Load Balancing | Automation | Analytics SDN based Load Balancing SDN Meetup Belgium 26-may-16 Philippe Bogaerts [email protected] Senior Field Systems Engineer EMEA @AviNetworks
1 ProprietaryandConfidential2015
LoadBalancing|Automation|Analytics
SDNbasedLoadBalancingSDNMeetupBelgium26-may-16
PhilippeBogaertsphilippe@avinetworks.comSeniorFieldSystemsEngineerEMEA@AviNetworks
2 ProprietaryandConfidential2015
• WhoAMI?– Working@Avinetworks,http://www.avinetworks.com– OWASPBelgium boardmember@owasp_be https://www.owasp.org/index.php/Belgium– BruCON co-founder/co-organizer@brucon http://www.brucon.org– DockerSec – newinitiative aroundnetworkingandsecurity inDocker– +18yearsexperience inADC&Networksecurity– +13yearsWebApplication Security,pentesting
• Youcanreachouttome– @xxradar– [email protected]– https://be.linkedin.com/in/philippebogaerts
3 ProprietaryandConfidential2015
WhyApplicationDeliveryandLoadBalancingatall?
• Today’sapplicationrequire– Availability– Security– Acceleration– EndUserExperienceiscritical!!– Scalability(autoscalinginfrastructureandapplications)– Newemergingeco-systems(DC/OS,Docker,Kubernetes,etc …)
4 ProprietaryandConfidential2015
ADCvs.LB
• LB– LoadBalancers(SLBServerLB)– DistributesLoad(RoundRobin,Leastconnections,Fastest,etc …)
• ADC– ApplicationDeliveryControllers– LB+L7ContentSwitching,Caching,Compression,SSLoffloading,Security,etc …
• LoadBalancingcomesinmanyforms– LBbasedonrouters(ex.ECMP,RHI)– LBL3/4– LBbasedonDNS– LB3/7
5 ProprietaryandConfidential2015
BasicLoadbalancing(L3/4)
• Simpleloadbalancingistypically(only)basedon– IPaddresses– TCP/UDPports– L4Proxy
• LBdecisionisbasedonlyINGRESSpacket– SimpleandfastHASHbaseddecision– HealthChecking
• Whatabout– NAT/SNAT,Proxies– LoadDistribution– Persistency
6 ProprietaryandConfidential2015
AdvancedLoadbalancing(L3/7)
• Advancedloadbalancing– IPaddresses&TCP/UDPports– Contentbased(HTTPURI,HTTPheaders,SIPHeaders,FTP…)– L4/7Proxy
• LBdecisionbasedonRequest/Responsedata– MoreadvancedLB– ContentSwitching,caching,compression…– AdvancedPersistency– SessionbasedLBvsIP/TCP
----------------------------------------------------------https://avinetworks.com/media/template_images/ab2.jpg
GET /media/template_images/ab2.jpg HTTP/1.1Host: avinetworks.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0Accept: image/png,image/*;q=0.8,*/*;q=0.5Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://avinetworks.com/company/Cookie: csrftoken=b26HynXtLZ5pguvfwQJkkXRPisEzlg2S; name=PhilippeConnection: keep-alive
HTTP/1.1 200 OKContent-Type: image/jpegTransfer-Encoding: chunkedConnection: keep-aliveServer: nginx/1.4.6 (Ubuntu)Date: Thu, 26 May 2016 08:26:17 GMTLast-Modified: Wed, 03 Feb 2016 17:38:42 GMTExpires: Sun, 26 Jun 2016 08:26:17 GMTCache-Control: max-age=2678400Content-Encoding: gzip----------------------------------------------------------
7 ProprietaryandConfidential2015
DNSbasedLoadBalancing
• DistributionbasedonDNSrequestlookup– RoundRobinDNSmechanism– NoHealthChecking(ingeneral)
• Commercially available
• GlobalServiceLoadBalacing– BetweenDC– HealthChecking– GeoLocationbasedLB– CombinedwithSLB
8 ProprietaryandConfidential2015
ECMPandRHI
• Equal-costmulti-pathrouting(ECMP)– routingstrategy– next-hoppacketforwardingcanoccurovermultiple"bestpaths"
• RHI– RouteHealthInjection– Advertisenexthoptoupstreamrouter
9 ProprietaryandConfidential2015
InfrastructureDiversityandApplicationEvolutionIncreasingneedforcloud-likescaleandefficiency
3-Tier
Microservices
WEB APP DB
ContainerBareMetal Virtualized PublicCloud
AppArchitectureEvolution
Monolithic
CoreInfrastructureDesignPrinciples• FluidScalability• Commodityx86• Automation• Self-Service• On-Premise&Cloud• Immediate
10 ProprietaryandConfidential2015
SoftwareDefinedApplicationServices
• ConfiguringADCinthelegacyworldtypicallyrequires(complex)– Networkrelatedconfiguration– Applicationrelatedconfigurations
• ConfiguringADCintheSDNworldtypicallyrequires– DecoulpingControlPlane/DataPlane– ControlplanerequireseasytouseAPI
• Automationbecomes easyandscriptable– Multi-tenant,isolation,etc…
11 ProprietaryandConfidential2015
APIExample
12 ProprietaryandConfidential2015
APIExample
/api/macro{"model_name":"VirtualService","data":{"name":"demo","services":[{"port":80}],"ip_address":{"type":"V4","addr":"10.130.129.25"},"pool_ref_data":{"name":"demo_pool","lb_algorithm":"LB_ALGORITHM_ROUND_ROBIN","servers":[{"ip":{"type":"V4","addr":"192.168.1.157"}},{"ip":{"type":"V4","addr":"192.168.1.229"}}]}}}
13 ProprietaryandConfidential2015
FlexibleDeploymentModelDeployloadbalancersofanysize
High-performanceLBwithMulti-vCPUSE
Per-Pod/TenantLBWith2-vCPUSE
Per-AppLBWithper-APPSE
14 ProprietaryandConfidential2015
OpenStackexample
CONTROLLER
UI
RESTAPI
OpenStack
NeutronLBaaS
Keystone
LoadBalancerConfiguration
Server,Tenant, &Network
ConfigurationNova
15 ProprietaryandConfidential2015
AviNetworks
16 ProprietaryandConfidential2015
Questions
17 ProprietaryandConfidential2015
SeeYouNextTime!