Books
in black and white
Main menu
Home About us Share a book
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Load Balancing Servers, Firewalls and Caches - Kopparapu C.

Kopparapu C. Load Balancing Servers, Firewalls and Caches - Wiley Computer Publishing, 2002. - 123 p.
ISBN 0-471-41550-2
Download (direct link): networkadministration2002.pdf
Previous << 1 .. 60 61 62 63 64 65 < 66 > 67 68 69 .. 70 >> Next

107
Chapter 8: Application Examples
So far, we have discussed various functions of load balancers, such as server load balancing, global server load balancing, firewall load balancing, and cache load balancing. In this chapter, we look into applications that involve concurrent usage of these functions. We discuss how the various functions can be simultaneously utilized to put together a complete design.
This chapter specifically provides two network-design examples. First, we look at an enterprise with a need to develop a secure, scalable network infrastructure that includes a high-performance Web site for extranet or Internet. Second, we discuss the concept of content-distribution network (CDN) and how load balancers can be used to build content-distribution networks.
Enterprise Network
Figure 8.1 shows a high-level overview of different network components around an enterprise Web site. First, it starts with the edge router that connects to the Internet. A firewall is deployed after the edge router to protect the internal network. All the applications that include Web servers, FTP servers, and database servers are deployed inside the internal network. The switches in the internal network also connect to the local area network (LAN) infrastructure inside the enterprise that connects all the user desktop computers.
Figure 8.1: Enterprise network—high-level overview.
Utilizing the concepts we have already learned with load balancing, we can modify the enterprise network shown in Figure 8.1 to improve high availability, scalability, and manageability. First, we start by deploying two edge routers, and optionally use Internet connectivity from two different Internet service providers, as shown in Figure 8.2. We then deploy firewall load balancing with two or more firewalls, to scale the firewall performance and protect against a firewall failure, as shown in Figure 8.2. Even if we start with two firewalls, the load balancers will allow transparent addition of firewalls for future scalability without any service disruptions. In the original design shown in Figure 8.1, the entire internal network is in the same security zone from the firewall’s perspective. But in reality, there are two different types of access areas. The Web servers and FTP servers need a security zone or policy that allows access from outside clients. But no access must be allowed from outside clients to database servers, intranet servers, or the user desktop computers. To tighten the security further, we can deploy multizone firewall load balancing and move the Web servers and FTP servers to a demilitarized zone (DMZ), as discussed in Chapter 6. If one does not like or can’t get the firewalls with three-way interfaces necessary to deploy multiple security zones, one can also consider deploying two sets of firewall load-balancing designs with the DMZ in between. However, this increases the number of firewalls and the load balancers required.
108
Chapter 8: Application Examples
Figure 8.2: Enterprise network—introducing firewall load balancing and redundant edge routers.
Once we get past the firewall load balancing, we can now deploy server load balancing to improve server scalability, availability, and manageability. We can deploy an appropriate high-availability design from Chapter 4 both in the DMZ and also in the internal network for intranet servers. In Figure 8.3, we use the load-balancer pair on the inside to also perform server load balancing for Web servers. Running concurrent firewall load balancing and server load balancing in the same load balancer, as shown in Figure 8.3, requires a lot of sophisticated processing and intelligence in the load balancer. Load-balancing products vary in their support of this functionality. Some may perform only stateless firewall load balancing or lose the stateful failover capabilities in this type of design. One must check with the load-balancing vendor for the exact functionality supported. Nevertheless, running firewall load balancing and server load balancing in the same pair of load balancers reduces the number of load balancers required, but may require most powerful or sophisticated products. If we were to choose to use the multizone firewall load-balancing approach, we could use the load balancers in each zone to perform server load balancing too. Overall, this still represents a conceptual network diagram rather than a real network design, as a number of factors must be considered in real network design. For example, if the load balancer does not have enough ports to connect all the servers, or has a high cost per port, we can use additional Layer 2 switches to connect the servers, as shown in the high-availability designs in Chapter 4.
load balancing here coo.
Figure 8.3: Enterprise network—introducing server load balancing.
To improve the Web site performance further, we can deploy transparent-reverse proxy caching. If we consider the caching product safe enough to deploy outside the firewalls, we can attach it to the load balancers next to the edge routers, as shown in Figure 8.4. This allows the caches to frequently access static content and offloads all such traffic from the firewalls and the Web servers. If we do not consider the caches to be safe enough, we can deploy the caches on the load balancers that perform server load balancing in the DMZ or in the inside network. One has to evaluate the caching product for its security features and choose an appropriate deployment approach. In the design shown in Figure 8.4, the load balancers to the left of firewalls are
Previous << 1 .. 60 61 62 63 64 65 < 66 > 67 68 69 .. 70 >> Next