Objectives

Understand SLB frame flow & Client/Server

processing

Understand the different

load balancing algorithms

Understand server health checks

Alteon SLB Terminology

Real Server – Actual server connecting to (Must be enabled)

Real IP (RIP) – Real server IP Address

Group – Group of real servers for load balancing (Doesn’t need to be

enabled)

Virtual Server – All client requests are forwarded to the virtual server

defined on the Alteon

Virtual IP (VIP) – IP address of the virtual server on the Alteon

Metrics – Used to select which real server in a group receives the client

request

Weights – Bias load balancing to give the fastest real servers a larger

share of connections

IP Communication

L2 Header

–

MAC Source Address

–

MAC Destination Address

–

Checksum

IP Header

–

IP Source Address

–

IP Destination Address

–

Checksum

TCP Header

–

Source Port

–

Destination Port

–

Checksum

Session ID

–

IP Source Address

Layer

2 Source MAC Source MAC Destination MAC VIP MAC

Layer

3 Source IP Client IP Destination IP VIP

Checksum B35C

Layer

4 Source Port 2165 Destination Port 80

The Life of an HTTP Request

IPDA 192.168.13.10: SYN ACK-ACK, TCP Port 80 IPDA 192.168.13.10: SYN ACK-ACK, TCP Port 80 Client

Client Client Site DNS _Server

Client Site DNS Server DNS Lookup for: www.appswitch.com

DNS Lookup for: www.appswitch.com

DNS response with: 192.168.13.10 DNS response with: 192.168.13.10

Client Client

Web Server Web Server IPDA 192.168.13.10: TCP SYN, Dest TCP Port 80

IPDA 192.168.13.10: TCP SYN, Dest TCP Port 80

IPDA (client) : TCP SYN-ACK IPDA (client) : TCP SYN-ACK

IPDA 192.168.13.10: HTTP GET (url), TCP Port 80 IPDA 192.168.13.10: HTTP GET (url), TCP Port 80

IPDA (client) : GET RESPONSE (data) IPDA (client) : GET RESPONSE (data)

IPDA 192.168.13.10:TCP FIN, Dest TCP Port 80 IPDA 192.168.13.10:TCP FIN, Dest TCP Port 80

Basic Frame Flow Process

DNS

www.appswitch.com ~ 192.100.13.10 Network Manager

(2) Switch selects best server based on policy.

(3) Response is sent to client via switch.

VIP 192.100.13.10 Port 80

10.10.10.1

10.10.10.2

10.10.10.3 (1) DNS resolves

incoming request to switch.

client proc.

VIP

10.10.10.1

10.10.10.2

10.10.10.3 Client: 1.2.3.4:2000

VIP 192.100.13.10

Proper Routing

VIP 192.100.13.10

10.10.10.1

10.10.10.2

10.10.10.3 10.10.10.0/24

192.100.13.1/28

Ensure proper routing

Accessing the VIP

DNS

www.appswitch.com ~ 192.100.13.10 Network Manager

10.10.10.1

10.10.10.2

10.10.10.3

Access virtual-server IP-address/service

Client: 1.2.3.4:2000

DestIP: 192.100.13.10:80

Detect Request

10.10.10.1

10.10.10.2

10.10.10.3

Detect request to virtual-server IP-address/service

Client: 1.2.3.4:2000

DestIP: 192.100.13.10:80

SrcIP : 1.2.3.4:2000

DestIP: 192.100.13.10:80

VIP 192.100.13.10 Port 80

Is request already served?

10.10.10.1

10.10.10.2

10.10.10.3

Is current request already served?

Client: 1.2.3.4:2000 _{client process}

VIP 192.100.13.10 Port 80

Connection

Table

Yes, Request Already Served

10.10.10.1

10.10.10.2

10.10.10.3

Is current request already served? Yes, send to servers.

Client: 1.2.3.4:2000

Connection Table

Source

client-IP:port

Dest

.

VIP: service-port

LoadB

.

Rserver:listen-port

Protocol

client process

No, Do Load Balancing

Is current request already served? No, do load balancing

10.10.10.1

10.10.10.2

10.10.10.3

Client: 1.2.3.4:2000 _{client process}

VIP 192.100.13.10 Port 80

Connection

Table

Connection Table

Source client-IP:port

Dest.

VIP: service-port

LoadB. Rserver:listen-port

Protocol

Send Request to Real Server

10.10.10.1

10.10.10.2

10.10.10.3

Send request to real-server

Client: 1.2.3.4:2000

SrcIP: 1.2.3.4:2000 DestIP: 10.10.10.3:80 client process

Real Server Responds

10.10.10.1

10.10.10.2

10.10.10.3

Real-server responds

server process

Client: 1.2.3.4:2000

VIP 192.100.13.10 Port 80

SrcIP:10.10.10.3:80 DestIP: 1.2.3.4:2000

Service Map Table

VIP - Real-server 1

…

VIP - Real-server x

Connection Table

NAT Real to Virtual IP

10.10.10.1

10.10.10.2

10.10.10.3

NAT real to virtual IP

server process

Client: 1.2.3.4:2000

SrcIP:192.100.13.10:80 DestIP: 1.2.3.4:2000

VIP 192.100.13.10 Port 80

SrcIP:10.10.10.3:80 DestIP: 1.2.3.4:2000

Service Map Table

VIP - Real-server 1

…

VIP - Real-server x

Connection Table

Client Processing

Src MAC

Src IP Address Dst IP Address

Src Port Dst Port

CIP

Application Switch

rip_mac

Real Server

Client processing is enabled on a per-port basis under /cfg/slb/port #/client ena.

Client-to-Server Traffic

Recognize received SYN packet addressed to a VIP (TCP

connection request).

•

_{Is session table entry present?}

•

_{If no entry, do slb.}

•

_{Bind session and create session ID entry.}

•

_{IP address substitution based on Session ID}

Recognize successive packets associated with the same

session and send to the same real server.

Unbind upon reception of a FIN packet or time-out.

Server Processing

Src IP Address Dst IP Address

Src Port Dst Port

VIP

Application Switch

rip_mac

Real Server

Server processing is enabled on a per-port basis under /cfg/slb/port #/server ena.

Server-to-Client Traffic

All packets must be “watched.”

Determine whether arriving packets are

associated with virtual services or native

communications.

Implement Source IP/s-port substitution if

the packet is associated with a virtual

service.

Use service map table

Appdirector to Alteon Dictionary

Port Multiplexing

= Rport

 

Session Table Mode "entry per

session"

= DAM (Direct Access Mode)

Backup Server

=

Service Group

Backup

 

1 to 1 BS  

= Real Server Backup  

Layer 4 policy

~ Combination of VIP + Service

Client Aging Time

= Ptimer (Persistency Timer)

Transparent LB (CID/SF)

= Filtering (action: redirect)

Application Server Support (spoof

SIP)

=

RTS (Return to

Sender)

 

Thank You!