Books
in black and white
Main menu
Home About us Share a book
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Load Balancing Servers, Firewalls and Caches - Kopparapu C.

Kopparapu C. Load Balancing Servers, Firewalls and Caches - Wiley Computer Publishing, 2002. - 123 p.
ISBN 0-471-41550-2
Download (direct link): networkadministration2002.pdf
Previous << 1 .. 28 29 30 31 32 33 < 34 > 35 36 37 38 39 40 .. 70 >> Next

Client“ 188.1.1 100
Router
141.149.65.1 MAC - Ml
Traffic addressed to VIP
Load L2
Balancer Switch
VIP-HI.149.65 3 __
MAC-M2
Gateway IP-1010.101 -"'H
il
1
10.10 10.20 MAC-M4
10.10.10 10 MAC-M3
RSI RS2
Figure 4.4: One-arm design.
I ralllc addressed to real servers 141.149.65.10 through 141.149.65.12
"tad
Applications not configured for load balaiM ing
141.149 65.10 through 141.149.65.12
In the design shown in Figure 4.4, the server reply traffic from RS1 and RS2 bypasses the load balancer
50
Designing for High Availability
because the reply packets have the client’s IP address as the destination. We have three ways to fix this. First, we may keep it this way by using direct server return to get higher throughputs for server reply traffic and avoid NAT for applications such as FTP or streaming media. We must configure the VIP as a loopback IP address on the servers, as discussed in Chapter 2. Second, we can use source NAT on the load balancer to force the reply traffic through the load balancer. Third, we can set the load balancer as the default gateway for RS1 and RS2 to gateway IP 10.10.10.1 configured on the load balancer.
Designing for High Availability
If a server fails, the load balancer can detect it through health checks and direct the traffic to alternate servers. But what if the load balancer fails? In this section, we will look at various design choices available in designing high availability into the network design, to tolerate various failures including that of load balancers.
Load balancers can work in pairs in two different ways: active-standby or active-active. In active-standby mode, one load balancer functions as a standby, while the active unit does all the load-balancing work. In active-active mode, both load balancers perform load balancing, while acting as a backup for one another.
Using two units in place of one to provide fault tolerance is not a new concept in the network space. Virtual Router Redundancy Protocol (VRRP) is defined in RFC 2338 to allow two or more routers to provide a backup for each other. High-availability designs with load balancers use similar concepts as VRRP, but with some significant differences, as we will discuss in the subsequent sections.
Active-Standby Configuration
As the name indicates, active-standby configuration involves two load balancers working in active-standby mode, as shown in Figure 4.5.
Figure 4.5: How active-standby works.
For this example, let us stay with one router on the top and a Layer 2 switch at the bottom that connects all servers. The router and the Layer 2 switch represent a single point of failure, we will address this later. For now, let’s focus on how the active-standby functionally works in load balancers. The load balancer on the left is the active unit that’s performing load balancing for all requests. The standby unit does not respond to any requests and does not process any traffic. The active unit owns the VIP, and advertises and responds to Address Resolution Protocol (ARP) queries. The ARP is used to associate IP addresses with Ethernet MAC addresses. By responding to the ARP queries and advertising itself with the ARP, the router and the servers recognize the VIP and associated MAC address on the network interface connecting to the active load
51
Designing for High Availability
balancer. Since the VIP is a virtual IP, the load balancer typically makes up a MAC address, using some algorithm. The MAC address is a 6-byte field, in which the first 3 bytes indicate the hardware manufacturer and the last 3 bytes indicate the serial number assigned by the manufacturer. A value of 02 in the first byte indicates that the MAC address is self-generated and is of local significance. It’s important to note that the load balancer has a management IP address that’s different from the VIP. The load balancer’s management IP address is used for configuration and administration of the load balancer. If we need to access the load balancer using Telnet, we need to use the management IP address. The load balancer has its own MAC address associated with its management IP address. Although the standby unit does not own the VIP, it responds to ARP for the management IP address so that we can configure and manage the standby unit.
Which unit takes the role of standby, versus active, may initially depend on configuration or a protocol between the two load balancers. For example, each load balancer may be configured with a weight or priority, as in the case of VRRP. In VRRP, each router is configured with a priority, and the router with higher priority becomes the master router.
The active and standby units are connected through a private link and check the health of each other through a special protocol between them. Load balancers generally reserve use of the private link for health checks and avoid any data forwarding on this link. In the case of active-standby, blocking data packets on this link and the standby unit prevents any loops at Layer 2 forwarding. If the private link between the two load balancers fails, the load balancers must try to use any alternate path available to check the health of each other. In Figure 4.5, the load balancers can use the path through the routers above or through the Layer 2 switch below to reach one another. Some load-balancer products may allow two or more links to be configured as a trunk group for use as a private link. The trunk group protects against any individual link failure by using the other links in the group. One could argue the need for a private link because the load balancers can reach each other through the router or Layer 2 switch in the design shown in Figure 4.5. When there is congestion on the links, packets may be dropped. A private link, dedicated between the load balancers, provides a reliable communication and allows quick detection of failures.
Previous << 1 .. 28 29 30 31 32 33 < 34 > 35 36 37 38 39 40 .. 70 >> Next