In most aspects of life, a need or problem often encourages creative efforts to meet the need or solve the problem. That is, necessity is often the mother of invention. This also pertains to network computing, where development is spurred by ever increasing end-user demands for richer content, more bandwidth, and increased reliability. To fulfill these demands, first you must address the following four areas:
Scalability and Availability
Different types of applications require increases to their performance levels. For example, a web application may require enhancements to its functionality and intelligence (that is, the computer programming code), and the current computer system does not have the resources to yield the same levels of performance as before. Another example might be with a corporate communication application, in which the number of participants has increased and been distributed over a large geographic region. These types of situations may require an increase in the scalability and availability of an application.
Scaling the Application
Content networking extends scalability services to the application by providing room for future growth without changing how the application works and with minimal changes to the network infrastructure. Scalability services include the following technologies, which will be discussed in detail throughout this book:
Increasing Application Availability
The general idea behind designing a system for availability is the addition of one or more components that are more or less identical to the first, without changing the overall structure of the existing individual components.
Availability services include the following, which will be discussed throughout this book:
Availability does not necessary follow scalability. For example, you can scale the disk drive capacity of a computer system by adding another hard drive, but if any one of those drives fails, loss of data is certain. Only when replication across the system occurs, such as with use of the RAID protocol in this example, is availability possible. Router gateway redundancy has been around since the mid-1990s, with such protocols as HSRP and VRRP. However, application redundancy built directly into the network is a newer concept that follows the same basic premise. That is, it enables any individual component to fail without significantly affecting overall performance. In the same way that HSRP protects against network faults, application redundancy provides application and business continuity in the event of unexpected application failure.
Scheduled hitless application upgrades to replicated origin servers are possible with content networking availability services. By taking one server down at a time and allowing existing connections to complete prior to upgrading, the entire server farm remains available. Chapter 9, "Introducing Streaming Media," discusses Cisco's content networking availability services.
Looking at some simple probabilities, let us say that a single origin server is shown to be available 95.5 percent of the time, based on the empirical behavior data of the application. The 4.5 percent downtime in this example may account for scheduled server upgrades and unexpected system crashes. A simple formula to estimate the probability of an entire server farm failing is
In this formula, n is the number of redundant servers and PIndividual_Success is the proportion of time that the original server is measured as available.
Replicating the system above and distributing load between two identical servers will provide 1 (1 0.955)2 = 0.99798 or 99.937 percent availability. In order to achieve "five nines of availability," or 99.999 percent uptime, how many servers are needed? With three servers, we would have 1 (1 0.955)3 = 0.99990 = 99.998 percent, and with four servers, 1 (1 0.995)4 = 0.99999 = 99.999 percent. Therefore, with this simple formula, four redundant servers are required to provide 99.999 percent availability. But is this math a practical way to calculate availability? The answer is: it depends. Balancing the load across numerous identical servers is not necessarily transparent at the application level. Depending on the type of application, its logic may require modification in order to support a load balanced environment. As a result, the probability of failure may not decrease as steadily for certain applications as for others, when new nodes are added to the farm.
When designing a network application, there are many questions for you to consider in addition to those addressed by the simple math discussed previously:
Throughout this book, these questions and more like them will be answered when discussing concepts and configuring content network examples and scenarios.
Bandwidth and Response Times
In the 1990s, users accepted waiting upwards to 10 seconds for viewable content to download to browsers or for network file copies to complete. With the inexpensive increases in bandwidth availability to the desktop, which now reach gigabits per second, and through enhanced last-mile Internet access technologies, waiting more than a few seconds is no longer acceptable. However, within the network core, building additional infrastructure to increase bandwidth and decrease response times can be extremely expensive. Fortunately, in the past, various technologies have been used to make upgrades less expensive. Consider the following examples of using technology to increase capacity and add services without requiring modification to the existing infrastructure:
In a similar fashion, content networking makes better use of existing infrastructure by using technology instead of brute network upgrades. Content access is accelerated and bandwidth costs are saved by copying content in closer proximity to the requesting clients. Placing content surrogates toward the edge of the network and away from the central location decreases end-to-end packet latency. Furthermore, placing content at the edge eliminates the need to transit the WAN, enabling other types of traffic to use the WAN and possibly eliminate the need to upgrade WAN capacity.
Customization and Prioritization
As you will see throughout this book, inserting intelligence and decision-making capabilities into a network is central to the concept of content networking. Adding intelligence to the network while leaving the origin servers free to provide the services they were designed to perform is vital to the enhancement of application performance. In particular, customization and prioritization offers many benefits to applications that require increased efficiency.
Two forms of customization are available with content networking: request redirection and automatic content transformation.
To provide prioritization to application traffic, you can enable various QoS mechanisms within the network:
Please refer to Chapter 4, "Exploring Security Technologies and Network Infrastructure Designs," for information on these QoS technologies.
Security, Auditing, and Monitoring
Given the public nature of the Internet, secure communication is a high priority for organizations with publicly available services. For any organization investing resources in developing products and services protecting them from ending up in unwanted hands are critical steps in its network design.
However, securing a network is not a trivial task. A typical enterprise network may include e-mail, database transactions, web content, video, and instant messaging. The vast number of tools available for designing and implementing network security from different vendors makes the security design task even more difficult. To protect your network, Cisco offers numerous levels of security for deploying secure content networks.
Securing Content on the Network
Cisco SAFE Security Blueprint for Enterprises discusses Cisco's security solutions in terms of practical scenarios that apply to the majority of enterprise networks. The SAFE architecture highlights every basic security measure available for Cisco networks and recommends configuration options for deploying secure networks. These recommendations also pertain to designing and deploying content networks.
On all fronts of the design, successfully securing Cisco content networks requires security at all layers of the OSI model. To reduce the chance of security problems occurring and to help detect them when they do occur, you can use TCP/IP filtering and network security auditing.
Access Control Lists (ACLs) in Cisco IOS are useful for permitting or denying requests to services that are available within the network. Because standard ACLs are stateless, TCP flows are not stored in memory, and every packet is applied to the ACL regardless of the TCP flow it is a part of. On the other hand, stateful ACLs provide various means to track TCP flows to ensure that packets belong to a valid flow before filtering traffic.
An important factor to consider when performing TCP/IP filtering is whether IP subnets are used to divide servers into groups. If not, and there are no plans to feasibly subnet the IP address space, firewalls operating transparently, at Layer 2 of the OSI model, can be used instead. Layer 2 firewalls are convenient for environments in which the IP addressing scheme is not subnetted, but servers are logically grouped according to the required security policies. The server groups can be cabled to different firewall ports and filtered according to appropriate security policies. This gives the ability to statefully secure groups from one another, even if they are on the same IP subnet.
To group servers based on IP subnets in a switched environment, use virtual LANs (VLAN). You can use VLANs within Cisco IOS ACLs or firewalls to either statelessly or statefully control traffic between logical groups of clients and origin servers. To further secure traffic within a VLAN, use private VLANs (PVLAN). PVLANs prevent malicious behavior between hosts on the same VLAN, by blocking all traffic between private switch ports, and enabling only traffic that originates from these ports to traverse configurable public ports.
Network Security Auditing
Various forms of network auditing are available to designers of Cisco networks:
Securing Client and Origin Server Content
Typically, securing network resources is only a first step in securing a content network. Intelligent systems for security vulnerability detection and counter-measuring on the client and origin server are becoming more important than ever. The origin servers must be secured from both physical and network intrusions. Physical security includes measures such as providing only key personnel with physical access to critical data center locations and limiting packet sniffing tools to specific users. Avoidance of switch monitor ports and the use of hubs, where possible, will also aid in protecting against unwanted sniffers in the network.
For server security, Cisco provides server agent software based on the Self-Defending Network architecture. This agent can identify malicious network behavior, thereby eliminating known and day-zero security risks and thus help to reduce operational costs. Cisco server agents combine multiple security functions to provide host intrusion prevention through behavior analysis, malicious mobile code protection, firewall capabilities, operating system integrity checks, and audit log consolidation.
The following additional security features are key in protecting Cisco content networks:
Monitoring, Administration, and Reporting
Monitoring the health of the network and origin servers is important to ensure that application information is constantly being transported reliably. Various network and application monitoring tools that are available for use in monitoring a content network are described in the sections that follow.
Network Monitoring and Administration
Simple Network Management Protocol (SNMP), Syslog, and Network Time Protocol (NTP) are available for network monitoring.
SNMP is a standard messaging protocol for polling and receiving traps from network devices. SNMP managers can poll devices proactively for network information, such as bandwidth and CPU usage, to provide alerts in the event of receiving abnormal data. Historical archiving of polled data provides valuable information for administering and troubleshooting a network.
SNMP managers can also intelligently parse incoming traps from network devices and take action or recommend potential solutions. Programmatic interaction with SNMP managers is an invaluable means to provide intelligent automatic recovery in the event of failure. For example, most SNMP managers can run a program when an event is triggered from a trap received from a network device. The program can perform actions such as sending an e-mail to any individuals responsible for the network device, rebooting the device, or other actions that are pertinent to the event.
Syslog is a protocol used to capture events from network devices. Events such as ACL hits, network logins, packet loss, and interface and routing protocol transitions can be generated by network devices and sent to Syslog servers within the corporate LAN. These logs can then be used for post-mortem problem determination, to determine what failed, why it failed, and how the system can be designed to better prevent a catastrophic outage in the future. SNMP traps and Syslog are similar in that they both provide event-driven alarms when an error occurs in the network device.
NTP is necessary in secure environments to ensure that all time clocks in the network are synchronized. This way, log entries from different yet dependant devices can be traced precisely during the troubleshooting process.
Securing the administration of content networking devices is very important, both in-band and out-of-band.
Application Monitoring and Administration
Application monitoring is performed separately from network monitoring. How closely monitoring is performed depends on the criticality, performance, and load of the server.
Most third-party application monitors have the ability to
In-band application monitors simulate valid requests to the server, check the responses, send alerts, and optionally perform actions to aid in remedying or troubleshooting the issue. The types of requests and responses depend on the applications being monitored. Possibly one of the most useful results of these tests is the measurement of latency. Because many applications are sensitive to latency, monitoring this parameter enables a Network Operations Center (NOC) to take action before clients perceive any latency issues associated with the particular application.
Out-of-band application monitoring is similar to network out-of-band monitoring in that it is used to monitor and recover servers over an interface other than the one providing the content to clients. The advantage is that, even when completely down, the origin server can still be monitored and recovered. The drawback is that often additional hardware is required.