Citrix NetScaler – балансировка
высоконагруженных систем
Николай Шадрин
Systems Engineer
Citrix Systems
Тенденции пользователей и ИТ




                            USERS                    APPS
                               ...
Веб-приложения: богатые, сложные, требовательные

       Больше Sharing
       Content соединений



       Больше общения...
Серверы: их всѐ больше
                                                          Projected Server and Electricity Use
    ...
Доверие лидирующих предприятий и веб-сервисов




            7000+    Deployments Worldwide
XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience...
                     Mashup...RelTag...SOA......
Citrix Delivery Center                             TM



 “Превращаем центры обработки в центры доставки”


              ...
Citrix Delivery Center                        TM




                                           NetScaler - Platinum
Встро...
NetScaler AppExpert
Системная архитектура NetScaler

               Единое
             управление
              и отчеты
                    ...
AppExpert Policy Engine




                                                                  Приложение 1


             ...
AppExpert Service Callout Example
                                                            3
                          ...
NetScaler Product Capabilities
NetScaler and the 4 Feature Buckets



    Clients      Internet        NS         Server



Acceleration   Security     A...
NetScaler and the 4 Feature Buckets



      Clients                         Internet                                     ...
Разгрузка серверов
Server Offload



 Клиенты             Интернет                    NS                         Сервер




                 ...
Основы TCP и дополнительные 7 пакетов
                              SYN
1. Клиент и сервер
договариваются о
настройках сое...
Установка TCP-соединения (3-Way Handshake)

• Почему это важно?
 – Установка правильной связи с использованием порядковых ...
Традиционные балансировщики и TCP




Clients               Internet                     LB                           Serv...
NetScaler и TCP-соединения




Clients                Internet                       NS                          Server


...
Традиционные балансировщики vs. NetScaler


 Clients              Internet                    NS                          ...
Server Offload
Customer                         Other Benefits
                  Attained

                               ...
Application Availability
Traditional Load Balancing

                                                      Pool




 Clients    Internet           ...
L7 Content Switching

                                                                Pool



                            ...
L7 Content Switching                               Статический
                                                   (html, j...
L7 Content Switching                           95% запросов
                                               5% содержимого
...
L7 Content Switching                            Пользовательский
                                                     траф...
NetScaler GSLB
                 Site A


      B2C




B2B


                 Site B

  P2P
Как работает GSLB?
           1. Клиент производит DNS-запрос

                        What site should I go to?




     ...
Варианты выбора политики доступа
• Round Robin
  Взвешенный или невзвешенный

• Географическая близость
  – Статическая ил...
GSLB Static Proximity
• IP локального DNS определяет его географическое расположение.
• Стандартные базы данные определяют...
GSLB Static Proximity -                  Supported Formats

 –   NetScaler format
 –   IP-country
 –   IP-country-isp
 –  ...
GSLB Communication b/w NetSclaers
Простой мониторинг
• Only State (Up/Down) is learned
• Status is assumed to be equally g...
GSLB Dynamic Decision Methods
• RTT (Round Trip Time)
• Least Connections
• Least (Server) Response Time
• Least Bandwidth...
NetScaler 9: AppExpert Rate Controls

• Make sure the right users get
                                                   P...
AppExpert Rate Controls


                                                                      
    User(s)           Ra...
Application Acceleration
Application Acceleration



 Clients             Internet                NS                             Server




       ...
Сжатие HTTP

Зачем сжимать данные HTTP?
     Меньше пакетов проходят по сети
     Быстрее ответ приложения

• Большинств...
Динамическое кэширование




      без NetScaler        с NetScaler
NetScaler ускоряет доставку до пользователя
                   0,22
  SharePoint
                                    2,04
...
Продуктовая линейка NetScaler
Solutions for Any Size Business

                                                           MPX: 15 Gbps




             ...
Citrix NetScaler Medium Enterprise Platforms


                                    7000                    9010
          ...
Citrix NetScaler Large Enterprise Platforms


                                   10010                   12000            ...
• http://angdemo.citrix.com/
• http://hqfastapps.com
• nshadrin@citrix.com
Citrix Net Scaler V9.0 Lb Highload Mar2009
Upcoming SlideShare
Loading in …5
×

Citrix Net Scaler V9.0 Lb Highload Mar2009

1,108 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,108
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • This view of Citrix Delivery Center is still perfectly valid. It will not be featured as much in the Synergy keynotes this year since so much of the focus is on the line-of-sight delivery concepts, but we can still use it in the breakouts. What this view shows is a zoom in on the “Delivery Controllers” that sit in the datacenter at the delivery tier. All four of the delivery controllers have platinum editions that extend their “delivery reach” (three extend out to the end user, while one extends back into the datacenter to deliver application workloads).Note that we’re making one subtle change to this chart by extending NetScaler along the bottom. This does a few things: Makes it easier to tell the end-to-end virtualization story (servers-apps-desktops) Shows NetScaler (application networking) as a layer above transport networking Makes it easier to show that NetScaler delivers web apps to external users (who don’t go through a corporate “desktop”)
  • {slide builds from core CDC products and then details the additional supporting products that complement the Product Lines in the CDC}{This chart serves to illustrate the key Platinum components – and the elements that complete the end-end solution for Platinum}
  • NetScaler is able to provide a broad spectrum of application delivery benefits and simplify web app delivery, because it is architected for high performance, extensibility and ease of management. We control the architecture from the ground up by tightly coupling networking hardware with advanced CPUs and specialized processors. Layered on top of this powerful hardware platform is a high performance packet processing and evaluation engine that makes all decisions for that packet in one single pass. This allows us to deliver an industry leading 15 Gbps of throughput on a single core and to add services to that packet like content switching, caching and compression without degrading performance. NetScaler’s architecture is also highly extensible. Using the AppExpert Policy Framework administrators can create highly customized policies. Functional modules like AppFW, GSLB and Access Gateway SSL VPN can be easily added via software license keys. The extensibility of our architecture has allowed us to rapidly add new functional modules to meet increasingly challenging application delivery requirements. All of NetScaler’s performance and features are easily managed by a strong suite of management tools. All functions on NetScaler can be managed and monitored through the unified graphical or command line interface and rich reporting tools. The AppExpert Visual Policy Builder allows administrators to easily create rich policies without having to write complex code.
  • Currently, the most commonly cited use case is for basing NetScaler policy decisions on “source IP address reputation” that is tracked in another application or service. For example, one beta customer has an external application that identifies and tracks IP addresses that are scraping its site’s content. This customer used a service callout to have NetScaler query this application in real-time and then used NetScaler to either pass or drop the request. The same approach could be used to have NetScaler filter spam or other inbound content by using a callout to pass payload information to another application that inspects this content.Other use cases customers have mentioned include:-Passing content to an external transformation engine -Integration with UDDI or other directory services-Geo-targeting or other token-based switching decisions, where the logic for the content switch is available in an external application.
  • The NetScaler has four primary buckets in which Features can fall. In the following sections we will take each one individually:Server OffloadClient Side AccelerationSecurityAvailability
  • The NetScaler has four primary buckets in which Features can fall. In the following sections we will take each one individually:Server OffloadClient Side AccelerationSecurityAvailability
  • The NetScaler has Features designed to improve Server Side performance and to assist in improving Server Efficiency. These Features are:TCP Multiplex and Reuse. As previously mentioned, reducing the CPU overhead associated with TCP connection management from web servers can allow sites to scale much more effectivelySSL Offload. The NetScaler has a build in ASIC designed to handle SSL transactions and bulk encryption. SSL encryption generates significant CPU load on web servers.Cache. We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. Using Dynamic caching can greatly reduce the amount of CPU cycles spent on a DB server running and formatting such large reports.Web Compression. Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the NetScaler which type of compression the browser (client) can handle. This can be done on the web servers for a significant cost in the CPU.Consolidated Web Logging. The NS can allocate a memory buffer to dynamically store and pass of to a dedicated client real time web logs. There is no longer a need to run a web logging agent on each server and then to further consolidate those logs after the fact.TCP Buffering. This feature allows the server to send communication at wirespeed to the NetScaler, where the NetScaler can “buffer” this content and meter out this content to a slower link. This allows a server to be free to handle new requests while the slow client is still receiving content. Typically this slow client would lock this session until all content is received.
  • In a traditional TCP communication, in which the server interacts directly with the client, you can see that there is a cost for connection set-up and tear-down. In addition, this implies that the two systems have already had some communication and have arrived at their maximum window size. In most initial connections, systems perform a TCP Slow Start (RFC 2001), in which they ACK the first packet, then the next two, then the next three and so on until they reach an agreed upon maximum window size. For sites that receive a large number of connection from new hosts, this slow start congestion avoidance can reduce performance as well. HTTP is a short lived connection and will have difficulty reaching full speed from TCP Slow Start.
  • TCP has an Option Field where various TCP options can be used to enhance communication between a client and server: 1. Window Scaling: This will change the Window Size (the Window Size defines the number of bytes to be received before requiring acknowledgement) to up 1 GB 2. Maximum Segment Size: Defines the maximum size of data (in bytes) that can be sent per segment. Ideally fragmentation should be avoided 3. Selective Acknowledgements: Allows the client to Acknowledge, selectively, data that was sent, as opposed to requesting a resend of all packets
  • Traditional Load Balancers forward TCP connections straight through to back-end services. Some load balancers use a concept called Delayed Binding, where they will pause a TCP connection and spoof the 3-Way Handshake to a client. This is used as a security mechanism against SYN Floods, before quickly establishing the server side 3-Way handshake, thereby forwarding the TCP connection on to the server. This passes on the TCP connection overhead directly to the Server to manage, increasing server CPU cycles.
  • The NetScaler acts as a TCP Proxy allowing two distinct and independent TCP connections, one to the client and one to the server.
  • Traditional Load Balancers Because of 1:1 TCP Connection Mapping, TCP overhead related to connection setup and teardown is passed directly to the Web Server Most of the CPU loading on a web server is directly related to the TCP OverheadNetScaler Advantage The NetScaler acts as a TCP Proxy, doing so allows the NetScaler to manage the server side TCP connection and the client side TCP connection as two distinct and independent connections With this separation, the NetScaler can now leverage the TCP Proxy architecture to multiplex and reuse the server side TCP connection independently from a client side connection. This NS reuse of already established and idle server side TCP connections reduces the TCP Overhead on web servers. If you can consider a very conservative estimate of 2:1 Offload, this will potentially allow a situation where the site traffic can double before the need to provision additional resources or half of the existing resources can be pulled out reducing Space, Power and Cooling concerns inside a data center.
  • There is a published case study for every customer listed on this slide available at www.citrix.com. The case studies provide more detail on the offload and other benefits the customer achieved.
  • Traditional Load Balancers
  • Traditional Load Balancers
  • Traditional Load Balancers
  • Traditional Load Balancers
  • Traditional Load Balancers
  • To illustrate, NetScaler maximizes application availability with intelligent L4 server load balancing and advaced L7 content switching features to ensure that users are directed to the right content every time. NetScalers global server load balancing features provides seamless failover and redirection of users to a back-up site in the event of a disaster and can be used to intelligently spread user requests across multiple sites during normal business operations.
  • NetScaler 9 enhances the ability ensure application availability by enabling NetScaler policies to be triggered based upon data rates either coming from a given source or going to a given resource. AppExpert Rate Controls give administrators the ability take actions beyond what basic network rate-shaping or QoS provide, and to govern resources at a far more granular level. By integrating AppExpert Rate Controls into NetScaler’s fully application-aware policy engine, administrators aren’t limited to just throttling traffic based upon IP address and port, but have the full depth and breadth of NetScaler traffic management, acceleration and security functionality at their disposal.There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  • There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  • The NetScaler has Features designed to improve client experience on a web site. These Features are:TCP Optimization. Low level TCP optimizations designed to speed content to the client, such as WSS, SACK, MSS and FastRamp.Web Compression. Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the NetScaler which type of compression the browser (client) can handle. This single feature offers the biggest bang for improving web site response for your clients. Even clients on a quick link (such as DSL and Cable) stand to see improvements since Compression reduces the amount of packets sent. Also a benefit seen in high-loss networks such as wireless.Cache. We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. This benefits clients by reducing the “time” spent processing objects such as a large report. The clients will not have to wait while the report is run and then formatted.SSL Offload. The NetScaler has a build in ASIC designed to handle SSL transactions and bulk encryption. End to end encrypted traffic will typically not be available for mid stream enhancements like caching or compressing data, only by loading valid SSL Certificates on the NetScaler can acceleration benefits be achieved on encrypted traffic.
  • Citrix Net Scaler V9.0 Lb Highload Mar2009

    1. 1. Citrix NetScaler – балансировка высоконагруженных систем Николай Шадрин Systems Engineer Citrix Systems
    2. 2. Тенденции пользователей и ИТ USERS APPS APPS APPS • Глобализация • Зеленые ЦОД • Свободный график • Безопасность • Расширение филиалов • Непрерывность бизнеса • Мобильность • Web и Enterprise 2.0 • E-коммерция • SaaS, XML, SOA
    3. 3. Веб-приложения: богатые, сложные, требовательные Больше Sharing Content соединений Больше общения Групповые блоги Больше протоколов Wiki Больше форматов Групповые календари Списки Больше неизвестного Microsoft SharePoint 2007
    4. 4. Серверы: их всѐ больше Projected Server and Electricity Use Servers Electricity Use 18.0 120 16.0 100 Annual Electricity Use (billions/kWh) 14.0 Servers Installed (millions) 12.0 80 10.0 60 8.0 6.0 40 4.0 20 2.0 0.0 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Year Source: Energy Star Report
    5. 5. Доверие лидирующих предприятий и веб-сервисов 7000+ Deployments Worldwide
    6. 6. XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience... Mashup...RelTag...SOA...Application Availability...Data theft...RIA...Wiki...Enterprise 2.0 Трафик приложений Users Apps Ускорение Доступность Безопасность Разгрузка приложений приложений приложений инфраструктуры Сетевой трафик Router Switch Firewall MAC address...Source IP...Destination IP...Source port...Destination port...Ping... OSPF...RIP...BGP...ACL...DNS...Subnet...802.XX...ARP...ICMP...RTT...SYN...ACK... Keepalive...SNMP...SSH...SSL...MTBF...Latency...
    7. 7. Citrix Delivery Center TM “Превращаем центры обработки в центры доставки” Workflow Studio XenDesktop XenApp XenServer NetScaler
    8. 8. Citrix Delivery Center TM NetScaler - Platinum Встроенный Встроенный мониторинг Workflow Studio AG-E Сеть доставки Динамический ЦОД XenDesktop XenApp XenServer EdgeSight Access Provisioning Repeater Server Gateway NetScaler Встроенный Web App Firewall
    9. 9. NetScaler AppExpert
    10. 10. Системная архитектура NetScaler Единое управление и отчеты Функциональные модули NetScaler AppExpert Высокопроизводительная обработка Visual Policy пакетов и политик AppExpert Builder Administration Application Networking Platform
    11. 11. AppExpert Policy Engine Приложение 1 AppExpert Policy Engine 1) Получение и прерывание запроса 2) Расшифровка/аутентификация/анализ запроса Приложение 2 Users 3) Применение политик и ответ на запросы 4) Мультиплексирование через постоянные соединения
    12. 12. AppExpert Service Callout Example 3 Scraper 1. Приходит запрос tracking 2 2. NetScaler отсылает IP 4 3. Приложение проверяет IP 1 4. Приложение отсылает “yes” или “no” NS NS 5. Политика NetScaler PolicyNS Policy 5 Policy Website – Пропускает, если “yes” Users Citrix NS – Блокирует, если “no”
    13. 13. NetScaler Product Capabilities
    14. 14. NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload
    15. 15. NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload • TCP Optimization • DDos Protection • Load Balancing Layer 4 and Layer 7 • TCP Multiplex and Reuse • Web Compression • Content Filtering and Redirection • Global Server Load Balancing • SSL Offload • Cache (Static and Dynamic) • Web Application Firewall • Content Rewrite and Redirection • Cache (Static and Dynamic) • SSL VPN • Surge Protection and Sure Connect • Consolidated Web Logging • TCP Buffering
    16. 16. Разгрузка серверов
    17. 17. Server Offload Клиенты Интернет NS Сервер • Мультиплексирование и повторное использование TCP • Разгрузка SSL Offload • Кэширование (статическое и динамическое) • Консолидированная работа с логами • TCP-буферизация
    18. 18. Основы TCP и дополнительные 7 пакетов SYN 1. Клиент и сервер договариваются о настройках соединения. SYN + ACK ACK } 3 – Way Handshake GET 2. Client sends initial Data TCP request for data. In HTTP, this would be a GET. The server will 7 Packet respond with data. Overhead FIN } ACK 3. Server will send a 4 – Way FIN, informing the Teardown FIN client that all data has been sent. ACK
    19. 19. Установка TCP-соединения (3-Way Handshake) • Почему это важно? – Установка правильной связи с использованием порядковых номеров и подтверждений – Обе стороны принимают соглашение об опциях соединения (WS, MSS и SACK) • Какие проблемы? – TCP Slow Start – Slow Start и congestion avoidance постоянно меняют скорость отправки пакетов – Denial of Service Attacks – TCP может использоваться для отправки пакетов, перегружающих систему (SYN Flood)
    20. 20. Традиционные балансировщики и TCP Clients Internet LB Server Клиент отправляет TCP SYN на LB LB отправляет пакет на Web-ферму TCP-соединения от клиента к серверу
    21. 21. NetScaler и TCP-соединения Clients Internet NS Server Клиент отправляет TCP SYN на NS NS отправляет свой SYN на ферму NetScaler в виде TCP Proxy
    22. 22. Традиционные балансировщики vs. NetScaler Clients Internet NS Server Соотношение клиентских и серверных соединений – 1:1 у традиционных балансировщиков NS проксирует TCP-соединения, клиент и сервер полностью разделены; this allows a NetScaler to Multiplex and Reuse server side TCP Connections. Many Client Connections to 1 Server Side Connection N:1
    23. 23. Server Offload Customer Other Benefits Attained • Improved response time by 110% dRemate 50% • 40% savings on mgmt. costs LiveNation 50% • Capacity to support 100X traffic spikes • Significant decreases in application latency and SINA 66% mgmt. costs Transport for • 10X improvement in application performance 95% • 60% reduction in application latency London Userplane 87% • Estimated $390K savings in capital investment
    24. 24. Application Availability
    25. 25. Traditional Load Balancing Pool Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
    26. 26. L7 Content Switching Pool Content Switch Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
    27. 27. L7 Content Switching Статический (html, jpg, etc.) Оптимизированные пулы для разного типа контента Server Content Type Динамический Clients Internet NS (asp, cgi, etc.) Server
    28. 28. L7 Content Switching 95% запросов 5% содержимого Оптимизированные пулы для разного контента Server URL 5% запросов Clients Internet NS 95% содержимого Server
    29. 29. L7 Content Switching Пользовательский трафик Разные уровни сервиса разным клиентам Server Source Info Ботнеты, спайдеры и т.п. Clients Internet NS Server
    30. 30. NetScaler GSLB Site A B2C B2B Site B P2P
    31. 31. Как работает GSLB? 1. Клиент производит DNS-запрос What site should I go to? 2. NetScaler возвращает IP наиболее доступного ЦОД Go to site number 3. 3. Клиент соединяется с указанным IP Site 1 Site 2 Site 3
    32. 32. Варианты выбора политики доступа • Round Robin Взвешенный или невзвешенный • Географическая близость – Статическая или динамическая • Уровень нагрузки • Пользовательские политики • Disaster Recovery автоматический или ручной перенос нагрузки • На базе сохранения сессии
    33. 33. GSLB Static Proximity • IP локального DNS определяет его географическое расположение. • Стандартные базы данные определяют ближайший балансировщик • В георгафическом контексте имеются следующие обозначения: “Continent”, “Country”, “State”, “City”, “ISP”. Organization” • LDNS IP может подходить под несколько политик • Предлагается VIP с наилучшим набором параметров • Сайты в том же ЦОД балансируются по взвешенному Round Robin
    34. 34. GSLB Static Proximity - Supported Formats – NetScaler format – IP-country – IP-country-isp – IP-country-region-city – IP-country-region-city-isp – GeoIP-country – GeoIP-region – GeoIP-city – GeoIP- organization – GeoIP -isp – GeoIP-city-isp-organization – Custom database (User defined qualifiers)
    35. 35. GSLB Communication b/w NetSclaers Простой мониторинг • Only State (Up/Down) is learned • Status is assumed to be equally good • Each DNS query gets the IP address of various participating GSLB sites in a round robin fashion. • Insecure mode of Communication MEP (Metric Exchange Protocol) • NetScaler internal protocol to exchange state and health information over a TCP session • Connection establishment involves a secure RPC method • Data is sent in an non-encrypted manner • DNS queries get best suited response based on configured algo and information gathered through MEP
    36. 36. GSLB Dynamic Decision Methods • RTT (Round Trip Time) • Least Connections • Least (Server) Response Time • Least Bandwidth • Least Packet • Source IP Hash
    37. 37. NetScaler 9: AppExpert Rate Controls • Make sure the right users get Partners appropriate capacity • Плохие ничего не получат • Ни один отдельный пользователь не Lines of Business нагрузит сервер • Встроено в ядро NetScaler Customers • Работает со многими модулями Spiders, botnets, scrapers, etc.
    38. 38. AppExpert Rate Controls  User(s) Rate Time Object Action • IP Address • Запросы • Измеряется • IP сервера • Ограничения • IP Range/Subnet • Пакеты в мсек. • URL/URI • Выполнить • Cookie • Полоса • Рисунок политику • Wildcards • Файл • Responder • Rewrite • Любой • Любой • Cache заголовок или заголовок или • и. т. д. данные… данные… • Alert • Log • Trap Изолирование критичных объектов
    39. 39. Application Acceleration
    40. 40. Application Acceleration Clients Internet NS Server • TCP Optimization Acceleration • Web Compression • Cache (both Static Content and Dynamic)
    41. 41. Сжатие HTTP Зачем сжимать данные HTTP?  Меньше пакетов проходят по сети  Быстрее ответ приложения • Большинство веб-контента хранится несжатым • Все броузеры поддерживают сжатие GZIP – Совершенно прозрачно для пользователей – Решение о сжатии принимается на основе заголовка User-Agent – Политика NetScaler определяется по User-Agent и MIME-Type • Обычное сжатие – в интервале от 3:1 до 5:1 • Сжатие данных на скоростях до 6 Gbps
    42. 42. Динамическое кэширование без NetScaler с NetScaler
    43. 43. NetScaler ускоряет доставку до пользователя 0,22 SharePoint 2,04 1,1 SAP 5,22 With NetScaler 1,3 Without NetScaler Siebel CRM 4 Oracle 6,41 Forms 10,1 0 2 4 6 8 10 12 Response Time in Seconds
    44. 44. Продуктовая линейка NetScaler
    45. 45. Solutions for Any Size Business MPX: 15 Gbps 12000: 6 Gbps 10000: 4.8 Gbps 9000: 3 Gbps 7000: 600 Mbps
    46. 46. Citrix NetScaler Medium Enterprise Platforms 7000 9010 Size 1U 2U Power Supplies 1 2 Processor Single Single Memory 1 GB 2GB 6x - 10/100 & 4x - 10/100/1000; or Network Interface Support 2x - 10/100/1000 4x – GB Fiber System Throughput 600 Mbps 3 Gbps HTTP Compression Throughput 150 Mbps 400 Mbps HTTP Requests per Second 50K 125K SSL Encrypted Throughput 150 Mbps 500 Mbps SSL Transactions per Second 4400 Max. 4400
    47. 47. Citrix NetScaler Large Enterprise Platforms 10010 12000 MPX 15000 MPX 17000 Size 2U 2U 2U 2U Power Supplies 2 2 2 2 Processor Single Dual Dual (4 cores) Dual (8 cores) Memory 4GB 4GB 16GB 32GB 8x Fiber/Cu GB SFP, or 4x 10G Fiber XFP 4x - 10/100/1000 & 8x Cu GB SFP; or 2x 10G Fiber XFP + or Network Interface Support 4x – GB Fiber 4x Fiber & 4x CU SFP; or 8x CU SFP 10/100/1000 2x 10G Fiber XFP + 2x10GE & 8x10/100/1000 8x CU SFP 10/100/1000 System Throughput 4.8 Gbps 5.5 Gbps 15 Gbps 15 Gbps HTTP Compression Throughput 555 Mbps 1.3 Gbps 6 Gbps 6 Gbps HTTP Requests per Second 250K 275K 350K+ 350K+ SSL Encrypted Throughput 760 Mbps 3 Gbps 6 Gbps 6 Gbps SSL Transactions per Second 8800 28,000+ 48,000 48,000
    48. 48. • http://angdemo.citrix.com/ • http://hqfastapps.com • nshadrin@citrix.com

    ×