1 Alteon L4 Web Swtich
2 목 차 Ⅰ. 제품소개 Ⅱ. Layer 4 스위치 용도/기능 소개 1. Layer 4 스위치 설치 전 구성목 차 Ⅰ. 제품소개 1. Alteon L4 스위치 제품 소개 2. 고객사 구축 장비 소개(180e) 3. Layer 4 스위치 시장 점유율 4. Layer 4 스위치 국내/국제 표준 준수 Ⅱ. Layer 4 스위치 용도/기능 소개 1. Layer 4 스위치 설치 전 구성 2. Layer 4 스위치 설치 후 구성 3. Layer 4 스위치 기능 4. 구축 사례 Ⅲ. Layer 4 스위치 설정 1. Layer 4 스위치 아키텍처 구조 2. Layer 4 스위치 기본 설정 3. 서버 Load Balancing 이해
3 Alteon Application Switch 2000Alteon Web Switch 제품 소개 WSM 4- 10/100 TX or Gig SX ports 80MB of Memory 4M concurrent sessions Industry Leading Web Switching (L4-7) Alteon Application Switch 2000 184 Nine 10/100/1000 Mbps ports 4 MB of memory per port (1-8) 8 MB of memory on port 9 512K concurrent sessions 8 Gbps backplane capacity WSM 180e Eight 10/100/1000 Mbps ports One 1000BASE-SX port 2MB of memory per port 8 Gbps backplane capacity 336K concurrent sessions AAS2424 가격 184 AD4 Eight 10/100 BASE-T ports One 1000BASE-SX uplink 4 MB of memory per port (1-8) 8 MB of memory on port 9 512K concurrent sessions 8 Gbps backplane capacity 180e AD3 Eight 10/100 BASE-T ports One 1000BASE-SX uplink 2 MB of memory per port 336K concurrent sessions 8 Gbps backplane capacity AD4 AD3 성능
4 Alteon Web Switch 제품 소개(계속)Alteon Application Switches A2424 A3408 성능/기능 A2224 Passport 8600 Layer 2-7 Routing Switch Alteon Web Switches AD4 184 AD3 180e Fast Ethernet Gig Ethernet Modular
5 Alteon WEB Switch 180e 고정형 L4 스위치로 9 Port의 interface는 최대의 확장성을 고려하여 10/100/1000Mbps의 통신 경로를 제공하며 동일 장비를 이용하여 다중화된 서버나 방화벽 Load Balancing 동시에 지원함 장비 성능 상비 사양 사양 8 Gbps Backplane Concurrent Session 336K Sessions L4 Switching 기능 VIP 지원 (256 ea) Global/Local SLB FW, Router, IDS L/B 동시 수행 지원 정책필터 : 224 VLAN : 246 Cache Redirection DNS Redirection 1:N Port Mirroring I/O Port 9 * 10/100/1000 Ethernet L3 Switch 기능 RIP1, BGP 지원 기타 SNMP 지원 RMON 지원 Application Health Check 다양한 고속 트래픽 관리 기능 지원과 동시에 혁신적인 분산처리 아키텍처를 기반으로 Layer 2,3와 4∼7 스위칭을 동시에 지원 매초 296,000 Session Capacity 제공 10/100/1000Mbps까지 완벽한 확장성을 제공 (9ports 10/100/1000M) HTTP, HTTPS, DNS, SMTP, POP3, FTP, RADIUS등 다양한 서버 및 Firewall 서버 Load Balancing 뿐만 아니라 SSL(Secure Sockets Layer)로드 밸런싱 기능 제공 Layer 4레벨의 Application에 따른 우선 순위화 및 서버 퍼포먼스의 최적화를 지원
6 Layer 4 스위치 시장 점유율 2.4% 4.6% 1.3% 15% 43% 37.5% L4 Switch 시장 점유율Nortel Cisco Foundry CyberIQ CableTron 37.5% Extreme
7 Layer 4 스위치 국내/국제 표준 준수 구 분 준수 여부 Spanning Tee (IEEE 802.1d)Logical Link Control (IEEE 802.2) 10BASE-/100BASE-TX (IEEE 802.3, 802.3u) Flow Control (IEEE 802.3x) RMON (RFC 1757) SNMP (1213 MIB-II, 1643 Ethernet, 1493 Bridge) 1000BASE-SX (IEEE 802.3z) IPRIPv1, TFTP (RFC 783) BOOTP (RFC 1542), BOOTP (RFC 951) Telnet(RFC 854) 802.1Q 180e
8 L4 스위치 용도 및 기능 소개
9 Layer 4 스위치 설치 전 구성 CHALLENGES 신뢰할 수 있는 Web Tone 속도에 대한 요구 트래픽 관리 차별성
10 Layer 4 스위치 설치 후 구성 고가용성에 대한 확신 Delivers Web speed 서비스의 차별을 가능하게 함전례없는 performance를 제공
11 Layer 4 스위치 기능 소개 서버 로드밸런싱 네트워크 장비 가속화 애플리케이션 리디렉션 고급 필터링 컨텐츠 인지VPN 서버 로드밸런싱 Application LB Global Server LB Application Health Checks 네트워크 장비 가속화 Firewall/VPN/IDS WAN Links WAP Gateways 애플리케이션 리디렉션 Web Site Cache SSL Appliance Streaming Media 고급 필터링 Layer 2-7 Attributes VLAN Filtering Accept, Deny, NAT, Redirect 컨텐츠 인지 Layer 7 Inspect Cookie, URL, HTTP Header User Agent (PDA, Browser) 보안 서비스 DoS Attack Prevention Application Abuse Protection SSL acceleration / VPN 트래픽 관리 Bandwidth Management ToS Marking 지속성 지원 Source IP/Port Cookies SSL Identifier 기본적인 네트워크 서비스 Network Address Translation VLAN Tagging Trunking Layer 2 / 3
12 Layer 4 스위치 기능 소개 Local Server Load Balancing로컬서버로 유저들의 요구를 배분함으로써 애플리케이션의 수행능력, 유용성, 확장성을 향상시킴 Global Server Load Balancing 지역적으로 분포된 서버로 유저들의 요구를 배분함으로써 애플리케이션의 수행능력, 유용성 및 확장성을 향상시킴 Firewall Load Balancing Load share에 의한 Firewall 부하 감소 Firewall Fail에 대한 Automatic Back-up High Availability Configurations No single-point-of-failure at system level
13 Server Load Balancing SLB(Server Load Balancing) - I DNS CLients▶ L4 Switch를 사용한 Server Load Balancing - Server congestion 발생 없음. - Response time 증가 - 신뢰성 증가(다양한 Health Check로 Server Fail 감지.) - Server효율성 향상 - 정책별 Load Balancing : Minimum Misses, Hash, Least Connection, Round Robin - Scheduled Maintenance. CLients ▶ 기존 DNS를 사용한 Round Robin 방식 - Server Congestion 발생 높음 - Server Down시 감지 불가 - Hardware 사양 적용 불가 DNS
14 Server Load Balancing(계속)SLB(Server Load Balancing) - II ▶ Application 분산 처리 - Layer4 Switch 사용 Server Load Balancing 구현 - Server효율성 향상 - 무 중단 Service 제공 ▶ Server별 특정 Application 사용 시 - Server의 비 효율적 사용 - Server Fail시 특정 Application Service 불가 Application A Application B Application C Application A Application B Application C Application A Application B Application C Application A Application B Application C Congestion Wasted Capacity DNS CLients CLients
15 Global Server Load Balancing (GSLB)GSLB(Global Server Load Balancing) ▶ GSLB 구현 장점 - Server Down 및 Over Flow 방지 - 빠른 Response Time 제공 - 분산처리에 따른 Load 감소 - 원활한 Data Flow 제공 - Server 집중화에 따른 Congestion 방지 서울 전산 센타 L4 Active Switch Content Server1 L4 Stand-by Switch PC PC PC PC L4 Active Switch Content Server2 L4 Stand-by Switch Content Server 1 Group 지역 전산 센타 Content Server 2 Group
16 Global Server Load Balancing (GSLB)Distribute load across mirrored sites or reverse caching sites Switching, 로컬 및 글로벌 서버 Load Balancing Simple configuration 스위치와 DNS만의 구성 라우터의 교체, 네트웍구성의 변화 불필요 No added latency DNS Request에 의한 Request Origination 모든 스위치에서의 다이나믹한 상태점검 각 사이트에서 이루어지는 즉각적인 의사결정 Optimized for consistent response times no matter which site services a request 사이트의 수행능력에 따른 로드분산 가장 뛰어난 사이트는 타 사이트를 압도하지 않고 우위를 점함 Reverse Cache Web Servers
17 Firewall Load BalancingFLB(Firewall Load Balancing) plus SLB Load Balanced FTP/ Web Servers Dirty Network Clean Network Load Balanced Firewalls External Clients Firewall Load Balancing Load share에 의한 Firewall 부하 감소 Firewall Fail에 대한 Automatic Back-up
18 Firewall Load Balancing & WCRFLB plus WCR(Web Cache Redirection) Dirty Network Clean Network Load Balanced Firewalls External Clients Private Network Cache Cache Cache Web Cache Redirection FLB Hot Standby Load share에 의한 Firewall 부하 감소 Firewall Fail에 대한 Automatic Back-up Cache Server Redirection 기능 지원
19 Active-Active 이중화 구성 ……. Active VIP #1 VIP = 205.178.13.226Internet Active VIP #1 VIP = Active VIP #2 VIP = Active VIP #3 VIP = Active VIP #1 VIP = Active VIP #2 VIP = Active VIP #3 VIP = Active Active Link with traffic Link without traffic ……. VIP #1 VIP #2 VIP #3
20 Active-Active 이중화 구성(계속)VRRP-based with Alteon extensions Virtual L3/L4 (VIP) interfaces는 2또는 그 이상의 스위치를 놓을 수 있다. Master와 backup은 모든 가상 인터페이스를 위한 트래픽을 Process할 수 있다. 운용의 편이를 위한 모든 서버들의 동일한 기본값 게이트웨이 Address Incoming Traffic을 위한 OSPF load sharing 스위치는 WAN 라우터를 통해 외부로 나가는 트래픽을 Load Balancing한다. Advantages: Performance의 최대화 무제한의 리얼서버, addressing 및 동시 세션을 가능하게 하는 확장성 있는 Load Balancing 시스템 Switching 중단의 영향을 최소화 극히 소수의 중단률 DfGw = A VIP_1 DfGw = B VIP_2 Switch A Switch B Master VIP_1 Backup VIP_2 Master VIP_2 Backup VIP_1 VRRP
21 Web 기반 관리 기능
22 Layer 4 스위치 구축 사례 #1 ▶ “D사” - 문제점 : ⓐ Firewall의 Load 집중 (Active, Stand-by), ⓑ Cyber Trading Server의 Load 분산 처리 필요 - 적용내용 : ⓐ Firewall Load Balancing, ⓑ Server Load Balancing - 적용방법 : ACedirector2를 이용한 Firewall, Cyber Trading Server의 Load 재분배 - 적용구성도 Private Network Internet Network Switch Internet HUB Switching HUB DMS, Web Server 본사 LAN SLB FLB DMZ Router F/W 2 F/W 1 F/W 3
23 Layer 4 스위치 구축 사례 #2 ▶ “L사” - 문 제 점 : Cyber Trading Server의 Load 분산 처리 필요 - 적용내용 : Server Load Balancing - 적용방법 : Alteon Layer4 Switch를 사용 Cyber Trading Server의 Load 재분배 - 적용구성도 1. Internet User F/W 1. Home Line User 3. VPDN User 4. X.25 User Switching HUB Internet VPDN (014xx) X.25 Router AlteonL4 Switch Server Farm
24 Layer 4 스위치 구축 사례 #3 ▶ “K사” - 문 제 점 : ⓐ Dual Router Load 분산 처리 필요 ⓑ Cyber Trading Server Load 분산 처리 필요 - 적용내용 : ⓐ Router Load Balancing ⓑ Server Load Balancing - 적용방법 : Alteon Layer4 Switch를 사용 Router와 Cyber Trading Server의 Load 재분배 - 적용구성도 Private Network Internet Network Switch DMS, Web Server 본사 LAN SLB RLB DMZ F/W 1 Active Switch F/W 2 Internet Switching HUB Stand-by Switch Router1 Router2
25 Layer 4 스위치 해외 구축 사례 ▶ ISPs/Web Hosters/Portals- Yahoo, WebTV, EDS, Digex, ANS, TCG CerfNet, Concentric, Netcom, Rogers, Verio, Bell South.Net, Sandpiper Travelogix, DataReturn, First Net, OneNet, Dacom(Korea), Pacific Internet(Singapore), Sing Net(Singapore) Cyber Net(Singapore), Telstra(Australia), Pacific Access(Australia), Shanghai Online(Chine), StarInternet (Hong Kong), Hong Kong Telecom, Cable & Wireless(UK), British Telecom, Radio Online Berlin, Teleglove JavaNet, France Telecom 외... ▶ Academic/Research - Brookhaven National Lab, Christopher Newport University, Chemnitz University, Wide Project(Japan), CREN (Switzerland), University of Ryuku(Japan) 외... ▶ Hardware/Software Mfg - Portal Software, Qualcomm 외... ▶ Entertainment/Broadcast/Video - IMIS(UK), Matsushita computer 외...
26 L4 스위치 하드웨어 아키텍처 구조
27 Layer 4 스위치 전면부 1- 100 or Gigabit Ethernet uplink on Port 9Selectable 8 x 10/100 or 1000SX Ethernet ports or Gigabit Ethernet uplink on Port 9 AC and DC power available Data Link Active Alteon 180e 6 LEDs/port Console port
28 Alteon Web Switch 180e 내부 구조RISC RISC Management Module 8 Gbps Switch Backplane Memory Flash RISC Fwd Engine RISC Fwd Engine RISC Fwd Engine ... Switch Ports RISC RISC RISC WebIC WebIC WebIC Memory Memory Memory Distributed processing with dedicated RISC processors on every data path WebIC ASIC: 하드웨어를 지원하는 forwarding engine과 속도와 유동성을 위해 각 포트마다 두개의 RISC 프로세서가 있음 management, routing update, server와 site monitoring, data path 전용의 Processing을 포함한 중앙기능 들을 위해 processor를 분리 Processing의 집적과 멀티서비스세션의 스위칭을 위해 최적화
29 Virtual Matrix Architecture (VMA)Client CPU CPU CPU CPU CPU CPU CPU SA_1 DA_X SA_1 DA_X SA_2 DA_Y SA_3 DA_X DA_X, SA_3, RIP_A DA_X, SA_1, RIP_A DA_Y, SA_2, RIP_B DA_X, SA_1, RIP_A Unattached port Server Server Performance of distributed architecture with centralized architecture’s resource utilization CPUs at all ports actively share L4-7 processing load Each ingress packet hashed to one of 8 ports for L4-7 processing Hashing algorithm ensures even distribution of Internet traffic Packets in same session always hashed to the same CPU VMA? All Port의 CPU와 Memory를 공유하는 개념. This slide builds: First our architecture appears: Some people criticize our architecture, in that in an assymmetric topology, only two of our processors and their associated memory are utilized.
30 L4 스위치 기본 설정
31 Switch Basics The switch is a Layer 2 device with Layer 3 functionality All Layer 4 to 7 features are off by default Allows for a single instance of Spanning Tree Supports 10/100/1000Mbps Ethernet Supports Telnet, SSH and CLI Boots in 10 seconds!! L4스위치의 간단한 소개
32 Console Connection Requires standard DB9 cable with male connectionStandard connection 9600 baud 8 data bits No parity bit 1 stop bit No flow control Hyperterminal or any other terminal emulator Console Cable은 Cisco Console도 맞는다.
33 Upgrading Switch Code Two software images plus boot imageUpgrading procedure Option 1 - Download image from tftp server to switch Option 2 – Load image via serial download(33,6k, 56k) /boot menu gtimg – downloads new image via TFTP Where to put image
34 Setting the Switch Configuration BlockTwo user configuration blocks or a factory configuration /boot/conf command active backup factory /boot/conf 에서 Next booting시 적용될 config 블록을 지정. TFTP를 이용한 Config 붓기/백업 : /c/gtcfg(붓기), ptcfg(백업)를 이용함. 복사&붙여넣기를 이용한 config방법 : Global command인 ‘verbose 0, 2’
35 Setting Telnet Telnet capabilities Enable/disable telnet/cfg/sys/tnet
36 Switch Timeout Switch CLI session timeout1 to 60 minutes Default set to 5 minutes /cfg/sys/idle
37 Setting Switch Date and Time/cfg/sys/date
38 Port Configurations Configure individual physical switch ports/cfg/port
39 IP Interfaces Switch supports 256 IP InterfacesSwitch supports 246 Vlans The interfaces are logical and are associated with Vlans Vlans are in turn associated with Physical ports Each port can support 246 Vlans by using Vlan Tagging All IP interfaces can be on different subnets all in the same Vlan Interfaces need to be enabled in order to become active 동일한 Vlan내에서 여러 개의 서브넷이 존재할 수 있음. Ver10.x 이후부터는 PVST가능함.
40 IP Interfaces AD3/4 and 180e/184 VLAN's 246 IP I/F's 256Routing Protocols RIP I, BGP Lite (up to 4 peers) Routes 1K Static Routes 64 (128) ARP Cache 4K STP Domains 1 (8) MAC Addresses 2K Vlan Range는 1~4094이며, 총 246개를 설정할 수 있다. ARP cache is also used as a Route cache. Should add Local Nets to stop ARP cache getting full. (/c/ip/frwd/local/add x.x.x.x)
41 Changing Password Default Password is adminTo change a user level password Administrator access to switch with admin password /cfg/sys/user menu then select user to change admpw l4apw usrpw sopw l4opw opw sapw By default, user & admin 만 Active되어 있음.
42 Switch Administration Security Protectionuser Generic switch access to view switch statistics and status information Default - user slboper Operator that manages web servers and other Internet services and their loads l4oper Operator that manages traffic on the lines leading to the Internet services oper Operator that manages all functions of the switch and is permitted to reset ports or the entire switch
43 Switch Administration Security Protectionslbadmin Administrator that configures and manages web servers and other Internet services and their loads l4admin Administrator that configures and manages the traffic on the lines leading to the shares Internet services Default - l4admin admin The Superuser Administrator that has access to all of the switch's management and configuration features Default - admin Password determines user level
44 Setting Up a Syslog Configure up to two hosts to capture syslog messages /cfg/sys/syslog/host
45 Setting Up SNMP Allows for the switch to support SNMP network management /cfg/snmp menu System name, system location, contact information (64 characters each) Read/write community strings (32 characters) IP address of up to 2 hosts to receive system traps (allows for community string access) /cfg/sys/snmp menu Current SNMP access: disabled Enter new SNMP access (disabled/read-only/read-write) [d/r/w]: Hostname만들기 : /c/snmp/name ‘xxxx’ 후 /c/sys/hpromt en.
46 Command Line Basics / Move back to Main menu ..Move back one menu level . Show menu for current context apply Makes changes active in volatile RAM save Save changes to non-volatile Active Flash bank. diff [flash] View un-applied [applied but un-saved] changes revert [apply] Revert un-applied [applied but not saved] changes
47 Useful Reference Material/info/link View physical port Link state /info/vrrp Show VRRP information /info/ip Show IP Interface Information /info/route/dump Dump the routing table /info/slb/dump Show SLB state and information /info/slb/sess/
48 Useful Reference MaterialGlossary Service Part of a Virtual Server which associates a TCP or UDP port and Group to be load balanced Virtual Server Comprises of a VIP and up to 8 services. Up to 256 Virtual Servers per switch VIP (Virtual IP Address) Destination IP to load balance service requests from clients Real [server] A physical server - May have more than 1 RIP bound to it RIP (Real IP Address) IP address on a Real server - Up to 256 (4096) RIP per switch Virtual Server란? Real Server를 대신한 가상의 서버를 말함. /cfg/slb/group 141 add 141 add 142 add 143 add 144 /cfg/slb/group 142 /cfg/slb/virt 141 ena vip DNS에 의해 외부로 알려진 IP /cfg/slb/virt 141/service http group 141 /cfg/slb/virt 141/service 8080 group 142
49 Server Load Balancing
50 Server Load Balancing Internet Traffic comes into a Virtual IP address which is resolved via DNS The VIP (Virtual IP Address) is associated with a Group of Real Servers The Alteon load balances the requests to the Real Servers Request forwarding is determined using an algorithm to establish the load on each Real Server Health checks are used to determine Real Server responsiveness and availability VIP Virtual Web Site VIP에 대한 Client’s Request > CPR > Metric에 의한 Load Balancing과 주기적인 Health Check > SPR의 간단한 설명. Traffic from the Internet is intercepted by the Alteon on a Virtual IP address. This VIP is registered on the DNS server for the web address. The VIP is attached to a group of Real Servers, each assigned a Real IP address. The Alteon then forwards the traffic to one of the Real Servers to be processed and returned to the customer across the Internet. The determination of which Real Server is made by the Alteon using an algorithm to establish the load on each Real Server. The Alteon also keeps track of the Servers by doing health checks to see if the server can still reply to traffic. Servers
51 Server Load Balancing Real Servers GroupsCan have Public or Private IP Addresses Must run a TCP/UDP service Up to 1024 Real Servers can be configured (Version 10) Must Belong to a Group but can be a member of multiple Groups Can be gracefully enabled or disabled from Groups on the fly Can have maximum connections and timeout values assigned Groups Support of up to 256 Groups A Group can support 1024 Real Servers Requires a Health Check metric Requires a Load Balancing Metric
52 Server Load Balancing Virtual IP Address (VIP)Also called Virtual Server Up to 256 VIPs can be configured Each VIP must have at least one service (TCP/UDP port such as HTTP, HTTPS, FTP etc.) associated with it Must have a Group associated with each service Each VIP can support 8 Services Support Port Mapping from any Vport to any Rport – up to 16 Command를 적어 놓고 내용을 설명. 1vip=8service가능;동일한 real server에 대해 group명을 달리지정, vip하단에 servic/지정 및 group 지정. /c/slb/real 10 en rip /c/slb/real 20 rip /c/slb/group 10 add 10 add 20 /c/slb/group 20 /c/slb/virt 10 ena vip /c/slb/virt 10/service http group 10 /c/slb/virt 10/service https group 20
53 Server Load Balancing Client / Server processingChanges DIP from VIP to Real server IP and vice-versa Client processing also creates session binding entry based on client SIP and Sport SIP DIP DMAC = V-MAC SIP DIP DMAC = R-MAC Server Client VIP SIP DIP DMAC = DGW-MAC SIP DMAC = C-MAC Server processing Client processing
54 Server Load Balancing Client processing MAC IP TCP ClientVmac Cmac B62A CIP VIP 037A 2155 80 Client Vmac Cmac B62A CIP VIP 037A 2155 80 Alteon Switch Rmac 48A0 RIP C107 Rmac Cmac 48A0 CIP RIP C107 2155 80 Real Server TCP IP MAC Dst MAC Src MAC IP Checksum Src IP Address Dst IP Address TCP Checksum Src Port Dst Port 흐름도를 칠판에 그리고 ‘CPR’이 일어나는 조건 설명. TCP Dst Port는 Port Mapping이 있을 경우 바뀔 수 있음. •A Session ID is the combination of the client’s IP address and TCP client port number. The switch uses the Session ID to record current client requests in its internal tables.•Since the client points to services using a Virtual IP (VIP) address, and the real servers each have their own real IP address, one of the key functions of a web switch is Session ID Substitution. •The destination IP address of packets sent from the client is the virtual IP (VIP). At the Layer 2 level, the VIP is associated with a MAC address, which we call the v_mac. Depending on implementation, each VIP may have a unique v_mac, or several can share the same v_mac. •The destination MAC address of the packet sent by the client is either the v_mac, if the client and web switch are on the same LAN, or the MAC address of a router which can forward the packet towards the web switch’s LAN. One way or another, a packet arrives a the web switch with destination IP address equal to VIP and destination MAC address equal to v_mac. •Through processes discussed below, the web switch makes a decision of which real IP (RIP) to send the packet to. As the packet passes through the web switch, the destination IP address is changed to RIP, the destination MAC address is changed to r_mac, the IP and TCP/UDP Checksums are adjusted, and (if port mapping is configured), the destination port number is changed.
55 Server Load Balancing Server processing MAC IP TCP ClientCmac Vmac 644B VIP CIP 761A 80 2155 Client Cmac Vmac 644B VIP CIP 761A 80 2155 Alteon Switch Rmac 823F RIP 0A15 Cmac Rmac 823F RIP CIP 0A15 80 2155 Real Server TCP IP MAC Dst MAC Src MAC IP Checksum Src IP Address Dst IP Address TCP Checksum Src Port Dst Port In the opposite direction, the real server IP (RIP) transmits packets with destination IP address of the client and destination MAC address of the client (or whatever router is being used to get to the client). The web switch must determine whether packets arriving at server ports are associated with virtual services or native communication between end stations. The web switch makes that determination based upon the following rules: If a service identifier (SID) has been recorded for the source IP/source port combination, the packet is associated with a virtual service. If the source IP corresponds to a configured real server (RIP) address, and the packet is a fragmented UDP packet, the packet is assumed to be associated with a virtual service if UDP has been activated for the VIP the real server serves. Note that this rule and the next one imply a configuration limitation a fragmenting real server cannot be configured to support services associated with two different VIPs. If the source IP corresponds to a configured real server address, and the packet is a fragmented TCP packet, the packet is assumed to be associated with a virtual service if any TCP service has been activated for the VIP the real server serves. If, based upon the above rules, the packet arriving at the server port is deemed to be associated with a virtual service, the web switch changes the source IP address to the VIP, modifies the destination port number (if port mapping is configured), and adjusts the IP and TCP/UDP checksums. All other traffic is switched using Layer 2 processes. 흐름도를 칠판에 그리고 SPR이 일어나는 조건 설명 Review of SLB server-to-client traffic flow Server to client frames use DIP = CIP, SIP = RIP Client expects to see frames coming from VIP, not RIP Translation done at server port but binding information stored at client port(DAM은 예외) Server port translates SIP from RIP to VIP for all frames using load balanced services when SIP = RIP
56 Load Balancing MetricsUsed to determine which server/service should receive the inbound traffic Granularity from IP Address to Cookies/URL, URI and HTTP Headers Decision is made during Client processing Group configuration item for Layer 4 function VIP and Filter configuration item for Layer 7 functions Input Traffic을 1Group내의 Real Server들에게 어떤 방식으로 Load를 분배하느냐의 기준.
57 Load Balancing MetricsLoad Based or Persistent Based Load Based: Round Robin / Weighted Round Robin Least Connections / Weighted Least Connections Response Time Bandwidth Persistent Based Hash : Weight has no effect, and Maxconn is supported Minimum Misses SSL ID Cookie Weighted RR? A(1),B(2),C(1)에서 A(1/4),B(1/2),C(1/4)의 분량만큼 서버들은 Client의 Request를 수신함. Hash의 참조 IP : SLB=source IP, FLB=source+destination IP, WCR=destination IP를 보고 Hash함.
58 Health Checks Health check types are: Note: ICMPTCP - 3 way handshake on configured Service port Content - HTTP Application specific – Radius, SSL, POP, DNS etc. Scripted – send sequence, expected response Note: If you put all Services on a Real server into one Group and one service fails, all services in that Group will be marked Failed or Blocked It is therefore recommended that Services are put into different Groups when adding more than 1 service per Real server Note에 대한 설명-Health Check는 Group단위. /c/slb/group 10 add 1 add 2 /c/slb/virt 10 ena vip /c/slb/virt 10/service http group 10 /c/slb/virt 10/service https /c/slb/group 11 group 11
59 Server Load Balancing All configuration happens under the /cfg/slb/ menu Steps: Turn on SLB Set up Real Servers Set up Groups Configure VIP with required services Enable correct processing (client/servers) is on for ports /c/slb on /c/slb/real 1 ena rip /c/slb/real 2 rip /c/slb/group 1 metric leastconn health http add 1 add 2 /c/slb/port 1 client ena /c/slb/port 7 server ena /c/slb/port 8 /c/slb/virt 100 vip /c/slb/virt 100/service 80 group 1
60 Server Load Balancing TroubleshootingIs SLB enabled Are the Reals enabled Is the Virt enabled Are the Groups associated with the correct Service Use the /info or /stat menus to get SLB information /info/slb/dump, /info/slb/sess/cip,dip, /stats/slb/group x, /stas/slb/virt x Active-Active, Active-Standby, Vrrp’s Master Backup, Share en/dis의 영향력 및 정확한 동작방법의 이해 필요.
61 질의/응답
62