introduction to serveriron adx application switching and ... · introduction to serveriron adx...

Introduction to ServerIron ADX Application

Switching and Load Balancing

Module 7: Global Server Load Balancing (GSLB)

Revision 0310

© 2009 Brocade Communications Systems, Inc.

All Rights Reserved. 2

Objectives

Upon completion of this module, the student will:

– Be able to understand the need for a GSLB

– Be able to define the GSLB policy

– Setup the ServerIron ADX as a DNS proxy

– Configure GSLB and Site information

– Define and use GSLB affinity settings



How Does Global Server Load Balancing Work

GSLB ServerIron ADX adds intelligence to authoritative DNS

– evaluates IP address

– best host for client is on placed on top of the returned DNS list

– sets DNS TTL – Local DNS has most current information

GLSB ServerIron ADX gathers information from Site/Remote

ServerIron ADXs:

– Local VIPs

– Session table statistics and CPU load

– Round Trip Time (RTT) between client and remote site

(Client’s TCP SYN and Client’s TCP ACK)

GSLB uses proprietary communication between Sites



Domain Name Server (DNS)

Defines a naming scheme for the Internet domain

Translates names into an IP address

Implemented as a distributed database

DNS names are constructed hierarchically

– sunc.scit.wlv.ac.uk

– www.brocade.com



DNS Hierarchical Structure 75_DNS_structure.png



Distributed Domain Database 75_Dist_Domain_DB.png



A Record (Address Record)

root@linux:~> dig www.brocade.com

;; QUESTION SECTION:

;www.brocade.com. IN A

;; ANSWER SECTION:

www.brocade.com. 3600 IN A 63.236.63.244

;; AUTHORITY SECTION:

brocade.com. 3600 IN NS ns1.sfj.pnap.net.

brocade.com. 3600 IN NS ns1.brocade.com.

brocade.com. 3600 IN NS ns2.sfj.pnap.net.

brocade.com. 3600 IN NS ns2.brocade.com.

;; ADDITIONAL SECTION:

ns1.sfj.pnap.net. 41909 IN A 216.52.1.1

ns1.brocade.com. 3600 IN A 63.251.100.12

ns2.sfj.pnap.net. 41909 IN A 216.52.1.33

<<truncated>>



Two types:

– Recursive - get me the best answer (most common)

• Example shown below

– Iterative - give me the answer or the next hop

DNS Request Types 75_DNS_requestTypes.png

www.example.brocade.com



Global Server Load Balancing (GSLB) Overview

GSLB operations:

Modes - [non] transparent, cache

Proxy DNS (Authoritative address is a VIP[s])

– GSLB ADX does contain an DNS server

– Provides caching and the ability to respond to A records

Two components in a GSLB configuration:

– GSLB ServerIron ADX “Front-ends” an authoritative DNS server(s)

– Remote sites can include a ServerIron ADX and a real server

Geographically separated authoritative DNSs can be front-ended

by two GSLBs or by one GSLB with Source-NAT

GSLB protocol is used to communicate between a GSLB ADX and

a remote ADX. (TCP port 182)



GSLB Features

Leverages existing DNS servers

Minimal disruption to existing network environment

Measures proximity to actual customers in the most accurate

manner

Ability to tolerate failures after DNS lookup is complete

Implemented on highest performing traffic management switch

Provides the most comprehensive global server load balancing with

or without using DNS



GSLB Example

Appear as one web site

to clients

Directs a client to the

nearest server for fastest

content delivery

Directs a client to the

best alternate server in

case of server outage

Provide transparent

backup in case of natural

disasters, power outages

SLB and GSLB

operations be single box

75_GSLB_example1.png





Just round-robin –

inefficient load balancing

Local DNS caches responses –

clients maybe sent to dead servers

No server health checks –

clients directed to dead servers

No proximity awareness –

clients can be sent to farthest server

DNS limitations (no GSLB) 75_DNS_limitations1.png

75_DNS_limitations2.png





HTTP Redirect limitations (no GSLB)

Works only for HTTP traffic

Requires different host names for each site

Could be redirected to an inoperable server

75_http_redirect_limitations.png



ServerIron ADX GSLB Direction to Functional Site 75_ADX_GSLB.png

Approach:

– Directs client to optimal site

– Front-end the authoritative DNS Server

– Transparently modify the DNS

response based on server and

application availability

– Authoritative DNS server can be

located remotely

Results in:

– Leveraging existing DNS servers

– Easy to configure and manage

– Minimal disruption to existing DNS

servers



Site Selection Criteria

Default evaluation order:

1. Server Health

2. ServerIron ADX session capacity threshold

3. Round Trip Time between the remote ServerIron ADX

and the DNS client

4. The geographic location of the server

5. ServerIron ADX available session capacity

6. FlashBack speed

7. Least Response selection / Round Robin



1. Server Health

Client opens browser and requests www.brocade.com

Authoritative DNS passes a Round Robin response with 3 addresses through the GSLB ADX

ADX sends health checks based on application port to each of these addresses

75_1_serverHealth1.png

75_1_serverHealth2.png



GSLB ServerIron ADX gathers session info using GSLB Protocol with the remote ServerIron ADXs.

ServerIron ADX(config)# show gslb site

ServerIronTE: sunnyvale

ServerIron slb-1 209.157.22.209

State: CONNECTION ESTABLISHED

Current num. Session CPU load Location

Sessions Util% (%)

500000 50 35 N-AM

Virtual IPs: 209.157.22.227(A)

ServerIron ADX(config)# Show gslb site

ServerIronTE: Tokyo




Sessions Util% (%)

750000 75 41 N-AM

Virtual IPs: 209.157.22.227(A)

2. Session Capacity Threshold

The GSLB learns from each remote

ServerIron ADX shows the maximum

number of sessions and the number of

available session via GSLB

Default Session Capacity Threshold:

90%. i.e. If the current number of

sessions has not reached 90% of the

supported total, the site is eligible for

being selected as the “best” site

75_SessionCapacityThreshold.png



3. Round-Trip Time (RTT)

A site is favored by GSLB only if the RTT difference is more than 10% (default).

75_3_RTT.png



4. Geographic Location of the Server

IP Addresses are allocated in blocks to

different continents

Based on the client IP address, ServerIron

ADX picks the web site ensuring that

requests stay in continental domains

This approach cannot differentiate IP

addresses within a continent

75_4_geoLocation_ofServer.png




ServerIronTE: Tokyo




Sessions Util% (%)

800000 75 41 N-AM

Virtual IPs: 209.157.22.227(A)

5. Available Session Capacity

10% Capacity tolerance by default – The first ServerIron ADX is preferred over the second ServerIron

ADX because the difference (200,000) is greater than 10% of 1 million.

– If another ServerIron ADX with 900,000 sessions was available, it would be equally preferable with the first ServerIron ADX because 10% difference is less that threshold.






Sessions Util% %)

1000000 50 35 N-AM

Virtual IPs: 209.157.22.227(A)

75_AvailableSessionCapacity.png



6. FlashBack

FlashBack measures the roundtrip time between the

ServerIron ADX in front of authoritative DNS and each

other site (Basically, the Health Check Time)

FlashBack serves as a starting point for network

responsiveness and proximity information

Uses tolerance value when comparing FlashBack

speeds.

10% difference by default

75_6_flashBack1.png

75_6_flashBack2.png



7a. Least Response Selection (Default)

75_leastResponseSelection.png



7b. Round Robin Selection 75_RoundRobinSelection.png



GSLB Affinity

Allows preference of one site over all others as long as the server

is HEALTHY

Other sites used for backup

IP address based

– Preference affinity - affinity definition associated with client’s IP

address - prefix (144.10.0.0/16)

– Configured default affinity - 0.0.0.0/0

Up to 50 affinities



Site ServerIron ADX – Affinity Configuration

ServerIron ADX(config)# gslb affinity

ServerIron ADX(config-gslb-affinity)# prefer denver slb-1 for 0.0.0.0/0

ServerIron ADX(config)# gslb policy

ServerIron ADX(config-gslb-policy)# preference

Prefer Denver over all other sites

Turns on policy

75_affinityConfig.png



Site ServerIron ADX – Affinity (Cont.)

Always prefer Denver for prefixes = 144.10.0.0/16

Always prefer London for prefixes = 144.20.0.0/16

(Disabled by default)

75_affinityConfig2.png



GSLB Administrative Preference

The administrative preference allows the following:

– Temporarily change the preference of a site to accommodate changing

network conditions

– Temporarily disqualify a site ServerIron ADX from being selected,

without otherwise changing the site’s configuration or the GSLB

ServerIron ADX’s configuration

– Bias a GSLB ServerIron ADX that is also configured as a site

ServerIron ADX (for locally configured VIPs) to always favor itself as

the best site

Syntax: [no] si-name [<name>] <ip-addr> [<preference>]



show gslb default / show gslb policy

SW-ServerIron ADX_A(config)# show gslb policy

Default metric order: ENABLE

Metric processing order:

1-Server health check

2-Remote ServerIron's session capacity threshold

3-Round trip time between remote ServerIron and client

4-Geographic location

5-Remote ServerIron's available session capacity

6-Server flashback speed

7-Least response selection

DNS active-only: DISABLE DNS best-only: DISABLE DNS override: DISABLE

DNS cache-proxy: DISABLE DNS transparent-intercept: DISABLE

DNS cname-detect: DISABLE Modify DNS response TTL: ENABLE

DNS TTL: 10 (sec), DNS check interval: 30 (sec)

Remote ServerIron status update period: 30 (sec)

Session capacity threshold: 90% Session availability tolerance: 10%

Round trip time tolerance: 10%, round trip time explore percentage: 5%

Round trip time cache prefix: 20, round trip time cache interval: 120 (sec)

Flashback appl-level delay tolerance: 10%, TCP-level delay tolerance: 10%

Connection load: DISABLE



GSLB ServerIron ADX Configuration Steps

1. Add real server definitions

2. Add VIP

3. Identify the sites

4. Identify the ServerIron ADXs at the site

5. Identity the DNS zones

6. Identify the host applications with each host

7. Add a source-ip address



Configuration Example (1 of 3) 75_ConfigExample.png



Configure DNS Proxy Parameters

– Configure a source IP address The source IP address is required so

that the GSLB ServerIron ADX can perform Health Checks on remote

devices

Add a real-server definition for the DNS

Add a VIP for the DNS and bind the real server and virtual server.

ServerIron_SanJose(config)# server source-ip 209.157.23.225 255.255.255.0 0.0.0.0

ServerIron_SanJose(config)# server real-name dns_ns 209.157.23.46

ServerIron_SanJose(config-rs-dns_ns)# port dns proxy

ServerIron_SanJose(config)# server virtual-name dns-proxy 209.157.23.87

ServerIron_SanJose(config-vs-dns-proxy)# bind dns dns_ns dns

Configuration Example (2 of 3)

This Real Address is one of

the actual Name Servers This VIP is what the “world” thinks

is the Auth. Name Server



Configuration Example (3 of 3)

Configure Site Parameters

– Specify the sites and the ServerIron ADXs within the site

Configure Zone Parameters

– Specify the Zones and the host names within the zones

ServerIron ADX(config)# gslb site sunnyvale

ServerIron ADX(config-gslb-site-sunnyvale)# si-name slb-1 209.157.22.209

ServerIron ADX(config-gslb-site-sunnyvale)# si-name slb-2 209.157.22.210

ServerIron ADX(config)# gslb site Tokyo

ServerIron ADX(config-gslb-site-Tokyo)# si-name slb-1 192.108.22.111

ServerIron ADX(config-gslb-site-Tokyo)# si-name slb-2 192.108.22.112

ServerIron ADX(config)# gslb dns zone-name brocade.com

ServerIron ADX(config-gslb-dns-brocade.com)# host-info www http

ServerIron ADX(config-gslb-dns-brocade.com)# host-info ftp ftp

Site

Parameters

Zone

Parameters



show gslb site (1 of 2)



ServerIron: slb-1 209.157.22.209:

state: CONNECTION ESTABLISHED

Current num. Session CPU load Preference Location

sessions util(%) (%)

500000 50 35 128 N-AM

Virtual IPs:

209.157.22.227(A) 209.157.22.103(A)

ServerIron: slb-2 209.157.22.210:

state: CONNECTION ESTABLISHED

Current num. Session CPU load Preference Location

sessions util(%) (%)

1 0 16 128 N-AM

Virtual IPs:

209.157.22.227(S)



show gslb dns zone

ServerIron ADX# show gslb dns zone

ZONE: b.c

HOST: a:

Flashback DNS resp.

delay selection

(x100us)

counters

TCP APP Count (%)

* 4.4.4.11: dns v-ip DOWN N-AM -- -- 6 (26%)

* 1.1.1.11: dns v-ip ACTIVE N-AM 0 0 6 (26%)

* 2.2.2.11: dns v-ip DOWN N-AM -- -- 6 (26%)

* 3.3.3.11: dns real-ip DOWN N-AM -- -- 5 (21%)

IP addresses associated with a host name in a DNS Reply. These are the

servers that contain the content for the host.



show gslb dns detail

ServerIron ADX(config)# show gslb dns detail

ZONE: brocade.com

HOST: www:

Flashback DNS resp.

delay selection

(x100us) percentage

TCP APP (%)

* 209.157.22.227: dns v-ip ACTIVE N-AM. 6 60 40

site: sunnyvale, ServerIron: slb-1 (209.157.22.209)

session util: 0%, avail. sessions: 524287

preference: 128

HOST: ftp:

Flashback DNS resp.

delay selection

(x100us) percentage

TCP APP (%)

* 209.157.22.103: dns v-ip ACTIVE N-AM. 6 60 40

site: sunnyvale, ServerIron: slb-2 (209.157.22.210)

session util: 7%, avail. sessions: 414287

preference: 128



Remote Show - rshow

SW-GSLB(config)# rshow 133.100.10.2 server real

Requesting real server 133.100.10.2....

Type Control-c to abort

Real Servers Info

========================

State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,

UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete

Name : rs1 Mac-addr: 0010.e000.f518

IP:10.10.10.202 Range:1 State:Active Wt:0 Max-conn:1000000

Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas

---- -- -- ------- ------- ------- ------- -------- -------- ----

http ACT 0 0 2 240 153 293814 17852 0

default UNB 0 0 0 0 0 0 0 0

Server Total 0 2 240 153 293814 17852 0

Management address of site ServerIron ADX

GSLB

Lab 7-1



Lab 7-1: GSLB



Modifying DNS Parameters

Deleting sites that fail health checks

Retain ‘best’ address only

Verification of DNS records

Time-To-Live value

DNS override

DNS Cache Proxy



Delete Sites that Fail Health Checks


ServerIron ADX(config-gslb-policy)# dns active-only

Syntax: [no] dns active-only



‘Best’ Address Only


ServerIron ADX(config-gslb-policy)# dns best-only

Syntax: [no] dns best-only



Verification of DNS Records


ServerIron ADX(config-gslb-policy)# dns check-interval 50

Syntax: [no] dns check-interval <num>

GSLB SI periodically (default 30”) sends DNS Queries to the Auth DNS

to verify Zone/Host and IP address info with the Auth. DNS server.



Time-To-Live Value


ServerIron ADX(config-gslb-policy)# dns ttl 45

Syntax: [no] dns ttl <num>

By default, the GSLB SI resets the TTL to 10” to ensure the clients

always get the “best” site.



DNS Override (Proxy Server)

ServerIron ADX(config)# gslb dns zone brocade.com

ServerIron ADX(config-gslb-dns-brocade.com)# host www http

ServerIron ADX(config-gslb-dns-brocade.com)# host www ip-list

209.157.23.59

Syntax: host <host-name> ip-list <ip-addr...>

GSLB SI overrides the IP addresses with the IPs configured on itself

for a given host received from the Auth DNS.



Enable DNS Override


ServerIron ADX(config-gslb-policy)# dns override

Syntax: [no] dns override



DNS Cache Proxy


ServerIron ADX(config-gslb-policy)# dns cache-proxy

Syntax: [no] dns cache-proxy

When DNS cache proxy is enabled, the GSLB ServerIron caches the IP

addresses for the requested domain, and responds to the client with the best

address among the ones that are cached, without forwarding the request to

the DNS server.

GSLB without a DNS server

Lab 7-2



Lab 7-2: GSLB without a DNS server

End of Module 7: Global Server Load Balancing

(GSLB)

Revision 0310

introduction to serveriron adx application switching and ... · introduction to serveriron adx...

Documents