Jaycee's Networking

May 12, 2009

Server Load Balancing

Filed under: Information, Load Balancing, Routing Design — Tags: , — Jaycee @ 2:12 am

A. Load Balancing:

1. DNS-Based Load Balancing (as known as DNS Round Robin):

a. Allows more than one IP to associate with a hostname

b. Domain name server looks up the domain name with one of the root servers. The root servers do not have IP info, but they know who does and report that to the user’s DNS server. The query goes out to the authoritative name server, the IP is reported back. The entire process as below:

(1) The user types the URL into the browser.
(2) The OS makes a DNS request to the configured DNS server.
(3) The DNS server sees if it has that IP address cached. If not, it makes a query to the root servers to see what DNS servers have the information.
(4) The root servers reply back with an authoritative DNS server for the requested hostname.
(5) The DNS server makes a query to the authoritative DNS server and receives a response.

c. Limitation of DNS round robin:

(1) Unpredictable traffic/load distribution

Since individual users don’t make requests to the authoritative name servers, they make requests to the name servers configured in their operating systems. Those DNS servers then make the requests to the authoritative DNS servers and cache the received information.

(2) DNS Caching

To prevent DNS servers from being hammered with requests, and to keep bandwidth utilization low, DNS servers emply quite a bit of DNS caching.

(3) Lack of fault-tolerance measures

When demand increases suddenly, more servers are required quickly. Any new server entries in DNS take a while to propagate which makes scaling a site’s capacity quicly difficult.

2. Firewall Load Balancing:

Most firewalls are CPU-based, such as a SPARC machine or an x86-based machine. Because of the processor limitations involved, the amount of throughput a firewall can handle is often limited, generally they tend to max out at around 70 to 80 Mbps of throughput.

3. Global Server Load Balancing (GSLB):

a. SLB works on LAN; GSLB works on WAN.

b. There are serveral ways to implement GSLB, such as DNS-based and BGP-based.

c. Two main reasons to implement GSLB:

(1) GSLB brings content closer to the users.
(2) GSLB provides redundancy in case any site fails.

B. Clustering vs. SLB:

1. Clustering is application-based, reserving load balancing for the network-based aspect of the technology; SLB is network-based load balancing.

2. Disadvantages of Clustering:

a. It’s tight integration between the servers.
b. special software is required
c. a vendor will most likely support a limited number of platforms
d. a limited number of protocols are supported

3. SLB:

a. It’s platform and OS neutral, so it works as long as there is a network stack.
b. It’s extremely flexible: it supports just about any network protocol, from HTTP to NFS, to Real Media, to almost any TCP- or UDP-based protocol.
c. With no interaction between the servers and a clear delineation of functions, a SLB design is very simple and elegant, as well as powerful and functional.

C. OSI model with SLB:

1. Layer 1 – physical

2. Layer 2 – Data link:

Ethernet frame consists of a header, a checksum, and a payload. Ethernet frame size has a limit of 1.5KB. Some devices support Jumbo Frames for Gigabit Ethernet, which is over 9KB.

3. Layer 3 – Network:

These device are routers, although SLB devices have router characteristics.

4. Layer 4 – Transport:

An SLB instance will involve an IP address and a TCP/UDP port.

5. Layer 5 -7 – Session, Presentation, Application:

Layers 5-7 involve URL load balancing and parsing. URL load balancing can set persistence based on the “cookie” negotiated between teh client and the server.

D. Components of SLB:

1. VIPs (Virtual IPs):

It’s the load-balancing instance. A TCP or UDP port number is associated with the VIP, such as TCP port 80 for web traffic.

2. Servers

3. Groups/Farm/Server Farm

4. User-Access Levels: Read-only, Superuser, Other levels

E. Redundancy:

Typically, 2 devices are implemented. A protocol is used by one device to check on its partner’s health. In “active/active” scenario, both devices are active and accept traffic in “active/passive”, only one device is used while the other waits in case of failure.

1. Active/Passive ( as known as Active/Standby or Master/Slave) Scenario:

2. Active/Active Scenarios:

(1) VIPs are distributed between the two LBs to share teh incoming traffic. For example, VIP 1 goes to LB A, and VIP 2 to LB B.

(2) Both VIPs answer on both LBs, but 2 LBs may not hold the same IP. For example, VIP 1 and VIP 2 both on LB A and LB B.

3. Redundancy Protocols:

a. VRRP (Virtual Router Redundancy Protocol):

(1) An open standard.
(2) Each unit in a pair sends out packets to see if the other will respond.
(3) VRRP uses UDP port 1985 and sends packets to the multicast address
(4) VRRP requires that the two units are able to communicate with each other.

b. ESRP (Extreme Standby Router Protocol): Extreeme Networks’ proprietary.

c. HSRP (Hot Stndby Routing Protocol): Cisco proprietary.

d. GLBP (Gateway Load Balancing Protocol):

(1) Cisco proprietary.

(2) To overcome the limitations of existing redundant router protocols.

(3) GLBP allows a weighting parameter to be set. Based on this weighting, ARP requests will be answered with AMC addresses pointint to different routers. Thus, load balancing is not absed on traffic load, but the number of hosts that will use each gateway routers. By default, GLBP LBs in round-robin fashion.

GLBP elects one AVG (Active Virtual Gateway) for each group. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to it’s virtual MAC address. There could be up to four active AVFs at the same time.

By default, GLBP routers use the local multicast address to send hello packets to their peers every 3 seconds over UDP 3222 (source and destination).

4. Fail-Over Cable:

This method uses a proprietary “heartbeat” checking protocol running over a serial line between a pair of load balancers.

If this fail-Over cable is disconnected, it can cause serious network problems that both units tries to take on “master” status. STP can avoid bridgin loops.

5. Stateful Fail-Over:

If a device fails over, all of the active TCP connections are reset, TCP sequence number information is lost, and network error displayed on end user’s browser.

“Stateful Fail-Over” keeps session and persistence information on both the active and passive unit. If the active unit fails, then the passive unit will have all of the information, and service will be completely uninterrupted. The end user wont notice anything.

6. Persistence (sticky):

It’s the act of keeping a specific user’s traffic going to the same server that was initially hit when the site was contacted. This is especially important in web-store type applications, where a user fills a shopping cart, and that information may only be stored on one particular machine.

7. Health Checking (Service Checking):

It can be performed a number of ways:

a. ping check
b. port check
c. content check

SLB will continuously run these service checks at user-definable intervals.

8. Load-Balancing Algorithms:

There are several methods of distributing traffic using a given metric. These are the mathematical algorithms programmed into the SLB device. They can run on top and in conjunction with any persistence methods, and they are assigned to individual VIPs.

F. SLB benefits:

1. Flexibility

SLB allows the addtion and removal of servers to a site at any time. LB can also direct traffic using cookies, URL parsing, static and dynamic algorithms, and much more.

2. High availability (HA)

SLB can automatically check the status of the available servers, take any nonresponding servers out of the rotation, and put them in rotation when they are functioning again. LB themselves come in a redundant configuration.

3. Scalability

Since SLB distributes load among many servers, all that is needed to increase the serving power of a site is to add more servers.


January 20, 2009

NetScaler – Basic Configuration

Filed under: Load Balancing, Netscaler — Tags: — Jaycee @ 3:09 pm

1. Setting the NetScaler IP Address:

> set ns config -ipaddress -netmask
Default NSIP was:; default netmask was

2. Adding a Mapped IP Address:

> add ns ip -type mip

3. Setting the Default Gateway:

> add route

4. Changing the Root Password:

> set system user nsroot netscaler
The root password is changed to netscaler

5. Review configuration:

> show runningconfig

6. Saving the Configuration:

> save ns config

7. Rebooting the System:

> reboot

8. High Availability

(1) How High Availability Works: http://community.citrix.com/display/ns/How+High+Availability+Works

(2) When setting up an Application Switch that is part of a high availability (HA) pair, you must condier the following requirements:

a. If your configuration requires only one Etherenet port, use the disable interface command to disable the unused ports.

b. Configuring an Application Switch in HA mode requires 2 unique system IP  addresses.

c. The nsroot acct password need to be manually set on both Application Switches.


December 15, 2008

Citrix NetScaler 10010

Filed under: Load Balancing, Netscaler — Tags: — Jaycee @ 4:52 pm

1. single processor, 2U, 2GB memory, either fiber Gigabit Ethernet ports or 10/100/1000 Base-T copper ethernet ports by default.

2. process up to 255,000 HTTP requests per second, and 8,800 SSL requests per second.

3. 4,800 Mbps system throughput(總處理能力), 760 Mbps SSL throughput, and 555 Mbps compression throughput.

4. The unit has the following ports:

(1) 4 10/100/1000-Base-T network interfaces (labeled 1/1, 1/2, 1/3, 1/4)

(2) 1 10/100-Base-T network interface (labeled 0/1)

(3) Serial port (9600 baud, 8 bits, 1 stop bit, No parity)

5. Facing the bezel, the upper LEDs represent connectivity; the lower LEDs represent throughput.

Create a free website or blog at WordPress.com.