External Load Balancer
ToolsControl cluster installations always use internal load balancing, which balances CPU load. For information on what load balancing is, see Load Balancing. It is also possible to use an external load balancer, which balances network load.
Prerequisites
To use an external load balancer, ToolsControl must be installed as a cluster. For more information on the ToolsControl installation process, see Installing the System.
When ToolsControl is installed as a cluster, three nodes are installed by default. Each node can be installed in a separate subnet. The external load balancer can be turned on and configured after all nodes are installed and restarted.
Turning on the External Load Balancer
Go to Settings > Network.
In the SingleIP box, enter the virtual IP address for the external load balancer.
In the Publishing mode menu, select External load balancer.
Configuring the External Load Balancer
When the external load balancer feature is turned on in ToolsControl Portal, publishing and ownership of SingleIP must be handled by the network infrastructure and cannot be handled by ToolsControl. A load balancer with both network address translation (NAT) and DSR (Direct Server Return) must be used. This section describes NAT and DSR in relation to ToolsControl.
Full NAT
Some traffic must be balanced by using full NAT, also known as SNAT. In this case, the source IP address is the same as the load balancer IP address. The return traffic is masqueraded, which means that responses from ToolsControl are returned through the load balancer. Use full NAT by default for all TCP traffic, including HTTP, HTTPS, and Open Protocol, except for traffic from Atlas Copco equipment. For a list of Atlas Copco equipment, see the Direct Server Return section later on this page.
Direct Server Return
Some traffic must be balanced by using DSR, also known as Asymmetric Routing or nPath Routing. The client source IP address is preserved. Return traffic from ToolsControl goes directly to the client. DSR should be used for all traffic from and to torque tools. Depending on the equipment that is used, DSR should be configured for the following ports in these tools:
Atlas Copco legacy tools, for example, STB, SRB, TBP, STwrench, and MWR. These tools use UDP port 6677.
Atlas Copco IxB tools, for example, ITB and ICB. These tools use TCP ports 62000–62020.
Atlas Copco cable tools with PFS. These tools send data via TCP port 61201 and receive data via TCP port 61401.
Atlas Copco accessories, for example, Selector 6, I/O Hub, and CAN converter. These accessories use TCP port 25000.
Health Checks
Separate health checks must be created for the two balancers: one for NAT and one for DSR. Both health checks should periodically check the health of all nodes (back-end servers) in the cluster. Network traffic should only be routed to healthy nodes.
Health Check for NAT
To detect the availability of back-end servers for the TCP traffic that is not DSR, make sure that the load balancer can perform health checks based on the following information:
Section | Value |
|---|---|
Protocol | HTTP |
Port | 80 or 443 |
Path | / |
OK HTTP response | 200 |
Request type | HEAD or GET |
Load-balancing algorithm | Any, for example, round robin or weighted least connections |
Health Check for DSR
To detect the availability of back-end servers for traffic from Atlas Copco equipment, make sure that the load balancer can perform health checks based on the following information. Only one health check is needed, regardless of which ports and types of equipment are in use:
Section | Value or information |
|---|---|
Protocol | UDP |
Port | 6677 |
The payload of UDP packets | The payload can be empty or start with the string "HEALTH CHECK" |
The healthy server response | Healthy servers do not respond |
The unhealthy server response | Unhealthy servers respond with ICMP "Destination Unreachable" |
DSR traffic | At any given time, only a single server will be healthy, which means all DSR traffic must go to that server. |
Scheduling policy | The scheduling policy does not matter, as only a single server is available |
