Jaycee's Networking

August 29, 2009

Redundant Network Concept

Filed under: Routing Design — Jaycee @ 5:55 pm

redundent network concept
(lecture by Tim Chung)

August 21, 2009

Routing Engine and Packet Forwarding Engine

Filed under: Junos, Routing Design — Tags: — Jaycee @ 5:15 pm

RE (Routing Engine)
PFE (Packet Forwarding Engine)
PIC (PPhysical Interface Card)
FPC (Flexible PIC Concentrator)
SCB (Switching Control Board)

RE - PFE in Juniper router

Router Design Concept

Filed under: IOS, Routing Design — Tags: , — Jaycee @ 3:58 pm
GRES (graceful Routing Engine switchover) – In a router that contains a master and a backup Routing Engine, allows the backup Routing Engine to assume mastership automatically, with no disruption of packet forwarding.
Graceful switchover — JUNOS software feature that allows a change from the primary device, such as a Routing Engine, to the backup device without interruption of packet forwarding.

(lecture by Tim Chung)

1. Basic Router and Routing:

basic-routing-01

a. R1 and R2 has routing protocol (i.e RIP or OSPF), so the computer can reach the destination server 10.0.0.1.

b. R2 is a single CPU router which is like a Linux server doing a routing job.

c. A single CPU needs to process all of the packets whichever goes through the router. If the computer is sending too many data packets through R2, then the CPU of R2 is going to be occupied by the data packets.

d. When CPU is too busy (up to 99%~100% usage) on processing the data packets, other important packets for control, such as routing protocols, SNMP, wouldn’t be processed in time which would cause routing adjacency dropped. All of the data packets would not reach the destination.

e. Thus, Cisco 2800 series can only do T1 since it’s a single RISC processor, and Juniper J-series is also single IBM CPU. They both couldn’t handle high traffic. They are both software based routers.

2. For modern routers, they have more than 1 CPU doing data packet forwarding and processing control information.

router-basic-02

a. Take Juniper router as an example, a router has 2 plane: RE and PFE. All of the data packets going through PFE and goes out.

b. PFE passes all important control packets to RE.

c. In this way, router wouldn’t drop the adjacency which wont lose the routes. Data packets can be sent to the destination.

3. For Redundancy:

router-basic-03

a. Uses fabric between RE and PFE and PIC for high traffic transmissions.

b. Uses full-mesh x-bar for PFEs.

4. For more redundancy with GRES:

router-basic-04

July 1, 2009

End-of-Row or Top-of-Rack for Server Networking in DC

Filed under: Information, IOS, Routing Design — Tags: , — Jaycee @ 2:05 pm

There are 3 primary approaches for server networking in dc environment:

1. End-of-Row:

a. When aggregating servers larger than 1U or servers with a mixed amount of interface types and densities, Catalyst 6500 Series switches are used to support one or more racks.

b. Advantage:

1) cost effective – delivering the highest level of switch and port utilization, especially when coupled with the rich set of network visualization services available in the Catalyst 6500 Series. (6500 supports a wide variety of service modules, simplifies pushing security and application networking service into the access layer.)

2) server-independent – provides maximum felxibilty to support a borad range of servers.

3) performance advantage – 2 servers exchange large volumes of information cab be placed on the same line card as opposed to card-to-card or switch-to-switch, which will be slower.

c. Disadvantage:

1) cable/patch panel cost – physical volume of the cables and the waste of the valuable rack space

2. Top-of-Rack:

a. When stacking  40 1U servers in a rack one or two, 1U Rack Switches (like the Catalyst 4948-10G) are often used to aggregate all of these servers with Gigabit Ethernet and then run a couple 10GbE links back to the aggregation switches. (In some cases, 2x 4948 switches are used for HA purpose.) (Catalyst 4948is optimized for the dc environment.)

b. Advangate:

1) simplified cable management

2) avoid rack space and cooling issues

3) avoid cooling issues of end-of-rack switching

4) fast port-to-port switching for servers within the rack

5) predictable oversubscription of the uplink ans smaller switching domains (one per rack) to aid in fault isolatio and containment

c. Disadvantage:

1) Not enough servers to fill the switch in one rack – solution: put one top-of-rack switch server in an adjacent rack to preserve the advantages of the top-of-rack switch wile increasing port utilization.

3. Integrated:

a. When using blade servers, blade switches would be deployed. Cisco Catalyst Blade Switch 3000 Series support the visualization, segmentation, and management tools needed to properly support this environment.

b. When server virtualization is in use, it can rapidly increase the complexity of the network (the number of MAC addresses, complexity of spanning tree, data pathways, etc.)

c. In some larger dc, using the pass-thru module or the balde switches where it’s aggregated into a series of rack switches.

*Most people like dual top-of-rack because servers have dual production uplinks. But they can’t really fit in 40 1U servers due to power limitation or heating problem. So they end up 3 racks using the top-of-rack switch in the middle rack and cables are going between cabinets. End-of-rack is actually designed for this situation. But placing 6500 in the middle rack would cause overheating problem. 6500 switches thus shall be placed at the end of the row.

May 12, 2009

Server Load Balancing

Filed under: Information, Load Balancing, Routing Design — Tags: , — Jaycee @ 2:12 am

A. Load Balancing:

1. DNS-Based Load Balancing (as known as DNS Round Robin):

a. Allows more than one IP to associate with a hostname

b. Domain name server looks up the domain name with one of the root servers. The root servers do not have IP info, but they know who does and report that to the user’s DNS server. The query goes out to the authoritative name server, the IP is reported back. The entire process as below:

(1) The user types the URL into the browser.
(2) The OS makes a DNS request to the configured DNS server.
(3) The DNS server sees if it has that IP address cached. If not, it makes a query to the root servers to see what DNS servers have the information.
(4) The root servers reply back with an authoritative DNS server for the requested hostname.
(5) The DNS server makes a query to the authoritative DNS server and receives a response.

c. Limitation of DNS round robin:

(1) Unpredictable traffic/load distribution

Since individual users don’t make requests to the authoritative name servers, they make requests to the name servers configured in their operating systems. Those DNS servers then make the requests to the authoritative DNS servers and cache the received information.

(2) DNS Caching

To prevent DNS servers from being hammered with requests, and to keep bandwidth utilization low, DNS servers emply quite a bit of DNS caching.

(3) Lack of fault-tolerance measures

When demand increases suddenly, more servers are required quickly. Any new server entries in DNS take a while to propagate which makes scaling a site’s capacity quicly difficult.

2. Firewall Load Balancing:

Most firewalls are CPU-based, such as a SPARC machine or an x86-based machine. Because of the processor limitations involved, the amount of throughput a firewall can handle is often limited, generally they tend to max out at around 70 to 80 Mbps of throughput.

3. Global Server Load Balancing (GSLB):

a. SLB works on LAN; GSLB works on WAN.

b. There are serveral ways to implement GSLB, such as DNS-based and BGP-based.

c. Two main reasons to implement GSLB:

(1) GSLB brings content closer to the users.
(2) GSLB provides redundancy in case any site fails.

B. Clustering vs. SLB:

1. Clustering is application-based, reserving load balancing for the network-based aspect of the technology; SLB is network-based load balancing.

2. Disadvantages of Clustering:

a. It’s tight integration between the servers.
b. special software is required
c. a vendor will most likely support a limited number of platforms
d. a limited number of protocols are supported

3. SLB:

a. It’s platform and OS neutral, so it works as long as there is a network stack.
b. It’s extremely flexible: it supports just about any network protocol, from HTTP to NFS, to Real Media, to almost any TCP- or UDP-based protocol.
c. With no interaction between the servers and a clear delineation of functions, a SLB design is very simple and elegant, as well as powerful and functional.

C. OSI model with SLB:

1. Layer 1 – physical

2. Layer 2 – Data link:

Ethernet frame consists of a header, a checksum, and a payload. Ethernet frame size has a limit of 1.5KB. Some devices support Jumbo Frames for Gigabit Ethernet, which is over 9KB.

3. Layer 3 – Network:

These device are routers, although SLB devices have router characteristics.

4. Layer 4 – Transport:

An SLB instance will involve an IP address and a TCP/UDP port.

5. Layer 5 -7 – Session, Presentation, Application:

Layers 5-7 involve URL load balancing and parsing. URL load balancing can set persistence based on the “cookie” negotiated between teh client and the server.

D. Components of SLB:

1. VIPs (Virtual IPs):

It’s the load-balancing instance. A TCP or UDP port number is associated with the VIP, such as TCP port 80 for web traffic.

2. Servers

3. Groups/Farm/Server Farm

4. User-Access Levels: Read-only, Superuser, Other levels

E. Redundancy:

Typically, 2 devices are implemented. A protocol is used by one device to check on its partner’s health. In “active/active” scenario, both devices are active and accept traffic in “active/passive”, only one device is used while the other waits in case of failure.

1. Active/Passive ( as known as Active/Standby or Master/Slave) Scenario:

2. Active/Active Scenarios:

(1) VIPs are distributed between the two LBs to share teh incoming traffic. For example, VIP 1 goes to LB A, and VIP 2 to LB B.

(2) Both VIPs answer on both LBs, but 2 LBs may not hold the same IP. For example, VIP 1 and VIP 2 both on LB A and LB B.

3. Redundancy Protocols:

a. VRRP (Virtual Router Redundancy Protocol):

(1) An open standard.
(2) Each unit in a pair sends out packets to see if the other will respond.
(3) VRRP uses UDP port 1985 and sends packets to the multicast address 225.0.0.2.
(4) VRRP requires that the two units are able to communicate with each other.

b. ESRP (Extreme Standby Router Protocol): Extreeme Networks’ proprietary.

c. HSRP (Hot Stndby Routing Protocol): Cisco proprietary.

d. GLBP (Gateway Load Balancing Protocol):

(1) Cisco proprietary.

(2) To overcome the limitations of existing redundant router protocols.

(3) GLBP allows a weighting parameter to be set. Based on this weighting, ARP requests will be answered with AMC addresses pointint to different routers. Thus, load balancing is not absed on traffic load, but the number of hosts that will use each gateway routers. By default, GLBP LBs in round-robin fashion.

GLBP elects one AVG (Active Virtual Gateway) for each group. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to it’s virtual MAC address. There could be up to four active AVFs at the same time.

By default, GLBP routers use the local multicast address 224.0.0.102 to send hello packets to their peers every 3 seconds over UDP 3222 (source and destination).

4. Fail-Over Cable:

This method uses a proprietary “heartbeat” checking protocol running over a serial line between a pair of load balancers.

If this fail-Over cable is disconnected, it can cause serious network problems that both units tries to take on “master” status. STP can avoid bridgin loops.

5. Stateful Fail-Over:

If a device fails over, all of the active TCP connections are reset, TCP sequence number information is lost, and network error displayed on end user’s browser.

“Stateful Fail-Over” keeps session and persistence information on both the active and passive unit. If the active unit fails, then the passive unit will have all of the information, and service will be completely uninterrupted. The end user wont notice anything.

6. Persistence (sticky):

It’s the act of keeping a specific user’s traffic going to the same server that was initially hit when the site was contacted. This is especially important in web-store type applications, where a user fills a shopping cart, and that information may only be stored on one particular machine.

7. Health Checking (Service Checking):

It can be performed a number of ways:

a. ping check
b. port check
c. content check

SLB will continuously run these service checks at user-definable intervals.

8. Load-Balancing Algorithms:

There are several methods of distributing traffic using a given metric. These are the mathematical algorithms programmed into the SLB device. They can run on top and in conjunction with any persistence methods, and they are assigned to individual VIPs.

F. SLB benefits:

1. Flexibility

SLB allows the addtion and removal of servers to a site at any time. LB can also direct traffic using cookies, URL parsing, static and dynamic algorithms, and much more.

2. High availability (HA)

SLB can automatically check the status of the available servers, take any nonresponding servers out of the rotation, and put them in rotation when they are functioning again. LB themselves come in a redundant configuration.

3. Scalability

Since SLB distributes load among many servers, all that is needed to increase the serving power of a site is to add more servers.

November 16, 2008

3750 Stacking Switch

Filed under: Information, IOS, Routing Design — Jaycee @ 5:52 pm
*Stacking – the ability to link together multiple switches to form a single logical switch with a signal management IP.
GBIC (Gigabit Interface Converter)
SFP (Small Form-factor Pluggable)

1. Stacking switches:

a. 3550 requires stacking GBIC to be used in one of the gigabit GBIC slots. It limits the stacking backplane speed to 1 Gbps.

b. 3560 uses a special SFP interconnect cable which occupies one of the fiber uplink ports.

3560 series

c. 3750 incorporates special stacking cables that connect to the back of the switch chassis. This backplane connection is 32 Gbps, so it won’t tie up any of the ports on the front of the switch.

3750 series3750 series

d. interface-type stack-memeber#/module#/port#

Gi3/0/12

stack-member# = 1 for stadalone switch.
module# on 3750 is always 0.

Blog at WordPress.com.