Books
in black and white
Main menu
Home About us Share a book
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Load Balancing Servers, Firewalls and Caches - Kopparapu C.

Kopparapu C. Load Balancing Servers, Firewalls and Caches - Wiley Computer Publishing, 2002. - 123 p.
ISBN 0-471-41550-2
Download (direct link): networkadministration2002.pdf
Previous << 1 .. 15 16 17 18 19 20 < 21 > 22 23 24 25 26 27 .. 70 >> Next

Source IP, VIP, and Port
When using this method, the load balancer ensures session persistence based on three fields in each TCP SYN packet: source IP address, destination IP address, and destination port number. In the TCP SYN packet from the clients, the destination address will be the virtual IP (VIP) address on the load balancer. Destination port number indicates the application accessed by the user. When using this method, the load balancer selects a server based on a load-balancing method for the first connection received from a given source IP address to a specific VIP and port number. Subsequent connections with the same values in these three fields will be sent to the same server as long as the session-persistence timer has not expired. The key in this method is that if the user accesses a different application either by going to a different destination port number or VIP, the load balancer does not send those connections to the same server as the previous ones, as shown in Figure 3.4. Instead the connection is forwarded to a server, based on load.
igure 3.4: Session persistence based on source IP, VIP, and port.
Source IP and VIP
Figure 3.5 shows an example of how two applications on a given server may share data with one another. After a user adds different items to the shopping cart, the HTTP application passes the shopping-cart info to the SSL application. When the user presses the checkout button on the Web page, the browser opens a new TCP connection on port 443, the well-known port for SSL applications. The SSL application needs the shopping cart for this user in order to bill the user’s credit card appropriately. Since both the HTTP and SSL applications are on the same server, they can share data with one another by using shared memory, messaging, or any other such mechanism. For this to work, the load balancer must send all the connections from that user to a given VIP to the same server, regardless of the destination port. With the session-persistence method based on source IP and VIP, the load balancer sends all connections from a given user to the same server,
28
Source IP-Based Persistence Methods
whether the destination port is HTTP or SSL.
Figure 3.5: Applications that share data.
If all the applications we have on the server are related to each other and need to share information among them, this method will work fine. But if some applications are related and the others are not, then this method may not be perfect. For example, if you have an FTP application on your server that is bound to the same VIP, then all connections for FTP will also be forwarded to the same server. If there are other servers running FTP that are less busy, we cannot take advantage of it. For this case, there is another method called port grouping that’s better suited, as discussed next.
ngure 3.6: Session persistence based on port grouping.
Port Grouping
When we use one VIP for several applications and not all of them are related to each other, we can use this method to group only the related applications together. We need to configure the load balancer with a list of application ports that must be treated as one group. For example, we can specify port 80 and 443 for shopping-cart applications because the HTTP application and SSL application share user data, as shown in Figure 3.5. Figure 3.6 shows how the load balancer functions for various connection requests with port-grouping- based session persistence. When the load balancer gets the first connection from C1 to VIP1 on port 80, the load balancer selects server RS1 based on server load conditions. The next connection (#No. 2 in Figure 3.6), from C1 to VIP1, is on port 443. Because port 443 is grouped together with port 80, and the load balancer already assigned a connection from C1 to VIP1 on port 80 to RS1, the load balancer uses session persistence to assign this connection to RS1 as well. The next connection (#No. 3 in Figure 3.6) is from C1 to VIP1 on port 21. Port 21 is not grouped with port 80 or 443, because the FTP application on port 21 does not need to share any data with HTTP or SSL applications. Therefore, the load balancer selects RS2 based on server load. The next connection (#No. 4 in Figure 3.6) is from C1 to VIP2 on port 80. Although it’s the same client source IP, since the VIP is different, the load balancer assigns this to RS3 based on server load. Finally, the last connection in Figure 3.6 is from C2 to VIP2 on port 443. Because this is the first connection from C2 to VIP2, it is load balanced to RS2.
29
Source IP-Based Persistence Methods
Concurrent Connections
This method is specifically designed for applications such as passive FTP. Let’s first understand some background behind passive FTP (detailed specification in RFC 959). Figure 3.7 shows how passive FTP works at a high level. First, the client opens a TCP connection on port 21 to the server. This connection is called the control connection, because the client and server exchange control information about how to transfer files over this connection. If the client issues a command called PASV to the server over the control connection, the server then responds back with a port number that it will listen to for the data connection. The client opens a TCP connection to the specific port to exchange any files. In contrast to passive FTP, active FTP means that the server will open the data connection to the client over a port specified by the client. Often, the clients are behind a firewall that blocks any incoming connections from the outside world. But the firewall allows outbound connections from the clients to the outside world so that the clients can access the Internet. In this scenario, active FTP will not work, because the server’s initiation of data connection to the client will be blocked by the firewall. Passive FTP helps work around this problem by having the client initiate the data connection to the server.
Previous << 1 .. 15 16 17 18 19 20 < 21 > 22 23 24 25 26 27 .. 70 >> Next