Implementing Alteon Va in An Amazon Aws Environment: January 06, 2019

IMPLEMENTING ALTEON VA IN AN
AMAZON AWS ENVIRONMENT

Version 1.0
January 06, 2019
Software: Alteon version 32.1

Author: Elad Kurzweil
TABLE OF CONTENTS
OVERVIEW ................................................................................................................................................... 3
AMAZON AWS ............................................................................................................................................. 3
RADWARE ALTEON .................................................................................................................................... 3
ALTEON VA HA MODE CONFIGURED TO RUN IN MULTIPLE IP ADDRESS MODE ............................ 4
Important Notes and Prerequisites ......................................................................................................... 4
Software and Hardware .......................................................................................................................... 5
INSTALLATION OF MULTIPLE IP ADDRESSES ON AN ALTEON STANDALONE ON AWS ................ 5
ALTEON BASIC CONFIGURATION .......................................................................................................... 43
Alteon01 Basic Configuration Script ..................................................................................................... 43
Network Configuration.................................................................................................................... 43
HA Configuration ............................................................................................................................ 43
AWS API Token ............................................................................................................................. 43
VIP Configuration ........................................................................................................................... 44
Alteon02 Basic Configuration Script ..................................................................................................... 44
Network Configuration.................................................................................................................... 44
HA Configuration ............................................................................................................................ 44
Implementing Alteon VA in an Amazon AWS Environment: version 1.0

January 6, 2019 Page 2
OVERVIEW
Radware's Alteon VA for AWS provides advanced and comprehensive application delivery
capabilities needed to effectively meet challenges of application deployment, SSL acceleration,
and application delivery in today's data centers. Its availability in the AWS marketplace enables
Radware customers to deploy mission critical applications on the Amazon Virtual Private Cloud
(Amazon VPC) with ease.
Additional benefits include:
• Intuitive application performance monitoring for any Web application providing visibility into
how long requests are processed in the data center, in transit, or in the Web browser.
• Built-in global server load balancing solution to optimally distribute application traffic
between sites and availability zones based on granular policies and preferences.
• Security capabilities offering out of the box DoS protection.
• Maximized total cost of ownership (TCO) of the Amazon Cloud; use only what is required
with on-demand Alteon VA instances.
AMAZON AWS
Amazon Web Services offers a broad set of global Cloud-based products including compute,
storage, databases, analytics, networking, mobile, developer tools, management tools, IoT,
security, and enterprise applications on-demand, available in seconds, with pay-as-you-go
pricing. From data warehousing to deployment tools, directories to content delivery, over 140
AWS services are available. New services can be provisioned quickly, without the upfront
capital expense. This enables enterprises, start-ups, small and medium-sized businesses, and
customers in the public sector to access the building blocks they need to respond quickly to
changing business requirements.
RADWARE ALTEON
Radware’s Alteon ADC solution provides advanced and comprehensive application delivery
capabilities needed to effectively meet the challenges of application deployment, SSL
acceleration and offloading, and application delivery in today’s data centers. Equipped with
advanced application acceleration capabilities, a global server load balancing solution and a
comprehensive Layer 7 modification tool, Alteon ADC is well positioned as the leading ADC in
the industry. Alteon ADC also spearheads the ADC virtualization trend with ADC-VX™, the
industry’s first ADC virtualization and consolidation platform based on a specialized ADC
hypervisor, and Alteon virtual appliance (Alteon VA). For more information, visit the Radware
Alteon Web page at: http://www.radware.com/Products/ApplicationDelivery/Alteon/default.aspx

ALTEON VA HA MODE CONFIGURED TO RUN IN MULTIPLE IP
ADDRESS MODE
Figure 1 – Alteon VA Configured to Run in Multiple IP Address Mode
Important Notes and Prerequisites

• The configuration illustrated in Figure 1 uses a 2-legs implementation (one data interface
and one management interface).
• The Alteon Solution Template supports a single or multiple leg implementation:
▪ Alteon VA, when running on Amazon Web Services, is configured to have its
management controlled through the data path. This is because any instance on AWS is
provided with a single IP address per network interface. To enable load-balancing
HTTPS traffic and management access, the HTTPS port for management access should
be changed using the Web interface at: Configuration > System > Management
Access > Management Protocols, or the CLI command:
/c/sys/access/https/port /c/sys/access/https/port.

To access the Alteon Web interface, open your browser and enter the Alteon VA
instance IP address with the new port. For example, when changing the port to 8443, if
the Alteon VM IP address is 1.1.1.1, enter https://1.1.1.1:8443. To log in, enter the
default username and password: admin, admin
• In both single IP and multi IP modes, CLI access to the Alteon device is possible using SSH
on port 2222 (rather than the default 22)
• If you are using the Alteon GEL (Global Elastic License) on your Alteon VA, you must
operate in multiple IP address mode, which should be added manually.
• Reserved Ports:
▪ Alteon VA reserves some ports for internal use. You cannot load-balance services
running on the following ports: 123, 161, 3121, 2090, and 2091. The following services
use predefined ports and you cannot load balance services using the same ports as the
services without changing the Alteon VA settings. If you do need to load-balance
services using these ports, you can change the ports that Alteon uses for these services
through the user interfaces. The following are the services and their predefined ports:
o HTTPS – port 443
o SSH – port 22
o SSH – port 2222
o Telnet – port 23
o DPM – port 3030
▪ When you configure Alteon to respond to health checks on specific ports (using the
command /cfg/sys/health), these ports cannot be used for load balancing services.
Software and Hardware

The following is a list of hardware and software were tested to verify the interoperability of the
presented solution:
• Alteon VA version 32.1
INSTALLATION OF MULTIPLE IP ADDRESSES ON AN ALTEON

STANDALONE ON AWS
1. To deploy the Alteon VA on the AWS Cloud, log in to the AWS portal at
https://aws.amazon.com.
2. Add a resource group:
▪ Go to Services:

3. Set the parameters as follows:
▪ Click EC2.
4. To work with the Alteon HA environment, create a key certificate:

a. Click Instances.

b. Click Launch Instance.
5. To create the Alteon VA:

a. Go to AWS Marketplace and search for “alteon”.
b. Select Radware Alteon VA – Application Delivery Controller (BYOL) Template.
c. Click Select.

6. On this page, you can see the prices for all Alteon sizes and prices.
Click Continue.

7. Click Next: Configure Instance Details.
8. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a
virtual network that you have defined. This virtual network closely resembles a traditional
network that you would operate in your own data center, with the benefits of using the
scalable infrastructure of AWS.
a. Click Create new VPC:

b. Click Create VPC:
c. Add the VPC/16 network subnet:

o Name tag – Alteon_VPC
o IPv4 CIDR block – 10.0.0.0/16 (from this subnet you will divide it into a small /24
subnet for management, a client network, and a server’s network).

d. Click Create.
e. Click Close.
9. To create two Alteon HA mode VAs and network subnets, do the following,
a. Number of Instances – 2
b. Network – Select the VPC that you just created.
c. Click Create new subnet.

d. Click Create subnet.

10. Create the Management subnet. You do this twice, one for Management and one for Data
networks.
a. Name tag – Alteon_MGMT_Net
b. VPC – Select the VPC that you previously created
c. IPv4 CIDR block – 10.0.1.0/24
d. Click Create.
e. Click Create subnet.

f. Create the Data subnet:
o Name tag – Alteon_Data_Net
o VPC – Select the VPC that you previously created
o IPv4 CIDR block – 10.0.2.0/24
g. Click Create.
11. Go back to Configure Instance Details, as described in step 3 in this procedure.

a. Click Refresh to reveal the management network.
b. Subnet – Choose the MGMT_Net
c. Scroll down to the bottom of the page and proceed with the next page:

12. Click Add Device.

13. Select Data network for eth1 and click Next: Add Storage.

14. Click Next: Add Tags.
15. Click Next: Configure Security Group.

16. Click Review and Launch.
17. Click Launch.
18. Create a new Certificate (Private and public key):

a. Select Create a new key pair.

b. Key pair name – Alteon_Key
c. Download the certificate and save it for later use.
d. Click Launch Instances.
19. Click View Instances.

20. Navigate to Services, search for “VPC” and select it.
21. Create a new Gateway click Internet Gateways.

An internet gateway is a horizontally scaled, redundant, and highly available VPC
component that allows communication between instances in your VPC and the Internet. It
therefore imposes no availability risks or bandwidth constraints on your network traffic. An
Internet gateway serves two purposes: to provide a target in your VPC route tables for
Internet-routable traffic, and to perform network address translation (NAT) for instances that
have been assigned public IPv4 addresses.
a. Click Create Internet Gateway.

b. Provide a gateway name tag:
o Name tag – Alteon_GW
c. Click Create.
22. To filter the new gateway, click the Internet gateway ID.
23. Associate the gateway to the correct VPC:

a. Click Actions.
b. Select Attach to VPC.

24. Select the appropriate VPC name Alteon_VPC and click Attach.
25. To edit the routing tables, select Subnets:
26. Go to the appropriate routing table:

a. Select Alteon_Mgmt_Net.
b. Click Route Table.
c. Click the Route Table ID.

27. To edit the routing table:
a. Click Routes.
b. Click Edit Routes.

c. Add a default route.
d. Click Add Route.
e. Set Destination to 0.0.0.0/0.
f. In the Target field, select Alteon_GW.
g. Click Save routes.

28. To map the Alteon interfaces for IP assignment, go to Service > EC2 > Instances.
29. Add the name tag to Alteon 01.

30. Add name tag to Alteon 02.
31. Select the management interface:

a. Scroll down the page to the network interfaces section.
b. Click eth0.
c. Click the Interface ID.

32. Add name tag to the Management interface Alteon01_MGMT_Interface.
33. Select the Date interface:

b. Click eth1.

34. Add name tag to the Data interface Alteon01_Data_Net.
35. Add Secondary IP address to the Data Interface (this will be the VIP address):
a. Click Action.
b. Click Manage IP Addresses.
36. To add a new IP address:

a. Click Assign new IP.
b. Provide the IP address – 10.0.2.77
c. Click Yes, Update.

37. Select the management interface of Alteon02:
b. Click eth0.

38. Add name tag to the Management interface Alteon02_MGMT_Interface.
39. Select the Date interface:

b. Click eth1.

40. Add name tag to the Data interface Alteon02_Data_Net.
41. Add Secondary IP address to the Data Interface (this will be the VIP address):
a. Click Action.

b. Click Manage IP Addresses.
42. To add a new IP address:

a. Click Assign new IP.
b. Provide IP address – 10.0.2.78
c. Click Yes, Update.

43. To allocate new public IP addresses, go to Elastic IPs.
a. Click Allocate new address.
b. Click Allocate.
c. A new public IP address is generated and will be assigned to the management interface.

d. Select the Elastic IP.
e. Click Actions and select Associate address.
44. Associate the public IP address with the private IP address.

a. Select Network Interface.
b. In the Network Interface drop down list, search for Alteon.
c. Select Alteon01_MGMT_Interface.
d. Select the Private IP 10.0.1.44 and click Associate.

e. Click Allocate new address.
f. Click Allocate.
A new public IP is generated and will be assigned to the management interface.

g. Select the Elastic IP.

h. Click Actions and select Associate address.
45. Associate the public IP with the private IP:

b. In the Network Interface drop-down, search for Alteon.
c. Select Alteon02_MGMT_Interface.
d. Select the Private IP 10.0.1.78 and click Associate.

46. To create a new VIP address, click Allocate new address.
47. Click Allocate.
A new public IP address is generated and will be assigned to the Data interface.

48. Click the Elastic IP.
49. Click Actions and select Associate address.
50. Associate the public IP address with the private IP address.

b. In the Network Interface drop-down, search for Alteon.
c. Select Alteon01_Data_Net.

51. Select the secondary (VIP) private IP address 10.0.2.77 and click Associate.
52. Create access key for the Alteon devices:

a. Go to Services.
b. Search for IAM.
c. Select IAM.

53. Click Users.

54. Create or use an existing user.
55. Select Security credentials and click Create access key.
a. Download the csv file for backup.

b. Copy the Access key ID and Secret access key to a Notepad session and add it to the
Alteon configuration script.
c. Click Close.

ALTEON BASIC CONFIGURATION
Alteon01 Basic Configuration Script
Network Configuration
/c/l3/if 100
ena
mask 255.255.255.0
addr 10.0.2.68 (Interface IP from Step 42)
peer 10.0.2.231 (Interface IP from Step 48)
/c/l3/gw 1
ena
addr 10.0.2.1
HA Configuration
/c/l3/hamode sw
/c/l3/ha/switch/addif 1
/c/slb/sync/peer 1
ena
AWS API Token

/c/sys/aws/access <Access Key for API> (From Step 75)
/c/sys/aws/secret <Secret Key for API> (From Step 75)

VIP Configuration
/c/sys/aws/fip 1/addr 10.0.2.77 (Step 45)
/c/sys/aws/fip 1/peerip 10.0.2.78 (Step 51)
/c/sys/aws/fip 1/elasip 3.122.110.220 (This IP is taken from step 67)
Alteon02 Basic Configuration Script

Network Configuration
/c/l3/if 100
ena
mask 255.255.255.0
peer 10.0.2.68 (Interface IP from Step 42)
/c/l3/gw 1
ena
addr 10.0.2.1
HA Configuration
/c/l3/hamode sw
/c/l3/ha/switch/addif 1
/c/slb/sync/peer 1
ena
AWS API Token
/c/sys/aws/access <Access Key for API> (From Step 75)
/c/sys/aws/secret <Secret Key for API> (From Step 75)
VIP Configuration
/c/sys/aws/fip 1/addr 10.0.2.78 (Step 45)
/c/sys/aws/fip 1/peerip 10.0.2.77 (Step 51)
/c/sys/aws/fip 1/elasip 3.122.110.220 (This IP is taken from step 67)

North America International
Radware Inc. Radware Ltd.
575 Corporate Drive 22 Raoul Wallenberg St.
Mahwah, NJ 07430 Tel Aviv 69710, Israel
Tel: +1-888-234-5763 Tel: 972 3 766 8666
© 2019 Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the U.S.A


Implementing Alteon Va in An Amazon Aws Environment: January 06, 2019

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Implementing Alteon Va in An Amazon Aws Environment: January 06, 2019

Uploaded by

Copyright:

Available Formats

IMPLEMENTING ALTEON VA IN AN

AMAZON AWS ENVIRONMENT

Software: Alteon version 32.1

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Important Notes and Prerequisites

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Software and Hardware

INSTALLATION OF MULTIPLE IP ADDRESSES ON AN ALTEON

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

4. To work with the Alteon HA environment, create a key certificate:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

5. To create the Alteon VA:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

c. Add the VPC/16 network subnet:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

e. Click Create subnet.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

11. Go back to Configure Instance Details, as described in step 3 in this procedure.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

15. Click Next: Configure Security Group.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

17. Click Launch.

18. Create a new Certificate (Private and public key):

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

19. Click View Instances.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

21. Create a new Gateway click Internet Gateways.

a. Click Create Internet Gateway.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

23. Associate the gateway to the correct VPC:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

25. To edit the routing tables, select Subnets:

26. Go to the appropriate routing table:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

29. Add the name tag to Alteon 01.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

31. Select the management interface:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

33. Select the Date interface:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

36. To add a new IP address:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

39. Select the Date interface:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

42. To add a new IP address:

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

a. Click Allocate new address.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0

e. Click Actions and select Associate address.

44. Associate the public IP address with the private IP address.

d. Select the Private IP 10.0.1.44 and click Associate.

Implementing Alteon VA in an Amazon AWS Environment: version 1.0