Professional Documents
Culture Documents
Load Balancing
BRKAPP-1001
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Agenda
Introduction
Load Balancing and Health Monitoring
Flow Management
Server Offload
High-Availability
Deployments
Geographic Load Balancing
What’s Next ?
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Cisco Application Delivery Networks
Network Classification Application Scalability Application Networking
• Quality of service • Server load-balancing • Message transformation
• Network-based app recognition • Site selection • Protocol transformation
• Queuing, policing, shaping • SSL termination and offload • Message-based security
• Visibility, monitoring, control • Video delivery • Application visibility
WAN
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5
How It All Started
Direct Communication Clients/Servers
X
Web Server
Benefit
Simple solution
Issue
No Fault tolerance
Limited performance and scalability
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
Scaling to a Few Servers
The Software Approach
Benefit
Addresses some of the fault tolerant and performance issues
Issue
Still limited in scale/performance.
Leverages server resources for LB and HA
Proprietary clustering technologies
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7
Scale and High Availability for Larger
Deployments: The Hardware-Based Solution
Benefit
Addresses fault tolerant, performance and scalability issues
Future-proof: architecture includes hardware co-processors to
support resource-intensive features (i.e. SSL, compression)
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
The Main Functions of a Load Balancer
Clients Load Web
Balancer/ Servers
Content
Switch
Database
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
Terminology
Load Balancing
Content Algorithm
Clients (Predictor)
Switch
- Round Robin
Load
Balancer Serverfarm
Servers
Client-Side Keepalive
Gateway (Probe)
Class-Map
URL = /news
Virtual IP Address User-Agent = WindowsCE
(VIP) Client = 192.0.0.0/8
172.16.2.100 XML
TCP port 80 Policy-Map Gateways
If match class-map X
then use serverfarm X
Session_ID else use serverfarm y
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Devices Being Load balanced
Servers
Proxies
Accelerators (compression engines, SSL offloaders)
Caches (reverse and transparent)
Firewalls (Layer 3 and Layer 2)
VPN concentrators
Routers
Generic IP device requiring
load distribution and/or redundancy
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Traffic Being Load balanced
Generic IP traffic (i.e. IPsec tunnels)
Generic UDP and TCP (i.e. proprietary protocols)
Network services (i.e. LDAP, DNS, Radius)
HTTP (i.e. Web Presentation Layer, Web Services, SOAP/XML)
Voice & Video (i.e. RTSP, SIP, H.323)
Remote terminals (i.e. Windows Terminal Services)
Multi-connection protocols (i.e. FTP, RTSP)
Multi-tier packaged applications (i.e. SAP, Oracle, Microsoft, BEA)
Vertical specific applications (i.e. medical, finance, education)
Client Web
Server
SYN
SYN_ACK
ACK
GET / HTTP 1.0
ACK
HTTP/1.0 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
HTTP 1.1—Two Requests, No Pipelining
Client Web
Server
SYN
SYN_ACK
ACK
GET /a.gif HTTP 1.1
ACK
HTTP/1.1 200 OK
ACK
GET /b.jpg HTTP 1.1
ACK
HTTP/1.1 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
HTTP 1.1—Building an Entire Page
index.html
TCP 3102 > 80
logo1.gif globe.gif footpage.jpg
The behaviour
depends TCP 3104 > 80
on the browser
bannertop.jpg menu.jpg
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16
FTP—File Transfer Protocol
A Multi-Connection Protocol
Active FTP
C:>ftp
Client test.cisco.com
FTP server test
User: abc FTP
Password: xxx
230 User abc
Server
3016 21
1
2
3017 20
3
4
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
FTP—File Transfer Protocol
A Multi-Connection Protocol
Passive FTP
C:>ftp
Client test.cisco.com
FTP server test
User: abc FTP
Password: xxx
230 User abc
Server
3018 21
1
2
3019 2036
3
4
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
Load Balancing and
Health Monitoring
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
Load Balancing Algorithms
Client Serverfarm
I’ll Never
Shop Here 1
Again!
Select
3 Buy
Empty?!?
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22
Session Persistence—Stickiness
Session: logical aggregation of multiple simultaneous or
subsequent connections
Sessions are limited in time (timeout)
Servers might keep session state locally
Load distribution across multiple servers introduces the problem
Clients Serverfarm
X
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
X 24
Active Probing—Keepalives
Intended to run periodically
Generated by the load balancer: a correct reply is expected
Either predefined health checks or user-configurable scripts
Examples: ICMP (L3 connectivity), TCP (stack), HTTP (application)
For each probe:
Interval, retry times
Maximum TCP open time
Maximum receive time (max response time)
Failed retry time, successful retries before back in service
Serverfarm
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25
In-Band Health Monitoring
The load balancer monitors server-to-client ―inband‖ traffic and
keep counters for consecutive errors
Can catch basic errors:
No replies from server
RST’s from server
For HTTP traffic, can perform return error code checking (i.e. 500-
type errors should remove servers from rotation)
Clients Serverfarm
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Flow Management
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Flows, Connections, Sessions
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29
Layer 4 Flow Setup—Basic Load Balancing
Decisions Made on First Packet
Matches VIP
SYN Selects Server
Rewrites
L2/L3/L4
Matches Existing
Flow
Rewrites L2/L3/L4 SYN_ACK
Shortcut
ACK
Shortcut
Data
Shortcut
Data
Shortcut
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30
Layer 7 Switching
L5–L7 information is only received after the TCP setup and might
span multiple packets
HTTP URLs, cookies, header fields
SSL session ID
FTP data channel port
Generic application data
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Layer 7 Flow Setup for HTTP (1/3)
Load Balancing Decisions Require More Data
ACK Starts
Buffering
Data
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32
Layer 7 Flow Setup for HTTP (2/3)
Load Balancing Decisions Require More Data
SYN_ACK
Acts as Client
Does Not Forward
SYN_ACK
Empties Buffer
Sends Data to Server
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33
Layer 7 Flow Setup for HTTP (3/3)
Load Balancing Decisions Require More Data
ACK
Shortcut
Data
Shortcut
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34
Layer 7 Flow Setup—Full Proxy
The Most Flexible Approach
SYN
SYN_ACK
ACK
GET/HTTP 1.1
Data
ACK SYN
Full Proxy
Data—GET
ACK
HTTP/1.1 200 OK HTTP/1.1 200 OK Data
ACK
… …
Data
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35
Content Switching Metrics
Connections per Second (CPS)
L4 vs. L7
HTTP requests per Second (―CPS‖)
HTTP 1.1 vs. 1.0
Concurrent Connections (CC)
Bandwidth (in Gbps) and Packets per Second
Latency
Keepalives per second
Number of virtual servers/real servers
Number of policies/rules
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36
Server Offload
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37
Server Offload Overview
What is it ?
Perform resource intensive functions on application traffic in the content switch
on behalf of the server. Often hardware accelerated.
Why ?
Servers can dedicate more resources to processing and serving client requests:
faster application response!
What can be offloaded ?
SSL processing, TCP setup/close, HTTP compression, XML processing,…
Application Servers
Switch
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38
Offloading SSL
Offload CPU-intensive SSL processing
Servers resources are dedicated to serving requests and running applications,
rather than encrypting data
Centralized key/certificate storage/management
Allows advanced content switching (URL-based, cookie-sticky,
payload parsing) and inspection of SSL traffic
Scalability: easy to add more SSL ―performance‖
Content
Switch
Client Hello
Server Hello
Certificate *
Server Key Exchange *
Certificate Request * Client Hello
Server Hello Done
Server Hello
* Certificate Change Cipher Spec
Client Key Exchange Finished
* Certificate Verify
Change Cipher Spec Change Cipher Spec
Finished Finished
Application Data
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40
Building an Encrypted Web Page
SSL ID index.html
123
TCP 3102 > 443
SSL ID logo1.gif globe.gif footpage.jpg
123
TCP1 Pool1
TCP2
TCP2 Pool2
TCP3
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43
High Availability
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44
Redundancy
ACTIVE
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45
Terminology
BOX-TO-BOX
PER-VIP REDUNDANCY
REDUNDANCY
An Entire Load Balancer Is
Either Active or Standby Each VIP Can
GRANULARITY Independently Be Active or
All VIPs Are Standby
in the Same State
ACTIVE-ACTIVE ACTIVE-STANDBY
STICKY
STATELESS FULL STATEFUL
STATEFUL
LB
COMMUNICATION
Sync/Monitor Sticky Tables Full Flow Tables
Adaptive Redundancy
Stateful Level Configurable
Independently on Each Policy
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47
Deployments
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48
Router Mode
Subnet A Subnet B
Servers in private IP subnet
VIPs usually in different, routable subnet from servers
Requires two IP subnets
Easy to deploy with many server IP subnets
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49
Bridge Mode
Servers Default Gateway:
Upstream Router
Subnet A
Servers in routable IP subnet
VIP’s can be in the same or different subnet
Requires one IP subnets for each farm
Easy deploy for firewall or cache load balancing
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50
L3 One-Arm Mode
Servers Default Gateway:
Subnet B
Upstream Router
VIP
Server
IP
1 3’ 2
4 3
1 Just Routing Traffic to the VIP
2 Just Routing Traffic to the Server IP
3 L2 to the Server Default Gateway
3’ Routing Would Break; Need to Use Either PBR, SNAT,
or Server Default Gateway
4 Just Routing to the Client IP
Same IP Subnet
Bypass for return traffic: high throughput!
Requires MAC rewrite, L2 adjacency
Servers need identical loopback addresses (one per VIP)
TCP termination not possible: no L7 features!
Load balancer blind to return traffic (inband, accounting)
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53
A Multi-Tier Example of Deployment
Application Server Suite 10g
3 serverfarm in 3 distinct APPHosts
IP subnets configured in
bridge mode
Application Servers
(portal, Java,
caching)
IDMHosts
Identity Management
(login functions)
DBHosts
OIDHosts
Separate Data-Base
farm not requiring Internet Directory
load balancing (LDAP)
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54
Firewall Load Balancing
FWLB + SLB
Internal
2 3 Load Balancer
8
7 6
External 4
Load Balancer
5
Firewall Serverfarm
farm
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55
Geographic
Load Balancing
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56
Distributed Data Center Topology
Internal Internet
Network Service Service
Provider A Provider B Internal
Network
Front-End Tier
(Web)
Application
Tier
Database
Tier
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57
Site Selection Mechanisms
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58
DNS-Based Site Selection
Root DNS for/ Root DNS for .com
DNS Proxy 2
3 4 Authoritative DNS
5
cisco.com
1 6
10 7
8
Client 9 Authoritative
DNS
http://www.cisco.com/ www.cisco.com
Client 9 Authoritative
TCP:80
DNS
http://www.cisco.com/ www.cisco.com
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61
Advanced Requirements: From Load
Balancing to Application Delivery
Server Offload
Free up server CPU and resources
Application Acceleration
Better user experience, faster transactions
Bandwidth Reduction
Efficient WAN resources utilization
Application and Protocol Inspection
Protection against sophisticated application-specific attacks
Virtualization
One physical device behaves as many: maximum deployment
flexibility and separation of resources
Flexible Network Management
Allows multiple users, with different responsibilities, to
simultaneously manage the device
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62
Cisco Application Control Engine Family
XML Switching and PCI Application Switching
Multi-Module
(64 Gbps)
ACE XML Gateway
30,000 TPS
Module
(4-16 Gbps) +
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63
Session_ID
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64