Load Balancing and Server Selection - Equalizer Installation and Administration Guide

Equalizer’s support for Layer 7 content-sensitive load balancing enables administrators to define rules for routing

Introducing Equalizer

on information from the application layer. This provides access to the actual data payloads of the TCP/UDP packets exchanged between a client and server. For example, by examining the payloads, a program can base load-balancing decisions for HTTP requests on information in client request headers and methods, server response headers, and page data.

Equalizer’s Layer 7 load balancing allows administrators to define rules in the administration interface for routing HTTP and HTTPS requests according to the request content. These rules are called match rules. A match rule might, for example, route requests based on whether the request is for a text file or a graphics file:

• load balance all requests for text files (html, etc.) across servers A and B

• load balance all requests for graphics files across servers C, D, and E

• load balance all other requests across all of the servers

Match Rules are constructed using match functions that make decisions based on the following:

• HTTP protocol version; for HTTPS connections, the SSL protocol level the client uses to connect.

• Client IP address

• Request method (GET, POST, etc.)

• All elements of the request URI (host name, path, filename, query, etc.)

• Pattern matches against request headers

Match functions can be combined using logical constructs (AND, OR, NOT, etc.) to create extremely flexible cluster configurations. Please see “Using Match Rules” on page 207 for an overview of Match Rules, a complete list of match functions, and usage examples.

Geographic Load Balancing

The optional Envoy add-on supports , which enables requests to be automatically distributed across Equalizer sites in different physical locations. An Equalizer site is a cluster of servers under a single Equalizer’s control. A is a collection of sites that provide a common service, such as Web sites. The various sites in a geographic cluster can be hundreds or even thousands of miles apart. For example, a geographic cluster might contain two sites, one in the eastern U.S. and one on the U.S.’s west coast (Figure 1).

Geographic load balancing can dramatically improve reliability by ensuring that your service remains available even if a site-wide failure occurs. Equalizer can also improve performance by routing requests to the location with the least network latency.

Figure 1 Geographic cluster with two sites

Internet Envoy

Site A

Envoy Site B

Chapter 1: Equalizer Overview

Geographic Load Balancing Routing

Envoy routes each incoming request to the site best able to handle it. If a site is unavailable or overloaded, Envoy routes requests to the other sites in the geographic cluster. When you enable geographic load balancing, Envoy directs incoming client requests to one of the sites in the geographic cluster based on the following criteria:

• Availability: If a site is unavailable due to network outage, server failure, or any other reason, Equalizer stops directing requests to that site.

• Performance: Envoy tracks the load and performance at each site and uses this information to determine the site that can process the request most efficiently.

• Distance: Envoy notes the site that is closest to the client (in network terms) and offers the least network latency.

Distributing the Geographic Load

Envoy uses the Domain Name System (DNS) protocol¹ to perform its geographic load distribution. DNS translates fully-qualified domain names such as www.coyotepoint.com into the IP addresses that identify hosts on the Internet. For Envoy, the authoritative name server for the domain is configured to query the Equalizers in the geographic cluster to resolve the domain name. When Envoy receives a resolution request, it uses the load-balancing algorithms configured for the geographic cluster to determine the site that is best able to process the request and then returns the address of the selected site.

For example, the geographic cluster www.coyotepoint.com might have three sites (see Figure 2): one on the east coast of the U.S., one on the west coast of the U.S., and one in Europe. The servers at each site are connected to an Equalizer with the Envoy add-on installed.

Figure 2 Three-site geographic cluster configuration

When a client in California attempts to connect to coyotepoint.com:

Envoy Site B (West Coast USA)

Envoy Site A (East Coast USA) Internet

Envoy Site C (Europe)

Introducing Equalizer

1. The client queries its local DNS server to resolve the domain name (see Figure 3).

Figure 3 Client queries its local DNS for coyotepoint.com

2. The local DNS server queries the authoritative name server for coyotepoint.com (see Figure 4).

Figure 4 Client’s local DNS queries the authoritative name server for coyotepoint.com Envoy Site B

(West Coast USA)

Envoy Site A (East Coast USA) Internet

Envoy Site C (Europe) Client

(California, USA)

Client’s Local DNS

Authoritative DNS

for coyotepoint.com

Envoy Site B (West Coast USA)

Envoy Site A (East Coast USA) Internet

Envoy Site C (Europe) Client

(California, USA)

Client’s Local DNS

Authoritative DNS

for coyotepoint.com

Chapter 1: Equalizer Overview

3. The authoritative name server provides a list of Envoy-enabled Equalizer sites and returns this list to the client’s local DNS server (see Figure 5).

Figure 5 The authoritative name server for coyotepoint.com returns a list of delegates

4. The client’s DNS server sends a request for the IP address of coyotepoint.com to each Envoy site in the list until one of them responds.

5. The Envoy site contacted returns the IP Address of the virtual cluster best able to handle the client’s request.

(For an overview of how Envoy chooses the virtual cluster IP to return to the client’s DNS, see “Administering GeoClusters” on page 237.)

6. Finally, the client’s local DNS server returns the virtual cluster IP to the client, which then sends the request to the virtual cluster.

Envoy Site B (West Coast USA)

Envoy Site A (East Coast USA) Internet

Envoy Site C (Europe) Client

(California, USA)

Client’s Local DNS

Authoritative DNS

for coyotepoint.com

Adding Equalizer to Your Network

Equalizer is a versatile traffic management and application acceleration solution that is easily configured for your network. Equalizer models E350GX and above have 12 or more front panel network switch ports, are Virtual Local Network (VLAN) capable, and can be configured for tagged and untagged VLANs. Equalizer model E250GX has two front panel ports configured into two port based VLANs.

Equalizer E250GX Network Configuration

Equalizer model E250GX has two front-panel network interface ports configured into two untagged (or port-based) Virtual Local Networks (VLANs): the External Network VLAN and the Internal Network VLAN. Initial network configuration of Equalizer is performed over the serial port, where you assign an IP address to one or both of the network interface ports. The figure below shows the port configuration of an E250GX model Equalizer.

Figure 6 Equalizer E250GX default port configuration

The E250GX can be deployed in either a single network or a dual network configuration:

• In a single network configuration, all cluster IPs and server IPs are on the same subnet, and are connected to Equalizer using the Internal Interface Port; the External Interface Port is unused.

• In a dual network configuration, all cluster IPs are on one subnet connected to Equalizer using the External Interface Port, while servers are on another subnet connected to Equalizer’s Internal Interface Port.

Note – VLAN management capabilities were introduced in Version 8.6 of the Equalizer O/S software on Equalizer GX hardware. If you are running Version 8.6 or later on pre-GX Equalizer hardware (such as the ‘si-R’ hardware), the front-panel switches are managed as they were in Version 8.5 of the Equalizer software. Please refer to the Version 8.5 Installation and Administration Guide at docs.coyotepoint.com.

Serial Port

External Interface Port Internal Interface Port

Chapter 1: Equalizer Overview

Using Equalizer E250GX in a Single Network Environment

In single network mode, the client systems, servers, Intranet and/or Internet must all connect to Equalizer through the Internal Interface Port. Figure 7 shows an example.

Figure 7 Example single network configuration for Equalizer E250GX

Single network mode is often the simplest way to fit Equalizer into an existing network with minimal changes to the current network infrastructure. Certain protocols and applications that use dynamic port mapping or multiple TCP/

UDP ports may also work best in a single network environment.

As you can see in the example above, Equalizer’s internal IP, cluster IP, and all server IPs are located on the 192.168.0.x network, and communicate through the same switch. The switch, in turn, is connected to a router which is this subnet’s gateway to other subnets on the Intranet and Internet networks. The gateway or router that conects Equalizer’s subnet to the Intranet and Internet is assumed to perform all necessary NAT for external clients, so they can access Equalizer’s cluster IPs.

Internal clients can access the cluster IPs directly, and so may require selective SNAT on Equalizer or special routing on the servers to ensure that all server responses go through Equalizer.

Adding Equalizer to Your Network

Using Equalizer E250GX in a Dual Network Environment

In dual network mode, the client systems, Intranet, and Internet connect to Equalizer through the External Interface Port, while servers are connected to Equalizer through the Internal Interface Port. Figure 8 shows an example.

Figure 8 Example single network configuration for Equalizer E250GX

As you can see in the example above, Equalizer has a management IP and cluster IP on the 172.16.0.x network connected to the External Port, and all servers are located on the 192.168.0.x network on the Internal Port.

The External Port is connected to a router which is this subnet’s gateway to other subnets on the Intranet and Internet networks. The router is assumed to perform all necessary NAT for external clients, so that clients from outside the 172.16.0.x network can access Equalizer cluster IPs, and Equalizer uses the router as its default gateway.

Internal clients will require special routing to access the cluster IPs, and selective SNAT on Equalizer or special routing on the servers to ensure that server responses to internal clients go through Equalizer.

Chapter 1: Equalizer Overview

Equalizer E350GX, E450GX, E650GX Network Configuration

Equalizer models E350GX and above are Virtual Local Network (VLAN) capable devices. Initial network configuration of Equalizer is performed over the serial port, where you assign an IP address to the default management VLAN. Initially, ports 1 and 2 on the front panel are configured for the Default VLAN and all other ports are unassigned. The figure below shows the initial port configuration of an E350GX or E450GX model Equalizer, both of which have 12 front panel ports; the E650GX with 22 ports is configured similarly.

Figure 9 Equalizer E450GX default port configuration

The initial network configuration performed over the Serial Port assigns an IP address to Ports 1 and 2, and these ports are configured in an untagged Default VLAN with VID (VLAN ID) 1. Additional configuration is performed by logging into the graphical browser-based Administrative Interface on the Default VLAN IP address.

The VLAN Configuration Wizard leads you through the creation of three basic VLAN configurations:

• A single VLAN, the Default VLAN, for all management, cluster, and server IP addresses. This is similar to the single-network configuration supported in releases prior to 8.6 and on the E250GX.

• Two VLANs: the Default VLAN and the Internal VLAN. Each of the VLANs has a management IP, and can host clusters and servers. This is similar to the dual-network configuration supported in releases prior to 8.6 and on the E250GX.

• Three or more VLANs. The wizard exits to the VLAN Configuration tab, where you can set up as many VLANs as you require.

You can also create, modify, and delete VLANs using the VLAN Configuration tab. The following sections dscribe the three basic VLAN configurations; these basic configurations can be modified as needed to fit a variety of network topologies.

Serial Port

Default VLAN Ports (1 & 2)

Unassigned Ports (3 and above)

Adding Equalizer to Your Network

Using Equalizer E350/450/650GX in a Single VLAN Environment

In a “single VLAN” or “single network” environment, the client systems, servers, Intranet and/or Internet all connect to Equalizer through a single VLAN (in many configurations, this equates to a single subnet, but may be a segment of a subnet, depending on the network topology). This basic configuration is shown in the diagram below.

Figure 10 Example of an E450GX single VLAN configuration

Single VLAN mode is often the simplest way to fit Equalizer into an existing network with minimal changes to the current network infrastructure. Certain protocols and applications that use dynamic port mapping or multiple TCP/

UDP ports may also work best in a single VLAN environment.

In the example above, all of Equalizer’s ports have been configured for the same VLAN (the Default VLAN), which hosts the 192.168.0.0/24 subnet. Equalizer’s Management IP, cluster IP, and all server IPs are located on the

192.168.0.x network. Equalizer is connected to a router which is this subnet’s gateway to other subnets on the Intranet and Internet networks. The gateway or router that connects Equalizer’s subnet to the Intranet and Internet is assumed to perform all necessary NAT for external clients, so they can access Equalizer’s cluster IPs.

If desired, a separate VLAN can be configured for all cluster and server IPs, and the Default VLAN can be reserved for browser access to the Equalizer Administrative Interface and SSH access to the Equalizer console.

Internal clients can access the cluster IPs directly, and so may require selective SNAT on Equalizer or special routing on the servers to ensure that all server responses go through Equalizer.

Chapter 1: Equalizer Overview

Using Equalizer E350/450/650GX in a Dual VLAN Environment

In a dual VLAN environment, the external clients, Intranet, and Internet connect to Equalizer through one VLAN, while servers are connected to Equalizer through a separate VLAN. Figure 11 shows an example.

Figure 11 Example of an E450GX dual VLAN configuration

As you can see in the example above, Equalizer has a management IP and cluster IP on the 172.16.0.x network, and is connected to the router for that VLAN on Port 1; ports 3 and above are configured for the Internal VLAN which hosts all servers on the 192.168.0.x subnet.

The router is the Default VLAN’s gateway to other subnets on the Intranet and Internet networks. The router is assumed to perform all necessary NAT for external clients, so that clients from outside the 172.16.0.x network can access Equalizer cluster IPs; Equalizer uses the router as its default gateway.

If desired, a separate VLAN can be configured for all cluster IPs, and the Default VLAN can be reserved for browser access to the Equalizer Administrative Interface and SSH access to the Equalizer console.

Adding Equalizer to Your Network

Using Equalizer E350/450/650GX in a Complex VLAN Environment

The Figure below shows an example of configuring Equalizer into a complex VLAN environment where servers (and clients) are located on several separate VLANs:

Figure 12 Example of an E450GX complex VLAN configuration

In the example above, Equalizer has a management IP and cluster IP on the 172.16.0.x network, and is connected to the router for that VLAN on Port 1; ports 3 and above are individually configured to carry traffic for VLANs A, B, C, and D -- each of which hosts a different subnet.

For more information on configuring VLANs on Equalizer, please see Chapter 4, “Equalizer Network Configuration”.

Chapter 1: Equalizer Overview

Link Aggregation

Equalizer E350GX models and above are equipped with two Gigabit network interface cards that are teamed together using Link Aggregation to provide up to 2 Gigabits of throughput when redundant links are used. Link aggregation is always enabled and is managed by Equalizer; no administrative settings are necessary.

Using a Second Equalizer as a Backup Unit

You can configure a second Equalizer as a backup unit that will take over in case of failure. This is known as a failover or hot-backup configuration. The two Equalizers are defined as peers, the primary unit and the backup unit.

If the primary Equalizer stops functioning, the backup unit adopts the primary unit’s IP addresses (clusters) and begins servicing connections. In a failover configuration, the servers in a virtual cluster use a separate failover IP alias as their default gateway, rather than the IP address of the cluster or external port on a particular Equalizer. The failover alias migrates between the primary and backup unit as needed, automatically ensuring that the servers have a valid gateway in the event of a failure.

In a failover configuration, both the primary and backup Equalizers are connected to the same networks; the backup unit’s cluster and external ports must be connected to the same hubs or switches to which the primary Equalizer’s ports are connected. Figure 13 on page 36 shows a sample failover configuration.

Where Do I Go Next?

In the sample failover configuration above, there is no single point of failure. If a router goes down, the other router takes over; if a link fails, requests are routed through another link. In this dual network configuration, the Equalizers communicate over both the internal and external subnets. The connection shown between the Equalizers on the internal interface might not be necessary in a single network configuration, or if the Equalizers can communicate over the internal interface through an existing route.

The backup Equalizer monitors all traffic to and from the primary unit; both Equalizers periodically exchange status messages over the local area network. The Equalizers also exchange current configuration information. When you update the configuration on either machine, the configuration on its peer is automatically updated.

Should either Equalizer fail to respond to a status message probe, the other Equalizer begins a diagnostic cycle and attempts to contact its peer via the other network ports. If these attempts fail, the peer is considered to be down.

When the backup Equalizer determines that its failover peer is down, it initiates a failover process:

1. The backup Equalizer configures the virtual cluster aliases on the external port and sends out “gratuitous ARP”

packets that instruct any external-network routers to replace ARP table entries that point to the physical address of the failed Equalizer with the physical address of the backup unit.

2. The backup Equalizer configures a failover gateway alias on the port that is local to the servers.

• With no backup configuration, the servers use the IP address of the cluster or external port as their default gateway.

• In a hot-backup environment, the gateway address can migrate between the primary and backup unit.

This requires an additional address.

3. The Equalizer kernel changes from BACKUP mode to PRIMARY mode. The PRIMARY-mode Equalizer

In document Equalizer Installation and Administration Guide (Page 24-114)