Data Analysis Load Balancer



Similar documents
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Outline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering

Multiple Service Load-Balancing with OpenFlow

Software Defined Networking What is it, how does it work, and what is it good for?

ViSION Status Update. Dan Savu Stefan Stancu. D. Savu - CERN openlab

How To Understand The Power Of The Internet

Tutorial: OpenFlow in GENI

Software Defined Networking

Programmable Networking with Open vswitch

Application Delivery Controller (ADC) Implementation Load Balancing Microsoft SharePoint Servers Solution Guide

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with IBM WebSphere 7

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

OpenFlow and Software Defined Networking presented by Greg Ferro. OpenFlow Functions and Flow Tables

OpenDaylight Project Proposal Dynamic Flow Management

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

TESTING & INTEGRATION GROUP SOLUTION GUIDE

Multi-Gigabit Intrusion Detection with OpenFlow and Commodity Clusters

Basic & Advanced Administration for Citrix NetScaler 9.2

SDN and OpenFlow. Naresh Thukkani (ONF T&I Contributor) Technical Leader, Criterion Networks

COMPSCI 314: SDN: Software Defined Networking

NETASQ MIGRATING FROM V8 TO V9

Securing Local Area Network with OpenFlow

Basic Administration for Citrix NetScaler 9.0

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Towards Software Defined Cellular Networks

Software Defined Networks

Details. Some details on the core concepts:

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

DEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services

How To Understand The Power Of A Network In A Microsoft Computer System (For A Micronetworking)

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?

VXLAN: Scaling Data Center Capacity. White Paper

Ranch Networks for Hosted Data Centers

Network Virtualization for Large-Scale Data Centers

Real-World Insights from an SDN Lab. Ron Milford Manager, InCNTRE SDN Lab Indiana University

SDN CENTRALIZED NETWORK COMMAND AND CONTROL

NMS300 Network Management System

How To Orchestrate The Clouddusing Network With Andn

DEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

The Internet: A Remarkable Story. Inside the Net: A Different Story. Networks are Hard to Manage. Software Defined Networking Concepts

From traditional to alternative approach to storage and analysis of flow data. Petr Velan, Martin Zadnik

Open Source Network: Software-Defined Networking (SDN) and OpenFlow

SDN Software Defined Networks

OpenFlow: Enabling Innovation in Campus Networks

Network Virtualization Based on Flows

F5 BIG DDoS Umbrella. Configuration Guide

LTE - Can SDN paradigm be applied?

CNS-200-1I Basic Administration for Citrix NetScaler 9.0

How To Manage A Netscaler On A Pc Or Mac Or Mac With A Net Scaler On An Ipad Or Ipad With A Goslade On A Ggoslode On A Laptop Or Ipa On A Network With

OpenFlow based Load Balancing for Fat-Tree Networks with Multipath Support

Getting to know OpenFlow. Nick Rutherford Mariano Vallés

SDN in the Public Cloud: Windows Azure. Albert Greenberg Partner Development Manager Windows Azure Networking

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

OpenFlow 1.4. (Changes compared to 1.3 OpenDaylight Perspec>ve) - Abhijit Kumbhare

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

HARTING Ha-VIS Management Software

Ethernet-based Software Defined Network (SDN)

Network Management Deployment Guide

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

Integrating the F5 BigIP with Blackboard

Blue Planet. Introduction. Blue Planet Components. Benefits

Snort Installation - Ubuntu FEUP. SSI - ProDEI Paulo Neto and Rui Chilro. December 7, 2010

NEC contribution to OpenDaylight: Virtual Tenant Network (VTN)

MCN Health Monitor. The finger on the pulse of your critical systems. David Tayler Service Engineer, OSISoft

11.1. Performance Monitoring

Cloud Computing Security: What Changes with Software-Defined Networking?

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Application Note. Onsight Connect Network Requirements v6.3

DEMYSTIFYING ROUTING SERVICES IN SOFTWAREDEFINED NETWORKING

WhatsUp Gold v16.3 Installation and Configuration Guide

BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Extensible and Scalable Network Monitoring Using OpenSAFE

Frenetic: A Programming Language for OpenFlow Networks

Netflow Collection with AlienVault Alienvault 2013

Using Ranch Networks for Internal LAN Security

OpenFlow with Intel Voravit Tanyingyong, Markus Hidell, Peter Sjödin

Software Defined Network (SDN)

ExamPDF. Higher Quality,Better service!

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP LTM SYSTEM WITH MICROSOFT WINDOWS SERVER 2008 TERMINAL SERVICES

Quality of Service using Traffic Engineering over MPLS: An Analysis. Praveen Bhaniramka, Wei Sun, Raj Jain

Preinstallation Requirements Guide

Firewall Examples. Using a firewall to control traffic in networks

Stanford SDN-Based Private Cloud. Johan van Reijendam Stanford University

Software Defined Networking (SDN) - Open Flow

Content Networking Fundamentals

Microsoft s Demon Datacenter Scale Distributed Ethernet Monitoring Appliance

Radware s AppDirector and Microsoft Windows Terminal Services 2008 Integration Guide

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Microsoft Exchange Server 2007

N5 NETWORKING BEST PRACTICES

Facilitating Network Management with Software Defined Networking

VLANs. Application Note

Transcription:

Data Analysis Load Balancer Design Document: Version: 1.0 Last saved by Chris Small April 12, 2010 Abstract: The project is to design a mechanism to load balance network traffic over multiple different links. The load balancer application will utilize an OpenFlow enabled switch to divide traffic by algorithm and send mirrored traffic to multiple Intrusion Detection System () devices to analyze network traffic. Components The load balancer will consist of a number of modular components that should work fairly independent of each other. This should allow reuse of components and allow us to utilize existing software. The main components are: Web- based User Interface Database/Persistent store of rules Rules module OpenFlow enable switch(es) Statistics collection module Status monitor module It is hoped that the status and statistics module can reuse some of the code that has been developed as part of the GENI OpenFlow campus trials, SNAPP and the open- source Nagios monitoring software. The modular design also should allow reuse of the components and modules by other OpenFlow tools. For example the rules database and module can be used by OpenFlow applications other than Load Balancing (ACL distribution, VM aware migration, etc.) 1

Component Diagram LoadBalancer App Web UI Signaling API Rules Module OpenFlow Switch SQL DataBase SQL Monitoring Module OpenFlow OpenFlow Switch Status Module OpenFlow Switch Web Based UI The Web based UI will be the primary interface for users to manipulate the Load Balancer rules. It will also provide a central portal to statistic and status collections. It will have a number of tabs for: Status The status from each port. Ideally this will include application based tests and threshold tests. Threshold tests would detect if there were no traffic flowing over an expected path. Application based tests would detect that there is an application running. For purposes of the data analysis this may be a simple check that make sure the collection program is running. Statistics Group or Switch based stats. May initially just be a link to the SNAPP frontend but a consistent interface would be ideal Admin Interface to define the rules to distribute the traffic Help Help documentation Groups are user- defined descriptions of a rule that describes the traffic and the input and output ports associated with it. For example, a Group may send all traffic with destination TCP port 80. In the case of source and destination IP addresses you can distinguish a hash size such as a /23 where the load balancers will divide traffic into buckets of /23 and distribute to all ports selected as part of the group. 2

Mockup of the status page Load Balancer Status Statistics Admin Help Switch: load_bal1.ul.net.uits.iu.edu Input Ports: Port 0/1 - br.ul.net.uits.iu.edu Ge2/24: Output Ports: Port 0/2 - br2.ul.net.uits.iu.edu Ge2/24: Port 0/3 - snort1.ul.net.uits.iu.edu eth1: Port 0/4 - snort2.ul.net.uits.iu.edu eth1: Port 0/5 - snort3.ul.net.uits.iu.edu eth1: Port 0/6 - snort4.ul.net.uits.iu.edu eth1: X-Connect Ports: Port 0/24 - load_bal1.bldc.net.uits.iu.edu : Switch: load_bal1.bldc.net.uits.iu.edu 3

Mockup of the statistics page Load Balancer Status Statistics Admin Help By Group By Switch Switch: load_bal1.ul.net.uits.iu.edu Input Ports: Total Input: Port 0/1 - br.ul.net.uits.iu.edu Ge2/24: Output Ports: X-Connect Ports: Switch: load_bal1.bldc.net.uits.iu.edu 4

Mockup of the admin add page Load Balancer Status Statistics Admin Help Add a Group Modify Group Define X-Connect Group: TCP80-DST Switch Pulldown Port TextBox Input Ports load_bal1.bldc 0-3,5 Output Ports Switch Pulldown Port TextBox load_bal1.bldc 6-7 Selection Selection Pulldown SRC IP DEST IP TCP DEST Port TCP SRC Port 80 Value TextBox Priority 10 Clear Apply Group: DEST-IP Switch Pulldown Port TextBox Input Ports load_bal1.bldc 0-3,5 Output Ports Switch Pulldown Port TextBox load_bal1.bldc 6-7 Selection Selection Pulldown SRC IP DEST IP TCP DEST Port TCP SRC Port Value TextBox 129.79.0.0/24 Priority 20 Clear Apply 5

Mockup of the admin mod page Load Balancer Status Statistics Admin Help Add a Group Modify Group Define X-Connect Group: TCP80-DST Priority 10 Group: Dest-IP Priority 20 Output Ports load_bal1.bldc 0/5 - snort1.bldc Dest IP 129.79.0.0/22 Modfy load_bal1.bldc 0/6 - snort2.bldc Dest IP 129.79.4.0/22 Modfy load_bal1.bldc 0/7 - snort3.bldc Dest IP 129.79.8.0/22 Modfy Clear Apply 6

Database The OpenFlow rules for each switch connected to the load balancer application are stored in a SQL database. This allows for easy manipulation of the rules by the user interface and simplifies the rules module. All the rules module needs to do is synchronize the rules set between the Database and the switch. The initial tables expected are: node - contains switches known to the application port Interfaces on each switch description, speed of_rule Each rule contained on each switch trunk contains internal routing (i.e. x- connect information) Initially only assume a L2 connection between each load balancer but eventually may contain multiple intermediate OpenFlow enabled switches in the path A SQL database may add some additional overhead in the latency of distributing a rule to the switches in the network. However for applications where the reliability and easy of use is more important than the latency in inserting a rule a SQL database has many advantages. It will make it much easier to have check pointing and recovery. For a load balancer where the rules are pre- populated and long- lived high speed population of rules is not essential. Load Balancing Application The load balancer application consists of 3 parts, a rule generator, a statistics collector and a status monitor. All three modules will communicate with the switches over a shared connection. A Flowvisor 1 like mechanism with some virtualization of each module is an option but the initial work will look at a shared connection inside the application. Rules module The rule generator simply fetches a set of rules from the SQL database and synchronizes the rules with a remote switch. A signaling API will be provided for applications to signal the rules module to synchronize a single switch or set of rules. Statistics The statistics module will collect aggregate and port level statistics over the OpenFlow interface. There is the possibility it may utilize out of band mechanisms (SNMP, RANCID) to obtain or modify some information not available through the OpenFlow protocol such as the description for each port configured on the switch. 1 Flowvisor - http://www.openflow.org/wk/index.php/flowvisor 7

The IU Measurement Manager 2 statistic collection toll is expected to provide much of the code for the statistics module. It utilizes the open- source SNAPP collection infrastructure to store and provide an interface to data collected. An example of the SNAPP OpenFlow interface is located at: http://gmoc- db.grnoc.iu.edu/nlr- of Monitoring One requirement of the load balancer is to detect when there is an issue with either the input of data or with one of the data analysis nodes. The problems would be visible through the Load Balancer UI. These alarms should also be able to be passed to external programs. The monitoring module will utilize the Nagios software tool. The Load Balancer SQL database should provide the necessary information for an automatic configuration on the Nagios configuration. This module will also leverage some existing work in the Measurement Manager application. Initially the tests will check for: Thresholds on input and output traffic - Test if utilization is to high or to low Interface status test Test that collection application (bro, snort) is working The Nagios plugin mechanism should provide plenty of flexibility for adding different application tests for application other than a data analysis app. For example, a http check could be added for web load balancing in the future. It is also expected that the alarms will feed into set of actions that will occur if an alarm is seen. If a collection node goes down traffic could be redirected to a hot spare or the rules rewritten to redirect the traffic. This may be handled by the monitoring app utilizing some of the functions inside Nagios or a special code written. This will be controlled by configurations generated by the user UI. Switches In order to build the data analysis infrastructure we need to have a set of requirement s for the Switch and firmware chosen MUST: Support at least the OpenFlow 1.0 spec Allow for hardware matching of IP src and dst wildcard rules and TCP port Have at least 12 10Gb/sec ports Support SSL keys for authentication of controllers and switches 2 Measurement Manager - http://groups.geni.net/geni/attachment/wiki/ofiu- GEC10- status/iu_of_gec10_poster.pdf 8

In addition having these features it would be advantageous that a switch allowed multicasting of frames to multiple physical ports. Having group based hash support such as OpenFlow 1.1 option could improve the ability of the distribute traffic more easily and minimize the number of rules. Exports The load balancer application should export a copy of the how it distributes software to assist the data analysis software. Format and mechanism is to be determined. Security With the ability to redirect packet capture traffic control on the rules is very important. The load balancing application MUST: Authenticate switches and controllers to each other using the OpenFlow security mechanisms Ensure adequate authentication on the web interface Testing The load balancing application needs to send a simulated or captured flow and insure traffic is complete and distributed over multiple ports. Functional tests of all major functions in the UI function properly. Future Ideas and Work Currently there isn t any mechanism to have affinity of a connection based on previous connections. Since data analysis is only examine the packets it is outside the scope of this project but would be desirable for a general load balancing solution. Some academic work has been done on load balancing using OpenFlow that may be utilized. 3 The central concept of the load balancer application is to be modular to 1) allow for independent modules of modules 2) reuse of modules include existing code. Module connections should allow other applications to be easily added to the infrastructure to combine functions. For example, a Layer 2 topology application can be incorporated with the load balancing application to allow load balancing over a 3 OpenFlow- Based Server Load Balancing Gone Wild, R. Wang, D. Butnariu, and J. Rexford, Princeton University Hot- ICE 2011 http://www.usenix.org/event/hotice11/tech/full_papers/wang_richard.pdf 9

large set of interconnected switches, such as in a data center or across wide area networks. Similar integration could happen with OpenFlow applications such as VM migration. Load balancer infrastructure Core Equipment Core Equipment Core Equipment OpenFlow Enabled Switch Core Equipment Control Traffic Controller 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information