Advanced Networking Technologies Chapter 14 Navigating Content Networks (Acknowledgement: These slides have been prepared by Dr.-Ing. Markus Hofmann) Advanced Networking (SS 15): 14 Navigating Content Networks 1 DNS: Domain Name System Function: Map between domain names (e.g. lecture.mhof.com) and IP addresses (e.g. 63.219.151.20). Basic scheme: A hierarchical name space implemented by a distributed database. Generic Country Code.. int com edu gov org mil net us de uk jp... nato stanford purdue army af navy fl id co freespace www gregorio lib itap usafa cc state k12 bbc f4 www www valencia 12circuit sd41 www Advanced Networking (SS 15): 14 Navigating Content Networks 2
Relationship Among Name s Terminology Local name servers Authoritative name server: maintains a zone of the name tree Root name servers Links Each name server knows the addresses of the root servers Each name server knows the addresses of its immediate children on the name tree Advanced Networking (SS 15): 14 Navigating Content Networks 3 DNS: Two Types of Queries Recursive query: Puts burden of name resolution on contacted name server Iterative query: Contacted server replies with name of server to contact I don t know this name, but ask this server 2 8 Root Name 3 Local Name serv1.net.yale.edu 1 4 7 Intermediate Name dns.columbia.edu Recursive Query 5 6 Iterative Query Request for machine3.cs.columbia.edu Requesting Host host42.bell-labs.com Authoritative Name dns.cs.columbia.edu Advanced Networking (SS 15): 14 Navigating Content Networks 4
DNS Caching Once a name server learns a mapping, it caches the mapping Cache entries timeout after some time (time-to-live, TTL) TTL is included in every DNS response Try it yourself using tools such as nslookup or dig Advanced Networking (SS 15): 14 Navigating Content Networks 5 Improving the Side Bottleneck Internet Web Most obvious solution: Big Iron approach No smooth upgrade path Requires total change of hardware No additional redundancy Advanced Networking (SS 15): 14 Navigating Content Networks 6
Load Balancing Farms DNS Internet Web s DNS load balancing Advantages: easy to implement, uses existing infrastructure Disadvantages: coarse load balancing, local DNS caching affects performance, full server replication Advanced Networking (SS 15): 14 Navigating Content Networks 7 Load Balancing Farms (contd.) DNS Web Site Internet Content Switch Web s Content switch owns the IP address of the site Its IP address is given to clients during DNS resolution requests for the Web site are directed to the content switch Content switch uses policy to direct incoming requests to the most appropriate server Advanced Networking (SS 15): 14 Navigating Content Networks 8
Health Checks on Farms ICMP ping TCP connection verification Passive observation of TCP connections Active verification of TCP connection HTTP verification Active verification Passive session monitoring Dynamic application verification Allows testing of backend servers (e.g. database systems) Increasing coverage UDP IP Link Dyn. App. HTTP Physical TCP ICMP Layer 7 Layer 4 Layer 3 Layer 2 Layer 1 Advanced Networking (SS 15): 14 Navigating Content Networks 9 Health/Status Checks Using Agents Software agents monitor the health and the state of the server CPU/memory utilization Hard disk health Application queue lengths Other application specific parameters Software agents report server state back to the content switch Content switch polls agents for this information, or Event reporting initiated by the agent (e.g. threshold exceeded) Many agents are SNMP based SNMP GET can be used for information polling SNMP TRAPs can be used for event reporting (requires additional failure mechanism, since UDP is used) Advanced Networking (SS 15): 14 Navigating Content Networks 10
Content Switch Policies Switching policies determine which server will serve an incoming user request Basic policy classes Policies to provide the best available server for incoming new sessions Policies for persistence, which can overwrite the above mentioned Policies to provide differential services for different user classes (e.g. gold/silver/bronze) Basic policy classes are orthogonal and are often used together Advanced Networking (SS 15): 14 Navigating Content Networks 11 Best Available Policies Random Selection: Directs traffic randomly. Round Robin: Directs traffic sequentially among servers. Weighted Distribution (Static): Traffic is directed based on static server capacity estimates (e.g. as assigned by administrator). Weighted Distribution (Dynamic): More traffic is directed to the servers with the faster response times. Least Connections: Directs request to server with least connections. Fewest Packets: Directs request to server that has served the fewest packets over a recent time interval. Least Busy : Direct request based on server status as reported from agents running on the server. E.g. taking into account server utilization, health, and capacity. Advanced Networking (SS 15): 14 Navigating Content Networks 12
Persistency Policies Persistency of TCP connections All packets within a TCP session are sent to the same server Overwrites the best available server policy SSL persistency SSL session typically span multiple TCP sessions All TCP session relating to the same SSL session are sent to the same server Application-specific persistency For example, all requests related to a single ecommerce transaction must be handled by the same server Shopping cards Credit card transactions Advanced Networking (SS 15): 14 Navigating Content Networks 13 Differential Service Policies Become only operative when resources at a site become scarce Designed to allocate scarce resources to most important clients Its need is best avoided by insuring that resources are never scarce How to discriminate users/sessions? Give preference to SSL sessions (most likely to generate revenue) Based on cookies that classify customer based on past behavior (e.g. buys a lot, never bought anything, ) When do differential service policies become active? Decision should be made before whole site suffers from low performance Need to set a threshold that is high enough to take effect only when resources are about to become scare, but not too late Metrics include # sessions, network usage, etc. Advanced Networking (SS 15): 14 Navigating Content Networks 14
Redundant Content Switch Configuration DNS Internet DNS Round Robin Web s Advanced Networking (SS 15): 14 Navigating Content Networks 15 Integrated NAT Functionality Internet Content Switch with external IP address Web s 10.0.0.2 10.0.0.3 Private Addresses Advanced Networking (SS 15): 14 Navigating Content Networks 16
Interception Proxies Cache??? Local ISP Internet Web Explicit (proxy) configuration of the client software is one possible solution. More attractive are methods for transparent request redirection, which do not require How to any redirect configuration client at requests the client to site, the e.g. cache Redirection instead using of Layer forwarding 4 Layer it to 7 the switches server? Advanced Networking (SS 15): 14 Navigating Content Networks 17 Interception Proxies L4/7 Switch Local ISP Internet Web Cache Layer 4 switches make switching decisions based not only on the IP address but also on TCP (or UDP) port information. Layer 7 switches make switching decisions based on application level information (packet content, e.g. URL) also. Advanced Networking (SS 15): 14 Navigating Content Networks 18
Discussion on Interception Proxies L4/7 Switch Web Cache Issues: Debugging (user not aware of interception proxy) IP addresses for session tracking SSL interception Although often referred to as Transparent Proxy it is not transparent! Advanced Networking (SS 15): 14 Navigating Content Networks 19 Types of Content Switches Layer 4 (L4) switches make switching decisions based not only on the IP address, but also on TCP (or UDP) port information. load balancing, Interception proxies. Layer 7 (L7) switches make switching decisions based on application level information (packet content, e.g. URL) also. Content-specific servers, Load balancing with partial replication. Advanced Networking (SS 15): 14 Navigating Content Networks 20
Layer 4 Switch: Message Flow TCP Connection Layer 4 Switch TCP SYN TCP SYN/ACK TCP ACK HTTP GET HTTP Response TCP SYN TCP SYN/ACK TCP ACK HTTP GET HTTP Response Advanced Networking (SS 15): 14 Navigating Content Networks 21 Layer 4 Switch: No Address Translation client ip c port c switch ip so origin server port so = 80 client/switch switch/cache cache/switch switch/client ip ca port ca ip c port c ip so 80 syn ip so 80 ip c port c syn/ack cache Requires modification of TCP/IP stack (i.e. kernel modification) Advanced Networking (SS 15): 14 Navigating Content Networks 22
Layer 4 Switch: With Address Translation client ip c port c switch ip sw port sw ip so origin server port so = 80 client/switch switch/cache ip ca port ca ip c port c ip so 80 syn ip sw port sw ip ca port ca syn cache No kernel modification required cache/switch ip ca port ca ip sw port sw syn/ack switch/client ip so 80 ip c port c syn/ack Advanced Networking (SS 15): 14 Navigating Content Networks 23 Layer 7 Switching: Use Case GET /index.html GET /lucentlogo.gif GET /program.cgi?name L7 Switch GET /program.cgi?name GET /lucentlogo.gif GET /index.html 1 (CGI server) 2 (graphics server) 3 (document server) Advanced Networking (SS 15): 14 Navigating Content Networks 24
Layer 7 Switching: Challenges Why is L7 switching so hard? /cache cannot be chosen upon the arrival of the TCP SYN packet at the switch. The switch must wait for the HTTP GET request to arrive before the server/cache is chosen. Hence, the switch must terminate the TCP connection! Also: Proper handling of persistent Connections. Advanced Networking (SS 15): 14 Navigating Content Networks 25 Layer 7 Switch: Message Flow TCP Connection 1 Layer 7 Switch TCP Connection 1 TCP SYN TCP SYN/ACK TCP ACK HTTP GET TCP SYN TCP SYN/ACK TCP ACK HTTP GET HTTP Response HTTP Response Advanced Networking (SS 15): 14 Navigating Content Networks 26
Layer 4 Switching vs. Layer 7 Switching TCP Connection Layer 4 Switch TCP Connection TCP Connection 1 Layer 7 Switch TCP Connection 1 TCP SYN TCP SYN/ACK TCP SYN TCP SYN/ACK TCP SYN TCP SYN/ACK TCP ACK TCP ACK HTTP GET HTTP Response TCP ACK HTTP GET HTTP Response HTTP GET TCP SYN TCP SYN/ACK TCP ACK HTTP GET HTTP Response HTTP Response Layer 4 Switching Layer 7 Switching Advanced Networking (SS 15): 14 Navigating Content Networks 27 Layer 7 Switch: Architectures TCP Gateway: An application level proxy running on the layer 7 switch mediates the communication between the client and the server. Processing intensive, Adds latency. user kernel TCP Splicing: Packet forwarding occurs at network level between the network interface driver and the TCP/IP stack, is carried out directly by OS Reduced overhead, Better performance. user kernel Advanced Networking (SS 15): 14 Navigating Content Networks 28
TCP Splicing Step 1: Accept client connection and receive GET request GET /index.html Switch Step 2: Choose server, make a connection, and send GET GET /index.html Switch Step 3: Patch connections together (translate sequence numbers) Switch Advanced Networking (SS 15): 14 Navigating Content Networks 29 Splicing Translations: Before Splicing client ip c port c ip cs port cs switch ip so port so ip o port o origin server Before splicing: 10 6 client/switch GET ip c port c ip o port o seq c ack_seq c switch/server GET ip so port so ip o port o seq s ack_seq s 1 = seq c seq s 5 2 = ack_seq c ack_seq s 2 5 4 Advanced Networking (SS 15): 14 Navigating Content Networks 30
Splicing Translations: After Splicing client ip c port c ip cs port cs switch ip so port so ip o port o origin server After splicing: client/switch ip c port c ip o port o seq C ack_seq C ip so port so ip o port o seq C 1 ack_seq C 2 server/switch ip o port o ip so port so seq S ack_seq S ip o port o ip c port c seq S + 1 ack_seq S + 2 Advanced Networking (SS 15): 14 Navigating Content Networks 31 A Challenge with Persistent Connections home.htm server1 client Index.htm Content Switch uccs.jpg rocky.mid server2. server9 Advanced Networking (SS 15): 14 Navigating Content Networks 32
From Caching to Content Distribution C O N T E N T Caching CDD U S E R S Caching: Deliver all content to specific Internet users. Content Distribution and Delivery (CDD) : Deliver specific content to all Internet users Common principle: Moving and storing content in caches at the edge of the network to enable faster and more efficient access. Advanced Networking (SS 15): 14 Navigating Content Networks 33 How to Get the Requests to the Caches? Origin Request Routing Internet Caching Advanced Networking (SS 15): 14 Navigating Content Networks 34
DNS-Based Request Routing WebDNS WebCache CNN s Web CNN s Name WebDirector Service Node Internet Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 35 How to Determine the closest Cache? What is close? Multiple possible metrics: Geographical location? Transfer delay (RTT) Number of hops Packet loss rate System load, etc. Multiple alternative approaches: Reactive network monitoring Proactive network monitoring Passive network monitoring Advanced Networking (SS 15): 14 Navigating Content Networks 36
Reactive Network Monitoring WebDNS Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 37 Reactive Network Monitoring Advantages: Measurements reflect current network status Disadvantages: High response delay for DNS queries Firewalls do not allow active probing Active probing displeases remote system administrators Advanced Networking (SS 15): 14 Navigating Content Networks 38
Proactive Network Monitoring WebDNS AN Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 39 Proactive Network Monitoring WebDNS AN Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 40
Proactive Network Monitoring Advantages: No increase in response delay for DNS queries Disadvantages: Danger of selecting inappropriate AN representative Firewalls do not allow active probing Active probing displeases remote system administrators Advanced Networking (SS 15): 14 Navigating Content Networks 41 How to Avoid Active Probing? Querying BGP routing tables for obtaining distance information Limited metrics (e.g. hop count) Inaccurate (ANs can be quite large) Measuring RTT during TCP connection establishment Highly accurate Almost no processing overhead Could be implemented using TCPDUMP WebDNS implements new Kernel module for RTT dumping for further reduction of processing overhead. SYN SYN/ACK ACK Cache RTT Advanced Networking (SS 15): 14 Navigating Content Networks 42
Passive Network Monitoring WebDNS Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 43 The Learning Algorithm Example WebDNS No RTT Information => Use small TTL 100ms 100ms Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 44
The Learning Algorithm Example WebDNS High RTT available; try different service node => Use small TTL 100ms 20ms 20ms Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 45 The Learning Algorithm Example WebDNS Low RTT available; stick to service node => Use large TTL 100ms 20ms 20ms Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 46
The Learning Algorithm - Example WebDNS High RTT available; try different service node => Use small TTL 100ms 30ms 20ms 150ms 150ms 20ms 30ms Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 47 The Learning Algorithm - Example WebDNS 100ms 150ms 30ms Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 48
External WebDNS Testbed Holmdel (WebDNS) Holmdel Palo Alto Karlsruhe, Germany (Authorative DNS <object data="http://www.webdns.telematik.informatik.uni- ) karlsruhe.de/images/tinydns.gif type="image/gif"> </object> webdns.telematik.informatik.uni-karlsruhe.de <object data="http://208.200.103.81/images/tinycache.gif" type="image/gif"> </object> Local DNS <object data="http://cachemap3.pa.bell-labs.com/images/tinycache.gif" type="image/gif"> </object> Advanced Networking (SS 15): 14 Navigating Content Networks 49 External WebDNS Test Bed Holmdel (WebDNS) Holmdel Palo Alto Karlsruhe, Germany (Authorative DNS ) Local DNS Advanced Networking (SS 15): 14 Navigating Content Networks 50
Alternative Request Routing Front-Ends It is possible to use approaches different from DNS to steer client request to the determined most suitable cache. HTML re-writing: Re-writes embedded URLs to point to the most suitable cache rather than to the origin server A-priori On-demand HTTP redirect: Redirect clients to the most suitable cache using HTTP 302 status code (redirect). The core system and algorithms to determine the most suitable cache are still the same, just the client-side front-end changes. Advanced Networking (SS 15): 14 Navigating Content Networks 51 Limitation of Various Front-Ends DNS-based Assumes co-location of local DNS server and client Coarse grained due to caching of DNS responses Misuse of DNS system increases load on DNS servers HTML re-writing First page has to be served from origin server Pages with re-written URLs should be non-cacheable HTTP redirect Additional delay for first contacting the origin server. Advanced Networking (SS 15): 14 Navigating Content Networks 52
Case Study: Akamai Request Routing GET http://www.cnn.com/index.html www.cnn.com Entry page with embedded URLs Request Logo Akamai Send Logo <html> <head> <title>welcome to CNN</title> </head> <body> <img src= http://a9.akamai.net/.../www.cnn.com/logo.gif > <h1>welcome to our Web site!</h1> </body> </html> Content providers use a tool that modifies the original web pages; embedded URLs are replaced by URLs pointing to an Akamai device Traffic redirection does not require any client side configuration, nor any support from ISPs Advanced Networking (SS 15): 14 Navigating Content Networks 53