Module 2 Server Load Balancing
Server Load
Balancing
Slide 1
Objectives
Understand SLB frame flow & Client/Server
processing
Understand the different
load balancing algorithms
Understand server health checks
Understand SLB configurations
Slide 2
Alteon SLB Terminology
Real Server – Actual server connecting to (Must be enabled)
Real IP (RIP) – Real server IP Address
Group – Group of real servers for load balancing (Doesn’t need to be
enabled)
Virtual Server – All client requests are forwarded to the virtual server
defined on the Alteon
Virtual IP (VIP) – IP address of the virtual server on the Alteon
Metrics – Used to select which real server in a group receives the client
request
Weights – Bias load balancing to give the fastest real servers a larger
share of connections
Real Server Port (rport) – Defines the real server TCP or UDP port
assigned to the service
Slide 3
Review of IP Communication
and HTTP Requests
Slide 4
IP Communication
L2 Header
– MAC Source Address
– MAC Destination Address
– Checksum
Layer
2
Source MAC
Source MAC
Destination MAC
VIP MAC
Source IP
Client IP
Destination IP
VIP
Checksum
B35C
Source Port
2165
Destination Port
80
Checksum
037A
IP Header
– IP Source Address
– IP Destination Address
– Checksum
Layer
3
TCP Header
– Source Port
– Destination Port
– Checksum
Session ID
– IP Source Address
– Source Port
Layer
4
Slide 5
The Life of an HTTP Request
DNS
DNS Lookup
Lookup for:
for: www.appswitch.com
www.appswitch.com
Client
Client
DNS
DNS response
response with:
with: 192.168.13.10
192.168.13.10
Client
Client Site
Site DNS
DNS
Server
Server
IPDA
IPDA 192.168.13.10:
192.168.13.10: TCP
TCP SYN,
SYN, Dest
Dest TCP
TCP Port
Port 80
80
Client
Client
IPDA
IPDA (client)
(client) :: TCP
TCP SYN-ACK
SYN-ACK
IPDA
IPDA 192.168.13.10:
192.168.13.10: SYN
SYN ACK-ACK,
ACK-ACK, TCP
TCP Port
Port 80
80
Web
Web Server
Server
IPDA
IPDA 192.168.13.10:
192.168.13.10: HTTP
HTTP GET
GET (url),
(url), TCP
TCP Port
Port 80
80
IPDA
IPDA (client)
(client) :: GET
GET RESPONSE
RESPONSE (data)
(data)
IPDA
IPDA 192.168.13.10:TCP
192.168.13.10:TCP FIN,
FIN, Dest
Dest TCP
TCP Port
Port 80
80
IPDA
IPDA (client)
(client) :: TCP
TCP FIN-ACK
FIN-ACK
Slide 6
Basic Frame Flow & Client and
Server Processing
Slide 7
Basic Frame Flow Process
(1) DNS resolves
incoming request
to switch.
Network Manager
DNS
www.appswitch.com ~ 192.100.13.10
10.10.10.1
VIP 192.100.13.10
Port 80
client proc.
10.10.10.2
server proc.
(2) Switch selects best server
based on policy.
10.10.10.3
(3) Response is sent to client
via switch.
Slide 8
VIP
192.100.13.0/28
VIP 192.100.13.10
Client: 1.2.3.4:2000
10.10.10.0/24
10.10.10.1
10.10.10.2
10.10.10.3
Slide 9
Proper Routing
192.100.13.1/28
VIP 192.100.13.10
Client: 1.2.3.4:2000
Ensure proper routing
10.10.10.0/24
10.10.10.1
10.10.10.2
10.10.10.3
Slide 10
Accessing the VIP
Network Manager
DNS
www.appswitch.com ~ 192.100.13.10
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
DestIP: 192.100.13.10:80
Access virtual-server IP-address/service
10.10.10.1
10.10.10.2
10.10.10.3
Slide 11
Detect Request
SrcIP : 1.2.3.4:2000
DestIP: 192.100.13.10:80
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
DestIP: 192.100.13.10:80
client process
Detect request to virtual-server IP-address/service
10.10.10.1
10.10.10.2
10.10.10.3
Slide 12
Is request already served?
Connection Table
Source client-IP:port
Dest.
VIP: service-port
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
client process
Is current request already served?
10.10.10.1
10.10.10.2
10.10.10.3
Slide 13
Yes, Request Already Served
Connection Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
client process
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
Is current request already served? Yes, send to servers.
10.10.10.1
10.10.10.2
10.10.10.3
Slide 14
No, Do Load Balancing
Connection Table
Source client-IP:port
Dest.
VIP: service-port
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
client process
Is current request already served? No, do load balancing
10.10.10.1
10.10.10.2
10.10.10.3
Slide 15
Send Request to Real Server
Connection Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
client process
VIP 192.100.13.10
Port 80
10.10.10.1
10.10.10.2
Client: 1.2.3.4:2000
SrcIP: 1.2.3.4:2000
DestIP: 10.10.10.3:80
Send request to real-server
10.10.10.3
Slide 16
Real Server Responds
Connection Table
Service Map Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
VIP - Real-server 1
…
VIP - Real-server x
VIP 192.100.13.10
Port 80
10.10.10.1
server
process
10.10.10.2
Client: 1.2.3.4:2000
SrcIP:10.10.10.3:80
DestIP: 1.2.3.4:2000
Real-server responds
10.10.10.3
Slide 17
NAT Real to Virtual IP
Connection Table
Service Map Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
VIP - Real-server 1
…
VIP - Real-server x
VIP 192.100.13.10
Port 80
10.10.10.1
server
process
Client: 1.2.3.4:2000
10.10.10.2
SrcIP:192.100.13.10:80
DestIP: 1.2.3.4:2000
SrcIP:10.10.10.3:80
DestIP: 1.2.3.4:2000
NAT real to virtual IP
10.10.10.3
Slide 18
Client Processing
MAC
MAC
IP
IP
TCP
TCP
Dst MAC
Src MAC
Src IP Address
Dst IP Address
Src Port
Dst Port
virt_mac
router_mac
rip_mac
rip_mac
router_mac
router_mac
CIP
VIP
CIP
VIP
CIP
RIP
CIP
RIP
2155
80
2155
80
2155
80
2155
80
Client
Application Switch
Real Server
Client processing is enabled on a per-port basis under /cfg/slb/port #/client ena.
For SLB traffic, switch uses a different mac address: aa:bb:cc:dd:ee:xe
Slide 19
Client-to-Server Traffic
Recognize received SYN packet addressed to a VIP (TCP
connection request).
•
•
•
•
Is session table entry present?
If no entry, do slb.
Bind session and create session ID entry.
IP address substitution based on Session ID
Recognize successive packets associated with the same
session and send to the same real server.
Unbind upon reception of a FIN packet or time-out.
Packets not addressed to a VIP are switched at L2.
Slide 20
Server Processing
MAC
MAC
IP
IP
TCP
TCP
SrcMAC
DestMAC
vip_mac
router_mac
rip_mac
rip_mac
router_mac
router_mac
Src IP Address
Dst IP Address
VIP
CIP
VIP
CIP
RIP
CIP
RIP
CIP
Src Port
Dst Port
80
2155
80
2155
80
2155
80
2155
Client
Application Switch
Real Server
Server processing is enabled on a per-port basis under /cfg/slb/port #/server ena.
Slide 21
Server-to-Client Traffic
All packets must be “watched.”
Determine whether arriving packets are
associated with virtual services or native
communications.
Implement Source IP/s-port substitution if
the packet is associated with a virtual
service.
Use service map table
Forward using L2 switching if the packet is
not associated with a virtual service.
Slide 22
Appdirector to Alteon Dictionary
AppDirector, CID
Farm
Dispatch Method
Client Table
Server
Port Multiplexing
Session Table Mode "entry per
session"
=
=
=
=
=
=
Backup Server
=
1 to 1 BS
=
Layer 4 policy
~
Client Aging Time
=
Transparent LB (CID/SF)
=
Application Server Support (spoof
SIP)
=
Dyn NAT/Client NAT
=
Alteon
Group
Metric
Session Table
RIP (real
IP)
Rport
DAM (Direct Access Mode)
Service Group
Backup
Real Server Backup
Combination of VIP + Service
Ptimer (Persistency Timer)
Filtering (action: redirect)
RTS (Return to
Sender)
PIP (Proxy IP
Addressing )
Slide 23
Proceed to Module 2a – Server
Load Balancing – LB Algorithms
Slide 24
Thank You!
www.radware.com
Balancing
Slide 1
Objectives
Understand SLB frame flow & Client/Server
processing
Understand the different
load balancing algorithms
Understand server health checks
Understand SLB configurations
Slide 2
Alteon SLB Terminology
Real Server – Actual server connecting to (Must be enabled)
Real IP (RIP) – Real server IP Address
Group – Group of real servers for load balancing (Doesn’t need to be
enabled)
Virtual Server – All client requests are forwarded to the virtual server
defined on the Alteon
Virtual IP (VIP) – IP address of the virtual server on the Alteon
Metrics – Used to select which real server in a group receives the client
request
Weights – Bias load balancing to give the fastest real servers a larger
share of connections
Real Server Port (rport) – Defines the real server TCP or UDP port
assigned to the service
Slide 3
Review of IP Communication
and HTTP Requests
Slide 4
IP Communication
L2 Header
– MAC Source Address
– MAC Destination Address
– Checksum
Layer
2
Source MAC
Source MAC
Destination MAC
VIP MAC
Source IP
Client IP
Destination IP
VIP
Checksum
B35C
Source Port
2165
Destination Port
80
Checksum
037A
IP Header
– IP Source Address
– IP Destination Address
– Checksum
Layer
3
TCP Header
– Source Port
– Destination Port
– Checksum
Session ID
– IP Source Address
– Source Port
Layer
4
Slide 5
The Life of an HTTP Request
DNS
DNS Lookup
Lookup for:
for: www.appswitch.com
www.appswitch.com
Client
Client
DNS
DNS response
response with:
with: 192.168.13.10
192.168.13.10
Client
Client Site
Site DNS
DNS
Server
Server
IPDA
IPDA 192.168.13.10:
192.168.13.10: TCP
TCP SYN,
SYN, Dest
Dest TCP
TCP Port
Port 80
80
Client
Client
IPDA
IPDA (client)
(client) :: TCP
TCP SYN-ACK
SYN-ACK
IPDA
IPDA 192.168.13.10:
192.168.13.10: SYN
SYN ACK-ACK,
ACK-ACK, TCP
TCP Port
Port 80
80
Web
Web Server
Server
IPDA
IPDA 192.168.13.10:
192.168.13.10: HTTP
HTTP GET
GET (url),
(url), TCP
TCP Port
Port 80
80
IPDA
IPDA (client)
(client) :: GET
GET RESPONSE
RESPONSE (data)
(data)
IPDA
IPDA 192.168.13.10:TCP
192.168.13.10:TCP FIN,
FIN, Dest
Dest TCP
TCP Port
Port 80
80
IPDA
IPDA (client)
(client) :: TCP
TCP FIN-ACK
FIN-ACK
Slide 6
Basic Frame Flow & Client and
Server Processing
Slide 7
Basic Frame Flow Process
(1) DNS resolves
incoming request
to switch.
Network Manager
DNS
www.appswitch.com ~ 192.100.13.10
10.10.10.1
VIP 192.100.13.10
Port 80
client proc.
10.10.10.2
server proc.
(2) Switch selects best server
based on policy.
10.10.10.3
(3) Response is sent to client
via switch.
Slide 8
VIP
192.100.13.0/28
VIP 192.100.13.10
Client: 1.2.3.4:2000
10.10.10.0/24
10.10.10.1
10.10.10.2
10.10.10.3
Slide 9
Proper Routing
192.100.13.1/28
VIP 192.100.13.10
Client: 1.2.3.4:2000
Ensure proper routing
10.10.10.0/24
10.10.10.1
10.10.10.2
10.10.10.3
Slide 10
Accessing the VIP
Network Manager
DNS
www.appswitch.com ~ 192.100.13.10
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
DestIP: 192.100.13.10:80
Access virtual-server IP-address/service
10.10.10.1
10.10.10.2
10.10.10.3
Slide 11
Detect Request
SrcIP : 1.2.3.4:2000
DestIP: 192.100.13.10:80
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
DestIP: 192.100.13.10:80
client process
Detect request to virtual-server IP-address/service
10.10.10.1
10.10.10.2
10.10.10.3
Slide 12
Is request already served?
Connection Table
Source client-IP:port
Dest.
VIP: service-port
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
client process
Is current request already served?
10.10.10.1
10.10.10.2
10.10.10.3
Slide 13
Yes, Request Already Served
Connection Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
client process
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
Is current request already served? Yes, send to servers.
10.10.10.1
10.10.10.2
10.10.10.3
Slide 14
No, Do Load Balancing
Connection Table
Source client-IP:port
Dest.
VIP: service-port
VIP 192.100.13.10
Port 80
Client: 1.2.3.4:2000
client process
Is current request already served? No, do load balancing
10.10.10.1
10.10.10.2
10.10.10.3
Slide 15
Send Request to Real Server
Connection Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
client process
VIP 192.100.13.10
Port 80
10.10.10.1
10.10.10.2
Client: 1.2.3.4:2000
SrcIP: 1.2.3.4:2000
DestIP: 10.10.10.3:80
Send request to real-server
10.10.10.3
Slide 16
Real Server Responds
Connection Table
Service Map Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
VIP - Real-server 1
…
VIP - Real-server x
VIP 192.100.13.10
Port 80
10.10.10.1
server
process
10.10.10.2
Client: 1.2.3.4:2000
SrcIP:10.10.10.3:80
DestIP: 1.2.3.4:2000
Real-server responds
10.10.10.3
Slide 17
NAT Real to Virtual IP
Connection Table
Service Map Table
Source client-IP:port
Dest.
VIP: service-port
LoadB. Rserver:listen-port
Protocol
VIP - Real-server 1
…
VIP - Real-server x
VIP 192.100.13.10
Port 80
10.10.10.1
server
process
Client: 1.2.3.4:2000
10.10.10.2
SrcIP:192.100.13.10:80
DestIP: 1.2.3.4:2000
SrcIP:10.10.10.3:80
DestIP: 1.2.3.4:2000
NAT real to virtual IP
10.10.10.3
Slide 18
Client Processing
MAC
MAC
IP
IP
TCP
TCP
Dst MAC
Src MAC
Src IP Address
Dst IP Address
Src Port
Dst Port
virt_mac
router_mac
rip_mac
rip_mac
router_mac
router_mac
CIP
VIP
CIP
VIP
CIP
RIP
CIP
RIP
2155
80
2155
80
2155
80
2155
80
Client
Application Switch
Real Server
Client processing is enabled on a per-port basis under /cfg/slb/port #/client ena.
For SLB traffic, switch uses a different mac address: aa:bb:cc:dd:ee:xe
Slide 19
Client-to-Server Traffic
Recognize received SYN packet addressed to a VIP (TCP
connection request).
•
•
•
•
Is session table entry present?
If no entry, do slb.
Bind session and create session ID entry.
IP address substitution based on Session ID
Recognize successive packets associated with the same
session and send to the same real server.
Unbind upon reception of a FIN packet or time-out.
Packets not addressed to a VIP are switched at L2.
Slide 20
Server Processing
MAC
MAC
IP
IP
TCP
TCP
SrcMAC
DestMAC
vip_mac
router_mac
rip_mac
rip_mac
router_mac
router_mac
Src IP Address
Dst IP Address
VIP
CIP
VIP
CIP
RIP
CIP
RIP
CIP
Src Port
Dst Port
80
2155
80
2155
80
2155
80
2155
Client
Application Switch
Real Server
Server processing is enabled on a per-port basis under /cfg/slb/port #/server ena.
Slide 21
Server-to-Client Traffic
All packets must be “watched.”
Determine whether arriving packets are
associated with virtual services or native
communications.
Implement Source IP/s-port substitution if
the packet is associated with a virtual
service.
Use service map table
Forward using L2 switching if the packet is
not associated with a virtual service.
Slide 22
Appdirector to Alteon Dictionary
AppDirector, CID
Farm
Dispatch Method
Client Table
Server
Port Multiplexing
Session Table Mode "entry per
session"
=
=
=
=
=
=
Backup Server
=
1 to 1 BS
=
Layer 4 policy
~
Client Aging Time
=
Transparent LB (CID/SF)
=
Application Server Support (spoof
SIP)
=
Dyn NAT/Client NAT
=
Alteon
Group
Metric
Session Table
RIP (real
IP)
Rport
DAM (Direct Access Mode)
Service Group
Backup
Real Server Backup
Combination of VIP + Service
Ptimer (Persistency Timer)
Filtering (action: redirect)
RTS (Return to
Sender)
PIP (Proxy IP
Addressing )
Slide 23
Proceed to Module 2a – Server
Load Balancing – LB Algorithms
Slide 24
Thank You!
www.radware.com