Professional Documents
Culture Documents
Load Balancing
BRKAPP-1001
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Introduction
Load Balancing and Health Monitoring
Flow Management
Server Offload
High Availability
Deployments
Geographic Load Balancing
Whats Next ?
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
WAN
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
X
Web Server
Benefit
Simple solution
Issue
No fault tolerance
Limited performance and scalability
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7
Issue
Still limited in scale/performance.
Leverages server resources for LB and HA
Proprietary clustering technologies
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Benefit
Addresses fault tolerant, performance and scalability issues
Future proof: architecture includes hardware co-processors to
support resource-intensive features (i.e., SSL, compression)
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10
172.16.2.100 XML
TCP port 80 Policy-Map Gateways
If match class-map X
then use serverfarm X
BRKAPP-1001 else use serverfarm y 11
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
Server
Proxies
Accelerators (compression engines, SSL offloaders)
Caches (reverse and transparent)
Firewalls (Layer 3 and Layer 2)
VPN concentrators
Routers
Generic IP device requiring load distribution and/or
redundancy
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12
HTTP
The Most Common Load Balanced Protocol
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
Client Web
Server
SYN
SYN_ACK
ACK
GET / HTTP 1.0
ACK
HTTP/1.0 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Client Web
Server
SYN
SYN_ACK
ACK
GET /a.gif HTTP 1.1
ACK
HTTP/1.1 200 OK
ACK
GET /b.jpg HTTP 1.1
ACK
HTTP/1.1 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16
index.html
TCP 3102 > 80
/cgi-bin/count
The behaviour
depends TCP 3104 > 80
on the browser
bannertop.jpg menu.jpg
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Client
C:>ftp
test.cisco.com
FTP server test
User: abc
Password: xxx
FTP
230 User abc
Server
3016 21
1
2
3017 20
3
4
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Client
C:>ftp
test.cisco.com
FTP server test
User: abc
Password: xxx
FTP
230 User abc
Server
3018 21
1
2
3019 2036
3
4
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20
Client Serverfarm
Browse
Ill Never
Shop Here 1
Again!
Select
3 Buy
Empty?!?
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23
Session PersistenceStickiness
Session: logical aggregation of multiple simultaneous or
subsequent connections
Sessions are limited in time (timeout)
Servers might keep session state locally
Load distribution across multiple servers introduces the problem
Clients Serverfarm
X
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
X 25
Active ProbingKeepalives
Intended to run periodically
Generated by the load balancer: a correct reply is expected
Either predefined health checks or user-configurable scripts
Examples: ICMP (L3 connectivity), TCP (stack), HTTP (application)
For each probe:
Interval, retry times
Maximum TCP open time
Maximum receive time (max response time)
Failed retry time, successful retries before back in service
Serverfarm
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
For HTTP traffic, can perform return error code checking (i.e. 500-
type errors should remove servers from rotation)
Clients Serverfarm
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Flow Management
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28
Layer 4 Switching
L2L4 information is always present in the first packet
of the flow (unless it is a fragment!)
IP protocol
Source/destination IP addresses
Source/destination L4 ports (for TCP/UDP)
Source VLAN, MAC address
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Matches VIP
SYN Selects Server
Rewrites
L2/L3/L4
Matches Existing
Flow
Rewrites L2/L3/L4 SYN_ACK
Shortcut
ACK
GET/HTTP 1.1 Shortcut
Data
Shortcut
OK
HTTP/1.1 200 Data
Shortcut
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Layer 7 Switching
L5L7 information is only received after the TCP setup and might
span multiple packets
HTTP URLs, cookies, header fields
SSL session ID
FTP data channel port
Generic application data
Requires TCP termination and buffering!
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32
ACK Starts
Buffering
GET/HTTP 1.1
Data
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33
SYN_ACK
Acts as Client
Does Not Forward ACK
SYN_ACK
DataGET
Empties Buffer DataGET Cont
Sends Data to Server inuation
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34
ACK
Shortcut
Continuation Data
Shortcut
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35
SYN
SYN_ACK
ACK
GET/HTTP 1.1
Data
ACK SYN
Independent client &
server connections
SYN_ACK
ACK
Full Proxy
DataGET
ACK
HTTP/1.1 200 OK HTTP/1.1 200 OK Data
ACK
Data
Client connection Server connection
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37
Server Offload
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38
Application Servers
Switch
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39
Offloading SSL
Offload CPU-intensive SSL processing
Servers resources are dedicated to serving requests and running applications,
rather than encrypting data
Centralized key/certificate storage/management
Allows advanced content switching (URL-based, cookie-sticky,
payload parsing) and inspection of SSL traffic
Scalability: easy to add more SSL performance
Content
Switch
Client Hello
Server Hello
Certificate *
Server Key Exchange *
Certificate Request * Client Hello
Server Hello Done
Server Hello
* Certificate Change Cipher Spec
Client Key Exchange Finished
* Certificate Verify
Change Cipher Spec Change Cipher Spec
Finished Finished
Application Data
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41
SSL ID index.html
123
Offloading TCP
TCP Reuse (Multiplex)
Offload TCP (HTTP) setup processing from servers
Servers resources are dedicated to serving requests and running
applications, rather than opening and closing TCP connections
TCP connections to the server are kept open
(HTTP 1.1 Connection Keepalive)
Client requests multiplexed to existing server connections
TCP1
TCP1 Pool1
TCP2
TCP2 Pool2
TCP3
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45
Redundancy
ACTIVE
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46
Active-Active Active-Standby
RedundancyStatefulness
Adaptive Redundancy
Stateful Level Configurable
Independently on Each Policy
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49
Router Mode
Subnet A Subnet B
Servers in private IP subnet
VIPs usually in different, routable subnet from servers
Requires two IP subnets
Easy to deploy with many server IP subnets
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50
Subnet A
Servers in routable IP subnet
VIPs can be in the same or different subnet
Requires one IP subnets for each farm
Easy deploy for firewall or cache load balancing
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51
L3 One-Arm Mode
Servers Default Gateway:
Subnet B
Upstream Router
VIP
Server
IP
1 3 2
4 3
1 Just Routing Traffic to the VIP
2 Just Routing Traffic to the Server IP
3 L2 to the Server Default Gateway
3 Routing Would Break; Need to Use Either PBR, SNAT,
or Server Default Gateway
4 Just Routing to the Client IP
L2 One-Arm Mode
Return Traffic Bypassing Load Balancer
Servers
Default Gateway:
Upstream Router
Same IP Subnet
Bypass for return traffic: high throughput!
Requires MAC rewrite, L2 adjacency
Servers need identical loopback addresses (one per VIP)
TCP termination not possible: no L7 features!
Load balancer blind to return traffic (inband, accounting)
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54
IDMHosts
Identity Management
(login functions)
DBHosts
OIDHosts
Separate Data-Base
farm not requiring Internet Directory
load balancing (LDAP)
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55
Internal
2 3 Load Balancer
8
7 6
External 4
Load Balancer
5
Firewall Serverfarm
farm
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57
Internal
Service
Internet Service
Network
Provider A Provider B Internal
Network
Front-End Tier
(Web)
Application
Tier
Database
Tier
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59
Client 9 Authoritative
DNS
http://www.cisco.com/ www.cisco.com
e s
s
paliv
live
Kee
epa
Ke
Client 9 Authoritative
TCP:80
DNS
http://www.cisco.com/ www.cisco.com
e s
s
paliv
live
Kee
epa
Ke
Data Center 1 Data Center 2
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61
Whats Next ?
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65
Recommended Reading
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67
BRKAPP-1001
14503_04_2008_c2 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68