1、 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr1 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAPP-100114503_04_2008_c2 2Introduction toLoad BalancingBRKAPP-1001 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr2 2008 Cisco Systems, Inc. All rights
2、 reserved. Cisco Public 3BRKAPP-100114503_04_2008_c2Agenda Introduction Load Balancing and Health Monitoring Flow Management Server Offload High Availability Deployments Geographic Load Balancing Whats Next ? 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAPP-100114503_04_2008_c2WAN
3、Acceleration Data redundancy elimination Window scaling LZ compression Adaptive congestion avoidanceApplication Acceleration Latency mitigation Application data cache Meta data cache Local servicesApplication Optimization Delta encoding FlashForward optimization Application security Server offloadAp
4、plication Networking Message transformation Protocol transformation Message-based security Application visibilityApplication Scalability Server load-balancing Site selection SSL termination and offload Video deliveryNetwork Classification Quality of service Network-based app recognition Queuing, pol
5、icing, shaping Visibility, monitoring, controlCisco Application Delivery NetworksWAN 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr3 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAPP-100114503_04_2008_c2Other Cisco Live Breakout Sessions that You May Want to Atte
6、ndBRKAPP-2014 Deploying AXGBRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and ExchangeBRKAPP-2011 Scaling Applications in a Clustered EnvironmentBRKAPP-2010 How to build and deploy a scalable video communication solution for your organizationBRKAPP-1009 Introduc
7、tion to Web Application SecurityBRKAPP-1008 What can Cisco IOS do for my application?BRKAPP-3006 Troubleshooting WAASBRKAPP-2005 Deploying WAASBRKAPP-2018 Optimizing Oracle Deployments in Distributed Data CentersBRKAPP-2017 Optimizing Application DeliveryBRKAPP-1016 Running Applications on the Branc
8、h RouterBRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network EngineersBRKAPP-1004 Introduction WAASBRKAPP-3003 Troubleshooting ACEBRKAPP-2002 Server Load Balancing DesignApplicationsISRGSS WAAS ACE AXGACNSRelevancy 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAPP-100114503_04_2
9、008_c2The Application Delivery JourneyEarlyTechnologiesQoSLoad Balancing19952000Message VisibilityVirtualizationDeep Packet Inspection2006 and BeyondL4-7 SwitchingWANOptimizationWeb Acceleration20002006Application Aware NetworksMulti-GigabitPerformanceClient/ServerCentralizedFew ConnectionsApplicati
10、onTrendsCiscoSolutionWeb EnabledDecentralized1000s of ConnectionsSOA/Web 2.0Distributed Exponential Increase in ConnectionsEnd-to-End Application Delivery Networks 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr4 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAPP-1
11、00114503_04_2008_c2How It All StartedDirect Communication Clients/ServersBenefit Simple solutionIssue No fault tolerance Limited performance and scalabilityWeb ServerIP TCP http DataX 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAPP-100114503_04_2008_c2Scaling to a Few ServersThe S
12、oftware ApproachBenefit Addresses some of the fault tolerant and performance issuesIssue Still limited in scale/performance. Leverages server resources for LB and HA Proprietary clustering technologiesS/W Load BalancerClustering Technologies 2006, Cisco Systems, Inc. All rights reserved.14503_04_200
13、8_c2.scr5 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAPP-100114503_04_2008_c2Scale and High Availability for Larger DeploymentsBenefit Addresses fault tolerant, performance and scalability issues Future proof: architecture includes hardware co-processors tosupport resource-intens
14、ive features (i.e., SSL, compression)The Hardware-Based Solution 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAPP-100114503_04_2008_c2The Main Functions of a Load Balancer Represents multiple server farms with public IP addresses Virtual IPs or VIPs (which clients resolve via DNS)
15、 Monitors the health of servers Intelligently distributes incoming requests according to configurable rulesClientsLoad Balancer/ContentSwitchServersWebStreamingDatabase 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr6 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BR
16、KAPP-100114503_04_2008_c2TerminologyClientsContentSwitch-LoadBalancerServersServerfarmClient-SideGatewayKeepalive (Probe)172.16.2.100TCP port 80Virtual IP Address (VIP)URL = /newsUser-Agent = WindowsCEClient = 192.0.0.0/8Class-MapLoad BalancingAlgorithm(Predictor)Round RobinXML GatewaysIf match clas
17、s-map Xthen use serverfarm Xelse use serverfarm yPolicy-Map 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAPP-100114503_04_2008_c2Devices Being Load Balanced Server Proxies Accelerators (compression engines, SSL offloaders) Caches (reverse and transparent) Firewalls (Layer 3 and La
18、yer 2) VPN concentrators Routers Generic IP device requiring load distribution and/orredundancy 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr7 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAPP-100114503_04_2008_c2Traffic Being Load Balanced Generic IP traffic (
19、i.e. IPSec tunnels) Generic UDP and TCP (i.e. proprietary protocols) Network services (i.e. LDAP, DNS, Radius) HTTP (i.e. Web Presentation Layer, Web Services, SOAP/XML) Voice and Video (i.e. RTSP, SIP, H.323) Remote terminals (i.e. Windows Terminal Services) Multi-connection protocols (i.e. FTP, RT
20、SP) Multi-tier packaged applications (i.e. SAP, Oracle, Microsoft, BEA) Vertical specific applications (i.e. medical, finance, education)EthernetHeaderIPHeaderTCPHeaderEthernetTrailerPayloadLayer 3 Layer 4Layer 5-7Layer 2HTTPHeader 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAPP-
21、100114503_04_2008_c2HTTPThe Most Common Load Balanced Protocol RFC 2616,HTTP 1.1 IETF draft standard:“The hypertext transfer protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems” Three important elements of an HTTP request:Method (GET, POST,
22、 )URIHeaders (include cookies) Carried over TCPMultiple HTTP requests can be “tunneled” over the sameTCP connection 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr8 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAPP-100114503_04_2008_c2HTTP 1.0Single RequestClient
23、SYNSYN_ACKACKFINFIN_ACKACKGET / HTTP 1.0ACKHTTP/1.0 200 OKContinuationACKWebServer 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAPP-100114503_04_2008_c2HTTP 1.1Two Requests, No PipeliningSYNSYN_ACKACKFINFIN_ACKACKGET /a.gif HTTP 1.1ACKHTTP/1.1 200 OKContinuationACKGET /b.jpg HTTP
24、1.1ACKHTTP/1.1 200 OKACKClientWebServer 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr9 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAPP-100114503_04_2008_c2HTTP 1.1Building an Entire PageTCP 3102 80logo1.gif globe.gif footpage.jpgTCP 3103 80/cgi-bin/countTCP 3
25、104 80bannertop.jpg menu.jpgTCP 3101 80index.htmlThe behaviourdependson the browser 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAPP-100114503_04_2008_c2FTPFile Transfer ProtocolA Multi-Connection ProtocolActive FTPClientFTPServer3016 21123017 2034C:ftp FTP server testUser: abcPas
26、sword: xxx230 User abc 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr10 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAPP-100114503_04_2008_c2FTPFile Transfer ProtocolA Multi-Connection Protocol3018 21123019 203634ClientFTPServerPassive FTPC:ftp FTP server testU
27、ser: abcPassword: xxx230 User abc 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAPP-100114503_04_2008_c2Load Balancing and Health MonitoringHow Connections Are Distributed to the Best Available Servers 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr11 2008 Cisco
28、Systems, Inc. All rights reserved. Cisco Public 21BRKAPP-100114503_04_2008_c2ServerfarmClientLoad Balancing AlgorithmsHow to Distribute Requests Across Servers?Enhanced Predictors Improve Serverfarm Efficiency 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAPP-100114503_04_2008_c2Lo
29、ad Balancing Algorithms (Weighted) Round RobinVery simple, servers receive equal (or proportional) amount of requests (Weighted) Least ConnectionsDynamic, based on open connections, optimizes load across servers Hash on IP (source/destination, with mask)No state required for persistence Hash on URL
30、or portion of URLUseful for transparent cache redirection Based on LoadServer load retrieved via SNMP or feedback protocols FastestBased on response time: fastest servers receive newer connections Least BandwidthReal-time amount of traffic considered to select less active server 2006, Cisco Systems,
31、 Inc. All rights reserved.14503_04_2008_c2.scr12 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAPP-100114503_04_2008_c2Session PersistenceStickinessBrowseSelectBuy123Empty?!?The “Shopping Cart” ProblemIll Never Shop HereAgain! 2008 Cisco Systems, Inc. All rights reserved. Cisco Pub
32、lic 24BRKAPP-100114503_04_2008_c2Session PersistenceStickiness Session: logical aggregation of multiple simultaneous or subsequent connections Sessions are limited in time (timeout) Servers might keep session state locally Load distribution across multiple servers introduces the problemThe content s
33、witch needs to identify a session and send connections belonging to the same session (i.e. from the same client) to the same serverMethods to identify the session or client:Source IP address, HTTP session cookie, SIP session ID,SSL ID, generic protocol session data, 2006, Cisco Systems, Inc. All rig
34、hts reserved.14503_04_2008_c2.scr13 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKAPP-100114503_04_2008_c2Health Checking The content switch needs to continuously monitor the back-end servers Failed servers have to be identified and removed from rotation:the load balancing algorith
35、ms adapt to the change Server failures should be transparent to clients Servers recovering from failures should be checked and put back in the available pool, avoiding flapping Any failure affecting client-server interaction should be detected: connectivity, application or back-end servers malfuncti
36、onsServerfarmClientsXX 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKAPP-100114503_04_2008_c2Active ProbingKeepalives Intended to run periodically Generated by the load balancer: a correct reply is expected Either predefined health checks or user-configurable scripts Examples: ICMP
37、 (L3 connectivity), TCP (stack), HTTP (application) For each probe:Interval, retry timesMaximum TCP open timeMaximum receive time (max response time)Failed retry time, successful retries before back in serviceServerfarm 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr14 2008 Cisco
38、Systems, Inc. All rights reserved. Cisco Public 27BRKAPP-100114503_04_2008_c2In-Band Health Monitoring The load balancer monitors server-to-client “inband” traffic and keep counters for consecutive errors Can catch basic errors:No replies from serverRSTs from server For HTTP traffic, can perform ret
39、urn error code checking (i.e. 500-type errors should remove servers from rotation)ClientsServerfarm 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAPP-100114503_04_2008_c2Flow Management“Layer 4” and “Layer 7” Processing 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2
40、.scr15 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAPP-100114503_04_2008_c2Flows, Connections, Sessions Three main types of flowsTCP: IP protocol, src/dst IP, src/dst L4 port, TCP stateUDP: IP protocol, src/dst IP, src/dst L4 portGeneric IP: source/destination IP TCP flows (conne
41、ctions) require setup Multiple flows between the same client and server might be logically grouped into a sessionA Load Balancer MaintainsMuch More State than a Routeron a Per-Flow Basis 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAPP-100114503_04_2008_c2Layer 4 Switching L2L4 in
42、formation is always present in the first packet of the flow (unless it is a fragment!)IP protocol Source/destination IP addressesSource/destination L4 ports (for TCP/UDP)Source VLAN, MAC address The load balancing decision can be made on the first packet 2006, Cisco Systems, Inc. All rights reserved
43、.14503_04_2008_c2.scr16 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAPP-100114503_04_2008_c2Layer 4 Flow SetupBasic Load BalancingDecisions Made on First PacketSYNSYN_ACKShortcutACKShortcutDataGET/HTTP1.1ShortcutDataHTTP/1.1 200 OKShortcutMatches Existing FlowRewrites L2/L3/L4Mat
44、ches VIPSelects ServerRewrites L2/L3/L4 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAPP-100114503_04_2008_c2Layer 7 Switching L5L7 information is only received after the TCP setup and might span multiple packetsHTTP URLs, cookies, header fieldsSSL session IDFTP data channel portG
45、eneric application data Requires TCP termination and buffering! 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr17 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAPP-100114503_04_2008_c2Layer 7 Flow Setup for HTTP (1/3)Load Balancing Decisions Require More DataSYNS
46、YN_ACKStarts BufferingACKDataGET/HTTP1.1ACK ACKs Client PacketsKeeps BufferingMatches VIP w/L7 ruleChooses SEQ #Replies w/SYN_ACK 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAPP-100114503_04_2008_c2Layer 7 Flow Setup for HTTP (2/3)Load Balancing Decisions Require More DataACKData
47、GET ContinuationSYNSYN_ACKACKDataGETDataGET ContinuationEmpties BufferSends Data to ServerActs as ClientDoes Not Forward SYN_ACKParses the DataSelects ServerInitiates TCP 2006, Cisco Systems, Inc. All rights reserved.14503_04_2008_c2.scr18 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
48、5BRKAPP-100114503_04_2008_c2Layer 7 Flow Setup for HTTP (3/3)Load Balancing Decisions Require More DataACKDataHTTP/1.1 200 OKShortcutACKShortcutDataContinuationShortcutMatches Existing FlowRewrites L2/L3/L4and SEQ/ACKDoes Not Forward ACKReady to Splice the Flows 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAPP-100114503_04_2008_c2FullProxyIndependentclientNeed to Use Either PBR, SNAT, or Server Default GatewayJust Routing to the Client IPVIPServerIP1 2334Just Routing Traffic to the VIPJust Routing Traffic to the Server IP23341PBRPolicy Based Routing, sNATSource Networ
