1 spring semester 2008, dept. of computer science, technion internet networking recitation #11 lsnat...
TRANSCRIPT
1Spring Semester 2008, Dept. of Computer Science, Technion
Internet NetworkingInternet Networkingrecitation #11recitation #11
LSNAT - Load Sharing NATLSNAT - Load Sharing NAT
(RFC 2391)(RFC 2391)
2
Internet Networking
MotivationMotivation
Make server load balancing on the Internet
Example:
• Many web clients want to get information from a popular web site.
• In order to make such a web site scalable, distribution between a group of servers is needed.
Candidate applications could be: Web browsers, remote login, file transfer, mail applications
3
Internet Networking
NAT (Reminding)NAT (Reminding)
Regularly, the source and destination IP remain unchanged while an IP packet is routed from the source to the destination
However there are cases when it is required to change the source and/or the destination IP address to a new one
Traditionally, NAT (Network Address Translation) were used to connect private networks domains to globally unique public domain IP networks
4
Internet Networking
NAT (Reminding)NAT (Reminding)
Basic NAT A method by which hosts in a private domain are allowed
access to hosts in the external network transparently A block of external addresses are set aside for translating
addresses of private hosts as the private hosts originate sessions to applications in external domain
(Private IP -> Global IP) Once binding done it remains in place for all subsequent
sessions originating from the same private host. It will be terminated when there are no more session to use this binding.
5
Internet Networking
NAT (Reminding)NAT (Reminding)
NAPT (Network Address Port Translation) A method by which hosts in a private domain are allowed
access to hosts in the external network transparently and simultaneously, using a single registered address
Made possible by multiplexing transport layer identifiers of private hosts into the transport level identifiers of the single assigned external address
(Private IP, port -> Global IP, port) Only TCP/UDP applications and ICMP queries are supported
by NAPT
6
Internet Networking
Load SharingLoad Sharing
Load sharing is defined here as the spread of session load amongst a cluster of servers which are functionally similar or the same
Once a node is assigned to service a session, that session is bound to that node till termination
Sessions are not allowed to swap between nodes in the midst of session
Load sharing may be applicable for all services or to be limited to one or more specific services
7
Internet Networking
Load Share NAT - OverviewLoad Share NAT - Overview
A client attempts to access a server by using the server virtual address
LSNAT router transparently redirects the request to one of the hosts in server pool, selected using a real-time load sharing algorithm
Multiple sessions may be initiated from the same client, and each session could be directed to a different host based on load balancing algorithm
Configuration on LSNAT could be defined to restrict load share for just few specific desired services
LSNAT is also applicable during individual server upgrades
8
Internet Networking
LSNAT LSNAT (Servers confined to a Stub Domain)(Servers confined to a Stub Domain)
Servers S1 (172.85.0.1), S2 (172.85.0.2), S3 (172.85.0.3) form a server pool, confined to a stub domain
Router runs LSNAT, with virtual server address (172.85.0.70)
When a client 198.76.29.7 initiates HTTP session to the virtual server, the LSNAT router examines the load on hosts in server pool and select a server to service the request
Transparent address and port translation performed by LSNAT router according to the diagram in the next slide
IP packets on the return path go through similar address translation
Servers in server pool can have a private addresses
9
Internet Networking
S1 S2 S3
LSNAT Router
172.85.0.1 172.85.0.2 172.85.0.3
s=198.76.29.7, 2745 d=172.85.0.70, 80
s=198.76.29.7, 2745 d=172.85.0.1, 80
s=198.23.47.2, 3200 d=172.85.0.70, 23
LAN
s=198.23.47.2, 3200 d=172.85.0.3, 23
LSNAT LSNAT (Servers confined to a Stub Domain)(Servers confined to a Stub Domain)
10
Internet Networking
LSNAT (with no Topological LSNAT (with no Topological Restraints on Servers)Restraints on Servers)
In this configuration, servers in the server pool can be located at different places
Now, the LSNAT router translates the client address and port in the packets with the address and port of the virtual server
As a result, there is no need to require servers to be under topological constraints
There is a limitations in this case to a number of session that such router is able to support concurrently - that is about 63K*2 sessions (per UDP/TCP).
Why not sending a “redirect” message to the client ?
11
Internet Networking
S1 S2 S3
LSNAT Router
132.68.15.27 172.85.0.2 148.85.15.25
s=198.76.29.7, 2745 d=172.85.0.70, 80
s=172.85.0.70, 7001 d=132.68.15.27, 80
s=198.23.47.2, 3200 d=172.85.0.70, 23
LAN
s=172.85.0.70, 7002 d=148.85.15.25, 23
LSNAT (with no Topological LSNAT (with no Topological Restraints on Servers)Restraints on Servers)
12
Internet Networking
Translation Phase in LSNAT RouterTranslation Phase in LSNAT Router
Session Binding – is the phase in which an incoming session is associated with the address of a host in server pool This association sets the translation parameters for all
subsequent datagrams of this session Each incoming session is dynamically bound to a different
host based on a load sharing algorithm Address lookup and translation
Source/Destination IP addresses and ports undergo translation according to the lookup table
TCP/UDP and IP header checksums should be also recalculated
13
Internet Networking
Translation Phase in LSNAT RouterTranslation Phase in LSNAT Router
Session Unbinding – is the phase in which a server node is no longer responsible for the session.
Session unbinding happen when the end of session is detected For appropriate closed TCP session the end could be detected
when FIN is acknowledged by both halves or when either half receives RST bit in TCP flags field
Otherwise (for UDP for example) timeouts are used to terminate idle session
14
Internet Networking
LSNAT Cons/ProsLSNAT Cons/Pros
Advantages: It can be installed without changes to clients or servers Changes in the server pool are transparent for clients
(Servers in the pool may be replaced, added, removed or upgraded)
Limitations: Inability to switch loads between hosts in the midst of
sessions Bounded to to NAT limitations
• Some of the applications must be dealt explicitly, since they have the source and destination addresses in their payloads (like ftp).
15
Internet Networking
Load Share AlgorithmsLoad Share Algorithms
Local load share algorithms: Assumption: all server pool members are at equal proximity
to LSNAT router Load distribution will be based solely on system load or
resource availability on remote servers Round-Robin algorithm Least Load first algorithm (number of session) Least Traffic first algorithm (traffic load) Least Weighted Load first approach (weights to session –
resource consumption and to hosts – resource availability) Load detection:
Ping to find the most responsive server Active Monitoring agent running on the servers
The LSNAT router must check periodically for each server that its alive.
16
Internet Networking
Load Share AlgorithmsLoad Share Algorithms
Distributed load share algorithms:
Server nodes are distributed geographically across different areas and cost to access them vary widely
We assume that all server pool members have equal resource availability
Weighted Least Load first algorithm:
combining cost of access to server and number of session assigned
Weighted Least traffic first algorithm
combining cost of access to server and the traffic load