Distribution Policy Configuration

Distributing endpoints equitably among the cluster members is the primary function of the SLB. The lb-policy configuration element allows you to control the method of the SLB’s distribution based on matching criteria. Using inbound packet matching criteria, you can control the assignment of users to OCSBCs. Matching is done by data available up to and including the transport layer of the packet: source IP address and port, destination IP address and port, and transport protocol. The IP addresses and ports may or may not include bit masks as well.

Conceptually, the load balancer policy table, with sample data, looks akin to the following.

Source IP/Mask	Source Port/Mask	Destination IP/Mask	Destination Port/Mask	Transport Protocol Requirements (list)	Realm Identifiers (list)
192.168.7.22/32	0/0	10.0.0.1/32	5060/16		West
192.168.1.0/24	0/0	10.0.0.1/32	5060/16	UDP, TCP	North, South, West
192.168.0.0/16	0/0	10.0.0.1/32	5060/16	UDP, TCP	East, West
0.0.0.0/0	0/0	0.0.0.0/0	0/0

Policies are matched using a longest prefix match algorithm; the most specific policy is selected when comparing policies to received packets. One and only one policy is chosen per packet; if the next hops in that route are all unavailable, the next best route is not consulted (instead, the default policy may be consulted – see below). This is different than the local-policy behavior on the OCSBC.

Within each policy you may configure multiple next hops, where each next hop is a named group of OCSBCs. In the sample policy table, this is indicated in the second policy with a source IP range of 192.168.1.0/24. The realm identifier list for this policy indicates North, South, West. Each of these realm identifiers represents a collection of zero or more OCSBCs, in OCSBC parlance these are roughly analogous to session-agent groups. Each of these realm identifiers is also assigned a priority (a value between 1 and 31, with 31 representing the highest priority) in the configuration, and the SLB sorts the possible destinations with the highest priority first. Upon receipt of a packet matching a policy with multiple configured realm identifiers, the SLB gives preference to OCSBCs from the realm identifier with the highest priority. Should no OCSBCs be available in that priority level (due to saturation, unavailability, and so on.) the SLB moves on to investigate the next priority level, and so on. Should no OCSBCs become available after traversing the entire list of all OCSBCs within each priority level, the OCSBC either drops the packet or attempt to use the default policy.

The bottom row of the sample table shows this implicit, last resort default policy. When enabled, the SLB reverts to the default policy when all of the potential next hop realms referenced in the endpoint’s distribution rule are unavailable. In that event, the default policy attempts to locate a clustered OCSBC that advertises support for the service-interface that the packet arrived on. The realm is not considered when matching to the default policy. If such an OCSBC is found, the SLB forwards the packet to that DBC; if such an OCSBC is not found, the SLB drops the packet.

It is not necessary to configure the default policy — it is simply intended as a catchall policy, and may be used when all that is required is a simple round-robin balancing scheme based on simple metrics (for example, CPU utilization and number of registrations currently hosted by an OCSBC). If no policies are configured on the SLB, the default policy is used. The default realm is implied in the above table as * and is enabled by default for policy records.

Use the following procedure to perform required lb-policy configuration.

From superuser mode, use the following ACLI command sequence to access lb-policy configuration mode. While in this mode, you configure the distribution rules used to implement policy-based load balancing on the SLB.

ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# lb-policy
ORACLE(lb-policy)# ?
state                   lb policy state
default-realm           use default realm
description             load balancer policy description
protocols               list of protocols
lb-realms               list of realms
	                           name
	                           priority
source-addr             source ip address
destination-addr        destination ip address
select                  select lb policy
no                      delete lb policy
show                    show lb policy
done                    save lb policy information
quit                    quit out of configuration mode
exit                    return to previous menu
ORACLE(lb-policy)#

Use the state parameter to enable or disable this distribution rule.
The default setting, enabled, enables the distribution rule; disabled disables the rule.
```
ORACLE(lb-policy)# state enabled
ORACLE(lb-policy)#
```
Use the default-realm parameter to enable or disable the default distribution policy.
The default setting, enabled, enables the default policy; disabled disables the policy.

With default-realm enabled, the SLB provides a best-effort delivery model if the next-hop realms listed in this distribution rule are unavailable. With default-realm disabled, the orphaned packet is dropped.
```
ORACLE(lb-policy)# default-realm enabled
ORACLE(lb-policy)#
```
Optionally use the description parameter to provide a description of this distribution rule.
```
ORACLE(lb-policy)# description Local traffic to Los Angeles site
ORACLE(lb-policy)#
```
Use the protocols parameter to construct a list of protocols that must be supported by this distribution rule.
```
ORACLE(lb-policy)# protocols udp
ORACLE(lb-policy)#
```
Use either the source-addr parameter or the destination-address parameter to specify matching criteria for this distribution rule.
Use the source-addr parameter to specify source-address-based matching criteria.

Packets whose source IP addresses match the criteria specified by this parameter are subject to this distribution rule.
```
ORACLE(lb-policy)# source-addr 10.0.0.1
ORACLE(lb-policy)#
```
matches any port on the specified IP source address
```
ORACLE(lb-policy)# source-addr 10.0.0.1:5060
ORACLE(lb-policy)#
```
matches the specified IP source address:port pair
```
ORACLE(lb-policy)# source-addr 10.0.0.1/24
ORACLE(lb-policy)#
```
matches any IP source address, any port on the 10.0.0.x subnet
```
ORACLE(lb-policy)# source-addr 10.0.0.240/28:5060
ORACLE(lb-policy)#
```
matches IP source addresses 10.0.0.240:5060 through 10.0.0.255:5060

Use the destination-addr parameter to specify destination-address-based matching criteria.

Packets whose destination IP addresses match the criteria specified by this parameter are subject to this distribution rule.
```
ORACLE(lb-policy)# destination-addr 10.0.0.1
ORACLE(lb-policy)#
```
matches any port on the specified IP destination address
```
ORACLE(lb-policy)# destination-addr 10.0.0.1:5060
ORACLE(lb-policy)#
```
matches the specified IP destination address:port pair
```
ORACLE(lb-policy)# destination-addr 10.0.0.1/24
ORACLE(lb-policy)#
```
matches any IP destination address, any port on the 10.0.0.x subnet
```
ORACLE(lb-policy)# destination-addr 10.0.0.240/28:5060
ORACLE(lb-policy)#
```
matches destination IP addresses 10.0.0.240:5060 through 10.0.0.255:5060

Use the lb-realms parameter to access lb-realm configuration mode.

While in lb-realm configuration mode you identify one or more SLBs eligible to receive traffic that matches this distribution rule.

ORACLE(lb-policy)# lb-realms
ORACLE(lb-realm)#
name             realm name (string identifier)
priority         priority (range 1-31)
select           select a lb realm to edit
no               delete selected lb realm
show             show lb realm information
done             write lb realm information
exit             return to previous menu
ORACLE(lb-realm)#

Use the name parameter to identify the realm.
As previously discussed, the name field is roughly analogous to an OCSBC session-agent group. OCSBCs configured to communicate within a cluster hosted by an SLB advertise offered services to the SLB. These services (for example, SIP support) exist in realms, whose names are sent to the SLB as part of the OCSBC advertisement. The SLB, upon receipt of these advertisements, joins each OCSBC into one or more realm identifier groups based upon the realm name(s) the OCSBC has offered up. The name command of the lb-realm configuration element matches this distribution rule to a supporting OCSBC that has offered that realm name for cluster membership.
```
ORACLE(lb-realm)# name LosAngeles
ORACLE(lb-realm)#
```
Use the priority parameter to specify the realm priority.
Priority is expressed as an integer value within the range 1 to 31 — the higher the integer, the greater the priority.

The default value, 1, specifies use of the default routing policy, and should not be used when policy-based distribution is enabled.

Priority values are considered when multiple OCSBCs offer the same service to matched packets.
```
ORACLE(lb-realm)# priority 31
ORACLE(lb-realm)#
```
Use done, exit, and verify-config to complete configuration of this lb-realm configuration element.

To specify other eligible SLBs, repeat Steps 7 through 10. For example,

ORACLE(lb-policy)# lb-realms
ORACLE(lb-realm)# name LasVegas
ORACLE(lb-realm)# priority 25
ORACLE(lb-realm)# done
ORACLE(lb-realm)# exit
ORACLE(lb-realm)# verify-config

Use done, exit, and verify-config to complete configuration of this distribution rule.
To specify additional distribution rules, repeat Steps 1 through 12 as often as necessary.