Harmony Controller ADC App v3.7 User Guide

Harmony Controller ADC App v3.7 User Guidefor A10 Thunder® Series and AX™ Series

20 August 2021

© 2021 A10 NETWORKS, INC. CONFIDENTIAL AND PROPRIETARY- ALL RIGHTS RESERVED

Information in this document is subject to change without notice.

PATENT PROTECTION

A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking pro-visions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:

https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking

TRADEMARKS

A10 Networks trademarks are listed at:

https://www.a10networks.com/company/legal-notices/a10-trademarks

CONFIDENTIALITY

This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may not be dis-closed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Networks, Inc.

A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confi-dential information.

Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in this docu-ment or available separately. Customer shall not:

1. Reverse engineer, reverse compile, reverse de-assemble, or otherwise translate the Software by any means.

2. Sub-license, rent, or lease the Software.

DISCLAIMER

This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fit-ness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and conditions.

ENVIRONMENTAL CONSIDERATIONS

Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufac-turer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.

FURTHER INFORMATION

For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be found by visiting www.a10networks.com.

https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking

https://www.a10networks.com/company/legal-notices/a10-trademarks

http://www.a10networks.com

3

Table of Contents

INTRODUCTION ..................................................................................................7

INSTALLATION AND UPGRADE .............................................................................9Management of ADC App/ Prerequisites ................................................................................. 9

User Roles: Super/Provider Admin, Tenant/App Admin .............................................................. 9Thunder Devices and Clusters ........................................................................................................ 10

App Catalog .................................................................................................................................. 10Upload an App.............................................................................................................................. 10Update an App ............................................................................................................................. 10Installed Apps................................................................................................................................ 11Enabling or Disabling ADC App.................................................................................................. 11Delete/Uninstall ADC App ......................................................................................................... 12

ADC APP GETTING STARTED ...........................................................................13Getting Started ............................................................................................................................ 13Launch ADC App from Tenant User......................................................................................... 15Launch ADC App from Harmony Apps.................................................................................... 15Help Center for ADC App ............................................................................................................17Overview of ADC App Tabs and Log View Panel ................................................................... 19

Chart Overlay Alerts and Events ........................................................................................................... 19

ADC APP DASHBOARD ....................................................................................21Session Settings.......................................................................................................................... 21ADC App Service Selector .........................................................................................................22ADC App Key Performance Indicator Bar...............................................................................23Time Window Selector ................................................................................................................23Sync Tooltip ..................................................................................................................................24

Linked Cursor ..............................................................................................................................................24Unlinked Charts ..........................................................................................................................................24

ADC App Dashboard ...................................................................................................................26Inventory ...................................................................................................................................................... 27Alerts and Events ....................................................................................................................................... 27Alerts and Events in Overlay ................................................................................................................... 27WAF Events ..................................................................................................................................................28Deployment Locations .............................................................................................................................29Requests ......................................................................................................................................................29

ADC App v3.6 User Guide

Contents

4

TOP 20 APP SERVICE ...............................................................................................................................30APP Servers .................................................................................................................................................31

ADC APP ANALYTICS .................................................................................... 33ADC Analytics Tab .......................................................................................................................33

Service Selections .....................................................................................................................................34DNS Analytics...............................................................................................................................34

DNS Analytics: KPI .....................................................................................................................................36DNS Analytics: QPS ................................................................................................................................... 37DNS Analytics: Other Metrics .................................................................................................................. 37

Layer 4 Analytics ........................................................................................................................ 40Layer-4: KPI Bar for ADC Analytics Tab ............................................................................................... 40Layer-4 Analytics: ADC App Selector Diagram .................................................................................. 41Layer-4 Analytics: Client .......................................................................................................................... 41Layer-4 Analytics: Thunder ADC (TCP) ................................................................................................44Layer-4 Analytics: Thunder Cluster (TCP) ...........................................................................................46Layer-4 Analytics: App Servers ..............................................................................................................46

Layer-7 Analytics......................................................................................................................... 47Layer-7: KPI Bar for ADC Analytics Tab ................................................................................................. 47Layer-7 Analytics: Latency Drilldown .................................................................................................. 48Layer-7 Analytics: ADC App Selector Diagram ...................................................................................50Layer-7 Analytics: Client ..........................................................................................................................50Layer-7 Analytics: Internet ......................................................................................................................54Layer-7 Analytics: WAF Security ............................................................................................................55Layer-7 Analytics: ADC Service ..............................................................................................................58

Metrics Widgets ...................................................................................................................................58ADC Widgets .........................................................................................................................................59HTTP2 Widgets ................................................................................................................................... 60ADC Widgets ..........................................................................................................................................61Caching Widgets ..................................................................................................................................61

Layer-7 Analytics: Thunder Cluster (TCP) ............................................................................................62Partition Service Latency .................................................................................................................63

Layer-7 Analytics: Applications ..............................................................................................................64Layer-7: Server Drill Down ................................................................................................................64

Layer-7 Analytics: App Servers ..............................................................................................................66

ADC APP SERVICE OBJECTS ...........................................................................67Configuration Options ................................................................................................................ 67How to Deploy an ADC Application Service...........................................................................69Configuring Servers....................................................................................................................70

Server Page Usage ....................................................................................................................................70Add/Edit a Server ......................................................................................................................................70

Basic ........................................................................................................................................................71Advanced Server Options ..................................................................................................................71Template ................................................................................................................................................ 72

5


Contents

Port ......................................................................................................................................................... 72Delete Server .............................................................................................................................................. 73Configuring Server Ports: Add/Edit Port ............................................................................................. 73

Basic ....................................................................................................................................................... 73Advanced .............................................................................................................................................. 74

Delete Server Port ..................................................................................................................................... 74Configuring Service Groups...................................................................................................... 76

Creating a new service group ................................................................................................................. 76Basic Settings ...................................................................................................................................... 77Advanced Settings : ...........................................................................................................................78

Adding a member ...................................................................................................................................... 79Delete Service Groups .............................................................................................................................. 79

Configuring VIPs......................................................................................................................... 80VIP Page Usage ......................................................................................................................................... 80Add/Edit VIP ................................................................................................................................................82

Basic .......................................................................................................................................................82Advanced VIP Options ...................................................................................................................... 83Template ............................................................................................................................................... 83Port ........................................................................................................................................................ 83

Configuring VPorts (Virtual Ports)...........................................................................................86vPort Page Usage ..................................................................................................................................... 86Configuring Virtual Ports: Add VPort ....................................................................................................87

Basic .......................................................................................................................................................87Advanced ..............................................................................................................................................90

Delete VPort ................................................................................................................................................90

ADC APP SHARED OBJECTS ...........................................................................91Logical Partition .........................................................................................................................................92Configure Versions of Partition ..............................................................................................................93

Save ........................................................................................................................................................93Compare ................................................................................................................................................93Deploy ....................................................................................................................................................94

Templates ....................................................................................................................................................94To add a new template ......................................................................................................................94

WAF Templates ...........................................................................................................................................95aFleX .............................................................................................................................................................96Certificates .................................................................................................................................................. 97CRLs ..............................................................................................................................................................98IP NAT Pool ..................................................................................................................................................99Health Monitor ..........................................................................................................................................100How to Configure a Health Monitor for Service Objects ................................................................ 102

ADC APP LOG VIEW AND TROUBLESHOOTING ................................................. 103Log View Panel...........................................................................................................................103

Log View: HTTP ........................................................................................................................................104


Contents

6

Related Topics ....................................................................................................................................105Log View: Alerts ........................................................................................................................................105

Related Topics ....................................................................................................................................106Log View: Events ...................................................................................................................................... 107

Related Topics ....................................................................................................................................108Log View: WAF ..........................................................................................................................................108

New WAF Work flow ..........................................................................................................................108Related Topics .....................................................................................................................................110

Troubleshooting..........................................................................................................................110HTTP Monitoring .......................................................................................................................................110WAF Security Policy Violations ..............................................................................................................110Chart Overlay Drill Down to Event Logs .............................................................................................. 111Alerts Analysis ........................................................................................................................................... 111

SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.6 ............... 113Technical and Customer Support ...........................................................................................113

7

ADC App v3.7 User GuideFeedback

INTRODUCTION

The A10 Networks® ADC Harmony App provides centralized ADC service configuration, monitoring, and analytics to all managed ADC deployments.

The ADC App provides the following features:

• Access to a centralized management platform, so that the user can manage multi-site deployments.

• Insights into network traffic, TLS decryption statistics, traffic categorization, and applica-tion visibility.

• Detailed application visibility, coupled with enriched logs and analytics for faster and eas-ier troubleshooting with accuracy.

For more information, watch the video Introduction to ADC app.

https://www.surveymonkey.com/r/WHZK9CH

https://docs.hc.a10networks.com/adcapp/ADC_App_Introductory_Video.mp4


8

eeeFF Feedback


9


Management of ADC App/ Prerequisites

Feedback

INSTALLATION AND UPGRADE

The A10 Networks® Harmony Controller - ADC App v3.7 software is packaged with Harmony Controller 5.3.0-P1. ADC App can be installed as a package on Harmony Controller 5.3.0 or higher.

The following topics are covered in this chapter:

• Management of ADC App/ Prerequisites

• App Catalog

• Upload an App

• Update an App

• Installed Apps

• Enabling or Disabling ADC App

• Delete/Uninstall ADC App

Management of ADC App/ PrerequisitesADC App collects data from ACOS virtual instances or standard hardware based ACOS devices like Thunder ADC.

User Roles: Super/Provider Admin, Tenant/App Admin

The ADC App is managed by the Provider Admin and accessed by the Tenant Admin. For more information, see

Role-based Access Control.


http://docs.hc.a10networks.com/HC-5.3.0/RBAC.html


App Catalog

10

eeeFF Feedback

Thunder Devices and Clusters

The Thunder device connecting to the A10 HarmonyTM Controller may be single, part of a HA pair, or part of a VCS cluster. On connecting, a Device Cluster is created within the Provider account. This configuration can be loaded and accessed through ADC Apps. For more information, see

Thunder ADC guide. l

App CatalogThe App Catalog in Harmony Controller displays the list of uploaded Harmony Apps. When the Harmony ADC App is successfully loaded, it gets added under the App Catalog. Controller or Super-Admin and Provider admin can access the App Catalog.

NOTE: The Controller can Upload, Update, or Delete the app and Provider admincan Install the app.

Upload an AppFollow the steps to upload a new ADC app:

1. Log in to Harmony Controller as a root provider admin.

2. Switch to Controller scope.

3. Click Harmony Apps > App Catalog in the navigation pane. The All Available Harmony Apps page opens.

4. Click Upload an App. The Upload an App page opens.

5. Click in the App Package File box and select an package file from the local repository.

6. Add notes in the Upload / Update Notes box and click Next.

Update an AppThis option is available only for Controller scope. Follow the steps to update an app from the App Catalog section:

1. Log in to Harmony Controller as a provider admin.

2. Switch to Controller account.


http://docs.hc.a10networks.com/ThunderADC/a10-thunder-adc.html

11


Installed Apps

Feedback

3. Click Harmony Apps > App Catalog in the navigation pane. The All Available Harmony Apps page opens.

4. On the slb app tile and click the vertical ellipsis .

5. Select Update.

6. Click in the App Package File box and select an package file from the local repository.

7. Add notes in the Upload / Update Notes box and click Next.

FIGURE 1 : Apps Catalog > slb > Update

Installed AppsAll installed apps are listed on the Installed Apps page. Provider admins can Uninstall the app and Tenant admins can Enable or Disable the apps.

Enabling or Disabling ADC AppThis option is available for Tenant admins. To enable or disable ADC App, follow the below steps:

1. Click Harmony Apps > App Catalog.

2. Click Enable on the ADC app tile. Alternatively, you can click the vertical ellipsis and select Enable/Disable.



Delete/Uninstall ADC App

12

eeeFF Feedback

Delete/Uninstall ADC AppThis option is available only for Provider account. Follow the steps to delete an app from the App Catalog section:

1. Log in to Harmony Controller as a provider admin.

2. Click Harmony Apps > Installed Apps in the navigation pane. The All of Your Installed Apps page opens.

3. On the slb app tile and click the vertical ellipsis .

4. Click Uninstall.

FIGURE 2 : root > Installed Apps > slb App > Uninstall


13


Getting Started

Feedback

ADC APP GETTING STARTED

The Harmony Controller ADC App v3.7 provides configuration management, visibility and analytics for A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services.


• Getting Started

• Launch ADC App from Tenant User

• Launch ADC App from Harmony Apps

• Help Center for ADC App

• Overview of ADC App Tabs and Log View Panel

Getting StartedTo get started with the ADC App, watch the Video Tutorial or Getting Started section in Harmony Controller Help Center.



Getting Started

14

eeeFF Feedback

FIGURE 3 : Getting Started with App from Harmony Controller


15


Launch ADC App from Tenant User

Feedback

Launch ADC App from Tenant UserTo launch App from Harmony Controller Tenant user account:

1. Login to Harmony Controller.

2. Switch to the Tenant user account.

3. There are three ways the ADC App can be launched.

• From the Harmony Controller > Services > App Services page

FIGURE 4 : Launch ADC App from Harmony Controller > Services > App Services

• From the Harmony Controller > Services > Logical Partition page. This option is available only if logical partitions are enabled.

• From the Apps Manager > My Apps page

Launch ADC App from Harmony AppsTo launch ADC App from Harmony Apps:

1. Click Harmony Apps > Installed Apps.

2. Click Installed Apps.



Launch ADC App from Harmony Apps

16

eeeFF Feedback

3. Click Enable on the slb app tile.

FIGURE 5 : Harmony Controller (Tenant) > Apps Manager > Installed Apps

4. Click My Apps on left hand panel.

5. Click the vertical ellipsis and select Launch App on app in My Apps page as shown in the following image.

FIGURE 6 : Harmony Controller > Harmony Apps > My Apps

6. Select Tenant and click Proceed to launch app.


17


Help Center for ADC App

Feedback

FIGURE 7 : Launch App > Select Tenant

NOTE: Disable pop-up blocker to ensure that the Select Tenant win-dow pop-up functions correctly.

Help Center for ADC AppThe Help Center the following quick access links

• Product documentation

• Product Demos

• Technical Articles

• Video Tutorials

• White Papers

• Create Ticket

• Privacy Policy



Help Center for ADC App

18

eeeFF Feedback

• End of Sale

Click on the “?” icon on the top-right corner of the application navigation bar to access and explore the feature.

FIGURE 8 : Select Help Menu

FIGURE 9 : ADC App Help Center Pop-up Menu Widget


19


Overview of ADC App Tabs and Log View Panel

Feedback

Overview of ADC App Tabs and Log View PanelThe ADC App v3.6 has the following tabs/expandable windows:

FIGURE 10 : ADC App > Top Panel with Tabs

FIGURE 11 : ADC App > Expandable Bottom Log Panel

Chart Overlay Alerts and Events

Overlay events and alerts are displayed for all Dashboard and Analytics charts on ADC app. Overlays consist of all levels of alerts and events from ADC app services, for tenants, clusters and devices, where these app services are deployed.

• metrics time series chart from session rate to overlay with events.

• red dots indicate that there are one or multiple alerts and events.

• by default all alerts and events are enabled.

User can enable or disable Alerts, by selecting “:” menu next to the ADC App > Sync Tooltip button.

Tabs / Expand Window Description

Dashboard Displays information about the logical partitions mapped to the tenant, configured App services, service monitoring, and key statistics about the service operations.

Analytics Displays visibility and analytics information for deployed App services, key performance indicators, and service operation metrics.

Service Objects Displays configured service objects and provides an ability to edit, save, compare, and deploy service configurations.

Shared Objects Displays configured shared service objects and an ability to manage shared objects.

Log panel A expandable panel at the bottom of App window. This panel provides access to detailed service logs and an ability to filter logs for detailed analysis and troubleshooting.



Overview of ADC App Tabs and Log View Panel

20

eeeFF Feedback

The overlay displays only the number of alerts and events, but does not provide further details about the events.


21


Session Settings

Feedback

ADC APP DASHBOARD

The Harmony Controller ADC App dashboard provides visibility and analytics for A10 Networks® ADC services and WAF services at a Provider-level or Tenant-level.

The Dashboard displays different widgets and this page gives the overall picture on alerts and events, users, apps, deployment locations, clusters, tenants and license usage.


• Session Settings

• ADC App Service Selector

• ADC App Key Performance Indicator Bar

• Time Window Selector

• Sync Tooltip

• ADC App Dashboard

Session SettingsBy default, your session ends in one hour. You are prompted five minutes before the session is about to end. By extending the session, you can keep monitoring the real-time analytics and data without having to log in frequently.

To extend a session:



ADC App Service Selector

22

eeeFF Feedback

1. In the Session Expiring dialog, click Continue session. Alternatively, click the User profile icon on the top-right of the Dashboard, and then select Session Settings from the list. The Session Settings page opens.

2. In Session Duration, click 1 Hour, 24 Hours, or 72 Hours.

3. Click Extend Session.

ADC App Service SelectorThe ADC App Service Selector is a selection list. Select the pre-defined application services to view the related data and statistics.

The App Service Selector is available for all ADC App tab selections.

FIGURE 12 : App Service Selector -ADC App Header


23


ADC App Key Performance Indicator Bar

Feedback

ADC App Key Performance Indicator BarThe KPI Bar Widget for ADC App displays the following information. This data is refreshed every time as per the selection in the Time Window Selector widget.

The KPI Bar widget for ADC Dashboard and Analytics page displays the following information:

FIGURE 13 : KPI Bar on ADC App Header

Time Window SelectorThe Time Window Selector displayed for ADC Dashboard and Analytics page, has the following components:

FIGURE 14 : Time Window Selector:

Widget / Field Description

Throughput (BPS) Total traffic for all the app services for the tenant.

Current Connec-tions

Number of active connections.

Connection Rate (cps)

Number of closed connections.

Errors Number of errors.


Calendar Widget - Date Selec-tor

Select date timeline using the calendar.

Time Selection Scroll Bar Select the timeline for data analysis.

Auto Refresh Timer Specify a time to refresh the page automatically.



Sync Tooltip

24

eeeFF Feedback

NOTE: Dashboard charts are displayed based on the aggregated datausing the following mechanism. Harmony Controller efficientlyrolls up stored metric and log data based on the age of the data.For metrics older than 30 days, Harmony Controller aggregates to10-minute level. For logs older than 12 hours, data is aggregated to1 minute level. For logs older than 30 days, Harmony aggregates to10-minute level, up to a year.

Sync TooltipAll charts in ADC App Dashboard and Analytics tab widgets have Linked Cursor for the charts. Sync Tooltip is disabled by default. The linked chart option is enabled when you enable Sync Tooltip button.

Linked Cursor

The tool tips of the charts are linked together. Once user moves the cursor into one of the charts, it displays the tool tip and line at the cursor point. All related charts display tool tips and lines at the points with the same time stamp.

A new switch button Sync Tool tip is available on the right of Time Bar. It is used to enable or disable the Linked Cursor.The cursor links the charts together to easily contrast data among the different charts.

Unlinked Charts

Tool sync tip functionality provides option for user to turn ON/OFF the sync of cursors in multiple charts. When "Sync Tool tip" is turned off and the cursor is moved into a chart, only the current chart will show tool tip and line where the cursor is displayed.


25


Sync Tooltip

Feedback

FIGURE 15 : ADC App > Sync Tooltip > Enable Link Cursor

FIGURE 16 : ADC App > Sync Tooltip > Disable Link Cursor



ADC App Dashboard

26

eeeFF Feedback

ADC App Dashboard The ADC App Dashboard displays the following main components:

• Inventory

• Alerts and Events

• WAF Events

• Deployment Locations

• Requests

• TOP 20 APP SERVICE

The ADC App Dashboard displays the following common components:

Widgets/ Fields Description

App Service Selector See ADC App Service Selector.

Key Performance Indicators (Averaged per minute). See ADC App Dashboard

Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector


27


ADC App Dashboard

Feedback

Inventory

Displays a list of logical partitions of type ADC with a list of the app services deployed in the logical partition for the selected tenant.

FIGURE 17 : ADC App > Dashboard > Inventory

Alerts and Events

Alerts and events displays information for a particular tenant or all tenants. You can filter the alerts and events according to following criteria:

• Severity,

• Warning,

• Notification

• Information.

You can toggle to check the log collection statistics for the time stamp, tenant ID, cluster ID, system module and message.

Alerts and Events in Overlay

Overlay alerts and events are displayed on the time series graphs in ADC App Analytics and Dashboard pages. New alerts and events generated are plotted on the time series graph in real time. Using this information, users can:

• Correlate the events and alerts data with live traffic for troubleshooting.

• Easily map any significant modification in incoming traffic to corresponding events or alerts that triggered the change in traffic.

These alerts & events can be configured from Harmony Controller.


http://docs.hc.a10networks.com/HC-5.2.0/a10-alerts-events1.html


ADC App Dashboard

28

eeeFF Feedback

Users can select the type of overlay alerts and events on the charts from the drop down menu next to the Auto Refresh duration selection button.

The overlay data is displayed on the charts as red dots. On hover on any of the overlay point, a tool tip displays what category of event/alert occurred at that time stamp.

FIGURE 18 : ADC App > Dashboard > Alerts, Events

WAF Events

The following WAF events widget displays distribution of number of WAF events or requests that triggered WAF policy violation(s) reported on time scale.

FIGURE 19 : ADC App > Dashboard > WAF Events


29


ADC App Dashboard

Feedback

Deployment Locations

This world map displays distribution of service devices by geographical location. The deployment locations are highlighted displaying the number of clusters or devices associated with the particular location in a color-coded map format with statistics.

FIGURE 20: ADC App > Dashboard > Deployment Locations

Requests

The Requests widget displays the summation of all response codes for requests processed for a time range plotted on a time series chart.

The ADC App Dashboard provides the following “Request” locations and Latency information:.

Widgets Description

Request Locations Displays distribution of client location(s) for received requests.

Request Methods Displays distribution of HTTP method of requests received..

Response Codes Displays distribution of HTTP response codes.

Average End-to-end Latency

Displays the average end-to-end latency for a full request-response cycle (the time taken by the one request-response cycle averaged for the selected time range) plotted as a time series chart.

REQUESTS Displays number of requests received plotted on a time series chart.



ADC App Dashboard

30

eeeFF Feedback

FIGURE 21 : ADC App > Dashboard > Requests

TOP 20 APP SERVICE

This widget displays top 20 apps by Current Connections, Throughput, CPS, or SSL CPS for the selected time period. Click the vertical ellipsis icon at the top-right corner to change the chart from Table to Bar chart or Tree Map chart.

Fields Description

App Services Name of the app service.

Current Connections Displays app services by total number of current connections.

Throughput Displays app services by throughput in pps or packets per sec-ond.

CPS Displays app services by connection per second.

SSL CPS Displays app services by SSL connections per second.


31


ADC App Dashboard

Feedback

FIGURE 22 : Top 20 App Services

APP Servers

The APP Servers treemap chart displays distribution of connections, requests, or packets on servers in a tenant. Point to a server to view the details. The details show the following details.

Options Description

Avg Current Conn Shows number of average current connections and percentage of average current connections by servers.

Connection Rate Shows connection rate on a server and server-specific percentage of total connection rates on all servers.

Peak Connections Shows number of peak connections on a server and server-specific percentage of total peak connections on all servers.

Request Rate Shows request rate on a server and server-specific percentage of total request rates on all servers.

Avg SSL Current Conn

Shows average SSL current connections on a server and server-spe-cific percentage of total SSL current connections on all servers.



ADC App Dashboard

32

eeeFF Feedback

SSL Connection Rate

Shows SSL connection rate on a server and server-specific percent-age of total SSL connection rates on all servers.

Receive Through-put

Shows throughput received on a server and server-specific percent-age of total throughput received on all servers.

Transmit Throughput

Shows throughput transmitted on a server and server-specific per-centage of total throughput transmitted on all servers.

Receive Pkt Rate Shows packets received on a server and server-specific percentage of total packets received on all servers.

Transmit Pkt Rate Shows packets transmitted on a server and server-specific percent-age of total packets transmitted on all servers.

Options Description


33


ADC Analytics Tab

Feedback

ADC APP ANALYTICS

The Harmony Controller ADC App v3.7 provides configuration management, visibility and analytics for your A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services and analytics related to the following network layer traffic:

• Layer 4 – The Transport Layer for transmission of data between points on a network. Example protocols: TCP/UDP.

• Layer 7- The Application Layer for end user analytics where the user and the applications are directly communicating and interacting. Example protocols: HTTP/SIP.


• ADC Analytics Tab

• DNS Analytics

• Layer 4 Analytics

• Layer-7 Analytics

ADC Analytics TabThe analytics tab displays the following information for monitoring and analysis of service operations.

The ADC App Analytics tab displays the following information. The information displayed is for all deployed app services for the tenant as follows:


App service Selector A drop-down list of app services. Select a service to view ana-lytics.

Key Performance Indica-tors

Performance indicators at the top of the page. Applies to all the charts on the page.



DNS Analytics

34

eeeFF Feedback

Service Selections

KPI Bar has a Service Selection drop-down list where you can select pre-configured services.

• DNS Services Tenant: DNS TCP and DNS UDP services for devices, clusters, partitions.

• Layer-4 Services Tenant: Device Clusters, TCP Cluster, UDP Cluster.

• HTTP Services Tenant: HTTP services for devices, clusters, and partitions.

DNS AnalyticsThe Analytics page displays different statistics related to DNS service and provides insights into DNS service health, clients behavior, top queries, ongoing attacks, and so on, thus enabling quick overview of DNS operations.

DNS is an important component of the Internet that translates domain names into IP addresses.

Organizations utilize rules and filters based on blacklists to block known malicious domain names. Comprehensive monitoring of DNS traffic is required as a component of cyber security.

The four types of Advanced DNS Analytics are as follows:

• Threat intelligence - Identification of malicious domains (for example, command-and-control, compromised name). This method uses DNS analytics to generate new threat intelligence that can be used to block domain names, preventing future access to malicious domains.

Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector

ADC Selector Diagram Graphic menu to load analytics information for the following entities involved in the service operations.



35


DNS Analytics

Feedback

• Threat detection - Detection of affected endpoints (for example, suspicious behavior patterns) is about finding compromised systems quickly based on suspicious DNS behavior.

• Domain categorization - Automatic categorization of domain names (for example, most queried domains vs most queried NXDOMAIN domains).

• Forensic markers - Providing actionable information for forensics (for example, top DNS clients, malformed DNS query trends).

ADC App content and information analysis is based on the fast stream of DNS queries. ADC App now provides advanced analytics of the context, rate of queries, including the history of lookups, contents of the response and correlation with additional data sources.



DNS Analytics

36

eeeFF Feedback

The Analytics tab for DNS Services selection displays the following components:

• DNS Analytics: KPI

• DNS Analytics: QPS

• DNS Analytics: Other Metrics

DNS Analytics: KPI

The KPI Bar for ADC Analytics tab displays the following information:


QPS Number of DNS queries received per second.Refreshed every minute.

DNS Query Health Percentage of processed DNS queries among all incoming requests. Average over last 3 minutes of data. Refreshed every minute. Dropped packets could be due to malformed query, non DNS packets or configured deny policies.

DNS Response Health Percentage of good DNS Response (NOERROR) among all DNS responses. Average percentage over last 3 minutes of data. Refreshed every minute.

Avg. Latency Latency between DNS Query and Response. Average over last 3 minutes of data in ms. Refreshed every minute.

Avg. Query Size Query Size in Bytes. Average over last 3 minutes of data. Refreshed every minute.

Avg. Response Size Response Size in Bytes. Average over last 3 minutes of data. Refreshed every minute.


37


DNS Analytics

Feedback

DNS Analytics: QPS

The ADC App > Analytics section displays the following QPS widgets for DNS service selection:

FIGURE 23: DNS QPS Analytics

DNS Analytics: Other Metrics

The ADC App > Analytics section displays the following DNS query health monitoring and Top sources widgets for DNS service selection:

Widget/Field Description

QPS with Query Types Number of DNS queries received per second grouped by query types such as A, AAAA, NS, and so on.

QPS with Response Codes Number of DNS responses per second grouped by response codes.


DNS Health Time series of DNS Query and Response health.

Avg. Latency Average values of historical latency in a time series graph.

Avg. Size Average size of Query packets and Response in bytes in a series graph.



DNS Analytics

38

eeeFF Feedback

Malformed DNS Query Rate

Rate of malformed queries received per second.

Request By Source Port Query distribution by source port. in Tree map, donut or table format.

Top DNS Queries Query distribution by.

• Top DNS QUERIES• Top DNS Queries (NXDOMIAN)

Top Source IPs (v4 and v6)

2 widgets for IPv4 and IPv6 display chart based on dynami-cally sampled logs in the last 12 hours:

• Client IP: Top clients that sends the most DNS Queries. • Client IP (NXDOMAIN): Top clients that send the most

DNS query results in NXDOMAIN response.

• Query Size: Top clients that sends the highest DNS Query sizes.

• Response Size: Top clients that result in the highest DNS response payload size.

Response Sources Percentage of response from backend servers/A10 Cache/A10 GSLB, and so on.



39


DNS Analytics

Feedback

FIGURE 24: DNS: Other Metrics



Layer 4 Analytics

40

eeeFF Feedback

Layer 4 AnalyticsThe Layer 4 Analytics is displayed for Service Selections like devices, clusters, partitions. For example, TCP Cluster. The following components are displayed for this Layer-4 selection as displayed in the Layer-4 Analytics: ADC App Selector Diagram.

Layer-4: KPI Bar for ADC Analytics Tab

The KPI Bar widget for ADC Analytics tab displays the following information for Layer-7 Key Performance Indicators (averaged per minute)

FIGURE 25: Layer-4 KPI Bar for ADC Analytics Tab


Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every minute.

Connections Number of total active connections in last 3 minutes by default or as set by Time Interval for Auto Refresh.

Current Connections Number of active connections. Number of active connections averaged over last 3 minutes by default or as set by Time Inter-val for Auto Refresh.

Packet Rate Number of packets received and sent per second measured over the last minute.

Request Rate Request rate. Number of requests received per second.

Errors Number of TCP/UDP and policy errors generated in the last min-ute.

TIME INTERVAL


41


Layer 4 Analytics

Feedback

Layer-4 Analytics: ADC App Selector Diagram

The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the following entities involved in the service operations:

• Layer-4 Analytics: Client

• Layer-4 Analytics: Thunder ADC (TCP)

• Layer-4 Analytics: Thunder Cluster (TCP)

• Layer-4 Analytics: App Servers

FIGURE 26: ADC App > Analytics > Selector Diagram (graphic menu)

Layer-4 Analytics: Client

The ADC App > Analytics > Client section displays the following widgets for Layer-4 selection:


BYTES RECEIVED AND SENT Distribution graphs of number of bytes for the selected time range, for:

• Total bytes• Sent• Received

PACKETS RECEIVED AND SENT Distribution graphs of number of packets for the selected time range, for:

• Total bytes• Sent• Received



Layer 4 Analytics

42

eeeFF Feedback

FIGURE 27 : Layer-4 Analytics > Client

Clients widgets Continued...

CONNECTIONS Distribution graphs of number of connections per sec-ond for the selected time range, for:

• Total Connections• Peak• Rate (/sec)

CLIENT RELATED ERRORS AND FAILURES

Number of TCP and policy errors plotted on a time series chart, filtered by:

• Client Connections Failure• Other Failures Total• Connection Drops

Widget Description

TOP CLIENTS BY Distribution statistics graph of Top Usage Clients, filtered by:

• BANDWIDTH: Distribution of clients utilizing the most bandwidth.• CONNECTIONS: Distribution of clients establishing the most

connections.• THROUGHPUT: Distribution of clients with the most throughput.

CONNECTIONS Distribution graph of total number of connections for the selected time range plotted on a time series.

CONNECTION RATE Distribution graph of number of connections closed per second for the selected time range plotted on a time series chart.



43


Layer 4 Analytics

Feedback

FIGURE 28: Layer-4 Analytics > Client > Top Clients By ...

THROUGHPUT Average throughput (bits per second) plotted on a time series chart.

PACKET RATE Average number of packets received and sent per second plotted on a time series chart.

Widget Description



Layer 4 Analytics

44

eeeFF Feedback

Layer-4 Analytics: Thunder ADC (TCP)

The ADC App > Analytics > Thunder ADC (TCP) > Overview section displays the following widgets for Layer-4 selection:

Widget Description

DROPPED TRAFFIC Distribution of number of packets dropped from TCP and Policy Errors for the selected time period.

ERRORS AND FAILURES Distribution of Errors and Failures from TCP errors, for the selected time period.

ANOMALIES Distribution of anomalies because of TCP errors, for the selected time period.

LOAD DISTRIBUTION Distribution of connections filtered by application servers.

TCP SYN RECEIVED Number of TCP SYN requests received and plotted on a time series chart.

TCP SYN RATE Number of TCP SYN requests received per second plotted on a time series chart.

DSR RECEIVED Number of DSRs received for the selected time range, filtered by configured DSRs:

• L2 DSR Received• L3 DSR Received

DROPPED TRAFFIC Dropped traffic plotted on a time series chart, filtered by reason:

• BW limit exceeded.• BW watermark• Connection Limit• Connection Rate Limit• NAT CPS Exceeded.• TCP SYN Cookie Buffer• NAT No-Session• Aflex• Vport Mismatch

ERRORS AND FAILURES TCP errors and failures plotted on a time series chart, filtered by:

• Client Connection Fail• Server Connection Fail• SYN-Cookie Fail• L4 SYN attack• Source NAT failures• ADC Reset count to Client• L4 Handshake fail


45


Layer 4 Analytics

Feedback

FIGURE 29: Layer-4 Analytics > Thunder ADC Widgets



Layer 4 Analytics

46

eeeFF Feedback

Layer-4 Analytics: Thunder Cluster (TCP)

The ADC App > Analytics > Thunder Cluster (TCP) > Overview section displays the following widgets for Layer-4 selection:

Layer-4 Analytics: App Servers

The ADC App > Analytics > App Servers section for Layer-7 selection, displays the following filterable distribution of application server operational metrics on time scale:

Widget Description

CLUSTER CPU Maximum utilization of data and management CPUs across all devices in the cluster.

CLUSTER MEMORY Maximum utilization of memory across all devices in the cluster.

CLUSTER THROUGHPUT Peak and average throughput for all devices in the cluster in bits per second (bps).

DEVICES IN CLUSTER List of devices in the cluster, along with the averaged out CPU and memory utilization for each device across the selected time range.

DEPLOYMENT LOCA-TIONS

World map with location of all devices in the cluster marked in blue gradients according to number of deployments.

CLUSTER TRAFFIC Volume of traffic across all devices in the cluster plotted as a time series chart for:

• THROUGHPUT: Throughput across all devices in the cluster plotted as a time series chart, filtered by data: • Ingress• Egress

• ACTIVE SESSIONS: Number of active connections across all devices in the cluster plotted on a time series chart.

Widget Description

TOTAL CONNECTIONS Displays number of connections for each application server plot-ted on a time series chart, filtered by individual connections.

CURRENT CONNEC-TIONS

Displays number of current connections for each application server plotted on a time series chart filtered by current individual con-nections.

THROUGHPUT Displays throughput for each application server plotted on a time series chart, filtered by individual connections.


47


Layer-7 Analytics

Feedback

Layer-7 AnalyticsThe Analytics page displays different statistics related to Layer 7 when L7 Service is selected on the KPI bar Service Selection list.

Layer-7: KPI Bar for ADC Analytics Tab

The KPI Bar widget for ADC Analytics tab displays the following information for Layer-7 Key Performance Indicators (averaged per minute)

L4 CONNECTION RATE Displays number of connections closed per second for the selected time range plotted on a time series chart, filtered by indi-vidual connections.

PACKETS Displays number of packets received and sent by each application server, filtered by individual connections.

Widget Description


Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every minute.

Current Connections Number of active connections. Number of active connections averaged over default value minutes.

Requests Number of requests received per minute over last 3 minutes of data. Refreshed every minute.

Request Rate Request rate. Number of requests received per second.

Errors Number of errors. Number of 4xx plus 5xx responses in the last minute.

Client TTFB Application latency (Time to First Byte). Average time to first byte for requests received in the last minute. Click on >| to view the details of Layer-7 Analytics: ADC App Selector Diagram.



Layer-7 Analytics

48

eeeFF Feedback

Layer-7 Analytics: Latency Drilldown

Latency Drilldown Analytics page is available on the Layer-7 Analytics KPI bar.

Navigate to Latency Drilldown page as follows:

Analytics > Layer-7 selection in Service Selection > KPI Bar > Client TTFB >|

This page has the following components:

FIGURE > Latency Analysis Illustration


Latency Analysis Displays Network Illustration with latency information in milliseconds:

• In Latency • Out Latency • App Latency

AVG. END-TO-END LATENCY Average end-to-end latency for a full request-response cycle plotted on a time series chart, filtered by:

• In Latency• Out Latency• Client RTT• Response Transfer Time• Server RTT• Request Transfer time• App Latency

AVG. APP SERVER LATENCY Displays response latency for each app server aver-aged over the selected time range plotted on a time series chart, can be filtered by individual app server.

CLIENT PERFORMANCE Displays distribution of top clients having the highest response time, can be filtered by individual client IPs.

URL PERFORMANCE Displays distribution of top URLs having the highest response time, can be filtered by individual URL data.

ACCESS LATENCY Displays distribution of latency for client locations plot-ted on a geolocation map.


49


Layer-7 Analytics

Feedback

FIGURE 30: Latency Drilldown



Layer-7 Analytics

50

eeeFF Feedback

Layer-7 Analytics: ADC App Selector Diagram

The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the Layer-4 and Layer-7 entities involved in the service operations. The App Selector Diagram for Layer-4 selection displays the following entities:

• Layer-7 Analytics: Client

• Layer-7 Analytics: Internet

• Layer-7 Analytics: WAF Security

• Layer-7 Analytics: ADC Service

• Layer-7 Analytics: Thunder Cluster (TCP)

• Layer-7 Analytics: Applications

• Layer-7 Analytics: App Servers

FIGURE 31 : ADC App > Analytics > Selector Diagram (graphic menu)

Layer-7 Analytics: Client

The ADC App > Analytics > Client section displays the following widgets:


Request Location Distribution graph of request origins / locations.

Request Methods Distribution graph of request methods.

Response Codes Distribution graph of request response codes.

Average End-to-End Latency

Average of “request latency”, the time taken by one request-response cycle for a selected time range.

Requests Distribution graph of number of requests on time scale.


51


Layer-7 Analytics

Feedback

FIGURE 32: ADC App > Analytics > Client

FIGURE 33: ADC App > Analytics > Client > Average End-to-End Latency, Requests

Client section continued...


Location Distribution graph of client locations.

OS Distribution graph of client machine operating systems.

Response Codes Distribution graph of request response codes.

Device Distribution graph of client device types.

Browser Distribution graph of client browsers.



Layer-7 Analytics

52

eeeFF Feedback

FIGURE 34: ADC App > Analytics > Client > Location, OS, Response Codes...

The ADC App > Analytics > Client >Top Clients By widget has the following tabs:

FIGURE 35: ADC App > Analytics > Client > Top Clients By

The ADC App > Analytics > Client > Security widget has the following options:


Requests Distribution graph of top clients sending requests.

Throughput Distribution graph of top clients by total traffic throughput.


Requests Denied Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests denied” due to a WAF policy.

Requests Allowed Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests allowed” due to a WAF policy.


53


Layer-7 Analytics

Feedback

FIGURE 36: ADC App > Analytics > Client > Security



Layer-7 Analytics

54

eeeFF Feedback

Layer-7 Analytics: Internet

The ADC App > Analytics > Internet section displays the following information for requests distributed geographically.

• Access Latency

• HTTP

• HTTPS

• Requests

• Average Throughput

FIGURE 37 : ADC App > Analytics > Internet


55


Layer-7 Analytics

Feedback

Layer-7 Analytics: WAF Security

The ADC App > Analytics > WAF SECURITY section displays the following information:


Violations Distribution graph of WAF policy violations with following tabs and view options:

• Overall distribution• HTTP Limit Violations• HTTP Protocol Violations• filterable distribution of violations on a time scale.

VIOLATIONS TIME SERIES

Triggered WAF violations plotted on a time series chart.

WAF Request Handling Widget that displays filterable distribution graph of WAF policy events or the number of requests allowed, and requests denied plotted on a time series chart.

Cookie Security Widget that displays filterable distribution graph of cookie policy events:

• Cookies• Set-Cookies• Violations

Events Widget that displays distribution of WAF policy events on time scale for requests that were denied; “Requests Denied”.

Top Sources Widget that displays graph of top request sources that generated the WAF policy events.



Layer-7 Analytics

56

eeeFF Feedback

FIGURE 38: ADC App > Analytics > WAF Security


57


Layer-7 Analytics

Feedback

FIGURE 39: ADC App > Analytics > WAF Security > Events, Top Sources



Layer-7 Analytics

58

eeeFF Feedback

Layer-7 Analytics: ADC Service

The ADC App > Analytics > ADC Service section displays the following widgets.

Metrics Widgets

The ADC App > Analytics > ADC Service section displays the following metrics and information about service operations:

FIGURE 40: ADC App > Analytics > ADC Service > (Metrics Widgets)


Cache Rate Displays percentage of cache utilization.

Cache Utilization Displays number of cache hits per second.

Throughput Displays average throughput in (bps).

Throughout Peak Displays peak of the throughput averages.

Client Connections Displays average connections, closed connections per second, and maximum current connections.

Load Distribution Displays distribution of load on the servers.


59


Layer-7 Analytics

Feedback

ADC Widgets

The ADC App > Analytics > ADC Service section displays the following ADC related information:


Load Distribution Displays filterable server load distribution on time scale.

Throughput Displays distribution of throughput on time scale filterable for:

• incoming• outgoing.

ADC Service Latency Displays time taken by request in and out of service device) fil-terable for:

• REV - outgoing• FWD - incoming.

Error Traffic Displays the filterable distribution of response codes on time scale.



Layer-7 Analytics

60

eeeFF Feedback

FIGURE 41 : ADC App > Analytics > ADC Service > (ADC Widgets)

HTTP2 Widgets

The ADC App > Analytics > ADC Service section displays the following HTTP2 related filterable distributions on time scale:


PROXY CONNECTIONS Number of total, current and peak connections plotted on a time series chart.

Total Bytes Number of Control, Header and Data Bytes expressed as a percentage of the Total Bytes and plotted on a time series chart.

Streams Closed Number of streams closed plotted on a time series chart.

Frame Types Sent to Client Number of types of frames sent to remote client plotted on a time series chart.

Frame Types Received From Client

Number of types of frames received from remote client plot-ted on a time series chart.


61


Layer-7 Analytics

Feedback

FIGURE 42: ADC App > Analytics > HTTP2 Analytics > Frame Types Received From Client

ADC Widgets

The ADC App > Analytics > ADC Service section displays the following ADC related filterable distributions of current and total client and server SSL connections on time scale:

FIGURE 43: ADC App > Analytics > ADC Service > (ADC Widgets)

Caching Widgets

The ADC App > Analytics > ADC Service section displays the following Caching related filterable distributions of operational metrics on time scale:


Client SSL Connec-tions

Number of total and current client SSL connections plotted on a time series chart.

Server SSL Connec-tions

Number of total and current server SSL connections plotted on a time series chart.


Averaged Cached Entries

Displays average number of response entries that are cached.



Layer-7 Analytics

62

eeeFF Feedback

FIGURE 44: ADC App > Analytics > ADC Service > (Caching Widgets)

Layer-7 Analytics: Thunder Cluster (TCP)

The ADC App > Analytics > Thunder Cluster (TCP) has the following widget groups:

Device Cluster Widgets

Displays filterable distribution of device metrics on time scale (irrespective of the number of device services mapped to the tenant):

• CPU Utilization

• Memory Utilization

• Bandwidth

• Total Connections

Cached Utilization Displays percentage of response entries in the cache that are served.

Compress / Uncompressed

Displays distribution of compressed / uncompressed content on time scale.



63


Layer-7 Analytics

Feedback

FIGURE 45: ADC App > Analytics > ADC Service > (Device Cluster Widgets)

Partition Service Latency

Displays Partition Service Latency; distribution of service latency, filterable for:

• FWD - forward traffic

• REV - reverse traffic

• TTFB - Total Time to First Byte

• TTLB - Total Time to Last Byte



Layer-7 Analytics

64

eeeFF Feedback

FIGURE 46: ADC App > Analytics > ADC Service > Partition Service Latency

Layer-7 Analytics: Applications

The ADC App > Analytics > Applications section displays the following distributions of application performance metrics:

Layer-7: Server Drill Down

New charts and enhancements are provided to drill down and analyse Server issues. The applications and Thunders servers are key resources that can be monitored.

The following widgets provide drill down to analyse Server issues in Analytics > Applications tab for Layer-7 Analytics service selection:

• TOP URL

• Top Domain

• Slowest Transactions


Response Time Displays average response time from server.

App Latency Displays average server / application latency.

Top URL Displays distribution statistics of top URLs. This widget has drill down option per Server level,

Top Domain Displays distribution statistics of top domains. This widget has drill down option per Server level,

Response Time by Port Displays average response time per minute per port.

Slowest Transactions Displays distribution statistics of slowest transactions. This wid-get has drill down option per Server level, for example, the latest URL and most visited URL.


65


Layer-7 Analytics

Feedback

FIGURE 47 :

FIGURE 48: ADC App > Analytics > Applications



Layer-7 Analytics

66

eeeFF Feedback

Layer-7 Analytics: App Servers

The ADC App > Analytics > App Servers section displays the following filterable distribution of application server operational metrics on time scale:

FIGURE 49: ADC App > Analytics > App Servers

•


Server Health Displays numbers of servers up or down.

Server Response Time Displays server response time to first byte.

New Connections Displays number of new connections.

Current Connections Displays number of active connections.


67


Configuration Options

Feedback

ADC APP SERVICE OBJECTS

The Service Object tab provides configuration management options to deploy an ADC service, configure or model an ADC service and WAF service. It displays service objects that can be configured in the logical partition and allow users to perform service configuration changes.

The following service objects can be fully managed with the app:

• Servers

• Service Groups

• vPorts

• VIPs

The ADC App > Service Object page has been enhanced for simplified usage and reduced granularity including text and space reduction. The additional levels of details have been consolidated to provide important options for quicker configuration setup. User can drill-down to get further details.

The service objects have individual configuration pages with same look and feel as ACOS on Box GUI for intuitive user experience. The configuration options are grouped according to functionality.

NOTE: For Virtual Server, vPorts or Virtual Port, Real Server, Server Port,TCP, TCP Proxy, UDP, a default template is used unless user configured template is added. Option to add a Scaleout Template isalso available.

Configuration OptionsThe following topics are covered in this chapter:

• How to Deploy an ADC Application Service

• Configuring Servers

• Add/Edit a Server

• Delete Server

• Configuring Server Ports: Add/Edit Port



Configuration Options

68

eeeFF Feedback

• Delete Server Port

• Configuring Service Groups

• Delete Service Groups

• Configuring VPorts (Virtual Ports)

• Delete VPort

• Configuring VIPs


69


How to Deploy an ADC Application Service

Feedback

How to Deploy an ADC Application ServiceTo deploy and ADC App Service using the ADC App > Service Objects tab:

1. Configure the list of Servers

2. Configure the list of Service Groups

3. Configure Virtual Ports

4. Configure VIPs.

FIGURE 50: ADC App > Service Objects



Configuring Servers

70

eeeFF Feedback

Configuring ServersThe ADC App > Service Objects > Servers tab provides options to Add, Edit to Configure Servers. and also Delete a server.

Server Page Usage

The following expanded view is provided in Service Objects > Servers tab:

• Click an arrow icon in the Servers table. The expander displays the Port table and title details of Server.

FIGURE 51 : Enhanced Service Objects > Servers GUI interface

Add/Edit a Server

Configure Servers and health checks on servers by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > +Add a Server or Edit Server option.


71


Configuring Servers

Feedback

Basic

The + Add a Server > Basic configuration contains has the following fields:

Advanced Server Options

The + Add a Server/ Edit a Server > Advanced configuration contains the following fields:

Field Description

Name Specify the server name

Type Select the server type as: Host, IPv6, or FQDN

Resolve As Resolve server IP address as: IPv4 or IPv6

Action Configure server action as: Enable, Disable or Disable with Health Check

Health Check Select templates with Health Check options

Health Check Dis-able

Enable or Disable Health Check. Disabled by default

Connection Limit Configure active connection limit. The valid range is 1-64000000

No Logging Disable or Enable logging connection over limit event. Disabled by default.

Field Description

External IP Configure external IP address for GSLB network address translation.

IPv6 Configure IPv6 address Mapping for GSLB.

Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.

Weight The Connection weight for the real server. The valid range is 1 to 1000.

Slow Start Slowly ramp up the connection number after server is up (start from 128, then double every 10 sec till 4096).

Spoofing Cache This DNS server is a spoofing cache.

Stats Data Action Enable or disable Statistics data. Enabled by default.

Extended Stats Enable or disable extended statistics on real server. Disabled by default.

Alternate Server Specify alternate server IP:

• Alternate: Priority or weight of alternate server. • Name: Name of alternate server. • +Add another item: Add another alternate server.



Configuring Servers

72

eeeFF Feedback

Template

This section provides the option to load a pre-defined server template configuration to create or edit the Server.

Port

The +Add a Server/ Edit a Server > Port configuration contains the following fields:

Field Description

Template Virtual Server Select virtual server template name; predefined virtual server configuration template, from drop-down list. Default selection.

Template Logging Select logging template; predefined logging configuration template, from drop-down list. Default selection.

Template Policy Select policy template; predefined policy configuration template, from drop-down list. Default selection.

Template Scaleout Select scaleout template name; predefined scaleout con-figuration template, from drop-down list.

Field Description

Port Displays Port ID.

Port Number Displays port number.

Protocol Specifies protocol (TCP, UDP, or HTTP) running on port.

Range Displays range of port values.

Health Check Displays if health check enabled or disabled on port.


73


Configuring Servers

Feedback

Delete Server

To delete a Server:

• Select Service Objects > Servers > : > Delete

• Click OK on the pop-up confirmation

Configuring Server Ports: Add/Edit Port

The ADC App > Service Objects > Servers provides options to Add, Edit to Configure Servers.

Configure Servers port and health checks on ports by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > Ports > +Add Server Port or Edit Port option.

Basic

The + Add ServerPort > Basic configuration contains has the following fields:

Field Description

Port Number Specify port number. Valid range is 0 to 65534.

Protocol Configure protocol for port. Options are TCP or UDP

Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range mapping. Valid range is 0 to 254.

Health Check Select from pre-defined health check monitor options; for example: “ping”, “http”, or “Hm_WebApps_80_Http”

Health Check Follow Port

Specify which port to follow for health status. Valid range is 1 to 65534.

Follow Port Protocol Specify which port to follow to configure port protocol.


Enable or Disable Health Check. Disabled by default.

Connection Limit Configure active connection limit. The valid range is 1 to 64000000.

No Logging Disable or Enable logging connection over limit event. Disabled by default.



Configuring Servers

74

eeeFF Feedback

Advanced

The + Add Server Port / Edit Server Port > Advanced configuration contains the following fields:

Delete Server Port

To delete a port:

• Select Service Objects > Servers > Ports > : > Delete

• Click OK on the pop-up confirmation.

Field Description

Weight The Connection weight for the real server port. The valid range is 1 to 1000.

Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.

Stats Data Action Enable or disable Statistics data. Enabled by default.

Extended Stats Enable or disable extended statistics on real server. Disabled by default.

Alternate Port Specify alternate server port:

• Alternate: Priority or weight of alternate server port. • Alternate Name: Name of alternate server port. • Alternate Server Port: Priority or weight of alternate server

port. • +Add another item: Add another alternate server port.

Service Principal Name

Kerberos principal port name


75


Configuring Servers

Feedback

FIGURE 52: ADC App > Service Objects > Servers > Ports > Add Server Port



Configuring Service Groups

76

eeeFF Feedback

Configuring Service GroupsThe ADC App > Service Objects > Service Groups tab provides options to create new service groups and add members or servers to these groups. Service groups can be assigned to vPorts while creating vPorts.

Creating a new service group

1. Click Add a Service Group on the Service Groups page.

2. On the Add Service Group, enter the service group name and protocol.

FIGURE 53:

3. (Optional) Modify the Template settings, Algorithm Settings, and Advanced set-tings.

4. Click Create. A new service group is created. Add members or servers to the group and set their priority. For more information, see Creating a member.


77



Feedback

Basic Settings

Field Description

Name Specify the ADC Service name

Protocol Select the service protocol

LB Method Load Balancing method: Various methods selection list with description

LC Method Least connection method

Stateless LB Method Stateless LB method

Pseudo Round Robin PRR, select the oldest node for sub-select

Stateless Auto Switch

Enable auto stateless method

Stateless LB Meth-od2

Stateless LB method

Connection Rate (conn/sec)

Dynamically enable stateless method by conn-rate. Rate to trigger stateless method (conn/sec). Valid range: 1-1000000

Rate Duration (seconds)

Enable auto stateless method. Valid range: 1-600

Revert Rate (conn/sec)

PRR, select the oldest node for sub-select. Valid range: 1-1000000

Revert Rate Dura-tion (seconds)

Period that revert condition consistently happens(seconds).Valid range: 1-600

Grace Period (seconds)

Define the grace period during transition(seconds).Valid range: 1-600.

Connection Rate Log Send log if transition happens

L4 Session Usage Dynamically enable stateless method by connection rate. Rate to trigger state-less method (conn/sec). The valid range is 1-100.

L4 Session Usage Duration (seconds)

Period that trigger condition consistently happens (seconds). The valid range is 1-600

L4 Session Usage Revert Rate

Usage to revert to statelful method. The valid range is 1-100

L4 Session Revert Duration (seconds)

Period that trigger condition consistently happens (seconds). The valid range is 1-600

L4 Session Usage Grace Period (seconds)

Define the grace period during transition. Define the grace period during transition (seconds). The valid range is 1-600

L4 Session Usage Log

Send log if transition happens

Strict Select Strict selection for service group

Health Check Select templates with Health Check options


Enable or Disable Health Check. Disabled by default




78

eeeFF Feedback

Advanced Settings :

Fields Description

Template Port Port template name

Template Server Server template name

Template Policy Policy template name

Min Active Member Minimum Active Member Per Priority.Minimum Active Member before Action. Valid range is 1-1024.

Min Active Member Action

Select the action on Minimum active member event.

Reset On Server Selec-tion Fail

Enable or disable send reset to client if server selection fails

Priority Affinity Enable or Disable priority affinity. Persist to the same priority if possi-ble.

Reset Priority Affinity Reset the priority affinity

Backup Server Event Log Send log information on back up server events

Stats Data Action Statistical data collection

Extended Stats Enable extended statistics on service group

Traffic Replication Mir-ror

Mirror the bi-directional packets

Traffic Replication Mir-ror DA Repl

Replace Destination MAC

Traffic Replication Mir-ror IP Repl

Replace IP with server-IP

Traffic Replication Mir-ror SA DA Repl

Replace Source MAC and Destination MAC address

Traffic Replication Mir-ror SA Repl

Replace Source MAC address

Priorities Configure values for sub-fields:

• Priority option: Valid range is 1-16. Define different action for each priority node.

• Priority Action: Select options from drop-down list.For example: Proceed: Move to next priority when all priority nodes fail.

• +Add another item: Add new priority

Sample Rsp Time Enable or disable sample server response time

Rpt Ext Server Enable or disable reporting of top 10 fastest/slowest servers

Report Delay Reporting frequency (in minutes). Reporting frequency (in minutes). Valid range is 1-7200


79



Feedback

Adding a member

After you create a service group, you must add servers or members to the group.

1. Expand the service group on the Service Groups page.

2. Click Add a Member. The Add Service Group Member page opens.

3. Choose the creation type as Existing Server.

4. Enter name of the server.

5. Enter the port number on the server that you want to add as a member.

6. (Optional) Enable the member state.

7. (Optional) Select a server template.

8. (Optional) Disable the server statistics data.

9. (Optional) Set Member Priority. The new member along with its member priority is shown on the Service Groups page.

NOTE: Alternatively, members or servers can be created, edited, ordeleted on the Edit Service Group page. Click the vertical ellip-sis next to the service group in the Service Groups table, andclick Edit to edit the groups definition.

Delete Service Groups

1. In the Service Groups table, Click the vertical ellipsis next to the service group that you want to delete.

2. Click Delete. A conformation dialog opens.

3. Click OK

Top Slowest Enable or disable to report top 10 slowest servers

Top Fastest Enable or disable to report top 10 fastest servers

Fields Description



Configuring VIPs

80

eeeFF Feedback

Configuring VIPsThe ADC App > Service Objects > VIPs provides options to Add and configure VIPs, and also Delete a VIP. Configure Servers VIPS by manually specifying values or loading predefined VIP templates. The Add VIP page contains various advanced configuration parameters from ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help. for details.

VIP Page Usage

The following functionalities are enhanced in Service Objects > VIPs tab:

• Click an arrow icon to expand the row in VIPs tableThe expander shows the "vPorts" and "Shared Objects" tabs. "vPorts" is active by default.

• Switch the active tab between "vPorts" and "Shared Objects"Associated content shows below the tabs.

• Activate "vPorts" tab, and click an arrow icon in the inside vPorts tableThe expander shows the "vPort Shared Objects" and "Service Group: **" tabs. If the vPort has assigned a service group, shows "Service Group: sg_name". If not, shows "Service Group: Not Associ-ated"."vPort Shared Objects" is active by default.

• Switch the active tab between "vPort Shared Objects" and "Service Group: **"The associ-ated content is displayed below the tabs.

• Activate "Service Group: Not Associated" tab, and click the "Associate a Service Group" button. An assign form is displayed to associate a service group instance to the vPort

• Associate a Service Group to the vPort. Activate "Service Group: sg_name" tab. The expander displays the "Service Group Shared Objects" and "Members" tabs.

• Switch the active tab between "Service Group Shared Objects" and "Members. The associ-ated content shows below the tabs.

• Associate a Service Group to the vPort. After table refreshes, activate "Service Group: sg_name" tab and click the "Edit Service Group" buttonShow the Edit Service Group form.

• Click an arrow icon to expand the row in VIPs tableThe expander displays below informa-tion texts above the tabs:

• Template

• Description

• VRID Number

• Extend Stats


81


Configuring VIPs

Feedback

• Disable When All Ports Down

• Disable When Any Port Down

• Activate "vPorts" tab, and click an arrow icon in the inside vPorts table. The expanderdisplays below information texts above the tabs:

• Template

• Source NAT Pool

• Auto Source NAT

• HA Connection Mirror

• No Destination NAT

• Use RCV Hop For Resp

• Extended Stats

• Connection Limit

• Associate a Service Group to the vPort. After table refreshes, activate "Service Group: sg_name" tab.The expander displays below information texts above the tabs:

• Method

• Health Check

• Extended Stats

• Check the values of all information texts. The configurations of the instances are displayed

• If you create a new VIP with no vPortsThe value in "vPort: Protocol" column is empty. Add one vPort to the VIPIt displays the port number and protocol of the vPort, in the format "port-number: protocol"

• Click the "show-more" icon to expand the current row



Configuring VIPs

82

eeeFF Feedback

FIGURE 54: Enhanced Service Objects > VIP GUI interface

Add/Edit VIP

The Add/Edit VIP page has the following components:

• Basic

• Advanced VIP Options

• Template

• Port

Basic

The + Add a VIP > Basic configuration contains has the following fields:

Field Description

Name Specify the VIP name

Special Type Select the special type as:

• Wildcard or

• Interface for vThunder/ cThunder onlyAddress Type Resolve VIP IP address as: IPv4 or IPv6

Use Interface IP Enable or Disable interface IP.


83


Configuring VIPs

Feedback

Advanced VIP Options

The + Add a VIP / Edit a VIP > Advanced configuration contains advanced options such as ARP, Suppress Internal Loopback, VRRP, and High Availability, configurations.

Template

This section provides the option to load a pre-defined server template configuration to create or edit the VIP.

Port

The +Add a Server/ Edit a VIP > Port configuration contains the following fields:

IP Address Select IP address.

Netmask Select Netmask.

ACL ID Assign ACL ID

ACL Name Configure ACL Name

Enable Disable Action

Configure VIP action as: Enable, Disable or Disable with Health Check

Ethernet Ethernet port number

Description Description of VIP

Field Description

Field Description

Template Virtual Server Select virtual server template name; predefined virtual server configuration template, from drop-down list. Default selection.

Template Logging Select logging template; predefined logging configura-tion template, from drop-down list. Default selection.

Template Policy Select policy template; predefined policy configuration template, from drop-down list. Default selection.

Template Scaleout Select scaleout template name; predefined scaleout configuration template, from drop-down list.

Field Description

Port Displays Port ID.

Port Number Displays port number.

Protocol Specifies protocol (TCP, UDP, or HTTP) running on port.

Range Displays range of port values.

Health Check Displays if health check enabled or disabled on port.



Configuring VIPs

84

eeeFF Feedback


85


Configuring VIPs

Feedback

FIGURE 55: ADC App > Service Objects > VIPs > Add VIP



Configuring VPorts (Virtual Ports)

86

eeeFF Feedback

Configuring VPorts (Virtual Ports) The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure virtual ports, and also Delete a virtual port.

vPort Page Usage

The following functionalities are enhanced in Service Objects > vPorts tab:

• When the v downward arrowicon is clicked to left to the configured vPort (virtual port) expand the row in VIPs table the "vPorts" and "Shared Objects" tabs are displayed. "vPorts" are active by default.

• Switch the active tab between "vPorts" and "Shared Objects, the associated content is displayed in the expanded tabs.

• Activate "vPorts" tab, and click an arrow icon in the inside vPorts table; the related content; "vPort Shared Objects" and "Service Group: **" is displayed in the expanded tabs.

• If the vPort is assigned a service group, it is displayed for example, as "Service Group: <sg_name>". If vPort is not assigned a service group, shows "Service Group: Not Associated".

• "vPort Shared Objects" is active by default.

• Activate the "Service Group: Not Associated" tab, and click the "Associate a Service Group" button. An assign form is displayed with configuration options to associate a service group instance to the vPort.

• Associate a Service Group to the vPort. When the vPorts table refreshes, activate "Service Group: sg_name" tabThe expanded tab displays the "Service Group Shared Objects" and "Members" tabs.

• Switch the active tab between "Service Group Shared Objects" and "Members”. The related content is displayed in the expanded tab.


87



Feedback

FIGURE 56: Enhanced Service Objects > vPorts GUI interface

Configuring Virtual Ports: Add VPort

The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure Servers.

Configure virtual ports and health checks, run aFlex scripts, on virtual ports by manually specifying values or loading predefined virtual port templates using the ADC App > Service Objects > VPorts > +Add VPort option.

Basic

The + Add ServerPort > Basic configuration contains has the following fields:

Field Description

Name Name of virtual port.

Port Number or Range

Specify port number. Valid range is 0 to 65534.

Protocol Configure protocol for port. Options are TCP or UDP

Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range map-ping. Valid range is 0 to 254.

Alternate Port Enable or disable alternate Virtual Port

Connection Limit Configure active connection limit. The valid range is 1 to 64000000.

Def Selection If Pref Failed

Enable or disable virtual port selection If Preference Failed is defined.




88

eeeFF Feedback

Service Group Bind a Service Group to this Virtual Server.

Enable Enable or disable service group.

No Destination NAT Disable destination NAT, this option only supports in wildcard VIP or when a connection is operated in ADC + EP mode

Port Translation Enable port translation under no-dest-nat.

Field Description


89



Feedback

FIGURE 57 : Service Objects > VPorts > Add vPorts > Basic




90

eeeFF Feedback

Advanced

The + Add vPort > Advanced configuration contains various advanced configuration parameters similar to ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help

Delete VPort

To delete a virtual port:

• Select Service Objects > vPorts > : > Delete

• Click OK on the pop-up confirmation.

FIGURE 58: ADC App > Service Object >vPorts


91


ADC APP SHARED OBJECTS

The Harmony Controller ADC App v3.6 provides configuration management, visibility and analytics for your A10 Networks® ADC services and WAF services and Shared Objects.

Shared objects are used to extend the configuration of the primary ADC application object, such as a virtual server or server and can be referenced by multiple application objects.


• Logical Partition

• Configure Versions of Partition

• Templates

• WAF Templates

• aFleX

• Certificates

• CRLs

• IP NAT Pool

• Health Monitor

• How to Configure a Health Monitor for Service Objects

In the app shared objects are defined at the logical partition level and can be re-used for all app services deployed with-in the partition. Logical Partition level shared objects can reference provider level shared objects which are defined at the provider level by a provider user.



92

eeeFF Feedback

FIGURE 59: ADC App > Shared Objects

Logical Partition

Logical partition is a logical entity predefined at Harmony Controller, based on the type of application run on the device.

Cluster partition is a physical device entity that deals with Shared and Layer 3 Virtualization (L3V) partitions inside a device.

Shared objects can be configured in a logical partition and during deployment, they are pushed to the corresponding Thunder partition. Shared objects can also be configured in the provider space andreferenced from one or more logical partitions belonging to one or more tenants within the provider.

For instance, provider admin can define a TCP template in a provider space. An application or tenant admin defining application related configuration in a logical partition can refer to the TCP template in the provider scope. This can achieved by creating a TCP template local to the logical partition and having it refer to the one in provider scope.

This ADC App > Shared Objects > Logical Partition drop-down lists the various predefined Logical Partitions available.


93


Configure Versions of Partition

Versions of Logical Partition for “[Name of Thunder Instance]”

Three options are available for this selection:

• Save

• Compare

• Deploy

Save

Click Save to save the shared objects configuration to load ADC App and Thunder ADC functionalities.

Compare

Select Compare to compare the different pre-configured versions of Logical Partition Configurations.

For deployment to work correctly, please ensure that “config-replace” is enabled on Thunder ADC.

Save or Hide unsaved configuration.

• Make Candidate - Select the logical partition and make it the “Candidate”

• Validate - Validates the loaded logical partition.

• Deploy - Deploys the loaded logical partition.



94

eeeFF Feedback

FIGURE 60: Deploy Shared Objects Configuration.

Deploy

Click Deploy, to deploy or implement the configuration template or code.

Templates

On the Shared Objects > Templates page, templates can be created under the logical partition that you have selected. You can use objects or templates shared by the provider in Harmony Controller.

To add a new template

1. Click Shared Objects > Templates.

2. Click Add Template.

3. Select a template type on the Select Template Type page.


95


4. Click Next. The Add <template type> Template page opens.

FIGURE 61 : Adding a template

5. (Optional) Enable the Use Provider Shared Object.

6. (Optional) Select the template or object in the Provider Shared Object box.

NOTE: The provider shared objects are created in Harmony Controllerunder Provider scope. The Shared Resources > Templatescreated and deployed in Harmony Controller are available here forselection.

7. Enter the name of the template.

8. Click Create to add the new template.

WAF Templates

You can add various WAF templates, using Shared objects page .



96

eeeFF Feedback

To add a new template, follow the below steps:

1. Click Shared Objects > WAF Templates.

2. Click on +Add WAF Template.

3. Enter the Template Information , deployment mode , logging template, and select the various WAF configuration parameters. For details, refer Web Application Firewall Guide

4. Click Save to save and load the WAF template.

FIGURE 62: Shared Objects > WAF Template > + Add WAF Template

aFleX

You can add aflex scripts, using Shared objects page .

To add a new template, follow the below steps:


97


1. Click Shared Objects > aFlex.

2. Click on +Add AFlex.

3. Enter the aFlex Name, Description and aFlex Script. For details, refer ACOS aFlex Reference Guide.

4. Click Save to save and load the aFlex script.

FIGURE 63: Shared Objects > aFlex > + Add aFlex

Certificates

To import a certificate, follow the steps:

1. Select Shared Objects > Certificates.

2. Click + Import a Certificate.

3. Create or update certificate information and type. Click ot upload Certificate.



98

eeeFF Feedback

4. Click Save.

FIGURE 64: Shared Objects > Certificate > + Import Certificate

CRLs

To import a CRL, follow the steps:

1. Select Shared Objects > CRL .

2. Click + Import a CRL.

3. Enter the file name, description, and click to Upload the CRL file.

4. Click Save.


99


FIGURE 65: Shared Objects > CRL > + Import CRL

IP NAT Pool

To add an IP or IPv6 NAT Pool Group, follow the steps:

1. Click Shared Objects > IPNAT Pool .

2. Click on +Add > IP NAT Pool Groups or IPv6 NAT Pool Groups.

FIGURE 66: Shared Objects > IPNAT Pool > +Add



100

eeeFF Feedback

3. Enter the Pool Name and Member List.

4. Click Create to create new IP NAT Pool.

FIGURE 67 : Figure 9 > Shared Objects > IPNAT Pool > +Add > Add IP NAT Pool Group

Health Monitor

To create or add a new Health Monitor, follow the steps:

1. Click Shared Objects > Health Monitor .

2. Click on +Add Health Monitor.


101


3. Enter the Health Monitor Name. Configure the various health monitor parameters and select Method.

4. Click Create to create new Health Monitor.

The various Health monitor parameters are as follows:

Field Description

Name Specify Monitor Name

Dsr L2 Strict Enable strict Layer 2 DSR health-check

Retry Specify the Healthcheck Retries. Valid range for retry Count is 1-10. Default is 3.

Up Retry Specify the Healthcheck Retries before declaring target up.Up-retry count. Default is 1

Override IPv4 Override implicitly inherited IPv4 address from target.

Override IPv6 Override implicitly inherited IPv6 address from target.

Override Port Override implicitly inherited port from target. Valid Port number (1-65534)

Strict Retry On Server Err Resp

Enable or disable require strictly retry.

Disable After Down Disable the target if health check failed. Default is disable

Interval Specify the Healthcheck Interval.Default value, in seconds is 5

Timeout Specify the Healthcheck Timeout. Timeout Value, in seconds(default 5), Timeout should be less than or equal to interval

SSL Ciphers Specify OpenSSL Cipher Suite name(s) for Health check..Default value is DEFAULT

For example: AES128-SHA256), if the cipher is invalid, would give information reason for Health monitor down

Method Specify pre-defined HM method.



102

eeeFF Feedback

FIGURE 68: Shared Objects > Health Monitor > +Add Health Monitor

How to Configure a Health Monitor for Service Objects

We can configure Health Monitor and associate it only to a Server or Service Group:

To configure health monitor for Servers or Service Groups:

• Configure Health Monitor as mentioned.

• Goto ADC App > Service Objects > Servers / Service Groups > + Add a Server / Edit a Server > Basic

• Select predefined health monitor in Health Check drop-down.

• Enable Health Check button.


103


Log View Panel

Feedback

ADC APP LOG VIEW AND TROUBLESHOOTING

ADC App provides quicker troubleshooting with visibility and analytics for the application traffic and infrastructure through the Log View Panel, Dashboard, and Analytics.

The Log view panel is an expandable panel at the bottom of App window Dashboard. This panel provides access to detailed service logs and an ability to filter logs for troubleshooting.

The sections in this chapter are as follows:

• Log View Panel

• Troubleshooting

Log View PanelIt is an expandable panel at the bottom of the ADC App page. It displays service operation and system logs for detailed analysis and troubleshooting. It displays the following types of logs:

• Log View: HTTP

• Log View: Alerts

• Log View: Events

• Log View: WAF

The logs can be filtered on an extensive set of parameters, using the filter controls available on the left hand side of the panel.

NOTE: All log view tabs provide search and download options for logswithin selected time range and filtered by configured filters as aCSV file. The number of logs are limited to the newest 10,000 logs.



Log View Panel

104

eeeFF Feedback

FIGURE 69: ADC App > Log View Panel

Log View: HTTP

The HTTP Log View tab displays data only for Layer-7 or HTTP services selection. It provides various statistics and logs for the following options:

• Reset

• Browser

• Client OS

• Devices

• Client IP

• Server IP

• URL

• Request Type

• Server Port

• Service Name

• Response Code

• Request Size

• Response Size


105


Log View Panel

Feedback

The following statistics are provided for each HTTP Log View option:

• Timestamp

• Client IP

• URI

• Request

• Response

• Response Size

• End-To-End

• Cached

FIGURE 70 : Log View > HTTP

Related Topics

Related Troubleshooting topics:

• HTTP Monitoring

Log View: Alerts

The Log View > Alerts panel displays Log Collection Alerts data that can be reset or filtered by:



Log View Panel

106

eeeFF Feedback

• Cluster

• Device

• App Svc Type

• App Svc Name

• Tenant Name

• Trigger Name

• Alert Name

• Severity

The various types of Alerts displayed are:

• System Events

• Service Alerts

• Infrastructure Alerts

• Configuration Events

• Anomalies

FIGURE 71 : Log View > Alerts

Related Topics



107


Log View Panel

Feedback

• Alerts Analysis

Log View: Events

Displays ADC related Events for the following selections:

• Cluster

• Device

• Tenant

• Thunder Module

• Message Lineage

• Severity

The following Events related information is displayed along with the time chart of grouped events:

• Timestamp

• Tenant ID

• Cluster ID

• System Module

• Message



Log View Panel

108

eeeFF Feedback

FIGURE 72 : Log View > Events

Related Topics


• Chart Overlay Drill Down to Event Logs

Log View: WAF

Displays WAF logs filtered by:

• URL

• Status

• Violations

• Source IP

New WAF Work flow

New WAF false positive options are added as a configuration change updates based on WAF violation logs. The new field components are added to ADC App > Log View > WAF logs.


109


Log View Panel

Feedback

FIGURE 73 : ADC App > Log View > WAF logs: Update Policy on Bot check Violation

Whenever a user reports that a valid transaction is blocked by WAF, administrator can locate the corresponding WAF log, Update Policy option provides a much faster way to overwrite WAF policy to handle such false positive event.

Depending on the WAF violation type, different policy editing window will show up and provides the administrator 3 options,

• to bypass such WAF check for the particular URL only.

• to disable such WAF check for the current HTTP/HTTPs service.

• or to disable the WAF check in the WAF template (which might impact multiple HTTP/HTTPs service if the same WAF templates are applied).

NOTE: ADC APP will automatically update the modified WAF policy to corresponding ADC instances.



Troubleshooting

110

eeeFF Feedback

Related Topics


• WAF Security Policy Violations

Troubleshooting This section specifies some trouble shooting scenarios where user can monitor and troubleshoot specific issues using the ADC App.

• HTTP Monitoring

• WAF Security Policy Violations

• Chart Overlay Drill Down to Event Logs

• Alerts Analysis

HTTP Monitoring

To monitor HTTP2 response issues and broken app services link issues, follow the steps:

• Check ADC App > Dashboard >Response Codes and ADC App > Analytics (Cli-ent) > Response Codes widget. This widget displays the distribution of HTTP response codes. To monitor app accessibility issues, check request response codes.

• Check for 400 series response codes.

• Now in Log View > HTTP filter for 400 Response Codes.

• Check which client IP and URI are showing 400 response code.

• View the URI, browser, IP Server in the Log View Panel > HTTP Logs > Client IP drill down.

WAF Security Policy Violations

To monitor WAF Security Policy Violations, follow the steps:

• Drilldown to Log View > WAF tab

• Check which URLs are logged for WAF security policy violations


111


Troubleshooting

Feedback

Chart Overlay Drill Down to Event Logs

ADC App has Events tabs in the Log View panel. It displays all the events for ADC App service and system and infrastructure level alerts as well.

NOTE: Alerts and events are also displayed in log section of HarmonyController Provider dashboards.

Overlay is displayed on all charts in ADC App widget if Sync Tooltip is enabled and Alerts and Events are enabled in the “:” menu next to “Sync Tooltip”. All charts are synced and a red dot represents the time selection cursor. The total count is displayed for the log timestamps near the time of the clicked red point on the chart.

The following event counters are displayed in overlay:

• System Events

• Configuration Events

• Anomalies

When you click any one of the event logs in Overlay or tooltip, the related events logs detail drilldown is displayed in Log View > Events tab.

Alerts Analysis

To monitor ADC system, DNS, Layer-4 or Layer-7 Alerts, follow the steps:

1. Mouseover the red point for any chart of ADC App.

2. The various categories of alerts are displayed in tooltip:

• Service Alerts,

• Infrastructure Alerts.

3. Click any alert category in overlay and tooltip to open Log View > Alerts tab automati-cally.

4. The opened Alerts panel displays relevant logs. For example, query logs and alerts. The total count is same as the count in tooltip with the log timestamps.



Troubleshooting

112

eeeFF Feedback

FIGURE 74 : Overlay Drilldown to Log View > Alerts display


113


Technical and Customer Support

Feedback

SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.6

The A10 Networks® technical and customer support team is available at your service on phone, email and web channels:

Technical and Customer SupportTo know more about A10 Networks® Harmony Controller and ADC App v3.6, refer the following:

• Contact: https://www.a10networks.com/company/contact-us

• Support: https://www.a10networks.com/support

• Call (International): 1-408-325-8676

• Call (Toll-Free USA & Canada): 1-888-TACS-A10



Technical and Customer Support

114

eeeFF Feedback


115


Contents


Contents

116

Documents

Harmony Controller ADC App v3.7 User Guide