a Virtual Service using the application template, perform the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Type a valid Virtual Address.

3. Select the appropriate template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Type the Real Server Address.

8. Confirm that the correct port is entered.

9. Click Add This Real Server.

5.2 S3 Virtual Services Layer 4

The following section outlines the Layer 4 configuration options for using S3 with Dell EMC ECS.

5.2.1 S3 HTTP Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

80

prot

tcp

VStype

http

ForceL7

0

Schedule

lc

CheckType

tcp

CheckPort

9020

5.2.2 S3 HTTPS Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API ParameterAPI Valueport443prottcpVStypehttpForceL70SchedulelcCheckTypetcpCheckPort9021API ParameterAPI Value

5.3 Atmos Virtual Services Layer 4

The following section outlines the Layer 4 configuration options for using Atmos with Dell EMC ECS.

5.3.1 Atmos HTTP Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

80

prot

tcp

VStype

http

ForceL7

0

Schedule

lc

CheckType

tcp

CheckPort

9022

5.3.2 Atmos HTTPS Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

443

prot

tcp

VStype

http

ForceL7

0

Schedule

lc

CheckType

tcp

CheckPort

9023

5.4 Swift Virtual Services Layer 4

The following section outlines the Layer 4 configuration options for using Swift with Dell EMC ECS.

5.4.1 Swift HTTP Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

80

prot

tcp

VStype

http

ForceL7

0

Schedule

lc

CheckType

tcp

CheckPort

9024

5.4.2 Swift HTTPS Layer 4 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port

443

prot

tcp

VStype

http

ForceL7

0

Schedule

lc

CheckPort

9025

6 LoadMaster Virtual Services Layer 7

This step-by-step setup of Virtual Services leverages the Kemp application template for Dell EMC ECS with Layer 7. Layer 7 does not have the same requirements as the Layer 4 configuration above:

  • The LoadMaster can be set up with one-arm or two-arm configurations.
  • ECS nodes do not require the use of the Kemp LoadMaster as the default gateway.
  • Connections to the ECS environment can be initiated from the same subnet or a different subnet.

In addition, Layer 7 by default does not use transparency and therefore the IP address of the LoadMaster is used when accessing the ECS environment. X-Forwarded-For header is leveraged to provide the original source IP address in the ECS logs for troubleshooting purposes. When a secure connection is used, a certificate must be installed on the LoadMaster to decrypt the traffic for the X-Forwarded-For header insertion. This traffic can then be re-encrypted or offloaded depending on the security requirements. The ECS environment requires some configuration for X-Forwarded-For to be leveraged. Consult with Dell EMC to enable this feature in ECS.

The table in each section outlines the settings configured by the application template. You can use this information to manually configure Virtual Services or using the Kemp LoadMaster API and automation tools.

6.1 Create a Virtual Service using a Template

To configure a Virtual Service using the application template, perform the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Type a valid Virtual Address.

3. Select the appropriate template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Optional step that is required for TLS/SSL offload and reencrypt: Expand the SSL Properties section, select the certificate to use from Available Certificates and click the arrow (>) to move it to Assigned Certificates. Click Set Certificates.

6. Expand the Real Servers section.

7. Click Add New.

8. Type the Real Server Address.

9. Confirm that the correct port is entered.

10. Click Add This Real Server.

6.2 S3 Virtual Services Layer 7

The following section outlines the Layer 7 configuration options for using S3 with Dell EMC ECS.

6.2.1 S3 HTTP Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port 80
prot tcp
VStype http
SubnetOriginating 1
Schedule lc
AddVia 1
CheckType tcp
CheckPort 9020

6.2.2 S3 HTTPS Re-Encrypted Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

443

prot tcp
VStype http
SubnetOiginating 1
Schedule lc
SSLAcceleration 1
SSLReencrypt 1
AddVia 1
TLSType 1
CipherSet BestPractices
CheckType tcp
CheckPort 9021

6.2.3 S3 HTTPS Offload Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

443

prot

tcp

VStype

http

SubnetOriginating

1

Schedule

lc

SSLAcceleration

1

AddVia 1

TLSType

1

CipherSet

BestPractices

CheckType

tcp

CheckPort

9020

6.3 Atmos Virtual Services Layer 7

The following section outlines the Layer 7 configuration options for using Atmos with Dell EMC ECS.

6.3.1 Atmos HTTP Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

80

prot tcp
VStype http
SubnetOriginating 1
Schedule lc
AddVia 1
CheckType tcp
CheckPort 9022

6.3.2 Atmos HTTPS Re-Encrypted Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

443

prot tcp
VStype http
SubnetOriginating 1
Schedule lc
SSLAcceleration 1
SSLReencrypt 1
AddVia 1
TLSType 1
CipherSet BestPractices
CheckMethod tcp
CheckPort 9023

6.3.3 Atmos HTTPS Offload Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools. SSL/TLS certificates should be added before creating this VS. For further information on certificates, refer to the SSL Accelerated Services Feature Description on the KEMP Documentation Page.

API Parameter

API Value

port

443

prot

tcp

VStype

http

SubnetOriginating

1

Schedule

lc

SSLAcceleration

1

AddVia 1

TLSType

1

CipherSet

BestPractices

CheckType

tcp

CheckPort

9022

6.4 Swift Virtual Services Layer 7

The following section outlines the Layer 7 configuration options for using Swift with Dell EMC ECS.

6.4.1 Swift HTTP Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter

API Value

port

80

prot tcp
VStype http
SubnetOriginating 1
Schedule lc
AddVia 1
CheckType tcp
CheckPort 9024

6.4.2 Swift HTTPS Re-Encrypted Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port

443

prot tcp
VStype http
SubnetOriginating 1
Schedule lc
SSLAcceleration 1
SSLReencrypt 1
AddVia 1
TLSType 1
CipherSet BestPractices
CheckType tcp
CheckPort 9025

6.4.3 Swift HTTPS Offloaded Layer 7 Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools. SSL/TLS certificates should be added before creating this VS. For further information on certificates, refer to the SSL Accelerated Services Feature Description on the KEMP Documentation Page.

API Parameter

API Value

port

443

prot

tcp

VStype

http

SubnetOriginating

1

Schedule

lc

SSLAcceleration

1

AddVia 1

TLSType

1

CipherSet

BestPractices

CheckType

tcp

CheckPort

9024

6.5 NFS Virtual Services Layer 7

The following section outlines the configuration options for using NFS with Dell EMC ECS.

6.5.1 NFS Portmap Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter API Value
port 111
prot tcp
VStype http
SubnetOriginating 1
Persist src
PersistTimeout 86400
Schedule lc
AddVia 1
CheckType tcp
CheckPort 111

6.5.2 NFS Mountd Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter API Value
port 2049
prot tcp
VStype http
SubnetOriginating 1
Persist src
PersistTimeout 86400
Schedule lc
AddVia 1
CheckType tcp
CheckPort 2049

6.5.3 NFS Lockd Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. You can use these settings with scripts and automation tools.

API Parameter API Value
port 10000
prot tcp
VStype http
SubnetOriginating 1
Persist src
PersistTimeout 86400
Schedule lc
AddVia 1
CheckType tcp
CheckPort 10000

6.6 ECS Web Interface Virtual Services

The following section outlines the configuration options for using ECS Web Interface with Dell EMC ECS.

6.6.1 ECS Web Interface Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools. SSL/TLS certificates should be added before creating this VS. For further information on certificates, refer to the SSL Accelerated Services Feature Description on the KEMP Documentation Page.

API Parameter

API Value

port

443

prot

tcp

VStype

http

SubnetOriginating

1

Schedule

lc

SSLAcceleration

1

SSLReencrypt

1

TLStype

1

CipherSet

BestPractices

CheckType

https

7 Troubleshooting

Refer to the sections below for details on some common issues seen when load balancing the Dell EMC ECS workload.

7.1 Connections Rejected

When using a non-default TCP port or offloading for ECS services, you must ensure the Real Server port is correct. This is a common mistake when configuring the Real Servers when the Virtual Services port is different from the Real Server port. See the table in the Dell EMC ECS section of this document for the required Real Server ports for Dell EMC ECS.

8 References

Some resources on Dell EMC ECS are listed below:

Dell EMC ECS Solutions

Useful, related Kemp documents are listed below:

SSL Accelerated Services, Feature Description on the Kemp Documentation page.

Transparency, Feature Description on the Kemp Documentation page.

RESTful API, Interface Description on the Kemp Documentation page.

Last Updated Date

This document was last updated on 31 January 2019.

Was this article helpful?

0 out of 0 found this helpful

Comments