Tải bản đầy đủ - 0 (trang)
Chapter 12. Exploring Global Server Load Balancing

Chapter 12. Exploring Global Server Load Balancing

Tải bản đầy đủ - 0trang

ExploringCiscoServiceSwitchingModule(CSM)GSLBYouwilllearnhowto

configuretheCSMtodistributeclientrequestsacrossmultiplesites.

GSLBStickinessYouwilllearnaboutstatelessDNSsticky(withsourceIPaddress

hashing)andstatefulDNS-stickyusingaGlobalStickyDatabase(GSDB).



InthisChapter,youwilllearnhowtoresolveissuesrelatingto

disasterrecovery,nameresolutionresponsetimesincreases,

anddatacentercapacityincreases.Bymirroringyourcontent

acrossgeographicallydistributeddatacentersandenablingthe

GlobalServerLoadBalancing(GSLB)intelligentrequestrouting

capabilitiesdiscussedinthisChapter,youcanresolvemany

presentandfutureredundancy,responsetime,andscalability

issues.

YouwilllearnaboutthefollowingGSLBtechnologiesinthis

Chapter:

DNSRound-RobinDistributesrequestsacrosssitesusing

round-robinwithDNSserversonly[md]noGSLBdevicesare

required.

BGPanycastAdvertisesthesiteprefixfrommultiple

locationsintoBGP;routersautomaticallydistributerequests

totheprefixbasedonBGPattributes,suchasASpath.

DNSGSLBDistributesrequestsbasedonvariousmetrics,

suchasproximity,andstickiness,acrosssitesusingGSLB

devicesenabledwithDNScapabilities.

HTTPRedirectionDistributesclientrequestsacrosssites

usingtheHTTP301Movedredirectionmethod.

RouteHealthInjectionAdvertiseshostroutesforhealthy

VIPsintotheroutingtable,androutersselecttheVIPwith



thebestroutingmetricforclientrequests.

Youcanenableoneormoreofthesetechnologiesinyour

networktoachieveGSLB.



DomainNameServiceOperation

TheDomainNameService(DNS)isthenamingsystemonthe

Internetusedbyapplicationsthatrequireaccesstonetwork

resourcesviahumanlyrecognizablenames.BecauseGSLB

systemscanuseDNSfordistributedsiteselection,youshould

haveasolidunderstandingofDNSbeforeyoutackletheload

balancingconceptsinthisChapter.

TheDNSsystemisadistributedhierarchicaldatabaseofnameto-IPmappings.Figure12-1givesanexampleDNShierarchy

forsomeCisco.comwebservers.



Figure12-1.DNSDomainHierarchy



[Viewfullsizeimage]



Atthetopofthehierarchyaretherootnameservers,asFigure

12-1illustrates.Therootserversareresponsibleforresolving

allDNSrequestsontheInternetbutdelegatetheresolutionto

theTop-LevelDomain(TLD)serversformorespecificdomains.



TheTLDservers,inturn,delegateresponsibilitytointermediary

DNS(IDNS)servers,whichyourenterpriseorInternetService

Provider(ISP)mayownandadminister.TheIDNSserverscan

beresponsible(orauthoritative)forspecificdomainsorcan

furtherdelegateresolutionofsubdomainstosubdomainDNS

servers.Thesubdomainserversmayberesponsibleforoneor

moredomainnames,suchaswww.cisco.com.Youcanconsider

theGSLBdevicesinthisChapterassubdomainDNSservers.

TheAddress(A)recordsresideattheleavesofthetree.In

Figure12-1,thewww.cisco.comsubdomainDNSserveris

responsibleforthesinglesubdomainwww.cisco.com.The

*.support.cisco.comDNSserverisresponsiblefortwodomains

fortechnicalandsalessupport.

NonprofitorganizationsadministertheDNSrootservers.They

allbehaveidenticallyintermsofDNSoperationbuthave

differenthardwareandsoftwarerequirements,dependingon

theloadoneachserver.Becausetheroundtriptime(RTT)to

therootserversisacauseofadditionaldelayinInternet

transactionsthatrequirenameresolution,theselectionofthe

rootserverisimportantforreducingoveralltransactiontimes.

Asaresult,theadministratorsofsomeofthebusiestDNSroot

serversuseBorderGatewayProtocol(BGP)-anycastingforsite

selection.WithBGP-anycast,therootDNSserverisreplicated

acrossnumeroussites,andtheIPprefixoftheserveris

advertisedintoBGPfromeachlocation.TheBGProuting

algorithmisthenableautomaticallytoselectthebestsitefor

userrequestsontheInternet.



IntroducingDNSResourceRecords

ADNSservermaintainsconfigurationfilesthatcontainthe

resourcerecords(RRs)fordomainstheyareauthoritativefor.

Asanexample,theIDNSserverfor*.cisco.commaycontain

thefollowingresourcerecords:StartofAuthority(SOA),



Address(A),NameServer(NS),andMailExchange(MX).

StartofAuthority(SOA)RecordsTheDNSserversthat

areauthoritativeforaparticularsubdomaincontainaStart

ofAuthority(SOA)record.Example12-1givesasample

SOArecordforthedomaincisco.comthatwouldresideon

theintermediaryDNSserverfor*.cisco.com.



Example12-1.ASampleSOAResourceRecord



CISCO.COM.INSOAns1.cisco.com.ns2.cisco.com.(

1;serno(serialnumber)

86400;refreshinseconds(24hours)

7200;retryinseconds(2hours)

2592000;expireinseconds(30days)

345600);TTLinseconds(4days)



IntheSOArecordinExample12-1,"IN"referstotheclass

ofrecord.DNScurrentlysupportsonlytheInternet(IN)

class.ThetypeisSOA,andtheprimaryandsecondary

authoritativeintermediaryDNSserversforthedomainare

ns1.cisco.comandns2.cisco.com,respectively.Thesetwo

nameserverscanbothactivelyrespondtoDNSrequeststhe

secondaryremainssynchronizedwiththeprimaryby

requestingzonetransfersfromtheprimary.Zonetransfers

containalltheavailablerecordsontheprimaryDNSserver.

TheSOAalsocontainsthefollowing:

-Currentversion(serialnumber)ofthedatafile

-Numberofsecondsthatthesecondarynameserver

shouldwaitbeforecheckingforupdatesontheprimary

nameserver

-Numberofsecondsasecondarynameservershould



waitbeforeretryingafailedzonetransfer

-Maximumnumberofsecondsthatasecondaryname

servercanusedatabeforeitmusteitherberefreshed

orexpire

TheTime-to-Live(TTL)valueenablesyoutospecifythe

defaultamountoftimethatclientDNSservers,whenusing

iterativeDNS,locallycachetheArecordresponses.Ifyou

userecursiveDNS,asyouwilllearninthenextsection,all

DNSservershaveaccesstotheArecordresponseandmay

cachetheArecordlocallyforsubsequentrequests.

AlthougheachdomainshouldbeidentifiedbytwoDNS

servers,withoneastheactiveDNSserverandtheotheras

thebackup,theexamplesinthisChapterreferenceonlya

singleauthoritativeserverforeachsubdomain.

Address(A)recordsArecordsdefinetheassociation

betweeneachdomainandIPaddressthatyourdeviceis

authoritativefor.AnexampleofanArecordforCisco.com

is

cisco.com.3600INA10.1.10.100

Inthisresourcerecord,therightmost"."inthedomain

nameindicatestherootserver;.comindicatestheTLD

server,andcisco.comreferstotheauthoritativedomain

containingall*.cisco.comsubdomains.Thewwwrefersto

thesubdomainthatyourdeviceisauthoritativefor.Youcan

overridetheTTLvalueintheStartofAuthority(SOA)

recordbyspecifyingtheTTLafterthedomainintheA

record.The"A"referstothetypeofrecord.

NameServer(NS)recordsDNSserversdelegate

authoritytootherDNSserversbyusingNSrecords.An

exampleNSrecordforthedomainCisco.com,thus



delegatingthedomaintothesubdomainDNSserver

gslb.cisco.com,is

www.cisco.com.INNSgslb.cisco.com

TheArecordtodeterminetheIPaddressoftheGSLBDNS

serveris

gslb.cisco.com.INA10.1.10.101

AnNSrecordisalsoknownasareferralrecord,becauseit

refersclientDNSserverstootherDNSserversthatare

delegatedtoresolvemorespecificTLDsorsubdomains.

MailExchange(MX)recordsMXrecordsarethemail

serverdomainsthattheDNSserverisresponsiblefor.An

exampleMXrecordforthee-maildomainuser@cisco.com

is

cisco.com.INMXsmtp.cisco.com

TheArecordtodeterminetheIPaddressofthemailserver

is

smtp.cisco.comINA10.1.10.103



Note

DNSusesUDPport53forstandardDNSrequests

andresponses.However,becausezonetransfer

payloadsaremuchlarger,theyrequireTCP(alsoon

port53)asareliabletransport.



IterativeDNS

WithiterativeDNSresolution,eachserverdelegatesthe

resolutionresponsibilitytothenext-levelDNSserverdownthe

hierarchicaltreeyoulearnedaboutpreviouslyinFigure12-1.

TheDNSserversintheflowsendanNS-recordcontainingthe

next-levelDNSserverclosertotheauthoritativeDNSserver,as

Figure12-2illustrates.



Figure12-2.IterativeDNS



[Viewfullsizeimage]



Note

TheInternetusestheiterativemethodforDNS

resolution.TheiterativemethodisbeneficialinGSLB

environmentsinwhichtheclient'sDNSserverIP

addressshouldbepreservedthroughouttheflowfor

proximityloadbalancingandGSLB-sticky,asyou



willlearnlaterinthisChapter.



ConsidertheexamplefromFigure12-2inwhichaclientissues

anArecordrequestforCisco.com.

1. TheclientbrowsersendstheArecordrequesttothe

operatingsystem.Theoperatingsystemfirstchecksits

localhostsfilefortherequestedArecord.Thehostsfileisa

textfiletowhichyoucanmanuallyaddArecordsonyour

workstationsorservers.Ifthehostfilecontainstherecord,

theclientusestheentryfortheconnection.Additionally,if

theclientrequestedthesamemappingintherecentpast,

theoperatingsystemmayhaveacachedcopyofthehostto-IPmappinginalocalDNScache.Ifso,theclientuses

thecachedIPaddressfortheconnection.

2. Otherwise,theclientDNSserverforwardstherequest

recursivelytotheclientDNSserver.Youcanconfigureyour

localDNSserver(s)eithermanuallyordynamicallyviaa

DynamicHostControlProtocol(DHCP)server.



Note

IniterativeDNS,clientssendrequeststotheir

configuredDNSserverasrecursiverequeststhe

DNSserverinitiatesandcoordinatestheiterative

DNSflow.Seethenextsectionformoredetailson

recursiveDNS.



3. ThelocalDNSserverchecksforacachedcopyoftheA

recordandrespondsdirectlytotheclientwiththemapping,



asanonauthoritativeanswer.Ifitdoesnothaveacached

copyoftherequestedArecord,theDNSserverissuesan

iterativeArecordrequesttoarootserver,onbehalfofthe

client.TherootnameserverrespondstotheclientDNS

serverwiththeNS-recordofthe*.comTLDserver.



Note

Youconfigurethelistofrootnameserversandtheir

IPaddressesonthenameserver.Becausetheroot

serverschangeinfrequently,maintainingastaticlist

ofrootnameserverIPaddressesisatrivialtask

thatyoucanperformmanually.



4. TheclientDNSserverthenextractstheTLDIPaddress

fromtheNS-recordresponseandformulatesanotherA

recordrequest,whichitsendstotheTLDserver.TheTLD

serverrespondswiththeNSrecordofthe*.cisco.comIDNS

servertotheclientDNSserver.

5. TheclientDNSserversendsanArecordrequesttothe

*.cisco.comIDNSserver.The*.cisco.comIDNSserver

respondswiththeNSrecordforthesubdomainDNSname

serverauthoritativeforwww.cisco.com.

6. TheclientDNSserversendstheArecordrequesttothe

subdomainDNSserver.ThesubdomainDNSnameserver

respondswiththeArecordofthedomain.Toimprove

performanceandreducedelay,theauthoritativesubdomain

DNSserverincludesaTTLvalueintheArecordresponseto

theclientDNSserver.TheclientDNSserverstorestheA

recordinitscacheforthelengthoftimespecifiedbythe

TTL.

7. TheclientDNSserversendstheArecordbacktotheclient.



8. TheclientusestheIPspecifiedintheArecordfortheTCP

connectionoftheHTTPsessiontotheCisco.comwebserver.



Note

InFigure12-2,therootandTLDDNSserversnever

seetheArecordresponsefromthesubdomainDNS

servers.Therefore,usingiterativeDNSresolution,

theycannotcacheacopyoftheArecordlocally.



RecursiveDNS

WithrecursiveDNSresolution,eachserverassumes

responsibilityoftheresolution,incontrasttoiterativeresolution

inwhicheachDNSserverpassestheresolutionresponsibilityto

anotherDNSserver.WhenaclientsendsanArecordrequest

foranIPaddress,recursiveDNSrequiresthateachDNSserver

inthehierarchyresolvesthehostname.WhenarecursiveDNS

serverreceivesanArecordrequest,itissuesanArecord

requestofitsowntoaserverdelegatedtothedomainatthe

nextleveldowntheDNStree.Thisprocesscontinuesuntilthe

requestreachestheserverauthoritativeforthedomain,as

Figure12-3illustrates.



Figure12-3.RecursiveDNS



[Viewfullsizeimage]



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 12. Exploring Global Server Load Balancing

Tải bản đầy đủ ngay(0 tr)

×