Professional Documents
Culture Documents
Load Balancing
BRKAPP-1001
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Agenda
Introduction
Load Balancing and Health Monitoring
Flow Management
Server Offload
High Availability
Deployments
Geographic Load Balancing
Whats Next ?
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Application Scalability
Application Networking
Quality of service
Network-based app recognition
Queuing, policing, shaping
Visibility, monitoring, control
Server load-balancing
Site selection
SSL termination and offload
Video delivery
Message transformation
Protocol transformation
Message-based security
Application visibility
WAN
Application Acceleration
WAN Acceleration
Application Optimization
Latency mitigation
Application data cache
Meta data cache
Local services
BRKAPP-1001
14503_04_2008_c2
Delta encoding
FlashForward optimization
Application security
Server offload
4
ISR
WAAS
ACNS
ACE
AXG
Applications
Cisco Public
Application
Trends
Client/Server
Web Enabled
SOA/Web 2.0
Centralized
Decentralized
Distributed
Few Connections
1000s of Connections
Exponential Increase in
Connections
Early
Technologies
Application
Aware Networks
L4-7 Switching
Cisco
Solution
Load Balancing
Web
Acceleration
QoS
WAN
Optimization
19952000
BRKAPP-1001
14503_04_2008_c2
20002006
Cisco Public
End-to-End Application
Delivery Networks
Message Visibility
Virtualization
Deep Packet
Inspection
Multi-Gigabit
Performance
X
Web Server
Benefit
Simple solution
Issue
No fault tolerance
Limited performance and scalability
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Benefit
Addresses some of the fault tolerant and performance issues
Issue
Still limited in scale/performance.
Leverages server resources for LB and HA
Proprietary clustering technologies
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Benefit
Addresses fault tolerant, performance and scalability issues
Future proof: architecture includes hardware co-processors to
support resource-intensive features (i.e., SSL, compression)
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Load
Balancer/
Content
Switch
Web
Servers
Database
Streaming
Cisco Public
10
Terminology
Load Balancing
Algorithm
(Predictor)
Content
Switch
Load
Balancer
Clients
Round Robin
Serverfarm
Servers
Keepalive (Probe)
Client-Side
Gateway
Class-Map
Virtual IP Address (VIP)
URL = /news
User-Agent = WindowsCE
Client = 192.0.0.0/8
172.16.2.100
TCP port 80
BRKAPP-1001
14503_04_2008_c2
Policy-Map
XML
Gateways
If match class-map X
then use serverfarm X
else use serverfarm y
2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
Cisco Public
12
IP
Header
TCP
Header
Layer 2
Layer 3
Layer 4
HTTP
Header
Payload
Ethernet
Trailer
Layer 5-7
BRKAPP-1001
14503_04_2008_c2
Cisco Public
13
HTTP
The Most Common Load Balanced Protocol
RFC 2616,HTTP 1.1 IETF draft standard:
The hypertext transfer protocol (HTTP) is an
application-level protocol for distributed,
collaborative, hypermedia information systems
Three important elements of an HTTP request:
Method (GET, POST, )
URI
Headers (include cookies)
Cisco Public
14
Client
SYN
SYN_ACK
ACK
GET / HTTP 1.0
ACK
HTTP/1.0 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
BRKAPP-1001
14503_04_2008_c2
15
Cisco Public
Client
SYN
SYN_ACK
ACK
GET /a.gif HTTP 1.1
ACK
HTTP/1.1 200 OK
ACK
GET /b.jpg HTTP 1.1
ACK
HTTP/1.1 200 OK
Continuation
ACK
FIN
FIN_ACK
ACK
BRKAPP-1001
14503_04_2008_c2
Cisco Public
16
globe.gif footpage.jpg
BRKAPP-1001
14503_04_2008_c2
menu.jpg
17
Cisco Public
C:>ftp
test.cisco.com
FTP server test
User: abc
Password: xxx
230 User abc
FTP
Server
3016
21
1
2
3017
20
3
4
BRKAPP-1001
14503_04_2008_c2
Cisco Public
18
C:>ftp
test.cisco.com
FTP server test
User: abc
Password: xxx
230 User abc
FTP
Server
3018
21
1
2
3019
2036
3
4
BRKAPP-1001
14503_04_2008_c2
Cisco Public
19
BRKAPP-1001
14503_04_2008_c2
Cisco Public
20
10
Client
Serverfarm
Cisco Public
21
Based on Load
Server load retrieved via SNMP or feedback protocols
Fastest
Based on response time: fastest servers receive newer connections
Least Bandwidth
Real-time amount of traffic considered to select less active server
BRKAPP-1001
14503_04_2008_c2
Cisco Public
22
11
Session PersistenceStickiness
The Shopping Cart Problem
Browse
Ill Never
Shop Here
Again!
1
Select
2
3
Buy
Empty?!?
BRKAPP-1001
14503_04_2008_c2
Cisco Public
23
Session PersistenceStickiness
Session: logical aggregation of multiple simultaneous or
subsequent connections
Sessions are limited in time (timeout)
Servers might keep session state locally
Load distribution across multiple servers introduces the problem
Cisco Public
24
12
Health Checking
The content switch needs to continuously monitor the
back-end servers
Failed servers have to be identified and removed from rotation:
the load balancing algorithms adapt to the change
Server failures should be transparent to clients
Servers recovering from failures should be checked and put back in
the available pool, avoiding flapping
Any failure affecting client-server interaction should be detected:
connectivity, application or back-end servers malfunctions
Serverfarm
Clients
X
BRKAPP-1001
14503_04_2008_c2
Cisco Public
25
Active ProbingKeepalives
Serverfarm
BRKAPP-1001
14503_04_2008_c2
Cisco Public
26
13
For HTTP traffic, can perform return error code checking (i.e. 500type errors should remove servers from rotation)
Serverfarm
Clients
BRKAPP-1001
14503_04_2008_c2
Cisco Public
27
Flow Management
BRKAPP-1001
14503_04_2008_c2
Cisco Public
28
14
Cisco Public
29
Layer 4 Switching
L2L4 information is always present in the first packet
of the flow (unless it is a fragment!)
IP protocol
Source/destination IP addresses
Source/destination L4 ports (for TCP/UDP)
Source VLAN, MAC address
BRKAPP-1001
14503_04_2008_c2
Cisco Public
30
15
Matches VIP
Selects Server
Rewrites
L2/L3/L4
SYN
Matches Existing
Flow
Rewrites L2/L3/L4
SYN_ACK
Shortcut
ACK
Data
Shortcut
GET/HTTP 1.1
Shortcut
HTTP/1.1 200
OK
Data
Shortcut
BRKAPP-1001
14503_04_2008_c2
Cisco Public
31
Layer 7 Switching
L5L7 information is only received after the TCP setup and might
span multiple packets
HTTP URLs, cookies, header fields
SSL session ID
FTP data channel port
Generic application data
BRKAPP-1001
14503_04_2008_c2
Cisco Public
32
16
SYN
SYN_ACK
ACK
Data
GET/HTTP 1.1
ACK
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Data
GET Continuatio
n
ACK
SYN
SYN_ACK
Acts as Client
Does Not Forward
SYN_ACK
Empties Buffer
Sends Data to Server
BRKAPP-1001
14503_04_2008_c2
Cisco Public
ACK
DataGET
DataGET Cont
inuation
34
17
ACK
OK
HTTP/1.1 200
Data
Continuation
Data
ACK
Shortcut
Shortcut
BRKAPP-1001
14503_04_2008_c2
35
Cisco Public
SYN
ACK
Data
SYN_ACK
GET/HTTP 1.1
ACK
ACK
SYN_ACK
ACK
DataGET
ACK
HTTP/1.1 200 OK
Client connection
2008 Cisco Systems, Inc. All rights reserved.
Full Proxy
HTTP/1.1 200 OK
BRKAPP-1001
14503_04_2008_c2
SYN
Cisco Public
Data
Data
Server connection
36
18
Cisco Public
37
Server Offload
BRKAPP-1001
14503_04_2008_c2
Cisco Public
38
19
Why ?
Servers can dedicate more resources to processing and serving client requests:
faster application response!
Application
Switch
BRKAPP-1001
14503_04_2008_c2
Servers
39
Cisco Public
Offloading SSL
Offload CPU-intensive SSL processing
Servers resources are dedicated to serving requests and running applications,
rather than encrypting data
Content
Switch
Encrypted to
VIP:443
BRKAPP-1001
14503_04_2008_c2
Cisco Public
Clear Text to
Servers:80
Web
Servers
40
20
SSLHandshake
Full
Abbreviated
Re-use same SSL session ID
Less latency - Faster applications
Client Hello
Server Hello
Certificate *
Server Key Exchange *
Certificate Request *
Server Hello Done
Client Hello
Server Hello
Change Cipher Spec
Finished
* Certificate
Client Key Exchange
* Certificate Verify
Change Cipher Spec
Finished
Application Data
Application Data
BRKAPP-1001
14503_04_2008_c2
41
Cisco Public
SSL ID
123
index.html
SSL ID
123
logo1.gif
globe.gif
footpage.jpg
SSL ID
123
BRKAPP-1001
14503_04_2008_c2
bannertop.jpg
Cisco Public
menu.jpg
42
21
43
Cisco Public
Offloading TCP
TCP Reuse (Multiplex)
Offload TCP (HTTP) setup processing from servers
Servers resources are dedicated to serving requests and running
applications, rather than opening and closing TCP connections
TCP1 Pool1
TCP2
TCP2 Pool2
TCP3
BRKAPP-1001
14503_04_2008_c2
Cisco Public
44
22
High Availability
BRKAPP-1001
14503_04_2008_c2
45
Cisco Public
Redundancy
Heartbeat and State
Synchronization link
BACKUP
Internet
VIP Active
192.1.1.100
IP Interface
10.1.1.254
ACTIVE
BRKAPP-1001
14503_04_2008_c2
Cisco Public
46
23
Terminology
Box-to-Box Redundancy
Granularity
Per-VIP Redundancy
Each VIP Can
Independently Be Active or
Standby
Active-Active
State
BRKAPP-1001
14503_04_2008_c2
Active-Standby
47
Cisco Public
RedundancyStatefulness
Stateless
Sticky Stateful
Full Stateful
Sync/Monitor
Sticky Tables
Stateless Content
Session Stateful
Low
Medium
High
LB Communication
Ideal For
LB Resources
Adaptive Redundancy
Stateful Level Configurable
Independently on Each Policy
BRKAPP-1001
14503_04_2008_c2
Cisco Public
48
24
Deployments
BRKAPP-1001
14503_04_2008_c2
49
Cisco Public
Router Mode
Servers Default Gateway:
Content Switch IP
Subnet A
Subnet B
Cisco Public
50
25
Bridge Mode
Servers Default Gateway:
Upstream Router
Subnet A
Servers in routable IP subnet
VIPs can be in the same or different subnet
Requires one IP subnets for each farm
Easy deploy for firewall or cache load balancing
BRKAPP-1001
14503_04_2008_c2
51
Cisco Public
Subnet B
L3 One-Arm Mode
Servers Default Gateway:
Upstream Router
Subnet B
Cisco Public
52
26
L3 One-Arm ModeFlows
VIP
1
Server
IP
3
53
Cisco Public
L2 One-Arm Mode
Return Traffic Bypassing Load Balancer
Servers
Default Gateway:
Upstream Router
Same IP Subnet
Cisco Public
54
27
APPHosts
Application Servers
(portal, Java,
caching)
IDMHosts
Identity Management
(login functions)
DBHosts
OIDHosts
Separate Data-Base
farm not requiring
load balancing
BRKAPP-1001
14503_04_2008_c2
Internet Directory
(LDAP)
55
Cisco Public
Inside
Network
1
3
Firewall
farm
2008 Cisco Systems, Inc. All rights reserved.
6
4
External
Load Balancer
BRKAPP-1001
14503_04_2008_c2
Internal
Load Balancer
Cisco Public
Serverfarm
56
28
Geographic
Load Balancing
BRKAPP-1001
14503_04_2008_c2
57
Cisco Public
Internet
Service
Provider A
Service
Provider B
Internal
Network
Front-End Tier
(Web)
Application
Tier
Database
Tier
BRKAPP-1001
14503_04_2008_c2
Cisco Public
58
29
BRKAPP-1001
14503_04_2008_c2
59
Cisco Public
2
3
Authoritative DNS
cisco.com
5
6
1
10
Authoritative
DNS
www.cisco.com
Client
Data Center 1
BRKAPP-1001
14503_04_2008_c2
Ke
epa
live
e
paliv
Kee
http://www.cisco.com/
Data Center 2
Cisco Public
60
30
2
3
Authoritative DNS
cisco.com
5
6
1
10
Client
8
TCP:80
Authoritative
DNS
www.cisco.com
Data Center 1
BRKAPP-1001
14503_04_2008_c2
Ke
epa
live
e
paliv
Kee
http://www.cisco.com/
Data Center 2
Cisco Public
61
Whats Next ?
BRKAPP-1001
14503_04_2008_c2
Cisco Public
62
31
63
Cisco Public
Multi-Module
(64 Gbps)
Module
(4-16 Gbps)
ACE Web
Application
Firewall
ACE
Module
16 Gbps
ACE
Module
8 Gbps
Appliance
(1-2 Gbps)
ACE
Module
4 Gbps
ACE 4710
2 Gbps
ANM
ACE 4710
1 Gbps
ACE XML
Gateway
Manager
One-Click
Migration
Tools
ACE GSS
CSS 11501
Up to 1 Gbps
BRKAPP-1001
14503_04_2008_c2
Cisco Public
64
32
Q and A
BRKAPP-1001
14503_04_2008_c2
Cisco Public
65
Recommended Reading
Continue your Cisco Live
learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
Cisco Public
66
33
BRKAPP-1001
14503_04_2008_c2
Cisco Public
67
BRKAPP-1001
14503_04_2008_c2
Cisco Public
68
34