13th IFIP/IEEE International Workshop on Distributed Systems: Operations & Management



Similar documents
Digi Certified Transport Technician Training Course (DCTT)

IP Telephony Management

Layer 3 Redundancy with HSRP By Sunset Learning Instructor Andrew Stibbards

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

R3: Windows Server 2008 Administration. Course Overview. Course Outline. Course Length: 4 Day

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

Cisco Which VPN Solution is Right for You?

RESILIENT NETWORK DESIGN

How To Understand and Configure Your Network for IntraVUE

Stateful Network Address Translators (NAT) Xiaohu Xu Dean Cheng IETF75, Stockholm

CHAPTER 2 BACKGROUND AND OBJECTIVE OF PRESENT WORK

Troubleshooting and Maintaining Cisco IP Networks Volume 1

VRRP Technology White Paper

High Availability and Clustering

TechBrief Introduction

Designing Reliable IP/MPLS Core Transport Networks

M2M Series Routers. Virtual Router Redundancy Protocol (VRRP) Configuration Whitepaper

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

A Study of Network Security Systems

A New Approach to Developing High-Availability Server

VRRPv3: Object Tracking Integration

Building Reliable, Scalable AR System Solutions. High-Availability. White Paper

hp ProLiant network adapter teaming

Creating Web Farms with Linux (Linux High Availability and Scalability)

High Availability with Elixir

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

RSVP as Firewall Signalling Protocol

Networking and High Availability

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Building Secure Network Infrastructure For LANs

Netfilter Failover. Connection Tracking State Replication. Krisztián Kovács

Networking and High Availability

Simulation of High Availability Internet Service Provider s Network

Coyote Point Systems White Paper

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

ICANWK613A Develop plans to manage structured troubleshooting process of enterprise networks

Advanced VSAT Solutions Bridge Point-to-Multipoint (BPM) Overview

Cisco Application Networking Manager Version 2.0

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Top-Down Network Design

Purpose-Built Load Balancing The Advantages of Coyote Point Equalizer over Software-based Solutions

Scalable Linux Clusters with LVS

Data Center Networking Designing Today s Data Center

Countering Web Defacing Attacks with System Self Cleansing

This presentation describes the IBM Tivoli Monitoring 6.1 Firewall Implementation: KDE Gateway Component.

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

SURF Feed Connection Guide

Overview - Using ADAMS With a Firewall

Disaster-Resilient Backbone and Access Networks

8th IEEE/IFIP Network Operations and Management Symposium. A Case Driven Methodology for Applying the MNM Service Model

Overview - Using ADAMS With a Firewall

Network System Design Lesson Objectives

Installation and configuration guide

Chapter 1 - Web Server Management and Cluster Topology

Wholesale IP Bitstream on a Cable HFC infrastructure

How To Manage A Network On A Network With A Global Server (Networking)

Configuring Oracle SDN Virtual Network Services on Netra Modular System ORACLE WHITE PAPER SEPTEMBER 2015

Cisco AnyConnect Secure Mobility Solution Guide

Datacenter Rack Switch Redundancy Models Server Access Ethernet Switch Connectivity Options

A High Availability Clusters Model Combined with Load Balancing and Shared Storage Technologies for Web Servers

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Jason Dixon DixonGroup Consulting. September 17, 2005 NYCBSDCON 2005

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Frankfurt Data Centre Overview

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

4 Internet QoS Management

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

IP Switching: Issues and Alternatives

Diploma in Network (LAN/WAN) Administration

How To Understand The History Of The Network And Network (Networking) In A Network (Network) (Netnet) (Network And Network) (Dns) (Wired) (Lannet) And (Network Network)

Managing and Maintaining Windows Server 2008 Servers

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

GPRS and 3G Services: Connectivity Options

Deploying Windows Streaming Media Servers NLB Cluster and metasan

CYAN Secure Web Microsoft ISA Server Deployment Guide

Security Design.

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

BME CLEARING s Business Continuity Policy

MSC RVS UNIBE On-site Video-conferencing System (OViS)

LinuxWorld Conference & Expo Server Farms and XML Web Services

HOST AUTO CONFIGURATION (BOOTP, DHCP)

Chapter 3 LAN Configuration

Deployment Guide: Unidesk and Hyper- V

High Availability and Load Balancing Cluster for Linux Terminal Services

SCALABILITY AND AVAILABILITY

5 Easy Steps to Implementing Application Load Balancing for Non-Stop Availability and Higher Performance

Configure WAN Load Balancing

HC900 Hybrid Controller When you need more than just discrete control

Robust Communication for Jungle Computing

TIBCO Rendezvous Network Server Glossary

CMPT 471 Networking II

Load Balancing SIP Quick Reference Guide v1.3.1

Cisco Advanced Services for Network Security

WAN Failover Scenarios Using Digi Wireless WAN Routers

Developing Higher Density Solutions with Dialogic Host Media Processing Software

Highly Available Service Environments Introduction

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Transcription:

13th IFIP/IEEE International Workshop on Distributed Systems: Operations & Management October 21-23, 2002, Montreal, Canada A Hot-Failover State Machine for Gateway Services and its Application to a Linux Firewall Harald Roelle Department of Informatics, University of Munich Email: roelle@informatik.uni-muenchen.de

Motivation and Abstracted Scenario Lower budget environments: Gateways built upon off-the-shelf hard- and software Rising number of components increase probability of faults Adequate fault-tolerance solution necessary Gateway service Resides in one domain Linked to different domains Single point of failure by gateway service 2 Harald Roelle

Motivation and Abstracted Scenario Lower budget environments: Gateways built upon off-the-shelf hard- and software Rising number of components increase probability of faults Adequate fault-tolerance solution necessary Redundancy cluster System providing service: Master Backup systems ready to take over service provisioning Problems to solve: Detect failures Hand-over service provisioning 3 Harald Roelle

Important Requirements for a Generic Solution Service monitoring from client's perspective Both monitoring service and its accessibility necessary Separation of logic and actions Keeps solution applicable for different concrete services Minimal active links to foreign domain Security threats lowered by keeping upstream links down until needed Independence from specific services and communication technology and communication primitives No changes in surrounding environment necessary No need for extra hardware Flexibility of used systems and short setup times 4 Harald Roelle

Related Work Virtual Router Redundancy Protocol (VRRP, RFC2338) Assumes IEEE 802 / IP Only simple 3 state machine specification + Good inspiration, also addresses management Hot Standby Router Protocol (HSRP, RFC2281) Requires dynamic routing protocol + In-detailed state machine was valuable starting point IETF Working Group for Reliable Server Pooling Solution 1: Introduces new, special protocol Solution 2: Classical architecture with load balancers + Helped identifying requirements High-Availability Linux (HA-Linux) Project Limited setup and monitoring + Considers security explicitly Linux Virtual Server (LVS) Project: Implements VRRP Load Balancers: Don't solve the problem, but are subject itself 5 Harald Roelle

Solution by Generic State Machine Main design principles: Control both observation of service and communication links Communication on present links to control handover Arbitrary number of backup hosts Dynamically add/remove hosts from redundancy cluster Main components: Host-local state machine Specifies service and link monitoring Coordinates handover of service functionality Messages Inform other hosts of status changes Trigger actions on remote hosts Status table All hosts in cluster priorized by a total order Maintained and distributed by current master Local alarm timers Trigger local actions 6 Harald Roelle

Init and Decide main states Main State Machine Detects initial priority of host Differentiates initial bootstrap and dynamic addition Decide on initial role of host 7 Harald Roelle

Backup main state Main State Machine Performs active service monitoring from client's perspective Triggers local monitoring on master host 8 Harald Roelle

Handover main state Main State Machine Initiates transfer of service provisioning Distinguishes real service failures from failures in backup's links Activates upstream link 9 Harald Roelle

Service main state Main State Machine Designates a host as the master Maintains and distributes status table 10 Harald Roelle

Handover Main State 11 Harald Roelle

Customizable Procedures Realizes separation from logic and actions: State machine adoptable to concrete services without altering the handover logic Monitoring and Testing Procedures Deliver boolean results Must be positive definite 2 procedures for up- and downlink checks 2 procedures for local and remote service checks (De-) Activation Procedures Only used to carry out actions, no return value Success checking ensured by logic of state machine 2 procedures for uplink (de-) activation 2 procedures service (de-) activation Client Related Procedures Announce changes on up- / downstream side 4 procedures: takeover and release on either up- and downstream side 12 Harald Roelle

Prototype: Universal IP Service Daemon Implemented on Linux in C as user space daemon Assumes Layer 3 to be IP Roving IP addresses on Up/Downlink via "single link multihoming" Implemented procedures: Client related: Announce address changes via broadcast pings Monitoring: Downlink by broadcast ping, uplink by ping of next hop router Remaining procedures left for implementation as external program/script Scripts for packet-filtering Firewall on Ethernet: Uplink (De-) Activation: (un-) loading card driver Service (De-) Activation: iptables 13 Harald Roelle

Conclusion In-depth specification of generic handover logic Fulfills requirements for gateway services Lightweight solution without extra hardware Handover logic remains unchanged on application for specific service by customizable procedures delivering hooks for specific actions Directly implementable Status transfer not focused Examples of use: Standalone solutions Integration into services Basis for further development, e.g. of VRRP 14 Harald Roelle

Formal verification Current and Future Work In cooperation with Alexander Knapp and Stefan Merz (Research group of Prof. Martin Wirsing, LMU, http://www.pst.informatik.uni-muenchen.de/) Using model checking tools Logic verification: almost finished Timing verification: t.b.d. Specify security mechanisms on level of the state machine Authentication mechanisms Multi service redundancy Coordinate multiple services by single state machine Active feedback of backup hosts Backups influence ranking in priority table Enables load balancing in case of failure 15 Harald Roelle

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information