TheInsandOutsof

Layer4+Switching
Dr. Shirish Sathaye
ssathae@alteon.com
Vice President of Engineering

NANOG L4 Switching Presentation

Is Layer 4 Switching Meaningful?

YoucantswitchatLayer4BUTyoucanuseLayer4
informationtomakeswitchingdecisions!
ThetermLayer4Switchingistooconfusing.Itusually
meansoneoftwothings:
1. Layer 4 information is used to prioritize and queue traffic (routers have done this
for years)
2. Layer 4 information is used to direct application sessions to different servers
(next generation load balancing)

Thoughthetermmaybemeaninglesstheideaandvalueof
L4switchingisvalid

NANOG L4 Switching

Packet-by-Packet Traffic Management

Insufficient

L-2 Switches and Routers

Increasing Hardware Integration
High performance
Optimized for packet-by-packet forwarding
under normal conditions
Expensive exception handling

Hop-by-Hop Traffic
Management
Stateless protocols: RSVP,
IGMP, 802.1z, 802.1p/Q, ...
Requires every device along path
to collaborate
No built-in end-system feedback
Only useful for WAN and LAN/WAN
boundary

NANOG L4 Switching

Session-Based Traffic Management

Required

Session-Aware Devices
Firewalls, traffic directors,
packet shapers

End-to-End Traffic
Management

ATM, TCP, HTTP, FTP, ...

Maintain session states
Built-in end-station feedback
Precise control over service
quality, availability and
performance
Per session handling is
protocol and application specific
Requires session-specific
software and massive
processing power

NANOG L4 Switching

How L4-Aware Systems Work

Bymakingintelligentswitchingdecisionsandtoforwardframes
basedonTCP/UDPportinformationandIPsource/destination
addresses
L4switching=SessionSwitching

examines client requests directed at the L4 switch

multiplexes client requests across any server available to handle those requests
passively measures application health and responsiveness to determine server availability
stateful processing

BycombiningthebenefitsofL4sofwareonahighspeedL2
switchingplatform

By usingthisinformationtoestablishpolicycontrolsfor
howtrafficistobemanaged
NANOG L4 Switching

Why is L4-switching important?

NANOG L4 Switching

Emergence of L4-Aware Devices

Session Management and Packet-Switched Devices

External Server
Farm

hing
c
t
i
w
S
t
e
Pack
Load
BalanFirewall cerLoad
Balancer
Firewall

QoS
Mgr
QoS
Mgr

Internet

Intranet

o
Sessi

ent
m
e
g
a
n
n Ma

LAN
Clients
Proxy
Cache
Proxy
Cache

Firewall

itching
w
S
t
e
k
c
Pa
Load

Balancer

Session Management

NANOG L4 Switching

Internal
Server
Farm

Application Servers

Integrating L4 Switching
Single-function devices
subsumed by routers
and server switches
L4 switch functions

Intern
et

Multi-speed server connectivity

Reduce network overhead
on servers
Intran
et
Monitor individual server/
application
Application session
management
Server load-balancing
Web cache redirection
High availability
Session-by-session QoS

L4

Web Servers

L4

NFS Server
Cache Servers

Backup Server

NANOG L4 Switching

Traffic Management Required for New

Global Applications
Example: Incremental delay experienced by a 64 byte
packet queued behind 10 x 1,500 byte packets

56Kbps: 2-2.5 sec

T1: 80-100 millisec

WAN

Needs WAN
bandwidth
prioritization

Milliseconds
to seconds
Fast Ethernet: 1-2 millisec
GbE: 100-200 microsec

LAN

Bandwidth
management
debatable

Server
s
Needs intelligent
distribution of traffic
sessions to servers

NANOG L4 Switching

Key Layer 4-based Applications

1.Local/GlobalServerloadbalancing
2.Highavailabilityapplications
3.WebCacheRedirection
4.DNSredirection
5.FirewallLoadBalancing
6.URLbasedredirection,switching

NANOG L4 Switching

Local Server Load Balancing

Scalableapplicationprocessingcapacity

FTP
HTTP

DNS

Add servers on-demand

Highavailability

Server/application health monitoring

Backup and overflow servers
Hot-standby switch configurations

Tiersofservicebyservers
Database
Queries

Priority users/applications can be

directed to premium servers

Integratedswitchandloadbalancer
D
N
S

F H
T T
P T
P

Flexibility
Scalability
Economy of scale
Performance

Clients

NANOG L4 Switching

Ethernet

Basic Configuration
Ethernet

Client

Real Server
192.168.2.1

Client
Server Ports

Client

Ethernet

Ethernet

Client Ports

Real Server
192.168.2.2

Layer 4 Switch
Virtual IP
192.168.2.100
Ethernet

Client

Real Server
192.168.2.3

Real Server
192.168.2.4

Domain Name

www.right.com

Virtual IP Address

192.168.2.100

Ports Activated

80 (HTTP)
21 (FTP)

Port Mapping

None

NANOG L4 Switching

Real IP Addresses

192.168.2.1
192.168.2.2
192.168.2.3
192.168.2.4

Separate Real Server Groups

Domain Name

Virtual IP Address

Ports Activated

Port Mapping

www.right.com

192.168.2.100

80 (HTTP)

None

www.right.com

192.168.2.100

21 (FTP)

None

NANOG L4 Switching

Real IP Addresses

192.168.2.1
192.168.2.2
192.168.2.3
192.168.2.4

Multiple VIPs
Domain Name

Virtual IP Address

Ports Activated

Port Mapping

Real IP Addresses

www.right.com

192.168.2.100

80 (HTTP)
21 (FTP)

None

192.168.2.1
192.168.2.2

wwwleft.com

192.168.2.101

80 (HTTP)
21 (FTP)

None

192.168.2.3
192.168.2.4

Domain Name

Virtual IP Address

Ports Activated

Port Mapping

Real IP Addresses

www.right.com

192.168.2.100

80 (HTTP)

None

192.168.2.1
192.168.2.2

www.left.com

192.168.2.101

80 (HTTP)

8001

192.168.2.2 (8001)
192.168.2.3 (8001)
192.168.2.4 (8001)

NANOG L4 Switching

Back-Up Servers
Real Servers can be configured as Back-Up Servers for
other Real Servers or specified Virtual Services.
When backing up a Real Server, the Back-Up Server will come
into service if the Real Server fails.
When backing up a Virtual Service, the Back-Up Server will come
into service if all Real Servers which are part of the Virtual
Service group fail.

Support for Back-Up Servers alone might be compelling

reason for customers to invest in L4 Switching.

NANOG L4 Switching

Load Balancing Algorithms

Round Robin
LeastConns
Load Based
Server Feedback Based

NANOG L4 Switching

Session ID Substitution
Client to Server

NANOG L4 Switching

Session ID Substitution
Server-to-Client

NANOG L4 Switching

Global Server Load Balancing

Issues

Increase application availability in event of entire site

failure or overload
Scale application performance by load balancing traffic
across multiple sites
Need for more granularity and control in directing Web
traffic
More flexibility in building and managing Internet
infrastructures

NANOG L4 Switching

Distributed Content Sites Today

www1.company.com
www2.company.com
www3.company.com

Mostly static content on

Web (HTTP, FTP, NNTP..)
servers
Load and site distribution
through Round Robin DNS
No Site Health Awareness
No Site Performance Awareness

Internet

No Geographic Awareness
Cached DNS requests for servers
that are down produces failure to
connect messages

NANOG L4 Switching

How L4 GSLB Works

www.foo.com
162.113.25.20

Rank
1
2
3

Site
B
C
A

%Traffic
70
20
10

C
1. Clients DNS request for
www.foo.com sent to local
DNS

2. Local DNS queries upstream

DNS
3. Switch at site C receives
DNS request and determines
that sites B and C are closest
to user. Acting as
Authoritative Name Server,
switch selects the best site
(B) and returns site Bs IP to
clients local DNS
4. Local DNS server responds
to client with site Bs VIP
5. Client opens application
session to 205.178.2.2
(site B)

www.foo.com
172.168.13.10

DSSP
Updates

DNS

www.foo.com
205.178.2.2
Rank
1
2
3

Site
B
C
A

B
Traffic
75
15
5

A
Rank
1
2
3

Site health, response

time and throughput
exchanged between
switches on a periodic
or event-driven basis
using encoded DSSP

NANOG L4 Switching

Site
B
C
A

Traffic
80
20
10

Distributed Site State Protocol

Lightweight, encoded protocol runs over HTTP

Used to exchange health, load, throughput information
Periodic Updates
Peer site performance behavior (one sites view of all other sites)
Local site status information (server health, current connections, etc)
Periodic Updates result in each switch building an Ordered Handoff Table
Triggered Updates
If a site observes that another site is unresponsive, it will Trigger all other
sites to check the questionable site
If a site experiences a connection spike (reaching MaxConns) it will trigger
an update to all other sites to stop Site Handoff

NANOG L4 Switching

Dynamic, Global Site

Performance Knowledge
Sites ranked based on statistical site performance data
Site D
5 health checks; 25MB/900ms;
1000 active sessions;
1000 available sessions

Test each remote sites (VIP) health, throughput,

response, load and available capacity
Build Site Table based on time-averaged test results

Site C
5 health checks; 25MB/1800ms;
2000 active sessions;
400 available sessions

Sites ranked based on global view of top sites

Periodically exchange Site Table with all peer sites

Site A
5 health checks; 25MB/1200ms;
1200 active sessions;
600 available sessions

Computes Weighted Handoff Table based on how

frequently each site is ranked top performing by peers

D
B

Dynamic site ranking with triggered updates

If a site finds a peer site unresponsive, it will
trigger all other sites to check questionable site

If a site experiences a connection spike

(reaching MaxConns) it will trigger an update
to all other sites

NANOG L4 Switching

Global Server Load Balancing

Advantages
#1 Site B 60%
#2 Site A 30%
#3 Site C 10%

A
B
C

#1 Site B 80%
#2 Site A 20%
#3 Site C 0%

No connection delay
Client geographic awareness based on
DNS request origination
Distributed site performance awareness
Fair site selection
Statistical site performance
measurements
minimize impact of traffic spikes
Best performing sites get fair
proportion of traffic but are not
overwhelmed
Protection against best site failure
HTTP Redirect or IP Proxy as last
resort
Straight-forward configuration
All IP protocols supported

NANOG L4 Switching

Global Server Load Balancing

Site Performance Awareness

Each site performs health and performance tests on all peer

sites
Server switch views a peer VIP in a remote site as a
remote server
Peer Site #1
VIP-1 for www.company.com
Remote Server to Site #2
Internet

Switch performs periodic health/performance checks

on all remote servers
Switch builds ordered site handoff sequence per remote
server
Dynamic site ranking based on global, statistical site
performance data
Switch periodically exchanges site handoff sequence
with all other peer sites

Peer Site #2
VIP-2 for www.company.com
Remote Server to Site #1

Switch recomputes site handoff sequence based on

each peer sites ranking by all
other peer sites

NANOG L4 Switching

Web Cache Deployment Options

Proxy caching
Browser sends requests for web pages to cache instead of origin server

Transparent proxy caching

Browser sends requests for web pages to origin server
Cache sits in data path, examines all packets bound for the Internet,
intercepts web traffic and processes web requests

Transparent proxy caching with web cache redirection

Browser sends requests for web pages to origin server
LAN switch sits in data path, examines all packets bound for the Internet,
and redirects web traffic to cache(s)
Cache(s) attached to web cache redirector processes web requests

NANOG L4 Switching

Transparent Proxy Caching with Web

Cache Redirection
Host B
Host A

Host C

Pro: Limited impact on non-Web traffic

Pro: No browser or cache administration
required
Pro: Each client hits multiple caches

L4

Takes advantage of data stored in all local

caches, raising hit rate

HTTPTo B
HTTPTo C

HTTPTo B
HTTPTo A

Higher hit rates mean less user delay and

less unnecessary WAN traffic
Cache
Servers

If any cache is down, traffic directed to

other caches

Con: Must purchase and deploy web

cache redirection hardware/software
NANOG L4 Switching

High Availability
Hot Stand By Set-Up
Network Ports

Server Ports

AN
1

AS
1

Server

Active Switch
AN
2

AS
2

Client Network
Server Network
Failover Link
SN
1

OFF
Client Network

SN
2

SS
1

Standby Switch
Standby Ports

SS
2

Server Network

Server

NANOG L4 Switching

Link Failure Detection and Failover

Single Link Failure
Network Ports

Combined Network/Server Failure

Server Ports

AN
1

Network Ports

AS
1

Active Switch
AN
2

AS
2

AN
1

Server

AN
2

Server Network

OFF
SN
2

Server Network

SS
1

Failover Link
SN
1

SS
1

Active Switch

Standby Switch
Standby Ports

AS
2

Server

Client Network

Failover Link

Client Network

AS
1

Standby Ports
Standby Switch

Client Network

SN
1

Server Ports

SS
2

Server Network

Client Network

SN
2

Server

NANOG L4 Switching

SS
2

Server Network

Server

DNS Redirection

NANOG L4 Switching

Firewall Load Balancing

NANOG L4 Switching

Beyond Layer 4

NANOG L4 Switching

Conclusion

NANOG L4 Switching