Chapter 4. Routers, Switches, and Appliances-IP-Based Services: Network Layer

Chapter 4. Routers, Switches, and Appliances IP-Based Services: Network Layer

Traditional Ethernet packet forwarding decisions were based on Layer 2 and Layer 3 destination Media Access Control (MAC) and IP addresses. As performance, availability, and scalability requirements grew, advances in switching decisions based on intelligent packet processing tried to keep pace by offloading functions traditionally implemented in software and executed on general purpose RISC processors onto network processors, Field Programmable Gate Arrays (FPGAs), or Application Specific Integrated Circuits (ASICS). Early server load balancing implementations were implemented in software and executed on general purpose RISC processors, which then evolved to services implemented in the data plane and control plane of packet switches. For example, a server load-balancing implementation now involves health checks implemented in the control plane. The health check results then update specialized forwarding tables and enable forwarding decisions to be performed at wirespeed by consulting these specialized forwarding tables and rewriting the packet.

SSL was first implemented by Netscape as software libraries, originally executed on general-purpose CPUs. Performance was then improved somewhat by offloading the mathematical computations onto ASICS, which were actually delivered on PCI cards installed on servers. Recent startup companies are now working on performing all SSL processing in ASICS, allowing SSL to be a dataplane service.

This chapter reviews internal switching architectures as well as some of the new features that have been integrated in multilayer Ethernet switches due to evolving requirements that surfaced during deployment of Internet Web-based applications. It discusses in varying detail the following IP services:

• Server Load Balancing a mechanism to distribute loads across a group of servers, which host identical applications, that logically behaves as one application

• Layer 7 Switching packet forwarding decisions based on packet payload

• Network Address Translation (NAT) rewriting packet source and destination addresses and ports for the purpose of decoupling the external public interface from internal interfaces of servers in particular IP addresses and ports

• Quality of Service (QoS) providing differentiated services to packet flows

• Secure Socket Layers (SSL) encrypting traffic at the application layer for HTTP-based traffic

This chapter first describes the internal architecture of a basic network switch and then describes more advanced features. It also provides a comprehensive discussion of server load balancing from a detailed conceptual perspective to actual practical switch configuration details. Because of the stateless nature of HTTP, server load balancing (SLB) has proven to be ideal for scaling the Web tier. However, there are many different flavors of SLB in terms of fundamental algorithm and deployment strategies that this chapter discusses and describes in detail. This chapter also answers a question that crops up over and over and is rarely answered: How do we know which is the best SLB algorithm, and what is the proof? The chapter then briefly describes Layer 7 switching and NAT and variants thereof. This is followed by a detailed look at QoS, showing where and how to use it and how it works. Finally, we look at SSL from a conceptual layer and describe configuring a commercially available SSL appliance.