introduction to serveriron adx application switching and ... · introduction to serveriron adx...
Post on 19-Jul-2018
238 Views
Preview:
TRANSCRIPT
Introduction to ServerIron ADX Application
Switching and Load Balancing
Module 7: Global Server Load Balancing (GSLB)
Revision 0310
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 2
Objectives
Upon completion of this module, the student will:
– Be able to understand the need for a GSLB
– Be able to define the GSLB policy
– Setup the ServerIron ADX as a DNS proxy
– Configure GSLB and Site information
– Define and use GSLB affinity settings
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 3
How Does Global Server Load Balancing Work
GSLB ServerIron ADX adds intelligence to authoritative DNS
– evaluates IP address
– best host for client is on placed on top of the returned DNS list
– sets DNS TTL – Local DNS has most current information
GLSB ServerIron ADX gathers information from Site/Remote
ServerIron ADXs:
– Local VIPs
– Session table statistics and CPU load
– Round Trip Time (RTT) between client and remote site
(Client’s TCP SYN and Client’s TCP ACK)
GSLB uses proprietary communication between Sites
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 4
Domain Name Server (DNS)
Defines a naming scheme for the Internet domain
Translates names into an IP address
Implemented as a distributed database
DNS names are constructed hierarchically
– sunc.scit.wlv.ac.uk
– www.brocade.com
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 5
DNS Hierarchical Structure 75_DNS_structure.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 6
Distributed Domain Database 75_Dist_Domain_DB.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 7
A Record (Address Record)
root@linux:~> dig www.brocade.com
;; QUESTION SECTION:
;www.brocade.com. IN A
;; ANSWER SECTION:
www.brocade.com. 3600 IN A 63.236.63.244
;; AUTHORITY SECTION:
brocade.com. 3600 IN NS ns1.sfj.pnap.net.
brocade.com. 3600 IN NS ns1.brocade.com.
brocade.com. 3600 IN NS ns2.sfj.pnap.net.
brocade.com. 3600 IN NS ns2.brocade.com.
;; ADDITIONAL SECTION:
ns1.sfj.pnap.net. 41909 IN A 216.52.1.1
ns1.brocade.com. 3600 IN A 63.251.100.12
ns2.sfj.pnap.net. 41909 IN A 216.52.1.33
<<truncated>>
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 8
Two types:
– Recursive - get me the best answer (most common)
• Example shown below
– Iterative - give me the answer or the next hop
DNS Request Types 75_DNS_requestTypes.png
www.example.brocade.com
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 9
Global Server Load Balancing (GSLB) Overview
GSLB operations:
Modes - [non] transparent, cache
Proxy DNS (Authoritative address is a VIP[s])
– GSLB ADX does contain an DNS server
– Provides caching and the ability to respond to A records
Two components in a GSLB configuration:
– GSLB ServerIron ADX “Front-ends” an authoritative DNS server(s)
– Remote sites can include a ServerIron ADX and a real server
Geographically separated authoritative DNSs can be front-ended
by two GSLBs or by one GSLB with Source-NAT
GSLB protocol is used to communicate between a GSLB ADX and
a remote ADX. (TCP port 182)
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 10
GSLB Features
Leverages existing DNS servers
Minimal disruption to existing network environment
Measures proximity to actual customers in the most accurate
manner
Ability to tolerate failures after DNS lookup is complete
Implemented on highest performing traffic management switch
Provides the most comprehensive global server load balancing with
or without using DNS
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 11
GSLB Example
Appear as one web site
to clients
Directs a client to the
nearest server for fastest
content delivery
Directs a client to the
best alternate server in
case of server outage
Provide transparent
backup in case of natural
disasters, power outages
SLB and GSLB
operations be single box
75_GSLB_example1.png
75_GSLB_example2.png
75_GSLB_example3.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 12
Just round-robin –
inefficient load balancing
Local DNS caches responses –
clients maybe sent to dead servers
No server health checks –
clients directed to dead servers
No proximity awareness –
clients can be sent to farthest server
DNS limitations (no GSLB) 75_DNS_limitations1.png
75_DNS_limitations2.png
75_DNS_limitations3.png
75_DNS_limitations4.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 13
HTTP Redirect limitations (no GSLB)
Works only for HTTP traffic
Requires different host names for each site
Could be redirected to an inoperable server
75_http_redirect_limitations.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 14
ServerIron ADX GSLB Direction to Functional Site 75_ADX_GSLB.png
Approach:
– Directs client to optimal site
– Front-end the authoritative DNS Server
– Transparently modify the DNS
response based on server and
application availability
– Authoritative DNS server can be
located remotely
Results in:
– Leveraging existing DNS servers
– Easy to configure and manage
– Minimal disruption to existing DNS
servers
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 15
Site Selection Criteria
Default evaluation order:
1. Server Health
2. ServerIron ADX session capacity threshold
3. Round Trip Time between the remote ServerIron ADX
and the DNS client
4. The geographic location of the server
5. ServerIron ADX available session capacity
6. FlashBack speed
7. Least Response selection / Round Robin
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 16
1. Server Health
Client opens browser and requests www.brocade.com
Authoritative DNS passes a Round Robin response with 3 addresses through the GSLB ADX
ADX sends health checks based on application port to each of these addresses
75_1_serverHealth1.png
75_1_serverHealth2.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 17
GSLB ServerIron ADX gathers session info using GSLB Protocol with the remote ServerIron ADXs.
ServerIron ADX(config)# show gslb site
ServerIronTE: sunnyvale
ServerIron slb-1 209.157.22.209
State: CONNECTION ESTABLISHED
Current num. Session CPU load Location
Sessions Util% (%)
500000 50 35 N-AM
Virtual IPs: 209.157.22.227(A)
ServerIron ADX(config)# Show gslb site
ServerIronTE: Tokyo
ServerIron slb-1 209.157.22.111
State: CONNECTION ESTABLISHED
Current num. Session CPU load Location
Sessions Util% (%)
750000 75 41 N-AM
Virtual IPs: 209.157.22.227(A)
2. Session Capacity Threshold
The GSLB learns from each remote
ServerIron ADX shows the maximum
number of sessions and the number of
available session via GSLB
Default Session Capacity Threshold:
90%. i.e. If the current number of
sessions has not reached 90% of the
supported total, the site is eligible for
being selected as the “best” site
75_SessionCapacityThreshold.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 18
3. Round-Trip Time (RTT)
A site is favored by GSLB only if the RTT difference is more than 10% (default).
75_3_RTT.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 19
4. Geographic Location of the Server
IP Addresses are allocated in blocks to
different continents
Based on the client IP address, ServerIron
ADX picks the web site ensuring that
requests stay in continental domains
This approach cannot differentiate IP
addresses within a continent
75_4_geoLocation_ofServer.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 20
ServerIron ADX(config)# show gslb site
ServerIronTE: Tokyo
ServerIron slb-1 209.157.22.111
State: CONNECTION ESTABLISHED
Current num. Session CPU load Location
Sessions Util% (%)
800000 75 41 N-AM
Virtual IPs: 209.157.22.227(A)
5. Available Session Capacity
10% Capacity tolerance by default – The first ServerIron ADX is preferred over the second ServerIron
ADX because the difference (200,000) is greater than 10% of 1 million.
– If another ServerIron ADX with 900,000 sessions was available, it would be equally preferable with the first ServerIron ADX because 10% difference is less that threshold.
ServerIron ADX(config)# show gslb site
ServerIronTE: sunnyvale
ServerIron slb-1 209.157.22.209
State: CONNECTION ESTABLISHED
Current num. Session CPU load Location
Sessions Util% %)
1000000 50 35 N-AM
Virtual IPs: 209.157.22.227(A)
75_AvailableSessionCapacity.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 21
6. FlashBack
FlashBack measures the roundtrip time between the
ServerIron ADX in front of authoritative DNS and each
other site (Basically, the Health Check Time)
FlashBack serves as a starting point for network
responsiveness and proximity information
Uses tolerance value when comparing FlashBack
speeds.
10% difference by default
75_6_flashBack1.png
75_6_flashBack2.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 22
7a. Least Response Selection (Default)
75_leastResponseSelection.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 23
7b. Round Robin Selection 75_RoundRobinSelection.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 24
GSLB Affinity
Allows preference of one site over all others as long as the server
is HEALTHY
Other sites used for backup
IP address based
– Preference affinity - affinity definition associated with client’s IP
address - prefix (144.10.0.0/16)
– Configured default affinity - 0.0.0.0/0
Up to 50 affinities
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 25
Site ServerIron ADX – Affinity Configuration
ServerIron ADX(config)# gslb affinity
ServerIron ADX(config-gslb-affinity)# prefer denver slb-1 for 0.0.0.0/0
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# preference
Prefer Denver over all other sites
Turns on policy
75_affinityConfig.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 26
Site ServerIron ADX – Affinity (Cont.)
Always prefer Denver for prefixes = 144.10.0.0/16
Always prefer London for prefixes = 144.20.0.0/16
(Disabled by default)
75_affinityConfig2.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 27
GSLB Administrative Preference
The administrative preference allows the following:
– Temporarily change the preference of a site to accommodate changing
network conditions
– Temporarily disqualify a site ServerIron ADX from being selected,
without otherwise changing the site’s configuration or the GSLB
ServerIron ADX’s configuration
– Bias a GSLB ServerIron ADX that is also configured as a site
ServerIron ADX (for locally configured VIPs) to always favor itself as
the best site
Syntax: [no] si-name [<name>] <ip-addr> [<preference>]
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 28
show gslb default / show gslb policy
SW-ServerIron ADX_A(config)# show gslb policy
Default metric order: ENABLE
Metric processing order:
1-Server health check
2-Remote ServerIron's session capacity threshold
3-Round trip time between remote ServerIron and client
4-Geographic location
5-Remote ServerIron's available session capacity
6-Server flashback speed
7-Least response selection
DNS active-only: DISABLE DNS best-only: DISABLE DNS override: DISABLE
DNS cache-proxy: DISABLE DNS transparent-intercept: DISABLE
DNS cname-detect: DISABLE Modify DNS response TTL: ENABLE
DNS TTL: 10 (sec), DNS check interval: 30 (sec)
Remote ServerIron status update period: 30 (sec)
Session capacity threshold: 90% Session availability tolerance: 10%
Round trip time tolerance: 10%, round trip time explore percentage: 5%
Round trip time cache prefix: 20, round trip time cache interval: 120 (sec)
Flashback appl-level delay tolerance: 10%, TCP-level delay tolerance: 10%
Connection load: DISABLE
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 29
GSLB ServerIron ADX Configuration Steps
1. Add real server definitions
2. Add VIP
3. Identify the sites
4. Identify the ServerIron ADXs at the site
5. Identity the DNS zones
6. Identify the host applications with each host
7. Add a source-ip address
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 30
Configuration Example (1 of 3) 75_ConfigExample.png
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 31
Configure DNS Proxy Parameters
– Configure a source IP address The source IP address is required so
that the GSLB ServerIron ADX can perform Health Checks on remote
devices
Add a real-server definition for the DNS
Add a VIP for the DNS and bind the real server and virtual server.
ServerIron_SanJose(config)# server source-ip 209.157.23.225 255.255.255.0 0.0.0.0
ServerIron_SanJose(config)# server real-name dns_ns 209.157.23.46
ServerIron_SanJose(config-rs-dns_ns)# port dns proxy
ServerIron_SanJose(config)# server virtual-name dns-proxy 209.157.23.87
ServerIron_SanJose(config-vs-dns-proxy)# bind dns dns_ns dns
Configuration Example (2 of 3)
This Real Address is one of
the actual Name Servers This VIP is what the “world” thinks
is the Auth. Name Server
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 32
Configuration Example (3 of 3)
Configure Site Parameters
– Specify the sites and the ServerIron ADXs within the site
Configure Zone Parameters
– Specify the Zones and the host names within the zones
ServerIron ADX(config)# gslb site sunnyvale
ServerIron ADX(config-gslb-site-sunnyvale)# si-name slb-1 209.157.22.209
ServerIron ADX(config-gslb-site-sunnyvale)# si-name slb-2 209.157.22.210
ServerIron ADX(config)# gslb site Tokyo
ServerIron ADX(config-gslb-site-Tokyo)# si-name slb-1 192.108.22.111
ServerIron ADX(config-gslb-site-Tokyo)# si-name slb-2 192.108.22.112
ServerIron ADX(config)# gslb dns zone-name brocade.com
ServerIron ADX(config-gslb-dns-brocade.com)# host-info www http
ServerIron ADX(config-gslb-dns-brocade.com)# host-info ftp ftp
Site
Parameters
Zone
Parameters
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 33
show gslb site (1 of 2)
ServerIron ADX(config)# show gslb site
ServerIronTE: sunnyvale
ServerIron: slb-1 209.157.22.209:
state: CONNECTION ESTABLISHED
Current num. Session CPU load Preference Location
sessions util(%) (%)
500000 50 35 128 N-AM
Virtual IPs:
209.157.22.227(A) 209.157.22.103(A)
ServerIron: slb-2 209.157.22.210:
state: CONNECTION ESTABLISHED
Current num. Session CPU load Preference Location
sessions util(%) (%)
1 0 16 128 N-AM
Virtual IPs:
209.157.22.227(S)
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 34
show gslb dns zone
ServerIron ADX# show gslb dns zone
ZONE: b.c
HOST: a:
Flashback DNS resp.
delay selection
(x100us)
counters
TCP APP Count (%)
* 4.4.4.11: dns v-ip DOWN N-AM -- -- 6 (26%)
* 1.1.1.11: dns v-ip ACTIVE N-AM 0 0 6 (26%)
* 2.2.2.11: dns v-ip DOWN N-AM -- -- 6 (26%)
* 3.3.3.11: dns real-ip DOWN N-AM -- -- 5 (21%)
IP addresses associated with a host name in a DNS Reply. These are the
servers that contain the content for the host.
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 35
show gslb dns detail
ServerIron ADX(config)# show gslb dns detail
ZONE: brocade.com
HOST: www:
Flashback DNS resp.
delay selection
(x100us) percentage
TCP APP (%)
* 209.157.22.227: dns v-ip ACTIVE N-AM. 6 60 40
site: sunnyvale, ServerIron: slb-1 (209.157.22.209)
session util: 0%, avail. sessions: 524287
preference: 128
HOST: ftp:
Flashback DNS resp.
delay selection
(x100us) percentage
TCP APP (%)
* 209.157.22.103: dns v-ip ACTIVE N-AM. 6 60 40
site: sunnyvale, ServerIron: slb-2 (209.157.22.210)
session util: 7%, avail. sessions: 414287
preference: 128
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 36
Remote Show - rshow
SW-GSLB(config)# rshow 133.100.10.2 server real
Requesting real server 133.100.10.2....
Type Control-c to abort
Real Servers Info
========================
State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,
UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete
Name : rs1 Mac-addr: 0010.e000.f518
IP:10.10.10.202 Range:1 State:Active Wt:0 Max-conn:1000000
Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- ------- ------- ------- ------- -------- -------- ----
http ACT 0 0 2 240 153 293814 17852 0
default UNB 0 0 0 0 0 0 0 0
Server Total 0 2 240 153 293814 17852 0
Management address of site ServerIron ADX
GSLB
Lab 7-1
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 38
Lab 7-1: GSLB
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 39
Modifying DNS Parameters
Deleting sites that fail health checks
Retain ‘best’ address only
Verification of DNS records
Time-To-Live value
DNS override
DNS Cache Proxy
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 40
Delete Sites that Fail Health Checks
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns active-only
Syntax: [no] dns active-only
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 41
‘Best’ Address Only
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns best-only
Syntax: [no] dns best-only
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 42
Verification of DNS Records
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns check-interval 50
Syntax: [no] dns check-interval <num>
GSLB SI periodically (default 30”) sends DNS Queries to the Auth DNS
to verify Zone/Host and IP address info with the Auth. DNS server.
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 43
Time-To-Live Value
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns ttl 45
Syntax: [no] dns ttl <num>
By default, the GSLB SI resets the TTL to 10” to ensure the clients
always get the “best” site.
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 44
DNS Override (Proxy Server)
ServerIron ADX(config)# gslb dns zone brocade.com
ServerIron ADX(config-gslb-dns-brocade.com)# host www http
ServerIron ADX(config-gslb-dns-brocade.com)# host www ip-list
209.157.23.59
Syntax: host <host-name> ip-list <ip-addr...>
GSLB SI overrides the IP addresses with the IPs configured on itself
for a given host received from the Auth DNS.
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 45
Enable DNS Override
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns override
Syntax: [no] dns override
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 46
DNS Cache Proxy
ServerIron ADX(config)# gslb policy
ServerIron ADX(config-gslb-policy)# dns cache-proxy
Syntax: [no] dns cache-proxy
When DNS cache proxy is enabled, the GSLB ServerIron caches the IP
addresses for the requested domain, and responds to the client with the best
address among the ones that are cached, without forwarding the request to
the DNS server.
GSLB without a DNS server
Lab 7-2
© 2009 Brocade Communications Systems, Inc.
All Rights Reserved. 48
Lab 7-2: GSLB without a DNS server
End of Module 7: Global Server Load Balancing
(GSLB)
Revision 0310
top related