Avi Network SDN meetup

1 ProprietaryandConfidential2015

LoadBalancing|Automation|Analytics

SDNbasedLoadBalancingSDNMeetupBelgium26-may-16

PhilippeBogaertsphilippe@avinetworks.comSeniorFieldSystemsEngineerEMEA@AviNetworks

2 ProprietaryandConfidential2015

• WhoAMI?– Working@Avinetworks,http://www.avinetworks.com– OWASPBelgium boardmember@owasp_be https://www.owasp.org/index.php/Belgium– BruCON co-founder/co-organizer@brucon http://www.brucon.org– DockerSec – newinitiative aroundnetworkingandsecurity inDocker– +18yearsexperience inADC&Networksecurity– +13yearsWebApplication Security,pentesting

• Youcanreachouttome– @xxradar– [email protected]– https://be.linkedin.com/in/philippebogaerts

3 ProprietaryandConfidential2015

WhyApplicationDeliveryandLoadBalancingatall?

• Today’sapplicationrequire– Availability– Security– Acceleration– EndUserExperienceiscritical!!– Scalability(autoscalinginfrastructureandapplications)– Newemergingeco-systems(DC/OS,Docker,Kubernetes,etc …)

4 ProprietaryandConfidential2015

ADCvs.LB

• LB– LoadBalancers(SLBServerLB)– DistributesLoad(RoundRobin,Leastconnections,Fastest,etc …)

• ADC– ApplicationDeliveryControllers– LB+L7ContentSwitching,Caching,Compression,SSLoffloading,Security,etc …

• LoadBalancingcomesinmanyforms– LBbasedonrouters(ex.ECMP,RHI)– LBL3/4– LBbasedonDNS– LB3/7

5 ProprietaryandConfidential2015

BasicLoadbalancing(L3/4)

• Simpleloadbalancingistypically(only)basedon– IPaddresses– TCP/UDPports– L4Proxy

• LBdecisionisbasedonlyINGRESSpacket– SimpleandfastHASHbaseddecision– HealthChecking

• Whatabout– NAT/SNAT,Proxies– LoadDistribution– Persistency

6 ProprietaryandConfidential2015

AdvancedLoadbalancing(L3/7)

• Advancedloadbalancing– IPaddresses&TCP/UDPports– Contentbased(HTTPURI,HTTPheaders,SIPHeaders,FTP…)– L4/7Proxy

• LBdecisionbasedonRequest/Responsedata– MoreadvancedLB– ContentSwitching,caching,compression…– AdvancedPersistency– SessionbasedLBvsIP/TCP

----------------------------------------------------------https://avinetworks.com/media/template_images/ab2.jpg

GET /media/template_images/ab2.jpg HTTP/1.1Host: avinetworks.comUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:46.0) Gecko/20100101 Firefox/46.0Accept: image/png,image/*;q=0.8,*/*;q=0.5Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://avinetworks.com/company/Cookie: csrftoken=b26HynXtLZ5pguvfwQJkkXRPisEzlg2S; name=PhilippeConnection: keep-alive

HTTP/1.1 200 OKContent-Type: image/jpegTransfer-Encoding: chunkedConnection: keep-aliveServer: nginx/1.4.6 (Ubuntu)Date: Thu, 26 May 2016 08:26:17 GMTLast-Modified: Wed, 03 Feb 2016 17:38:42 GMTExpires: Sun, 26 Jun 2016 08:26:17 GMTCache-Control: max-age=2678400Content-Encoding: gzip----------------------------------------------------------

7 ProprietaryandConfidential2015

DNSbasedLoadBalancing

• DistributionbasedonDNSrequestlookup– RoundRobinDNSmechanism– NoHealthChecking(ingeneral)

• Commercially available

• GlobalServiceLoadBalacing– BetweenDC– HealthChecking– GeoLocationbasedLB– CombinedwithSLB

8 ProprietaryandConfidential2015

ECMPandRHI

• Equal-costmulti-pathrouting(ECMP)– routingstrategy– next-hoppacketforwardingcanoccurovermultiple"bestpaths"

• RHI– RouteHealthInjection– Advertisenexthoptoupstreamrouter

9 ProprietaryandConfidential2015

InfrastructureDiversityandApplicationEvolutionIncreasingneedforcloud-likescaleandefficiency

3-Tier

Microservices

WEB APP DB

ContainerBareMetal Virtualized PublicCloud

AppArchitectureEvolution

Monolithic

CoreInfrastructureDesignPrinciples• FluidScalability• Commodityx86• Automation• Self-Service• On-Premise&Cloud• Immediate

10 ProprietaryandConfidential2015

SoftwareDefinedApplicationServices

• ConfiguringADCinthelegacyworldtypicallyrequires(complex)– Networkrelatedconfiguration– Applicationrelatedconfigurations

• ConfiguringADCintheSDNworldtypicallyrequires– DecoulpingControlPlane/DataPlane– ControlplanerequireseasytouseAPI

• Automationbecomes easyandscriptable– Multi-tenant,isolation,etc…

11 ProprietaryandConfidential2015

APIExample

12 ProprietaryandConfidential2015

APIExample

/api/macro{"model_name":"VirtualService","data":{"name":"demo","services":[{"port":80}],"ip_address":{"type":"V4","addr":"10.130.129.25"},"pool_ref_data":{"name":"demo_pool","lb_algorithm":"LB_ALGORITHM_ROUND_ROBIN","servers":[{"ip":{"type":"V4","addr":"192.168.1.157"}},{"ip":{"type":"V4","addr":"192.168.1.229"}}]}}}

13 ProprietaryandConfidential2015

FlexibleDeploymentModelDeployloadbalancersofanysize

High-performanceLBwithMulti-vCPUSE

Per-Pod/TenantLBWith2-vCPUSE

Per-AppLBWithper-APPSE

14 ProprietaryandConfidential2015

OpenStackexample

CONTROLLER

UI

RESTAPI

OpenStack

NeutronLBaaS

Keystone

LoadBalancerConfiguration

Server,Tenant, &Network

ConfigurationNova

15 ProprietaryandConfidential2015

AviNetworks

16 ProprietaryandConfidential2015

Questions

17 ProprietaryandConfidential2015

SeeYouNextTime!