Upload File

load balancing servers, firewalls, and caches - buch.de · load balancing servers, firewalls, and...

  • Home
  • Documents
  • Load Balancing Servers, Firewalls, and Caches - Buch.de · Load Balancing Servers, Firewalls, and Caches Chandra Kopparapu Wiley Computer Publishing John Wiley & Sons, Inc. NEW YORK
15
Load Balancing Servers, Firewalls, and Caches Chandra Kopparapu Wiley Computer Publishing John Wiley & Sons, Inc. NEW YORK • CHICHESTER • WEINHEIM • BRISBANE • SINGAPORE • TORONTO

Upload: others

Post on 31-Aug-2019

47 views

Category:

Documents


1 download

Report

TRANSCRIPT

  • Load Balancing Servers,Firewalls, and Caches

    Chandra Kopparapu

    Wiley Computer Publishing

    John Wiley & Sons, Inc.NEW YORK CHICHESTER WEINHEIM BRISBANE SINGAPORE TORONTO

    kopp_fm.qxd 12/27/01 11:59 AM Page iii

    Innodata0471421286.jpg

  • kopp_fm.qxd 12/27/01 11:59 AM Page ii

  • Load Balancing Servers, Firewalls, and Caches

    kopp_fm.qxd 12/27/01 11:59 AM Page i

  • kopp_fm.qxd 12/27/01 11:59 AM Page ii

  • Load Balancing Servers,Firewalls, and Caches

    Chandra Kopparapu

    Wiley Computer Publishing

    John Wiley & Sons, Inc.NEW YORK CHICHESTER WEINHEIM BRISBANE SINGAPORE TORONTO

    kopp_fm.qxd 12/27/01 11:59 AM Page iii

  • Publisher: Robert Ipsen

    Editor: Carol A. Long

    Developmental Editor: Adaobi Obi

    Managing Editor: Micheline Frederick

    Text Design & Composition: Interactive Composition Corporation

    Designations used by companies to distinguish their products are often claimed as trade-marks. In all instances where John Wiley & Sons, Inc., is aware of a claim, the productnames appear in initial capital or ALL CAPITAL LETTERS. Readers, however, should con-tact the appropriate companies for more complete information regarding trademarks andregistration.

    This book is printed on acid-free paper.

    Copyright 2002 by Chandra Kopparapu. All rights reserved.

    Published by John Wiley & Sons, Inc.

    Published simultaneously in Canada.

    No part of this publication may be reproduced, stored in a retrieval system or transmittedin any form or by any means, electronic, mechanical, photocopying, recording, scanningor otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copy-right Act, without either the prior written permission of the Publisher, or authorizationthrough payment of the appropriate per-copy fee to the Copyright Clearance Center, 222Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4744. Requests to thePublisher for permission should be addressed to the Permissions Department, John Wiley &Sons, Inc., 605 Third Avenue, New York, NY 10158-0012, (212) 850-6011, fax (212) 850-6008,E-Mail: [email protected].

    This publication is designed to provide accurate and authoritative information in regard tothe subject matter covered. It is sold with the understanding that the publisher is not en-gaged in professional services. If professional advice or other expert assistance is required,the services of a competent professional person should be sought.

    Library of Congress Cataloging-in-Publication Data:

    Kopparapu, Chandra.Load balancing servers, firewalls, and caches / Chandra Kopparapu.

    p. cmIncludes bibliographical references and index.ISBN 0-471-41550-2 (cloth : alk. paper)1. Client/server computing. 2. Firewalls (Computer security) I. Title.

    QA76.9.C55 K67 2001004.6--dc21

    2001046757

    Printed in the United States of America.

    10 9 8 7 6 5 4 3 2 1

    kopp_fm.qxd 12/27/01 11:59 AM Page iv

  • To m y b e l o v e d d a u g h te r s ,D i v y a a n d N i t y a ,

    w h o b r i n g s o m u c h j o y t o m y l i f e .

    kopp_fm.qxd 12/27/01 11:59 AM Page v

  • kopp_fm.qxd 12/27/01 11:59 AM Page vi

  • vii

    Acknowledgments xi

    Chapter 1 Introduction 1

    The Need for Load Balancing 2The Server Environment 2The Network Environment 4

    Load Balancing: Definition and Applications 5

    Load-Balancing Products 7

    The Name Conundrum 7

    How This Book Is Organized 8

    Who Should Read This Book 9

    Summary 9

    Chapter 2 Server Load Balancing: Basic Concepts 11

    Networking Fundamentals 12Switching Primer 12TCP Overview 13Web Server Overview 15

    The Server Farm with a Load Balancer 15

    Basic Packet Flow in Load Balancing 19

    Load-Distribution Methods 23Stateless Load Balancing 24Stateful Load Balancing 26Load-Distribution Methods 28

    Health Checks 33Basic Health Checks 34Application-Specific Health Checks 34Application Dependency 35Content Checks 35Scripting 36Agent-Based Checks 36The Ultimate Health Check 37

    TA B L E O F C O N T E N TS

    kopp_fm.qxd 12/27/01 11:59 AM Page vii

  • Network-Address Translation 38Destination NAT 38Source NAT 39Reverse NAT 41Enhanced NAT 42Port-Address Translation 43

    Direct Server Return 44

    Summary 47

    Chapter 3 Server Load Balancing: Advanced Concepts 49

    Session Persistence 49Defining Session Persistence 50Types of Session Persistence 52Source IPBased Persistence Methods 53The Megaproxy Problem 58Delayed Binding 60Cookie Switching 63Cookie-Switching Applications 68Cookie-Switching Considerations 69SSL Session ID Switching 69Designing to Deal with Session Persistence 72HTTP to HTTPS Transition 74

    URL Switching 77Separating Static and Dynamic Content 79URL Switching Usage Guidelines 80

    Summary 82

    Chapter 4 Network Design with Load Balancers 83

    The Load Balancer as a Layer 2 Switch versus a Router 84

    Simple Designs 87

    Designing for High Availability 89ActiveStandby Configuration 90ActiveActive Configuration 92Stateful Failover 96Multiple VIPs 97Load-Balancer Recovery 97High-Availability Design Options 97Communication between Load Balancers 108

    Summary 108

    Chapter 5 Global Server Load Balancing 111

    The Need for GSLB 112

    DNS Overview 113DNS Concepts and Terminology 113

    Ta b l e o f C o n t e n t sviii

    kopp_fm.qxd 12/27/01 11:59 AM Page viii

  • Local DNS Caching 115Using Standard DNS for Load Balancing 116

    HTTP Redirect 116

    DNS-Based GSLB 118Fitting the Load Balancer into the DNS Framework 118Selecting the Best Site 122Limitations of DNS-Based GSLB 133

    GSLB Using Routing Protocols 134

    Summary 137

    Chapter 6 Load-Balancing Firewalls 139

    Firewall Concepts 139

    The Need for Firewall Load Balancing 140

    Load-Balancing Firewalls 141Traffic-Flow Analysis 142Load-Distribution Methods 144Checking the Health of a Firewall 147

    Understanding Network Design in Firewall Load Balancing 148Firewall and Load-Balancer Types 148Network Design for Layer 3 Firewalls 149Network Design for Layer 2 Firewalls 150Advanced Firewall Concepts 151Synchronized Firewalls 152Firewalls Performing NAT 152

    Addressing High Availability 153ActiveStandby versus ActiveActive 155Interaction between Routers and Load Balancers 155Interaction between Load Balancers and Firewalls 157

    Multizone Firewall Load Balancing 159

    VPN Load Balancing 160

    Summary 161

    Chapter 7 Load-Balancing Caches 163

    Cache Definition 163

    Cache Types 164

    Cache Deployment 165Forward Proxy 165Transparent Proxy 167Reverse Proxy 168Transparent-Reverse Proxy 169

    Cache Load-Balancing Methods 170Stateless Load Balancing 171

    Table of Contents ix

    kopp_fm.qxd 12/27/01 11:59 AM Page ix

  • Stateful Load Balancing 172Optimizing Load Balancing for Caches 172Content-Aware Cache Switching 175

    Summary 176

    Chapter 8 Application Examples 177

    Enterprise Network 178

    Content-Distribution Networks 181Enterprise CDNs 182Content Provider 183CDN Service Providers 183

    Chapter 9 The Future of Load-Balancing Technology 185

    Server Load Balancing 186

    The Load Balancer as a Security Device 186

    Cache Load Balancing 187

    SSL Acceleration 187

    Summary 188

    Appendix Standard Reference 189

    References 191

    Index 193

    Ta b l e o f C o n t e n t sx

    kopp_fm.qxd 12/27/01 11:59 AM Page x

  • xi

    First and foremost, my gratitude goes to my family. Without the support andunderstanding of my wife and encouragement from my parents, this bookwould not have been completed.

    Rajkumar Jalan, principal architect for load balancers at Foundry Networks,was of invaluable help to me in understanding many load-balancing conceptswhen I was new to this technology. Many thanks go to Matthew Naugle,systems engineer at Foundry Networks, for encouraging me to write thisbook, giving me valuable feedback, and reviewing some of the chapters. Mattpatiently spent countless hours with me, discussing several high-availabilitydesigns, and contributed valuable insight based on several customers heworked with. Terry Rolon, who used to work as a systems engineer atFoundry Networks, was also particularly helpful to me in coming up to speedon load-balancing products and network designs.

    I would like to thank Mark Hoover of Acuitive Consulting for his thoroughreview and valuable analysis on Chapters 1, 2, 3, and 9. Mark has been veryclosely involved with the evolution of load-balancing products as an industryconsultant and guided some load-balancing vendors in their early days. Manythanks to Brian Jacoby from America Online, who reviewed many of thechapters in this book from a customer perspective and provided valuablefeedback.

    Countless thanks to my colleagues at Foundry Networks, who worked withme over the last few years in advancing load-balancing product functionalityand designing customer networks. I worked with many developers, systemsengineers, customers, and technical support engineers to gain valuable insightinto how load balancers are deployed and used by customers. Special thanksto Srini Ramadurai, David Cheung, Joe Tomasello, Ivy Hsu, Ron Szeto, andRitesh Rekhi for helping me understand various aspects of load balancingfunctionality. I would also like to thank Ken Cheng, VP of Marketing atFoundry, for being supportive of this effort, and Bobby Johnson, FoundrysCEO, for giving me the opportunity to work with Foundrys load-balancingproduct line.

    A C K N O W L E D G M E N TS

    kopp_fm.qxd 12/27/01 11:59 AM Page xi

  • kopp_fm.qxd 12/27/01 11:59 AM Page xii

  • C H A P T E R

    1

    Load balancing is not a new concept in the server or network space. Severalproducts perform different types of load balancing. For example, routerscan distribute traffic across multiple paths to the same destination, balancingthe load across different network resources. A server load balancer, on theother hand, distributes traffic among server resources rather than networkresources. While load balancers started with simple load balancing, theysoon evolved to perform a variety of functions: load balancing, trafficengineering, and intelligent traffic switching. Load balancers can performsophisticated health checks on servers, applications, and content to improveavailability and manageability. Because load balancers are deployed as thefront end of a server farm, they also protect the servers from malicious users,and enhance security. Based on information in the IP packets or content inapplication requests, load balancers make intelligent decisions to direct thetraffic appropriatelyto the right data center, server, firewall, cache, orapplication.

    1Introduction

    kopp_ch01.qxd 12/27/01 11:30 AM Page 1


distributed caches

Outline Cache writes DRAM configurations Performance Associative caches Multi-level caches

Miss Caches, Victim Caches and Stream Buffers · 1 Miss Caches, Victim Caches and Stream Buffers Three optimizations to improve the performance of L1 caches Paul Wicks

Caches (Writing)

Practical Caches

Virtual Caches

CIS 501 (Martin): Caches 1 CIS 501 (Martin): Caches 2milom/cis501-Fall10/lectures/... · 2010. 10. 19. · CIS 501 (Martin): Caches 1 CIS 501 Computer Architecture Unit 5: Caches

SIP, Firewalls and NATs Oh My!. SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically

CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003

20121008 ssd-caches

Efficient Packet Classification with Digest Caches · caches for efficient packet classification. The goal of digest caches is similar to Bloom-filter caches, in that they trade some

Cadeaux Caches

UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

Cache Memories Topics Generic cache memory organization Direct mapped caches Set associative caches Impact of caches on performance CS213

Caches Master

Mots caches 1 Mots caches 2 - Bout de GommeMAGIQUE Mots caches Mots caches s s 3 4 Mots caches Mots caches s s 5 6 FAIM GATEAU CAUCHEMAR MANGER BABA CHOU PREFERE VOMIR GOINFRE CHOCOLAT

Firewalls and Virtual Private Networks - Wiley: Home

Firewalls and Virtual Private Networks - Wiley: · PDF fileFirewalls and Virtual Private Networks Introduction In Chapter 8, ... firewalls to meet their network security policy. The

Configuring NetFlow Aggregation Caches · Configuring NetFlow Aggregation Caches ThismodulecontainsinformationaboutandinstructionsforconfiguringNetFlowaggregationcaches.The

6.1 Caches

Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Why Use Firewalls? Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Lec15 snoop coherence - University of Cretehy425/2016f/lectures/Lec15_snoop... · 2016. 12. 16. · Proc1 Proc2 Proc4 Caches Caches Caches Single’Bus Memory I/O Proc3 Caches. Multiprocessor’CacheCoherency!

1 Firewalls Firewalls Firewalls von Hendrik Lennarz Hendrik Lennarz

Queues, Pools, Caches

This Unit: Caches Types of Memory Introduction to Computer … · 2005-09-29 · Unit 3: Storage Hierarchy I: Caches CIS 501 (Martin/Roth): Caches 2 This Unit: Caches ¥Memory hierarchy

23 en Caches

Laser caches

1 Mots caches * 2 - boutdegomme.fr · MAGIQUE . Mots caches * Mots caches * s s 3 4 . Mots caches *6 Mots caches * s s 5 FAIM PREFERE GATEAU CHIEN CAUCHEMAR MANGER BABA CHOU VOMIR

Advanced Caches

Firewalls Types of Firewalls

Caches Arpgawo6vzd

Reverse proxy caches

Session Caches Overview

Trace Caches