in black and white
Main menu
Home About us Share a book
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics

Load Balancing Servers, Firewalls and Caches - Kopparapu C.

Kopparapu C. Load Balancing Servers, Firewalls and Caches - Wiley Computer Publishing, 2002. - 123 p.
ISBN 0-471-41550-2
Download (direct link): networkadministration2002.pdf
Previous << 1 .. 9 10 11 12 13 14 < 15 > 16 17 18 19 20 21 .. 70 >> Next

Network-Address Translation
than necessary. The load balancer’s primary purpose is to distribute the load. If it spends too much time checking the health, it’s taking time away from processing the request packets. It’s great to use in-band monitoring when possible, because the load balancer can monitor the pulse of a server using the natural traffic flow between the client and server, and this can be done with little overhead. It’s great to use out-of-band monitoring for things that in-band monitoring cannot detect. For example, the load balancer can easily detect whether or not a server is responding to TCP SYN requests based on in-band monitoring. But it cannot easily detect whether the right content is being served. So, configure application health checks for out-of-band monitoring to check the content periodically. It’s also better to put intelligent agents or scripts on the server to perform health checks for two reasons. First, it gives great flexibility to server administrators to write whatever script or program they need to check the health. Second, it minimizes the processing overhead in the load balancer, so it can focus more on incoming requests for load balancing.
Network-Address Translation
Network-address translation is the fundamental building block in load balancing. The load balancer essentially uses NAT to direct requests to various real servers. There are many different types of NAT. Since the load balancer changes the destination IP address from the VIP to the IP address of a real server, it is known as destination NAT. When the real server replies, the load balancer must now change the IP address of the real server back to the VIP. Keep in mind that this IP address translation actually happens on the source IP of the packet, since the reply is originating from the server to the client. To keep things simple, let’s refer to this translation as un-NAT, since the load balancer must now reverse the translation performed on requests so that the clients will see the replies as if they originated from the VIP.
There are three fields that we need to pay special attention to in order to understand the NAT in load balancing: MAC address, IP address, and TCP/UDP port number.
Destination NAT
The process of changing the destination address in the packets is referred to as destination NAT. Most load balancers perform destination NAT by default. Figure 2.3 shows how destination NAT works as part of load balancing. Each packet has a source and destination address. Since destination NAT deals with changing only the destination address, it’s also sometimes referred to as half-NAT.
Source NAT
If the load balancer changes the source IP address in the packets along with destination IP address translation, it’s referred to as source NAT. This is also sometimes referred to as full-NAT, as this involves translation of both source and destination addresses. Source NAT is generally not used unless there is a specific network topology that requires source NAT. If the network topology is in such a way that the reply packets from real servers may bypass the load balancer, source NAT must be performed. Figure 2.9 shows an example of a high-level view of such a network topology. Figure 2.10 shows a simple network design that requires use of source NAT. By using source NAT in these designs, we force the server reply traffic through the load balancer. In certain designs there may be a couple of alternatives to using source NAT. These alternatives are to either use direct server return or to set the load balancer as the default gateway for the real servers. Both of these alternatives require that the load balancer and real servers be in the same broadcast domain or Layer 2 domain. Direct server return is discussed in detail later in this chapter under the section, Direct Server Return.
Network-Address Translation
Figure 2.9 : High-level view of a network topology requiring use of source NAT.
Figure 2.10 : Example of network topology requiring use of source NAT.
When configured to perform source NAT, the load balancer changes the source IP address in all the packets to an address defined on the load balancer, referred to as source IP, before forwarding the packets to the real servers, as shown in Figure 2.11. The source IP may be the same as the VIP or different depending on the specific load-balancing product you use. When the server receives the packets, it looks as if the requesting client is the load balancer because of source IP address translation. The real server is now unaware of the source IP address of the actual client. The real server replies back to the load balancer, which then translates what is now the destination IP address back to the IP address of the actual client.
Reverse NAT
Figure 2.11 : Packet flow with source NAT.
From the perspective of the load balancer, there are two logical sessions here: client-side and server-side sessions. Each client-side session has a corresponding server-side session. Figure 2.12 shows how to associate client-side sessions to server-side sessions. All sessions on the server side have the source IP set to source IP, defined on the load balancer. The load balancer uses a different source port for each server-side session in order to uniquely associate it with a client-side session. This has two effects. First, the maximum number of concurrent sessions that the load balancer can support with one source IP is 65,536 (64K), because that’s the maximum value for a TCP port. In order to support more concurrent sessions, the load balancer must allow the user to configure multiple source IP addresses.
Previous << 1 .. 9 10 11 12 13 14 < 15 > 16 17 18 19 20 21 .. 70 >> Next