in black and white
Main menu
Home About us Share a book
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics

Load Balancing Servers, Firewalls and Caches - Kopparapu C.

Kopparapu C. Load Balancing Servers, Firewalls and Caches - Wiley Computer Publishing, 2002. - 123 p.
ISBN 0-471-41550-2
Download (direct link): networkadministration2002.pdf
Previous << 1 .. 6 7 8 9 10 11 < 12 > 13 14 15 16 17 18 .. 70 >> Next

VTP И 1 .149.65.3 MAC-М2
Source IP Des! IP Source MAC. l>est MAC
1 1*8 1 1.100 HI 149 65.3 Ml М2
2 1*8 1 1 100 10 10 1020 М2 M4
3 10.10 10.20 M4 М2
4 N1.149.65.3 М2 Ml
1010.1010 101010.20
Figure 2.3 : Packet flow in simple load balancing.
The preceding four values uniquely identify any TCP session. Upon receiving the first TCP SYN packet, the load balancer, for example, chooses server RS2 to forward the request. In order for server RS2 to accept the TCP SYN packet and process it, the packet must be destined to RS2; that is, the destination IP address of the packet must have the IP address of RS2, not the VIP. Therefore, the load balancer changes the VIP to the IP address of RS2 before forwarding the packet. The process of IP address translation is referred to as network address translation (NAT). (For more information on NAT, you might want to look at The NAT Handbook: Implementing and Managing Network Address Translation by Bill Dutcher, published by John Wiley &
Health Checks
Sons.) To be more specific, since the load balancer is changing the destination address, it’s called destination NAT.
When the user types in, the browser makes a DNS query and gets the VIP as the IP address that serves The client’s Web browser sends a TCP SYN packet to establish a new TCP connection. When the load balancer receives the TCP SYN packet, it first identifies the packet as a candidate for load balancing, because the packet contains VIP as the destination IP address. Since this is a new connection, the load balancer fails to find an entry in its session table that’s identified by the source IP, destination IP, source port, and destination port as specified in the packet. Based on the load-balancing configuration and health checks, the load balancer identifies two servers, RS1 and RS2, as candidates for this new connection. By using a user-specified load-distribution method, the load balancer selects a real server, RS2, for this session. Once the destination server is determined, the load balancer makes a new session entry in its session table.
The load balancer changes the destination IP address and destination MAC address in the packet to the IP and MAC address of RS2, and forwards the packet to RS2.
When RS2 replies with TCP SYN ACK, the packet now arrives at the load balancer with source IP address as that of RS2, and destination IP address as that of the client. The load balancer performs un-NAT to replace the IP address of RS2 with VIP, and forwards the packet to the router for delivery to the client. All further request-and-reply packets for this TCP session will go through the same process. Finally, when the connection is terminated through FIN or RESET, the load balancer removes the session entry from its session table.
Now let’s follow through the packet flow to understand where and how the IP and MAC addresses are manipulated. When the router receives the packet, the packet has a destination IP as VIP, and the destination MAC as M1, the router’s MAC address. In step 1, as shown in the packet-flow table in Figure 2.3, the router forwards the packet to the load balancer by changing the destination MAC address to M2, the load balancer’s MAC address. In step 2, the load balancer forwards the packet to RS2 by changing the destination IP and the destination MAC to that of RS2. In step 3, RS2 replies back to the client. Therefore, the source IP and MAC are that of RS2, and the destination IP is that of the client. The default gateway for RS1 and RS2 is set to the load balancer’s IP address. Therefore, the destination MAC address is that of the load balancer. In step 4, the load balancer receives the packet and modifies the source IP to the VIP to make the reply look as if it’s coming from the virtual server. It’s important to remember that the TCP connection is between the client and the virtual server, not the real server. Therefore the reply must look as if it came from the virtual server. Now, as part of performing the default gateway function, the load balancer identifies the router with MAC address M1 as the next hop in order to reach the client, and therefore sets the destination MAC address to M1 before forwarding the packet. The load balancer also changes the source MAC address in the server reply packet to that of itself.
In this example, we are using the load balancer as a default gateway to the real servers. Instead, we can use the router as the default gateway for the servers. In this case, the reply packets from the real servers will have a destination MAC address of M1, the MAC address of the router, and the load balancer will simply leave the source and destination MAC addresses unchanged. To the other layer 2/3 switches and hosts in the network, the load balancer looks and acts like a Layer 2 switch. We will discuss the various considerations in using the load balancer with Layer 3 switching enabled in Chapter 3.
Previous << 1 .. 6 7 8 9 10 11 < 12 > 13 14 15 16 17 18 .. 70 >> Next