Recitation12_LSNAT

Download Report

Transcript Recitation12_LSNAT

Internet Networking
recitation #12
LSNAT - Load Sharing NAT
(RFC 2391)
Spring Semester 2007, Dept. of Computer Science, Technion
1
2
Motivation

Make server load balancing on the Internet


Example:
• Many web clients want to get information from a popular
web site.
• In order to make such a web site scalable, distribution
between a group of servers is needed.
Candidate applications could be: Web browsers, remote
login, file transfer, mail applications
Internet Networking
3
NAT (Reminding)



Regularly, the source and destination IP remain unchanged while
an IP packet is routed from the source to the destination
However there are cases when it is required to change the source
and/or the destination IP address to a new one
Traditionally, NAT (Network Address Translation) were used to
connect private networks domains to globally unique public domain
IP networks
Internet Networking
4
NAT (Reminding)

Basic NAT



A method by which hosts in a private domain are allowed
access to hosts in the external network transparently
A block of external addresses are set aside for translating
addresses of private hosts as the private hosts originate
sessions to applications in external domain
(Private IP -> Global IP)
Once binding done it remains in place for all subsequent
sessions originating from the same private host. It will be
terminated when there are no more session to use this
binding.
Internet Networking
5
NAT (Reminding)

NAPT (Network Address Port Translation)



A method by which hosts in a private domain are allowed
access to hosts in the external network transparently and
simultaneously, using a single registered address
Made possible by multiplexing transport layer identifiers of
private hosts into the transport level identifiers of the single
assigned external address
(Private IP, port -> Global IP, port)
Only TCP/UDP applications and ICMP queries are supported
by NAPT
Internet Networking
6
Load Sharing


Load sharing is defined here as the spread of session load
amongst a cluster of servers which are functionally similar or
the same
Once a node is assigned to service a session, that session is
bound to that node till termination
Sessions are not allowed to swap between nodes in the
midst of session
Load sharing may be applicable for all services or to be limited
to one or more specific services


Internet Networking
7
Load Share NAT - Overview





A client attempts to access a server by using the server virtual
address
LSNAT router transparently redirects the request to one of the hosts
in server pool, selected using a real-time load sharing algorithm
Multiple sessions may be initiated from the same client, and each
session could be directed to a different host based on load
balancing algorithm
Configuration on LSNAT could be defined to restrict load share for
just few specific desired services
LSNAT is also applicable during individual server upgrades
Internet Networking
8
LSNAT
(Servers confined to a Stub Domain)






Servers S1 (172.85.0.1), S2 (172.85.0.2), S3 (172.85.0.3) form a
server pool, confined to a stub domain
Router runs LSNAT, with virtual server address (172.85.0.70)
When a client 198.76.29.7 initiates HTTP session to the virtual
server, the LSNAT router examines the load on hosts in server pool
and select a server to service the request
Transparent address and port translation performed by LSNAT router
according to the diagram in the next slide
IP packets on the return path go through similar address translation
Servers in server pool can have a private addresses
Internet Networking
9
LSNAT
(Servers confined to a Stub Domain)
s=198.76.29.7, 2745
d=172.85.0.70, 80
s=198.23.47.2, 3200
d=172.85.0.70, 23
LSNAT
Router
s=198.76.29.7, 2745
d=172.85.0.1, 80
S1
172.85.0.1
LAN
S2
172.85.0.2
Internet Networking
s=198.23.47.2, 3200
d=172.85.0.3, 23
S3
172.85.0.3
10
LSNAT (with no Topological
Restraints on Servers)



In this configuration, servers in the server pool can be located at
different places
Now, the LSNAT router translates the client address and port in
the packets with the address and port of the virtual server
As a result, there is no need to require servers to be under
topological constraints
o
There is a limitations in this case to a number of session that
such router is able to support concurrently - that is about 63K*2
sessions (per UDP/TCP).
o
Why not sending a “redirect” message to the client ?
Internet Networking
11
LSNAT (with no Topological
Restraints on Servers)
s=198.76.29.7, 2745
d=172.85.0.70, 80
s=198.23.47.2, 3200
d=172.85.0.70, 23
LSNAT
Router
s=172.85.0.70, 7001
d=132.68.15.27, 80
LAN
S1
S2
132.68.15.27
172.85.0.2
Internet Networking
s=172.85.0.70, 7002
d=148.85.15.25, 23
S3
148.85.15.25
12
Translation Phase in LSNAT Router

Session Binding – is the phase in which an incoming session is
associated with the address of a host in server pool
This association sets the translation parameters for all
subsequent datagrams of this session
 Each incoming session is dynamically bound to a different host
based on a load sharing algorithm
Address lookup and translation




Source/Destination IP addresses and ports undergo translation
according to the lookup table
TCP/UDP and IP header checksums should be also
recalculated
Internet Networking
13
Translation Phase in LSNAT Router

Session Unbinding – is the phase in which a server node is no longer responsible for
the session.



Session unbinding happen when the end of session is detected
For appropriate closed TCP session the end could be detected when FIN is
acknowledged by both halves or when either half receives RST bit in TCP flags
field
Otherwise (for UDP for example) timeouts are used to terminate idle session
Internet Networking
14
LSNAT Cons/Pros


Advantages:
 It can be installed without changes to clients or servers
 Changes in the server pool are transparent for clients (Servers
in the pool may be replaced, added, removed or upgraded)
Limitations:
 Inability to switch loads between hosts in the midst of sessions
 Bounded to to NAT limitations
• Some of the applications must be dealt explicitly, since they
have the source and destination addresses in their payloads
(like ftp).
Internet Networking
15
Load Share Algorithms









Local load share algorithms:
Assumption: all server pool members are at equal proximity to
LSNAT router
Load distribution will be based solely on system load or resource
availability on remote servers
Round-Robin algorithm
Least Load first algorithm (number of session)
Least Traffic first algorithm (traffic load)
Least Weighted Load first approach (weights to session – resource
consumption and to hosts – resource availability)
Load detection:
 Ping to find the most responsive server
 Active Monitoring agent running on the servers
The LSNAT router must check periodically for each server that its
alive.
Internet Networking
16
Load Share Algorithms

Distributed load share algorithms:

Server nodes are distributed geographically across different
areas and cost to access them vary widely
 We assume that all server pool members have equal resource
availability
Weighted Least Load first algorithm:

combining cost of access to server and number of session
assigned
Weighted Least traffic first algorithm



combining cost of access to server and the traffic load
Internet Networking