Virtual Network and Web Services An Update Thomas Finnern (DESY IT / Systems and Operations) Thorsten Witt (DESY IT / Communication Networks) HEPi. X Spring 2010 @ Lisbon, Portugal
Application Delivery Networking > Secure § Network Security Policies § Filtering > Fast § Proxy § Server Farms > Available Users Application Delivery Network § Server cluster § Load Distribution > Since 2003 The Solution Mobile Phone Applications CRM Database Siebel BEA PDA Legacy. NET Laptop SAP People. Soft IBM Desktop ERP SFA Custom Co-location Thomas Finnern | Virtual Network and Web Services | Page 2
Cross Functional Collaboration > Networking > Application Architect > Operations > Security Stakeholders Application Architecture Operations Network Guy Security Thomas Finnern | Virtual Network and Web Services | Page 3
Outline of Talk > Intro: § Application Delivery Networking § Cross Functional Collaboration > Part I: Load Balancer § Work Done § Technical Features § Modes of Operation > Part II: Application Examples § Active Services § DESY WEB Page § IT Status Monitor > Outlook and Conclusions Thomas Finnern | Virtual Network and Web Services | Page 4
Part I: The Load Balancer F 5 Viprion Blade Cluster Things Done Since 2008 The Architecture
Work Done, Planned and In Progress > Updates 9. x -> 10. 0 -> 10. 1 § Live Upgrade § Still Unix System with GUI and CLI § ssh login, crontab, . . . > Migration Old -> New > Redesign Services § Proxy. Pass. Site with Remote Editable Config Table § Integration of Content Management System § 100 % Monitoring with „Dynamic Out Of Service Page“ Thomas Finnern | Virtual Network and Web Services | Page 6
Version 10 Software > New Evaluation Licensing § Virtual Machine with F 5 Functionality > Application Templates > Administrative/GUI Enhancements > CMP Extensions > Dash Board > Logical Volume Manager > Fast. HTTP Profile Extensions > i. Rule Extensions > TMSH for LTM/GTM § Fast syslog > Multiple Routing Domains § Geo-IP Locator § Overlapping IP-Ranges § “Machine readable“ qkview > Passive (In-Band) Monitoring > Live Installation > IPv 6 internal Communication > > Module Provisioning > Various GUI Extensions: • Login-Page • Reboot/Logout/Timeout/Disclaimer • Forced Offline IPv 6 external Gateway ! Thomas Finnern | Virtual Network and Web Services | Page 7
Overall Connection Block Diagram Clients Server-Pools Network Infrastructure Office-Switches Core-Router CC-Switches Mobile Phone PDA 10 -100 Mbit/s 1 Gbit/s 10 Gbit/s Laptop 10 Gbit/s Desktop Load-Balancer Application Server Co-Location Thomas Finnern | Virtual Network and Web Services | Page 8
Technical Features Server Side TCP Express Client Side One. Connect TCP Proxy Compression XML 3 rd Party Traffic. Shield Caching SSL TCP Express Client Rate Shaping Microkernel Web. Accelerator Unique TMOS Architecture i. Rules High Performance Hardware > Hardware § ASIC for Layer 3 + 4 > Software § TMOS i. Control API > TMOS traffic plug-ins > High-performance networking microkernel > Powerful application protocol support > i. Control – External monitoring and control > i. Rules – Network programming language Thomas Finnern | Virtual Network and Web Services | Page 9 Server
Operation Mode “Dumb Service” > F 5 Secure Network Address Translation SNAT = on § Server sees F 5 Switch as Client > No Server Change Client System > All Service Traffic handled by F 5 Switch Other System NAT > HTTP header insert § E. g. Client Address Standard Router § As X-Forwarded-For SNAT GW Server System Thomas Finnern | Virtual Network and Web Services | Page 10
Operation Mode “Smart Service” > F 5 Network Address Translation NAT = on > Server Changes: § Default Route to F 5 Switch Client System § F 5 Relaxed IP Binding on GW-Proxy > Limitations § Server must be on F 5 connected network (GW) NAT > Multiple Services Possible Standard Router > For DMZ and Extra F 5 Subnet > (Almost) All Traffic handled by F 5 Switch Other System GW > Our new favorite Server System Thomas Finnern | Virtual Network and Web Services | Page 11
Part II: Application Examples Overview DESY WEB Page (DESY IT / Information Fabrics) DESY State Info System (DESY IT / Systems and Operations)
Virtual Server, Performance and Network Map Thomas Finnern | Virtual Network and Web Services | Page 13
Top Statistics Over One Month | bits since ACTIVE lb-198 -220. desy. de VIRTUAL ip: port none: any bits in prior | current | BIG-IP | Mar 9 16: 01: 44 | 5 seconds | |---In----Out---Conn-| 647. 6 G 566. 8 G 4. 290 M 8. 452 M 27. 20 M time 14: 25: 59 138 |---In----Out---Conn-|-Nodes Up-470. 8 G 8. 496 M infoscreen. desy. de: ht 7. 265 G 302. 0 G 91376 272448 0 0 1 3404 245904 10. 98 M 0 2 www. desy. de: http 7. 416 G 137. 1 G 256425 351680 15. 66 M 5 1 none: any 51. 87 G 215040 183153 7. 098 M 0 10 1 wof-hasylab. desy. de: h 4. 646 G 37. 77 G 148096 856472 4. 353 M 13 2 none: any 37. 05 G 30. 13 M 244119 508808 640 3 1 indico. desy. de: https 1. 132 G 30. 56 G 7264 0 2 it-news. desy. de: http 28. 41 G 2. 876 G 443636 938664 168552 24 3 0 2 ip-console-vs. desy. de 10. 36 G 10. 68 G ics. desy. de: http 3. 905 G 3. 247 G wof-xfel-eu. desy. de: h 257. 6 M 6. 424 G NODE ip: port 41830 10 8944 0 0 3064 202152 169104 20313 320 0 2 |---In----Out---Conn-|--State---- rt-248 -16. desy. de: any 470. 8 G 0 0 UP it-news 02. desy. de: htt 4. 188 G 152. 2 G 385006 70016 1. 934 M 9 UP it-news 01. desy. de: htt 4. 236 G 152. 1 G 396351 75880 1. 600 M 8 UP 1. 988 G 72. 26 G 100105 346712 15. 40 M 2 UP web 2. desy. de: http 0 91376 264008 wofzeoc 7. desy. de: http 2. 622 G 69. 56 G 150929 27952 781408 4 UP rt-40 -16. desy. de: any 51. 86 G 0 179544 4. 247 M 0 9 UP FW-5 -15. desy. de: any 37. 06 G 14. 14 M 241541 509448 0 3 UP 58936 484080 0 UP 2. 069 G 26. 58 G 103313 281736 2. 202 M 7 UP it-indico 1. desy. de: ht 1. 110 G 31. 43 G wofdb. desy. de: http ip-console 3. desy. de: a 10. 39 G 10. 71 G wof 2. desy. de: http 970. 4 M 17. 54 G 41540 0 0 UP 61640 373360 3. 303 M 10 0 6 UP Thomas Finnern | Virtual Network and Web Services | Page 14
Virtual Services and Pooling > Virtual Service > Pooling § Proxy with IP-Number + Port § Multiple Machines/Ports § Certificate § Monitoring § Scripting Redirect Editing (stream) Mapping … § Persistence to Pool Members § SSL Offloading § RAM-Caching § Optimizing Ping Service Monitoring § Opt. Remote Control § By Remote Flag Files § Port Mapping § Load Balancing In Band Load Round Robin Number Connections … http-Protocol (One. Connect) Thomas Finnern | Virtual Network and Web Services | Page 15
Example Configuration > www. desy. de with Proxy. Pass. Site > CLI Configuration: virtual web-http-service { > infoscreen. desy. de with Fast HTTP Profile > CLI Configuration: virtual it-infoscreen-http-service { pool wofzms-http-pool snat automap destination 131. 169. 40. 41: http pool it-infoscreen-pool ip protocol tcp destination 131. 169. 5. 220: http rules Proxy. Pass. DESY ip protocol tcp profiles { profiles fasthttp_snat {} http {} } stream {} pool it-infoscreen-pool { tcp {} } lb method member least conn min active members 1 } monitor all http_80_desy virtual web-https-service { members { pool wofzms-https-pool 131. 169. 5. 76: http { destination 131. 169. 40. 41: https priority 5 ip protocol tcp } rules Proxy. Pass. DESY 131. 169. 5. 130: http { profiles { priority 5 http {} serverssl_desy { } } serverside } stream {} tcp {} www-desy-client { clientside } } } Thomas Finnern | Virtual Network and Web Services | Page 16
Example 1 : Redesign of www. desy. de > Remove Single Points of Failure § Single Machines § Provide Offline WEB Site Status Info > Enable Mixed WWW/WOF-Environments § Common Proxy. Pass. Site Configuration § Import External Proxy. Pass. Table > Enhance Load Balancing and Speed § Caching § Protocol Optimizing § CMS: Separate Read/Write Pools § CMS: Direct Zope Interface § Offload SSL Cookie Dependent Routing > Other Features § Get rid of old F 5 Switches § No Source Network Address Translation § Intern/Extern-Routing § Intern/Extern Handling § http/https-Redirections Thomas Finnern | Virtual Network and Web Services | Page 17
Before / Now Service N Clients At DESY Site N Clients At Other Sites Proxy Loadbalance Pooling CMS-Interface Service http Content Management Other Apache Other System Persist: Zope. Id Service https www desy. de http other desy. de http Standard Router www desy. de https Standard Router other desy. de https Various WEB Services Thomas Finnern | Virtual Network and Web Services | Page 18 Zope Server CMS System Standard Router
After / Now Service N Clients At DESY Site Service http Loadbalance CMS-Interface Content Management Persist: Zope. Id, __ac Proxy Pooling Zope Server CMS System Separat Read/Write Pools Service https WEB Management N Clients At Other Sites www desy. de https Web Server Service System Migration Old/New Pools Standard Router Proxy Pass Table Thomas Finnern | Virtual Network and Web Services | Page 19
![Proxy. Pass. Site Features > Config Load from AFS § “clientside" : = "CMD[+Option]](https://present5.com/presentation/a9cc0cf01e34c8fbeca417c0ad35ba8d/image-20.jpg "Proxy. Pass. Site Features > Config Load from AFS § “clientside\" : = \"CMD[+Option]")
Proxy. Pass. Site Features > Config Load from AFS § “clientside" : = "CMD[+Option] serverside“ § “clientside" : = "CMD serverside poolname[/https-pool]" > Feature Redirect § "www. host. com/clientdir" : = "Redirect internal. company. com/serverdir" > Feature Alias § "/clientdir" : = "Alias+Host. Map /serverdir” § “host. desy. de/" : = "Alias+Protomap+Zope. Map /serverdir wof-read-pool” > Option +Cssl > Option +Intern > Option +Hostmap > Option +Pathmap > Option +Proto. Map > Option +Zopemap > Option +Slash > Option +Log[0 -2] > Option +Snat "/" : = "Alias+Host. Map+Snat zms. desy. de/", "/dgs" : = "Redirect http: //guest-services. desy. de", "hasylab. desy. de/" : = "Alias+Snat / wof-http-pool/wof-https-pool", "chor. desy. de/" : = "Alias+Zope. Map+Proto. Map /Virtual. Host. Base/ <proto>/<host>. desy. de: <port>/sites 2009/site_<host>/content/ wof-ro-pool/wof-rw-pool", "www. desy. de/~" : = "Alias web 2. desy. de/~ web 2 -http-pool/web 2 -httpspool", "/cgi-bin" : = "Alias /cgi-bin web-http-pool/web-https-pool", "/dgo" : = "Alias+Intern /dgo web 2 -http-pool/web 2 -https-pool", Thomas Finnern | "/favicon. ico" : = "Alias /favicon. ico. Virtual Network and Web Services | Page 20 web 2 -http-pool/web 2 -https-pool",
Example 2 : DESY State Information System Service 50 Permanent Thin Clients At Site http N Random Thick Clients At User http IT-Monitor http Loadbalance ASIC-Interface Proxy Pooling Accelerator Management Accelerator Server Status System IT Management Computing Server Status System Infoscreen http DB, Maintenance, Timing IT-News desy. de https IT-Info Server Pool System Standard Router Thomas Finnern | Virtual Network and Web Services | Page 21
State Information System (IT-Monitor) Thomas Finnern | Virtual Network and Web Services | Page 22
State Information System (Infoscreen) Thomas Finnern | Virtual Network and Web Services | Page 23
Outlook and Conclusions > Rather Simple To Use § Nice Operating Model § Easy High Availability § Replaces Host and Cluster Solutions > Has Become a Standard Feature § People trust virtual services § Last minute Application Safety Support > Getting Better § Customer Invisible Service Switching § Enhanced Load Distribution § Only One Virtual Hostname Per Service § Enhancing Fault Tolerance and Security > SSO, Certificates, Login, … Thomas Finnern | Virtual Network and Web Services | Page 24
Thank you for listening > Questions ? > Answers ! Thomas Finnern | Virtual Network and Web Services | Page 25
Notes Thomas Finnern | Virtual Network and Web Services | Page 26
Скачать презентацию Virtual Network and Web Services An Update Thomas
a9cc0cf01e34c8fbeca417c0ad35ba8d.ppt