Optimizing Network Performance with Content Switching: Server, Firewall and Cache Load Balancing - page 30

Summary

As with our coverage of Layer 2, 3, and 4 protocols, there are many other more detailed books covering the Application layer protocols we saw in this chapter. Hopefully, however, this chapter has served to give a better understanding of the ways in which TCP, UDP, and IP can be combined to provide application services, all optionally wrapped in SSL for greater security. Equipped with this understanding, we can begin to understand the concepts of content switching and put the techniques to use to solve many of the scalability problems of modern IP networks.

Chapter 4. The Concepts of Content Switching

Before we look at the applications of content switching, such as server and firewall load balancing, it's important to understand some of the underlying terms and concepts we'll use freely in later chapters. As with all modern networking disciplines, content switching has its own vocabulary. We'll use terms like virtual servers, application redirection , and deep packet inspection to describe the applications, so a good grounding now will aid our understanding later. This chapter will look at each of these terms and concepts in turn as a precursor to more in-depth discussion in later chapters.

Virtual Services and Application Redirection

One of the most fundamental concepts in content switching is the difference between virtual services and application redirection. The simplest way to understand this difference is to consider two applications that best describe their operation ”server load balancing and Web cache redirection. First, in server load balancing, the client will be directing traffic toward an end point of the content switch. That is to say that the content switch "owns" a virtual IP address to which the client will attach. When we refer to these services and IP addresses being virtual, we mean that they are used to represent a series of hidden resources such as Web servers ”in every other way these virtual services are real in that they are normal, routable IP addresses accessible across the public or private network. Server load balancing is an example of an application that uses virtual services, and the destination address of the client's requests are owned by the content switch.

In Web cache redirection, the client will typically be directing its requests to a service that sits away from the content switch. The natural direction of the traffic flow is such that the request will pass transparently through the content switch, giving it access to manipulate the traffic as it passes. Think of Web cache redirection as an application that intercepts or hijacks the application data as it passes through, offering the network designer or administrator the ability to manipulate the traffic flow. Web cache redirection is an example of an application redirection service where the client's requests are passing through the content switch on their way to the destination.

Virtual Services and Virtual IP Addresses

Let's look in a little more detail at the concept of a virtual service. For virtual services, the content switch will own an address that is used to represent a pool of resources, typically servers, residing behind it. The virtual service will be represented by an IP address, commonly referred to as the VIP, to which the client will attach. While the resources to which the client's requests will eventually be directed may be either directly attached to, or some way from, the content switch, all requests from the client's perspective will appear to terminate there. Figure 4-1 shows a logical representation of virtual services.

Figure 4-1. Virtual IP address used for standard load balancing.

graphics/04fig01.gif

In Figure 4-1 we can see that the switch owns the IP address 10.10.10.100 that has TCP service attached to it for HTTP traffic. The content switch can be referred to as listening on TCP port 80 at address 10.10.10.100. Behind the content switch are the resources to which connections will be distributed. In server load balancing, as with most virtual service applications, the destination IP address and destination MAC address are translated by the content switch as the mechanism to allocate the required resources. It is important that the response packets return back through the content switch so that the necessary translations are done, ensuring that the clients receive a response from the device to which they are connected; in other words, the content switch VIP.

Application Redirection

Figure 4-2 shows an example of an application redirection service. In this example, the client is requesting a Web page from the Web site of www.foocorp.com , which is hosted in a data center many Internet "hops" away. As we see the request in this example, the session is passing through the infrastructure of an ISP looking to reduce demand on their transatlantic Internet connections by implementing caching in their POP. The content switch does not have a virtual service or IP address created, but instead is monitoring the traffic flows for certain matches, typically by things such as destination TCP ports to identify the application being used by particular clients. If the switch sees HTTP traffic flowing , identified by a destination TCP port of 80, it will redirect the traffic to the one of the caches in the POP rather than consume unnecessary Internet bandwidth sending the requests to the Foocorp Web site.

Figure 4-2. Application redirection based on TCP port.

graphics/04fig02.gif

Web cache redirection, as with most applications implemented using application redirection, works by changing only the destination MAC address rather than both the MAC address and IP address. As we will see in later chapters, this is an important concept when the traffic is only part way to its end destination and there are further network hops remaining.