Internet Networking Spring 2002
Download
Report
Transcript Internet Networking Spring 2002
Internet Networking
Spring 2006
Tutorial 13
LSNAT - Load Sharing NAT
(RFC 2391)
1
Motivation
Make server load balancing on the Internet
For example: There are many web clients that want
to get information from a popular web site. To
make such web sites be scalable there should be a
possibility to distribute the networking load on
them between a group of servers
Candidate applications could be: Web browsers,
remote login, file transfer, mail applications
2
NAT (Reminding)
Regularly, the source and destination IP remain
unchanged while an IP packet is routed from
the source to the destination
However there are cases when it is required to
change the source and/or the destination IP
address to a new one
Traditionally, NAT (Network Address
Translation) were used to connect private
networks domains to globally unique public
domain IP networks
3
NAT (Reminding)
Basic NAT
A method by which hosts in a private domain are
allowed access to hosts in the external network
transparently
A block of external addresses are set aside for
translating addresses of private hosts as the private
hosts originate sessions to applications in external
domain
(Private IP -> Global IP)
Once binding done it remains in place for all
subsequent sessions originating from the same private
host. It will be terminated when there are no more
session to use this binding.
4
NAT (Reminding)
NAPT (Network Address Port Translation)
A method by which hosts in a private domain are allowed
access to hosts in the external network transparently and
simultaneously, using a single registered address
Made possible by multiplexing transport layer identifiers
of private hosts into the transport level identifiers of the
single assigned external address
(Private IP, port -> Global IP, port)
Only TCP/UDP applications and ICMP queries are
supported by NAPT
What happen if the initiator of the connection is an
external network host?
5
Load Sharing
Load sharing is defined here as the spread of
session load amongst a cluster of servers which
are functionally similar or the same
Once a node is assigned to service a session,
that session is bound to that node till
termination
Sessions are not allowed to swap between nodes in
the midst of session
Load sharing may be applicable for all services
or to be limited to one or more specific services
6
Load Share NAT - Overview
A client attempts to access a server by using the server
virtual address
LSNAT router transparently redirects the request to one of the
hosts in server pool, selected using a real-time load sharing
algorithm
Multiple sessions may be initiated from the same client, and
each session could be directed to a different host based on
load balancing algorithm
Configuration on LSNAT could be defined to restrict load
share for just few specific desired services
LSNAT is also applicable during individual server upgrades
7
LSNAT
(Servers confined to a Stub Domain)
Servers S1 (172.85.0.1), S2 (172.85.0.2), S3 (172.85.0.3)
form a server pool, confined to a stub domain
Router runs LSNAT, with virtual server address (172.85.0.70)
When a client 198.76.29.7 initiates HTTP session to the virtual
server, the LSNAT router examines the load on hosts in server
pool and select a server to service the request
Transparent address and port translation performed by LSNAT
router according to the diagram in the next slide
IP packets on the return path go through similar address
translation
Servers in server pool can have a private addresses
8
LSNAT
(Servers confined to a Stub Domain)
s=198.76.29.7, 2745
d=172.85.0.70, 80
s=198.23.47.2, 3200
d=172.85.0.70, 23
LSNAT
Router
s=198.76.29.7, 2745
d=172.85.0.1, 80
S1
172.85.0.1
LAN
S2
172.85.0.2
s=198.23.47.2, 3200
d=172.85.0.3, 23
S3
172.85.0.3
9
LSNAT (with no Topological
Restraints on Servers)
o
o
In this configuration, servers in the server pool can be
located at different places
Now, the LSNAT router translates the client address and
port in the packets with the address and port of the virtual
server
As a result, there is no need to require servers to be
under topological constraints
There is a limitations in this case to a number of session
that such router is able to support concurrently - that is
about 63K*2 sessions (per UDP/TCP).
Why not sending a “redirect” message to the client ?
10
LSNAT (with no Topological
Restraints on Servers)
s=198.76.29.7, 2745
d=172.85.0.70, 80
s=198.23.47.2, 3200
d=172.85.0.70, 23
LSNAT
Router
s=172.85.0.70, 7001
d=132.68.15.27, 80
LAN
S1
S2
132.68.15.27
172.85.0.2
s=172.85.0.70, 7002
d=148.85.15.25, 23
S3
148.85.15.25
11
Translation Phase in LSNAT Router
Session Binding – is the phase in which an
incoming session is associated with the address of
a host in server pool
This association sets the translation parameters for
all subsequent datagrams of this session
Each incoming session is dynamically bound to a
different host based on a load sharing algorithm
Address lookup and translation
Source/Destination IP addresses and ports undergo
translation according to the lookup table
TCP/UDP and IP header checksums should be also
recalculated
12
Translation Phase in LSNAT Router
Session Unbinding – is the phase in which a
server node is no longer responsible for the
session.
Session unbinding happen when the end of session
is detected
For appropriate closed TCP session the end could be
detected when FIN is acknowledged by both halves
or when either half receives RST bit in TCP flags
field
Otherwise (for UDP for example) timeouts are used
to terminate idle session
13
LSNAT Cons/Pros
Advantages:
It can be installed without changes to clients or
servers
Changes in the server pool are transparent for clients
(Servers in the pool may be replaced, added,
removed or upgraded)
Limitations:
Inability to switch loads between hosts in the midst
of sessions
Bundled to other inherent to NAT limitation
Some of the applications must be dealt explicitly, since
they have the source and destination addresses in
their payloads (like ftp).
14
Load Share Algorithms
Local load share algorithms:
Assumption: all server pool members are at equal
proximity to LSNAT router
Load distribution will be based solely on system load or
resource availability on remote servers
Round-Robin algorithm
Least Load first algorithm (number of session)
Least Traffic first algorithm (traffic load)
Least Weighted Load first approach (weights to session –
resource consumption and to hosts – resource availability)
Load detection:
Ping to find the most responsive server
Active Monitoring agent running on the servers
The LSNAT router must check periodically for each server
that its alive.
15
Load Share Algorithms
Distributed load share algorithms:
Weighted Least Load first algorithm:
Server nodes are distributed geographically across
different areas and cost to access them vary widely
We assume that all server pool members have equal
resource availability
combining cost of access to server and number of session
assigned
Weighted Least traffic first algorithm
combining cost of access to server and the traffic load
16