Server Load Balancing Design BRKAPP , Cisco Systems, Inc. All rights reserved. Presentation_ID.scr BRKAPP-2002

Transcription

1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Server Load Balancing Design 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2 1

2 Cisco Application Delivery Networks Network Classification Quality of service Network-based app recognition Queuing, policing, shaping Visibility, monitoring, control Application Scalability Server load-balancing Site selection SSL termination and offload Video delivery Application Networking Message transformation Protocol transformation Message-based security Application visibility WAN Application Acceleration Latency mitigation Application data cache Meta data cache Local services WAN Acceleration Data redundancy elimination Window scaling LZ compression Adaptive congestion avoidance Application Optimization Delta encoding FlashForward optimization Application security Server offload 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Other Cisco Live Breakout Sessions that You May Want to Attend Relevancy Server Load Balancing Design BRKAPP-3003 Troubleshooting ACE BRKAPP-1004 Introduction WAAS BRKAPP-2005 Deploying WAAS BRKAPP-3006 Troubleshooting WAAS BRKAPP-1008 What can Cisco IOS do for my application? BRKAPP-1009 Introduction to Web Application Security BRKAPP-2010 How to build and deploy a scalable video communication solution for your organization BRKAPP-2011 Scaling Applications in a Clustered Environment BRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and Exchange BRKAPP-2014 Deploying AXG BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network Engineers BRKAPP-1016 Running Applications on the Branch Router BRKAPP-2017 Optimizing Application Delivery BRKAPP-2018 Optimizing Oracle Deployments in Distributed Data Centers GSS ISR WAAS ACNS ACE AXG Applications 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4 2

3 Agenda Application Load Balancing Health Checking Prediction Persistence Design Implementation Considerations Policy Configuration Examples Layer 4 Example Web Protocol Example Server to Server Load Balancing Example SSL SSL Offload Example Advanced Load Balancing Design Application Inspections TCP Reuse URL Load Balancing 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5 ACE Application Switching Module Integrates Load Balancing, Application Optimization and Security Virtual Device Support Data Center and Application Firewall Multimedia and Voice Intelligence Low Power Usage with High Performance License-based Upgrades (SSL, virtual licenses) Support for Catalyst 6500 Series Switch and Cisco 7600 Series Router Integrated Services, High Performance Application Switching Platform: 4-16 Gbps 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6 3

4 ACE Application Switching Appliance Integrates Load Balancing, Application Optimization and Security Virtual Device Support Data Center and Application Firewall Multimedia and Voice Intelligence Low Power Usage with High Performance License-based Upgrades (SSL, Virtual licenses, Application Optimization, Compression Performance) Specific optimizations for common applications Latency and bandwidth reduction with protection Application switching for scalability and availability Embedded Browser-based Graphical User Interface High Performance Multi-core, Dual-CPU Architecture Integrated Services, High Performance Application Switching Platform: 1-2 Gbps 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7 Cisco Application Networking Manager (ANM) ACE Appliance has an embedded GUI ANM free for 2 ACE devices (with 5 context max w/o additional licensing) must place order for ANM-SERVER-12-K9" ACE Module has no embedded GUI Cisco ANM runs from a centralized server running Redhat Linux Multiple Cisco ANM users can simultaneously manage multiple devices via web browser Enables device & virtualization provisioning for up to fifty (50) ACE and forty (40) CSS & CSM per Cisco ANM server Graphical interface for simplified and standardized service provisioning for basic, advanced and expert users Secure user access and delegation of responsibilities Enables Centralized Configuration, Operations, and Monitoring of Cisco Data Center Networking Equipment and Services 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8 4

5 Load Balancing Overview Terminology Clients Content Switch Load Balancer Load Balancing Algorithm Servers (Predictor) Round Robin Serverfarm TCP port 80 Client-Side Gateway Virtual IP Address (VIP) Class-Map URL = /news User-Agent = WindowsCE Client = /8 Policy-Map If Match class-map X Then Use serverfarm X Else Use serverfarm y Keepalive (Probe) XML Gateways 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Traffic Being Load Balanced Generic IP traffic (i.e. IPsec tunnels) Generic UDP and TCP (i.e. proprietary protocols) Network services (i.e. LDAP, DNS, Radius) HTTP (i.e. Web Presentation Layer, Web Services, SOAP/XML) Voice & Video (i.e. RTSP, SIP, H.323) Remote terminals (i.e. Windows Terminal Services) Multi-connection protocols (i.e. FTP, RTSP) Multi-tier packaged applications (i.e. SAP, Oracle, Microsoft, BEA) Vertical specific applications (i.e. medical, finance, education) Ethernet Header IP Header TCP Header HTTP Header Payload Ethernet Trailer Layer 2 Layer 3 Layer 4 Layer Cisco Systems, Inc. All rights reserved. Cisco Public 10 5

6 Scale Your Application Health Checking 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11 Scale Your Application Health Monitoring Issues Application Issue ARPs only check the IP stack and not the application ICMP probes only check the IP stack of the machine and not the application Generic TCP port opens check the TCP stack but not the application s ability to handle requests An application may fail in a state that the server can respond to a TCP syn but not to an application data request To verify the integrity of an application, and application data request keepalive is required How to verify the Application servers health or the Web Servers reachability to the application server 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12 6

7 Application Load Balancing Probe Options Probe ICMP Generic TCP Generic UDP HTTP HTTPs FTP Telnet DNS SMTP POP3 IMAP Radius Scripted SNMP Description Sends a ICMP request and waits for reply Open a connection with server and disconnect with TCP FIN or RST. TCP FIN Default Sends a packet, probe is considered successful, if no icmp error received Sends an HTTP HEAD or HTTP GET 1.1 request Establishes an SSL connection, send HTTP query and tears it down Similar to TCP probe Makes a connection, send a QUIT message Uses a default domain and waits for any response Sends a hello followed by a QUIT message Similar to TCP probe Similar to TCP probe Similar to UDP probe. NAS-IP can be configured Uses TCL Interpreter Release 8.44 to execute user defined TCL scripts, to perform health monitoring Up to eight OIDs can be configured. Used mainly for load balancing predictions and not health checking. Should be combined with another health probe to verify application 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13 Scale Your Application Application or Database Server Health Checking Probing Customer Application Servers with Application Data Requires Scripting Keep Alive on the Load Balancer or on a Front End Server. Scripting on Front End Servers Allows Greater Flexibility Buy Widgets Customer Testuser Company Test Inc Cisco Systems, Inc. All rights reserved. Cisco Public 14 7

8 Scale Your Application Predictors 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15 Scale Your Application Predictors Predictors Determine How Connections Are Load Balanced Client Serverfarm 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16 8

9 Scale Your Application Predictors Algorithms Round Robin: (Weighted) Very simple Least Connections: (Weighted) Dynamic, requires slow-start Hash on IP: (source/destination, with mask) No state required for stickiness issues with dynamic changes Hash on URL: Or portion of URL Server Watermarks: Min and max number of connections per server Least Loaded: SNMP OIDs based server feedback for obtaining useful information maintained as SNMP Object IDs Least Bandwidth: Connection vs. Bandwidth based on the bidirectional traffic flow Adaptive Response Predictor: Load-balancing based on server response time SYN to SYN-ACK SYN to FIN Application request to first packet of response 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17 Enhanced Predictors Adaptive Response Predictor Load Balancing Based on Server Response Time; Response Time Calculated over a Configured Number of Samples and Supports the Following Three Measurement Options ACE Serverfarm SYN to SYN-ACK Time Between SYN Send from ACE to SYN-ACK Received from the Server SYN to Close Time Between SYN Send from ACE to FIN/RST Received from the Server Application Request to Response Time Between HTTP Request Send from ACE to HTTP Response Received from the Server 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18 9

10 Enhanced Predictors Least-Loaded Using SNMP The Least Loaded Predictor can support up to 8 user defined SNMP Object IDs Least-loaded algorithm will automatically calculate the least loaded server from the SNMP response received from the servers Number of active connections on the server are also be calculated in the Least-loaded algorithm Users can define static weights for each Object ID to allow unprecedented load balancing control of new connections based on real-time appliance performance Least-loaded Predictor Provides Most Accurate Method for Calculating the Servers Load 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Enhanced Application Algorithms Least-Loaded Using SNMP ACE Utilizes SNMP-Based Probes to Obtaining CPU, Memory and Drive Statistics from the Servers SNMP Object IDs CPU Utilization Memory Resources Disk Drive Availability.. ACE Queries Server for the Following Three SNMP Object IDs Query Result CPU Utilization Query Result = Query Result 34% Memory CPU Utilization Resources CPU = 24% = Utilization = 14% Memory k Resources free Memory Disk Resources = k Drive free Disk = Availability k = Drive Availability free 202GB Free = Disk 307GB Drive free Availability = 440GB free Only SNMP Agent Is Required on the Server No Additional Software 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20 10

11 Enhanced Application Algorithms New Feature Least-Bandwidth Load Balancer Introduces the Least-Bandwidth Predictor which Selects the Server that Processed the Least Amount of Network Traffic Over a Specified Sampling Period The ACE measures traffic statistics between itself and the real servers in the server farm in both directions and calculates the bandwidth over the sampling period Then, it creates an ordered list of real servers based on the sampling results and selects the server that used the least amount of bandwidth during the sampling period Least-Bandwidth Predictor Suited Best for Heavy Traffic Use 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Scale Your Application Predictors 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22 11

12 Scale Your Application Session Persistence Stickiness Session: Logical aggregation of multiple simultaneous or subsequent connections Sessions are limited in time (timeout) Servers keep session state The content switch and load distribution across multiple servers introduces the problem The content switch needs to send connections from the same client to the same server Even in case of backend database with session information, stickiness is very useful since it significantly improves performance 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23 Scale Your Application Session Persistence Methods How to Uniquely Identify a Client How Does It Work Variation Info Stored on Good For Caveats Source IP Client= its SRC IP Full IP Masked IP LB Simplicity Proxies Cookie client = a cookie value Static Dynamic Insert LB Flexibility HTTP only Clear Test LB SSL ID client = SSL session ID Full SSID Offset No Cookie support SSL v3 Renegotiation HTTP Redirect LB Redirects to Specific (V)Server Client No State on LB HTTP only Absolute URLs Bookmarks LB RDP SD, Session Directory. Routing Token = server IP + Port Recovering Disconnected WTS sessions No Token, needs to fall back to source IP Client = Session Call-ID LB SIP SIPspecific stickiness Regex matches on TCP and UDP data custom LB GPP Flexible for custom applications Specific to application 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24 12

13 Design Configuration 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25 Design Configuration ACE Service Virtualization Physical Device Admin Context Context Definition Resource Allocation Context 1 Context 2 Context 3 ANM Management Station AAA 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26 13

14 Design Configuration ACE Virtualization Provides means to partition one physical unit into independently managed logical engines Provisions resource per logical device Almost every feature subsystem is virtualized including Linux kernel Logical devices are called virtual contexts Each with independent resource allocation and policies Default context called Admin context is available initially Customers who do not wish to use virtualization can perform all operations from within Admin context ACE Module 250 contexts + Admin context supported ACE Appliance 20 contexts + Admin context supported 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27 Design Configuration ACE Resource Management By default, every context is a member of the default resource-class, with unlimited access to system resources Resources can be guaranteed in three ways: No guaranteed resources but access to any available resource X% of resources guaranteed, with no access to other additional resources X% of resources guaranteed and access to any available resource Minimum limit is specified as a percentage (5.00%) Maximum limit can equal the Min value or be unlimited Only one resource-class can be applied per context Maximum 100 resource-classes can be configured Sticky Resources requires min 1% per context, not default, associate all contexts to a non default context 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28 14

15 Design Configuration Router Mode The preferred configuration for appliances By default the load balancer acts as a router Servers default gateway is the load balancer The VIP addresses can reside on the client side or the server side If you do not want to change the IP addresses of the servers, put the VIP on the servers side and create a /30 network to Firewall Subnet A Subnet B Subnet C Servers Default Gateway: Content Switch IP 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29 Design Configuration Bridge Mode This is preferred for integrated load balancers like the ACE modules The Load balancer acts as a bump in the wire The servers default gateway will be the upstream router or firewall If packets are set to the physical IP address of the load balancers, it will try and route the packet by default Subnet A Subnet A Subnet B Subnet B Servers Default Gateway: Upstream Router or Firewalls IP Address, Not ACE s Address 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30 15

16 How Are Customers Using Virtualization? Security and Bridge Mode Bridge mode on the CSM was great, but ACE takes the same approach to a whole new level with virtualization The security team continues to fully manage the FWSM and is comfortable with the bridge mode approach. In parallel, we have turned on some extra HTTP security features on ACE Admin Partition Partition A Partition B Partition C Each Pair of Bridged VLANs Has Its Own Configuration, Independent Management, and Enhanced Security 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31 Design Considerations One-Arm Mode: Overview L2-rewrite not possible Content switch not inline Does not see unnecessary traffic Subnet B Requires PBR, server default gateway pointing to load balancer or client source NAT The return traffic is needed ACE can insert users original IP address as client header Policy-map type loadbalance first-match OAM Subnet B class L7Policy insert http x-forwardedfor header-value %is Servers Default Gateway: Upstream Router PBR Policy Based Routing, NAT Network Address Translation 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32 16

17 1 Design Considerations One-Arm Mode: Overview Router MAC Client IP LB MAC VIP Random Port VIP Port 2 Selected CS MAC Server MAC Selected Client IP Server IP 3 Random Port Server MAC VIP Port CS MAC Selected Server IP VIP Port RSTClient IP Random Port Without PBR, Client NAT, or Servers Gateway Being Set for Load Balancer 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33 L2 One-Arm Mode Return Traffic Bypassing ACE Servers Default Gateway: Upstream Router Subnet B Bypass for return traffic: high throughput Requires MAC rewrite, L2 adjacency Servers need identical loopback addresses (one per VIP) TCP termination not possible: no L7 features Load balancer blind to return traffic (inband, accounting) 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34 17

18 Redundancy Model Redundancy groups (Fault Tolerance, FT groups) are configured based on virtual contexts Two instances of the same context (on two distinct ACE modules) form a redundancy group, one being active and the other standby The peer ACE can be in the same or different Cisco Catalyst 6k chassis Both ACE modules can be active at the same time, processing traffic for distinct contexts, and backing-up each other (stateful redundancy) Example: Two ACE modules Four FT groups Four Virtual Contexts (A, B, C, D) FT VLAN ACE-1 ACE-2 A Active A Standby FT Group 1 B Active B Standby FT Group 2 C Standby C Active FT Group 3 D Standby D Active FT Group Cisco Systems, Inc. All rights reserved. Cisco Public 35 Policy Configuration Examples 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36 18

19 Policy Lookup Order There can be many features applied on a given interface, so feature lookup ordering is important The feature lookup order followed by datapath in ACE is as follows: 1. Access-control (permit or deny a packet) 2. Management Traffic 3. TCP normalization/connection parameters 4. Server Load Balancing 5. Fix-ups/Application inspection 6. Source NAT 7. Destination NAT The policy lookup order is implicit, irrespective of the order in which the user configures policies on the interface 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37 Application Networking Manager 1.2 ANM 1.2 Provides Turnkey control and administration for ACE Modules and ACE Appliances ANM 1.2 provides multidevice application management of large scale data center operations 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38 19

20 ANM 1.2 Configure Basic Server Load Balancing Configure Virtual Server (VIP) Easy to use Server Load Balancing Configuration Configure Load Balancing Actions 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39 ANM 1.2 Configure Basic Server Load Balancing Intuitive GUI design prompts the user to configure VIP details as necessary Advanced options appear as the user drills down Create Server Farm Create Health Monitoring Probes Add Real Servers 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40 20

21 Policy CLI Overview 1. Define match criteria 2. Associate actions to match criteria 3. Activate the classification-action rules on either an interface or globally class-map C1 match <criteria> policy-map P1 class C1 <action> interface vlanx service-policy input P Cisco Systems, Inc. All rights reserved. Cisco Public 41 Modular Policy CLI Class Maps The class-map command is used to define a traffic class. The purpose of a traffic class is to classify traffic A traffic class contains three major elements: a name, a series of match commands, and, if more than one match command exists in the traffic class, an instruction on how to evaluate these match commands class-map type management match-any REMOTE-ACCESS description REMOTE-ACCESS-TRAFFIC-MATCH 2 match protocol telnet any 3 match protocol ssh any 4 match protocol icmp any 5 match protocol http any 6 match protocol https any 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42 21

22 Modular Policy CLI Class-Maps A class-map can associate an existing class-map of the same type using the match class statement Supported only for L7 class-maps; limitation of only two levels of association Used to achieve complex logical expressions Easy combination of and and or statements class-map match-all WEB-CM 2 match virtual-address tcp eq www class-map type http loadbalance match-any IMAGE-CM 2 match http url.*gif 3 match http url.*jpg 4 match http url.*jpeg 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43 Modular Policy CLI Policy-Maps The policy-map command is used to define the actions to be preformed on the traffic. Policy-maps can be based on L3/4/7 information. Traffic that does not match specified classification in policy map are then matched against the class-default policy first-match The class-action pairs within the policy-map are looked up sequentially and the actions listed against first matching class-map in the policy-map are executed. Order of class-maps within policy-map matters. e.g. policy-map of type loadbalance, management & ftp all-match An attempt is made to match traffic against all classes in the policy-map and the actions of all matching classes will be executed. e.g. policy-map of type inspect http multi-match Specifies that the policy-map supports multiple feature actions and each feature by itself can have only one match (first match). The policy as a whole has multiple matches due to multiple features. policy-map type management first-match REMOTE-MGMT class REMOTE-ACCESS permit 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44 22

23 Modular Policy CLI Policy-Maps The policy-map command is used to define the actions to be preformed on the traffic. Policy-maps can be based on L3/4/7 information. Traffic that does not match specified classification in policy map are then matched against the class-default policy policy-map type loadbalance first-match APPLICATION-PM class IMAGE-CM serverfarm IMAGE-SF class class-default sticky-serverfarm WEB-SF 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45 Modular Policy CLI Activating Policy Policies are activated on an interface or globally using the service-policy command The policy-map can be enabled either on the input or output or both directions Policy-maps applied globally in a context, are internally applied on all interfaces existing in the context service-policy input <policy-name> 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46 23

24 Basic Layer 4 Load Balancing Health Checking Balancing Requests Persistence Service Failure handling Generic TCP or Scripted Keepalive Round Robin or Least Connections Required based on Source IP with or without sticky mask Fail action to purge or default 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47 Basic Layer 4 Load Balancing Management and Device Access rserver host SERVER1 ip address rserver host SERVER2 ip address access-list EVERYONE line 10 extended permit ip any any class-map type management match-any REMOTE-ACCESS description REMOTE-ACCESS-traffic-match 2 match protocol ssh any 3 match protocol icmp any 4 match protocol https any 5 match protocol snmp any policy-map type management first-match REMOTE-MGNT class REMOTE-ACCESS permit interface vlan 2 ip address access-group input EVERYONE service-policy input REMOTE-MGNT no shutdown You Need an ACL Define Management Traffic 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48 24

25 Basic Layer 4 Load Balancing serverfarm TELNET-SF rserver SERVER1 rserver SERVER2 class-map match-all TELNET-CM 2 match virtual-address tcp eq 23 policy-map type loadbalance first-match TELNET-PM class class-default serverfarm TELNET-SF policy-map multi-match LOADBALANCE class TELNET-CM loadbalance vip loadbalance policy TELNET-PM interface vlan 2 ip address access-group input everyone service-policy input REMOTE-MGMT service-policy input LOADBALANCE no shutdown 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49 Probe Configuration Options probe icmp PING-PROBE interval 5 passdetect interval 5 passdetect count 3 probe tcp TCP-PROBE interval 10 passdetect interval 10 passdetect count 3 probe telnet TELNET-PROBE interval 20 passdetect interval 10 passdetect count 3 serverfarm TELNET-SF probe PING-PROBE probe TCP-PROBE probe TELNET-PROBE rserver SERVER1 rserver SERVER2 Common show commands show serverfarm TELNET-SF show probe show probe TELNET-PROBE detail 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50 25

26 ANM Probe Configuration 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51 Probe Configuration Options ACE-1/routed(config-sfarm-host-rs)# do show serverfarm TELNET-SF serverfarm : TELNET-SF, type: HOST total rservers : connections real weight state current total failures rserver: TEST :0 8 ARP_FAILED rserver: SERVER :0 8 PROBE-FAILED rserver: SERVER :0 8 PASSED Cisco Systems, Inc. All rights reserved. Cisco Public 52 26

27 Probe Configuration Options ACE-1/routed# show probe TELNET-PROBE probe : TELNET-PROBE type : TELNET state : ACTIVE port : 23 address : addr type : - interval : 20 pass intvl : 10 pass count : 3 fail count: 3 recv timeout: probe results probe association probed-address probes failed passed health serverfarm : TELNET-SF real : SERVER1[0] PASSED real : SERVER2[0] PASSED 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53 Basic Layer 4 Load Balancing probe tcp TCP-PROBE port 23 interval 5 passdetect interval 3 serverfarm TELNET-SF probe TCP-PROBE rserver SERVER1 rserver SERVER2 class-map match-all TELNET-CM 2 match virtual-address tcp eq 23 policy-map type loadbalance first-match TELNET-PM class class-default serverfarm TELNET-SF policy-map multi-match LOADBALANCE class TELNET-CM loadbalance vip loadbalance policy TELNET-PM interface vlan 2 ip address access-group input everyone service-policy input REMOTE-MGMT service-policy input LOADBALANCE no shutdown 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54 27

28 Predictors Configuration Options ACE-1/routed(config-sfarm-host)# predictor? hash Configure 'hash' Predictor algorithms least-bandwidth Configure 'least bandwidth' Predictor algorithm least-loaded Configure 'least loaded' predictor algorithm leastconns Configure 'least conns' Predictor algorithm response Configure 'response' Predictor algorithm roundrobin Configure 'round robin' Predictor algor (default) Configuration options predictor roundrobin predictor leastconns slowstart 200 predictor response syn-to-synack samples 8 predictor response syn-to-close predictor least-bandwidth assess-time 2 ACE-1/routed(config-sfarm-host-predictor)# do show serverfarm detail serverfarm : TELNET-SF, type: HOST total rservers : 3 active rservers: 2 description : - state : ACTIVE predictor : RESPONSE method : syn-to-synack samples : Cisco Systems, Inc. All rights reserved. Cisco Public 55 ANM Predictor Configuration 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56 28

29 Basic Layer 4 Load Balancing Predictors serverfarm TELNET-SF predictor response syn-to-synack samples 8 probe TCP-PROBE rserver SERVER1 rserver SERVER2 class-map match-all TELNET-CM 2 match virtual-address tcp eq 23 policy-map type loadbalance first-match TELNET-PM class class-default sticky-serverfarm STICKY policy-map multi-match L4 class TELNET-CM loadbalance vip loadbalance policy TELNET-PM 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57 Persistence Configuration Options sticky ip-netmask address source T-STICKY serverfarm TELNET-SF policy-map type loadbalance first-match TELNET-PM class class-default sticky-serverfarm T-STICKY 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58 29

30 ANM Persistence Configuration 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59 Basic Layer 4 Load Balancing Sticky serverfarm TELNET-SF rserver SERVER1 rserver SERVER2 probe TCP sticky ip-netmask address source T-STICKY serverfarm TELNET-SF class-map match-all TELNET-CM 2 match virtual-address tcp eq 23 policy-map type loadbalance first-match TELNET-PM class class-default sticky-serverfarm T-STICKY policy-map multi-match L4 class TELNET-CM loadbalance vip loadbalance policy TELNET-PM 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60 30

31 Basic Web Load Balancing Health Checking Balancing Requests Persistence Service Failure handling Generic TCP or Scripted Keepalive Round Robin or Least Connections Required based on Source IP with or without sticky mask Fail action to purge or default 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61 Probe Configuration Options probe http HTTP-PROBE interval 5 passdetect interval 3 request method get url /index.html expect status probe https HTTPs-PROBE interval 5 faildetect 2 passdetect interval 3 request method get url /secure/index.html expect status ssl cipher RSA_WITH_RC4_128_MD Cisco Systems, Inc. All rights reserved. Cisco Public 62 31