Sie sind auf Seite 1von 11

Project Report for UT Starcom

HOUSTON TECHNOLOGIES LTD

CUSTOMER DATE Version/Revision

UT Starcom June 01,2010 1.0/0

Sub: Project Report for UT Starcom Load Balancer solution to be implemented in BSNL Dear Sriram This is further to our discussion we had regarding the project report for Load Balancer for BSNL Multiplay. In adherence to our discussion Houston Technologies proposes the following project report

Kindly feel free to revert to the undersigned for any clarification or further information Houston Business Contact

NAME

Phone Number

E-mail

Santosh Singh

+91-9582262270

santoshs@houstontechnologies.com

Contents
1) Houston Technologies Overview. 2) Objective 3) Description i. Server Load balancing Overview ii. Content Filtering Overview 4) Challenge 5) Proposed Solution 6) Implementation i. Physical Implementation ii. Configuration Details a) Switch Configuration b) ACE Configuration 7) Dependencies 8) Sign Off

Objective: To integrate the Server Load balancers with BSNL MPLS network and to load balance the traffic between 4 Netsweeper servers. Description: Server Load balancing Overview Server load balancing is a technique to distribute workload evenly across two or more servers, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload. There are 4 Netsweeper servers at each location i.e. Banglore, Pune and Chennai. The purpose of the deploying these load balancers is to load balance the internet traffic coming from BSNL Multiplay VRF towards these Netsweeper Servers. Content Filtering Overview Content filtering in an ISP cloud describes an implementation model where the content filter is invisible to the clients. A content filtering device works by intercepting network traffic, at a network egress point typically destined from internet. The content filter accepts the incoming TCP connection from the web browser and returns the requested content as per the content filtering policy. If it determines that the request is blocked from an object/URL it issues a sorry webpage to the client. This process is transparent to the web browser, requiring no special configuration.

Challenge In order to scale up to the high volume of internet traffic, the content filtering server farm will typically be deployed with multiple content filtering devices. The client request is transparently intercepted and redirected to the content filtering farm by SLB (Server load balancer). The main challenges for this deployment are 1 Optimizing Content Filter performance 2 Providing high throughput 3 Protecting the content filtering devices from overload 4 Providing uninterrupted access to internet The SLB has to distribute the traffic to the content filter server farm without changing the source and destination IP address of the packet. In a typical load balancing deployment SLB would be inline to the traffic flow.

Proposed Solution The Cisco ACE supports load balancing transparent content filtering devices. The Cisco ACE provides several load-balancing methods depending on how you want to distribute data over content filter server farm. If all content filter servers are unavailable, the Cisco ACE allows all client requests to progress to the internet router. The network diagram and traffic flows for this solution are shown below.

The Catalyst 6500 provides the routing function between the client network and the internet. Internet bound traffic from the client network arrives on VLAN 300 and exits on VLAN 301. The Catalyst 6500 is uplinked to BSNL PE Multiplay VRF and INET VRF.BGP is configured on both the uplinks. A default route is received from the INET VRF through BGP. The default is then advertised to the Multiplay VRF. Hence all the traffic coming to Multiplay VRF is directed to 6500 which then further sends it to the Internet. PBR is implemented on 6500 to redirect only HTTP traffic towards the next hop ip of ACE LB. The 6500 is also configured to advertise the local PBR next hop and receive the remote PBR next hops from the other 3 locations. Also multi-tracking option is implemented on PBR to track the availability of ACE VIP.In the event of the VIP becoming unavailable the PBR is configured to route the traffic to alternate next hop IP. The Cisco ACE (part of 6500) is load balancing content filters on VLAN 401 and uses the catalyst 6500 as its default gateway on VLAN 400. The Cisco ACE load balances the traffic across the content filter server farm transparently by performing a L2 rewrite and retains the destination IP address of the packet.

C ta s a ly t C n lie t N tw rk e o

60 50 In rn t te e

VA L N

30 0

1
VA L N 40 0

VA L N

31 0

Cc AE is o C
VA L N 41 0

Content filters process the web tent Filteringand determine to forward it to origin web server C n request o or drop it. In case of forwarding itServers to origin web server, content filters forwards the traffic to ACE (which is default gateway of content filters i.e. VLAN 401) and ACE forwards it to catalyst 6500 (which is default gateway of Cisco ACE i.e. VLAN 400) ACE Design. Below are the steps for configuring Cisco ACE for load balancing content filters 1 Virtual IP address: The VIP address typically is a catch-all address with a specific L4 port which is port 80 in this case. 2 Predictor Algorithm : in order to optimize content filters , typical predictor that can be used is predictor hash URL 3 Load Balancing Policy: A Layer 4 class-map can be configured so that request can be load balanced among multiple content filter servers. 4 Probes: in order to verify the correct function of content filters, HTTP & TCP probes in fail-on-all combination can be used. HTTP probes can be configured to request a web page from internet web site via content filter server to determine if they are working as desired. Back up server farm : To help ensure uninterrupted service if all the content filter servers fail, a backup server farm that transparently forwards traffic to the catalyst 6500 on VLAN 400 can be configured. Implementation Implementation consists of two stages. I) Physical Installation of the switch II) Configuration Details

Physical Implementation Following are the requirements for Physical Installation A) Rack Space: Rack Space for 6503 Switch ( 4 RU).Below are the Rack requirements. The width of the rack, measured between the two front mounting strips, must be 17.75 inches (45.09 cm). The depth of the rack, measured between the front and rear mounting strips, must be at least 19.25 inches (48.9 cm) but not more than 32 inches (81.3 cm). The rack must have at least 7 inches (17.8 cm) (4 RU) of vertical clearance to insert the chassis. Chassis height is measured in rack units (RU). B) Electrical Requirement : 2 No's 1400 W AC Configuration Details This configuration consists of 2 parts A) Switch Configuration B) ACE Configuration SWITCH Configuration A) IP Addressing of the switch. Both the management port and interface IP addressing. B) Create 4 vlans. Vlan 300 - Internet bound Traffic from BSNL Multiplay VRF enters the switch Vlan 301 - Internet Bound traffic after getting load balanced/filtered by Netsweeper servers exits for Inet VRF. Vlan 400 - This acts as a gateway for Load Balancer Vlan 401 - The Cisco ACE (part of 6500) is load balancing content filters on VLAN 401 The command to be entered for creating Vlan is Switch(config)# vlan 300 C) Now on the Switchport which connects the router and the switch for the Multiplay VRF. Enter the Switchport command & make the port part of Vlan 300 by entering the following command. Switch(config-if)# switchport mode access

Switch(config-if)# switchport negotiate Switch(config-if)# switchport access vlan 300 D) Similarly the port that connects the switch with Inet VRF of PE router needs to be made part of the VLAN 301. E) Now configure BGP on this device with following commands. Two eBGP neighbors are to be configured. Router BGP AS number Neigh x.x.x.x ( IP address of PE routers Multiplay VRF) remote-As ( AS number of PE router). Neigh x.x.x.x ( IP address of PE routers Multiplay VRF) Defaultinformation originate. Neigh x.x.x.x ( IP address of PE routers Inet VRF) remote-As ( AS number of PE router). F) G) H) I) Configuration of Policy-Based routing and Failover. Now create Two extended Access-List First Access-list matches HTTP i.e. port 80 traffic. Second access-list matches all other traffic The commands to be used are IP access-list extended Internet Permit tcp 0.0.0.0 255.255.255.255 any eq 80 IP access-list extended REST Permit ip any any

J) Now create a route-map Internet. In this route map call the access-list Internet and set the next hop as virtual IP of the load balancer. After this call Access-list Rest and set the next hop IP as the Internet Vrf of the PE router. Rtr 1 Type echo protocol ipicmpecho x.x.x.x ( IP address of VIP of ACE) Exit Rtr schedule 1 life forever start-time now Track 123 rtr 1 reachability Delay up 60 down 30 exit route-map Internet permit 10 Set Ip next-hop verify reachability track 123 match ip address internet set ip next-hop x.x.x.x ( ACE virtual IP) match IP address rest set next-hop x.x.x.x ( IP address of Inet VRF) K) After the BGP has been configured we need to go on the interface through which the PE router is connected and enter the following command.In this case the interface will be VLAN 300. ip policy route-map internet

Part II) Configuring the ACE A) Now first configure the IP address of the 4 servers to the following i) ii) iii) iv) First Server 172.16.1.2 255.255.255.248 Second Server - 172.16.1.3 255.255.255.248 Third Server - 172.16.1.4 255.255.255.248 Fourth Server 172.16.1.5 255.255.255.248 interface Vlan 401 ip address 172.16.1.1 255.255.255.248 C) D) E) F) Now all the servers should be part of this VLAN. Now we need to create VIP address on the Load balancer. Now we need to decide the predictor (Load Balancing Method). Now we need to configure the Real Server and create Server farm on the ACE. The following commands need to be entered.

B) create a Vlan Interface

host1/Admin(config)# rserver SERVER1 host1/Admin(config-rserver-host)# ip address 172.16.1.2 host1/Admin(config-rserver-host)# inservice host1/Admin(config)# rserver SERVER2 host1/Admin(config-rserver-host)# ip address 172.16.1.3 host1/Admin(config-rserver-host)# inservice host1/Admin(config)# rserver SERVER3 host1/Admin(config-rserver-host)# ip address 172.16.1.4 host1/Admin(config-rserver-host)# inservice host1/Admin(config)# rserver SERVER4 host1/Admin(config-rserver-host)# ip address 172.16.1.5 host1/Admin(config-rserver-host)# inservice host1/Admin(config)# serverfarm SFARM1 host1/Admin(config-sfarm-host)# predictor ( Predictor needs to be decided) host1/Admin(config-sfarm-host)# rserver SERVER1 host1/Admin(config-sfarm-host-rs)# inservice host1/Admin(config-sfarm-host)# rserver SERVER2 host1/Admin(config-sfarm-host-rs)# inservice host1/Admin(config-sfarm-host)# rserver SERVER3 host1/Admin(config-sfarm-host-rs)# inservice host1/Admin(config-sfarm-host)# rserver SERVER4 host1/Admin(config-sfarm-host-rs)# inservice

Dependencies ( Following are the pre-requisites before installation can commence) 1) Rack Space for 6503 Switch ( 4 RU).Below are the Rack requirments. The width of the rack, measured between the two front mounting strips, must be 17.75 inches (45.09 cm). The depth of the rack, measured between the front and rear mounting strips, must be at least 19.25 inches (48.9 cm) but not more than 32 inches (81.3 cm). The rack must have at least 7 inches (17.8 cm) (4 RU) of vertical clearance to insert the chassis. Chassis height is measured in rack units (RU). 2) Power supply - 2 No's 1400 W AC 3) 2 Ethernet Cables needed to connect the Router and Switch 4) IP Addressing: We need IP addressing scheme for 4 Vlans' i.e 3 sets of /29 Addresses will be required & 1 /28 subnet is required for the VLAN catering to 4 Netsweeper servers. Along with that we will need a host or /32 Address for management port. 5) The eBGP neighborship needs to be formed between a) 6500 switch and PE router's Multiplay VRF- we need the IP address and AS number b) 6500 Switch and PE routers Inet VRF - we need the IP address and AS number, also the PE router needs to announce a default route to this neigh. 6) We need to decide on the predictor algorithm in consultation with the client. The options are I. II. III. IV. V. VI. Round-Robin Least Connections Hash Address Hash Cookie Hash URL Hash Header

Sign Off To demonstrate the complete solution i.e Load Balancing plus Failover capability we need atleast 2 functional sites. However we can demonstrate the load balancing capability be showing the output of SHOW LOADBALANCE command on the switch with the ACE module even with one functional site.