Data Center Design Guide 4 2

1,368 views
1,207 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,368
On SlideShare
0
From Embeds
0
Number of Embeds
22
Actions
Shares
0
Downloads
164
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Data Center Design Guide 4 2

    1. 1. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    2. 2. IDC Network Design – Security & CDN Security Layer <ul><li>Protect IDC Internal Network with scalable Firewall </li></ul><ul><li>Secure e-Business transaction with SSL </li></ul><ul><li>Support Intelligent Content Distribution with Cache system </li></ul>Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System ACE 180E ACE 180E ACE 180E ACE 180E Firewall SSL Service SSL Service SSL Service SSL Service Cache Server Cache Server Cache Server Cache Server Firewall
    3. 3. Web Cache Redirection Origin Servers Internet Access Cache Server Filt 100 /sip any /dip any /proto tcp /sport any /dport 80 /act redir /rport 80 /group 1
    4. 4. Active-Standby WCR Design Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 …… . Active Standby Active – used for Web traffic Standby – used for another service Internet Backbone Cache Cache
    5. 5. Hot Standby WCR Design Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 Active Hot Standby L2 Switch Cache Cache
    6. 6. Firewall Load Balancing <ul><li>Works with any firewall </li></ul><ul><ul><li>Both bridging and routing firewalls </li></ul></ul><ul><ul><li>Firewall software on UNIX, NT, ... </li></ul></ul><ul><ul><li>Users select best-of-class firewalls without trading off performance </li></ul></ul><ul><li>Transparent solution </li></ul><ul><ul><li>No additional software required on firewalls </li></ul></ul><ul><ul><li>Avoids software compatibility issues </li></ul></ul><ul><ul><li>Preserve flow states while load balancing </li></ul></ul><ul><li>Scalable </li></ul><ul><ul><li>Up to hundreds of firewalls can share load </li></ul></ul><ul><li>Low cost </li></ul><ul><ul><li>No need for huge, expensive firewalls </li></ul></ul><ul><ul><li>Same switches can load balance other servers </li></ul></ul>Firewall Farm VPN Server Farm Internet Backbone
    7. 7. Tow Switch FLB Design <ul><li>Web switch redirects “any” traffic to a defined “server group” </li></ul><ul><ul><li>Real servers are the IP interfaces on opposing switch </li></ul></ul><ul><ul><li>No SAT on redirection; only MAC address substitution </li></ul></ul><ul><li>Use “Hash” load balancing metric </li></ul><ul><li>Use firewall IP addresses as gateways to health check entire paths from dirty-side to clean-side </li></ul><ul><li>Static routes on Web switch force traffic through same firewall </li></ul>Clean Dirty I/F A1 I/F A2 I/F B1 I/F B2 FW1 FW2 Redir any (src, dest, proto) to I/F group on opposing switch (B1, B2) Static routes: I/F B1 ----> FW1 I/F B2 ----> FW2 Redir any (src, dest, proto) to IF group on opposing switch (A1, A2) Static routes: I/F A1 ----> FW1 I/F A2 ----> FW2
    8. 8. Four Switch Fully Redundant FLB CLEAN I/F A11 I/F A21 I/F A12 I/F A22 A1 A2 B2 FW1 FW2 B1 <ul><li>Interfaces on secondary opposing switch are backups for interfaces on primary opposing switch </li></ul><ul><li>Real servers consist of all primary and secondary IP interfaces on opposing switch </li></ul><ul><li>Static routes on switch for primary/secondary interface pair to route through same firewall </li></ul>I/F B11 I/F B21 I/F B12 I/F B22 Real servers = B11, B21, B12, B22 Static routes: I/F B11 ----> FW1 I/F B21 ----> FW1 I/F B12 ----> FW2 I/F B22 ----> FW2 Primary Primary Secondary Secondary Real servers = A11, A21, A12, A22 Static routes: I/F A11 ----> FW1 I/F A21 ----> FW1 I/F A12 ----> FW2 I/F A22 ----> FW2
    9. 9. Four Switch Burch Box FLB CLEAN I/F A11 I/F A22 A1 A2 B2 FW1 FW2 B1 <ul><li>Interfaces on secondary opposing switch are backups for interfaces on primary opposing switch </li></ul><ul><li>Real servers consist of all primary and secondary IP interfaces on opposing switch </li></ul><ul><li>Static routes on switch for primary/secondary interface pair to route through same firewall </li></ul>I/F B11 I/F B22 Real servers = B11, B22 Static routes: I/F B11 ----> FW1 I/F B22 ----> FW2 Primary Primary Secondary Secondary Real servers = A11, A22 Static routes: I/F A11 ----> FW1 I/F A22 ----> FW2
    10. 10. SSL Offload for HTTPS Operation 7. iSD-SSL encrypts session and sends HTTPS response to client 2. Switch redirects requests on port 443 to iSD-SSL VIP or group 1. Client sends a HTTPS request . 3. iSD-SSL Completes SSL hand shake 4. iSD-SSL initiates HTTP connection (port 80) to server VIP 6. Server responds to HTTP request and replies to the iSD-SSL VIP 5. Switch selects real server based on configured LB policy HTTP-S HTTP
    11. 11. Active-Standby iSD Design Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 …… . Active Standby Active – used for Web traffic Standby – used for another service Internet Backbone
    12. 12. Hot Standby iSD Design Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 Active Hot Standby L2 Switch
    13. 13. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    14. 14. IDC Network Design – LAN Backbone LAN Backbone <ul><li>L argest IP LAN backbone networks using Gigabit Ethernet technology as a Layer 2 switch to scale in anticipation of customer demand </li></ul><ul><li>MultiLine LAN connection provide failover protection for continuous connectivity and added bandwidth. </li></ul><ul><li>Scalable LAN architecture to keep with customer’s bandwidth incensement </li></ul><ul><ul><li>Ethernet (10 Mbps) connections </li></ul></ul><ul><ul><li>Fast Ethernet (100 Mbps) connections </li></ul></ul><ul><ul><li>Gigabit Ethernet (1000Mbps)connections </li></ul></ul><ul><ul><li>Dedicated switch port connections </li></ul></ul>Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System
    15. 15. IDC LAN Backbone Design 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Dedicated System Service 10 Mbps Shared System service 100 Mbps Dedicate System Service Gigabit Ethernet Backbone L2 Switching Fabric IDC User Access 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Shared System service 100 Mbps Shared System service 100 Mbps Shared System service Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet
    16. 16. Using STP to Prevent Bridging Loop Internet Bridging Loop
    17. 17. Using VLANs to Prevent Bridging Loop Internet VLAN 1 VLAN 2 VLAN 3
    18. 18. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    19. 19. IDC Network Design – User Access User Access <ul><li>Flexible bandwidth service to guarantee IDC customer preferred base bandwidth for their business. </li></ul><ul><ul><li>Fix bandwidth </li></ul></ul><ul><ul><li>Usage based bandwidth </li></ul></ul><ul><ul><li>Application based bandwidth </li></ul></ul><ul><li>Scalable IDC customer’s service performance by using server load balancing </li></ul><ul><ul><li>TCP/UDP L4 server load balancing </li></ul></ul><ul><ul><li>HTTP L7 server load balancing </li></ul></ul><ul><ul><li>Global server load balancing </li></ul></ul>Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System VIP 10.10.10.10 10.10.10.1 10.10.10.2 10.10.10.3 HTTP 20% Multimedia 30% ERP 50%
    20. 20. SLB Technology Highlight <ul><li>“ Virtual Server” with a VIP address </li></ul><ul><ul><li>Packets to VIP are load balanced </li></ul></ul><ul><ul><ul><li>Entire session bound to best server at session request </li></ul></ul></ul><ul><ul><ul><li>Half or full network address translation (NAT) </li></ul></ul></ul><ul><ul><li>Flexible real/virtual server memberships and access </li></ul></ul><ul><ul><li>Accounting/usage statistics on real and virtual servers </li></ul></ul><ul><li>Load balancing Methods </li></ul><ul><ul><li>Round-robin, least-connections, response time* </li></ul></ul><ul><ul><li>Persistent handling: IP hashing, SSL-ID, cookie* </li></ul></ul><ul><ul><li>URL load balancing for server optimization </li></ul></ul><ul><li>Server Monitoring </li></ul><ul><ul><li>Server, application and content health checking </li></ul></ul><ul><ul><li>WebOS API for customization </li></ul></ul>10.1 10.2 A.com A.com VIP 100.2.2.2 RIP1=10.1 RIP2=10.2 A.com = 100.2.2.2 DNS To 100.2.2.2 Internet Backbone
    21. 21. Server Load Balancing policies Persistence Optimized policies Content Intelligent policy URL-based Load balancing - URL content based - HTTP header based - Cookie based preferential services Cookie Based - rewrite and passive modes SSL Session ID Based - on any TCP port “ Best Available” Server policies <ul><li>Least Connections </li></ul><ul><li>Weights </li></ul><ul><li>Max connections </li></ul><ul><li>Backup/Overflow </li></ul><ul><li>Round Robin </li></ul><ul><li>Weights </li></ul><ul><li>Max connections </li></ul><ul><li>Backup/Overflow </li></ul>Client IP Based - Source IP binding - Hash - Minmiss
    22. 22. Server Group Health Checking Options Only proves that web process is up. Only proves OS and network is up. Web operation is normal. ICMP-level TCP-level Application-level Health Check Packet PING TCP/80 Get index.html
    23. 23. User Scriptable Health Checks <ul><li>Example of script </li></ul><ul><ul><li>open port 80 </li></ul></ul><ul><ul><li>send GET /script.cgi /HTTP1.1 Host:www.alteon.com </li></ul></ul><ul><ul><li>expect HTTP/1.0 200* </li></ul></ul><ul><ul><li>send GET /index.html HTTP1.1 HOST:www.alteon1.com </li></ul></ul><ul><ul><li>expect HTTP/1.0 200* </li></ul></ul><ul><ul><li>… </li></ul></ul><ul><ul><li>close </li></ul></ul><ul><ul><li>open port 443 </li></ul></ul><ul><ul><li>… </li></ul></ul><ul><ul><li>close </li></ul></ul><ul><li>Benefit </li></ul><ul><li>Dynamically execute a series of </li></ul><ul><li>tests to check for </li></ul><ul><li>application and content availability </li></ul><ul><li>Features </li></ul><ul><li>Ability to send multiple commands </li></ul><ul><li>Check for any return string </li></ul><ul><li>Test availability of different </li></ul><ul><li>applications </li></ul>AD2, AD3, AD4 180, 180e, 184
    24. 24. BWM-Fairness based on application A.com Internet E-Mail Service E-mail: CIR = 5 SL = 20 HL = 20 WEB Services WEB: CIR = 30 SL = 60 HL = 60
    25. 25. Multiple Site For Global Presence Web Server Data Base Server Application Server Shanghai Beijing JiangSu Internet Client Client Client Web Server Data Base Server Application Server GuangZhou Web Server Data Base Server Application Server GSLB
    26. 26. L4 VRRP for High Reliable SLB Internet Backbone VIP VIP VSR=VIP Identical VIP is configured on both Web Switches. VRRP
    27. 27. L4 Hot-Standby SLB Redundancy Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.227 Active Hot Standby VIP #1 VIP #2 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.227 Link with traffic Link without traffic
    28. 28. L4 Active-Standby SLB Redundancy Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.227 Active Active VIP #1 VIP #2 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.227 Link with traffic Link without traffic
    29. 29. Layer 4 Active-Active Redundancy Active VIP #1 VIP = 205.178.13.100 Active VIP #2 VIP = 205.178.13.200 Internet Backbone Active VIP #1 VIP = 205.178.13.100 Active VIP #2 VIP = 205.178.13.200 VIPs on both switches are active at the same time …… . Active “Virtual” L4 Interfaces VSR1=205.178.13.100 VSR2= 205.178.13.200 VIP #1 VIP #2
    30. 30. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    31. 31. IDC Network Design – User Networks User Site <ul><li>IDC customer can built their network under IDC network infrastructure </li></ul><ul><ul><li>lease IDC Internet connection </li></ul></ul><ul><ul><li>lease IDC dedicate bandwidth </li></ul></ul><ul><ul><li>lease IDC server load balancing service </li></ul></ul><ul><ul><li>lease IDC SSL offload service </li></ul></ul><ul><ul><li>lease IDC intelligent content distribute service </li></ul></ul><ul><ul><li>and more … </li></ul></ul>Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System
    32. 32. IDC Customer Network (Option 1) 184 Firewall Firewall FWLB Function Cache Service To servers Cache Server Cache Server Cache Server Cache Server 184 180E 180E 180E 180E Firewall Firewall 180E 180E 180E 180E GSLB and BWM Function FWLB L4/L7 LB Function, SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service To servers Gigabit dedicated bandwidth connection Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Cache Server Cache Server Cache Server Cache Server 180E 180E 180E 180E FWLB L4/L7 LB Function, SSL Service SSL Service SSL Service SSL Service SSL Service Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection
    33. 33. IDC Customer Network (Option 2) 180E AD3 Firewall Firewall AD3 GSLB and BWM Function FWLB Function Cache Service SSL Service SSL Service To servers Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Cache Server Cache Server
    34. 34. IDC Customer Network (Option 3) 180E GSLB , SLB, iSD Firewall SSL Service To servers Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Firewall
    35. 35. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    36. 36. IDC Network Design – Management Management <ul><li>Keeping IDC customer’s mission-critical Internet operations up and running by </li></ul><ul><ul><li>Network management and monitoring </li></ul></ul><ul><ul><li>URL monitoring and events log </li></ul></ul><ul><ul><li>Reboot service for fail over </li></ul></ul><ul><ul><li>System administration </li></ul></ul><ul><li>Network and Web site security management to protect IDC customer’s business. </li></ul><ul><ul><li>Intrude detection </li></ul></ul><ul><ul><li>Vulnerability Analysis </li></ul></ul><ul><ul><li>Firewall management </li></ul></ul>Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System
    37. 37. Alteon Command Line Interface (CLI) <ul><li>Setup utility for first time use </li></ul><ul><li>Direct, modem, and Telnet access </li></ul><ul><li>Password protected </li></ul><ul><li>Administrator, layer 4-only and user level access </li></ul>Alteon Web Switch Console HyperTerminal Com1 9600bps 8bits None parity 1 stop None flow control
    38. 38. Alteon Web UI Management Interface Feature Navigation Tree Action Toolbar Display Frame Rotating Status Messages
    39. 39. Secure Alteon Switch Management <ul><li>Authentication of remote administrators </li></ul><ul><ul><li>Administrator identification using NAME/PASSWORD </li></ul></ul><ul><ul><li>RADIUS – Based on RFC 2058 </li></ul></ul><ul><li>Authorization of remote administrators </li></ul><ul><ul><li>Determine the user’s rights </li></ul></ul><ul><ul><li>Customize service for individual administrators </li></ul></ul><ul><li>Encryption of management information and configuration up/download - AD4 and 184 only </li></ul><ul><ul><li>Messages between remote administrator and switch are encrypted </li></ul></ul><ul><ul><li>Secure Shell (SSH) </li></ul></ul><ul><ul><li>Secure Copy (SCP) </li></ul></ul>RADIUS SSH SCP
    40. 40. Alteon Management Tools Overview <ul><li>CLI – Command Line Interface </li></ul><ul><li>BBI – Browser Based Interface </li></ul><ul><li>SNMP (Standard & Proprietary MIBs) </li></ul><ul><li>Syslog </li></ul><ul><li>EventLog </li></ul>
    41. 41. Integrate Alteon Management in HPOV <ul><ul><li>HP OpenView Integration </li></ul></ul><ul><ul><ul><li>(UNIX, Windows NT) </li></ul></ul></ul><ul><li>HPOV Integration system </li></ul><ul><ul><li>Data collectors, stats and graphs display for all functions </li></ul></ul><ul><ul><li>Icons to represent switch on map </li></ul></ul><ul><ul><li>Trap integration </li></ul></ul><ul><ul><li>WebUI launch point </li></ul></ul>
    42. 42. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
    43. 43. A Sample IDC Network Design IDC Network Infrastructure Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Dedicated System Service 10 Mbps Shared System service 100 Mbps Dedicate System Service BWM function L4/L7 LB function Cache/ SSLService Gigabit Ethernet Backbone L2 Switching Fabric IDC User Access 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Shared System service 100 Mbps Shared System service 100 Mbps Shared System service L2 Switch L2 Switch Cache Cache Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet iSD - SSL iSD - SSL
    44. 44. IDC L2 Network Design VLAN Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch L2 Switch Cache Cache port3 port1 port2 port1 port1 port2 port2 port3 port3 port4 port4 Alteon 4 Alteon 3 Alteon 2 Alteon 1 If1 10.1.1.2/24 - vlan1 If2 10.1.2.2/24 - vlan2 If3 10.1.3.2/24 - vlan3 If4 10.1.4.2/24 - vlan4 If1 10.1.1.3/24 - vlan1 If2 10.1.2.3/24 - vlan2 If3 10.1.3.3/24 - vlan3 If4 10.1.4.3/24 - vlan4 If1 10.1.1.1/24 - vlan1 If1 10.1.2.4/24 - vlan2 Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet iSD - SSL iSD - SSL vlan2 vlan1 vlan4 vlan3
    45. 45. IDC High Reliable Network Design VRRP Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB Vlan 1 Vlan 2 RIP1 10.1.2.101 RIP2 10.1.2.102 RIP3 10.1.2.103 RIP4 10.1.2.104 VIP for Virtual Services VR2 - VIP1 10.1.1.10 for HTTP VR4 - VIP2 10.1.1.11 for FTP Server ’ s Default GW VR1 10.1.2.254 VR3 10.1.2.253 Group 1 Group 2 HTTP Servers FTP Servers Master for Virtual Router 1/2 Backup for Virtual Router 3/4 Master for Virtual Router 3/4 Backup for Virtual Router 1/2 Alteon 2 Alteon 1 Alteon 3
    46. 46. IDC Network Bandwidth Design Bandwidth Management Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB RIP1 10.1.2.101 RIP2 10.1.2.102 RIP3 10.1.2.103 RIP4 10.1.2.104 Group 1 Group 2 HTTP Servers FTP Servers policy 2 hard 150M soft 100M resv 50M cont 2 policy 2 filt 20 Sip 10.1.1.11 smask 255.255.255.255 dip any dmask any action allow adv/cont 2 port 3/ filt ena add 20 policy 1 hard 350M soft 300M resv 250M cont 1 policy 1 filt 10 Sip 10.1.1.10 smask 255.255.255.255 dip any dmask any action allow adv/cont 1 port 2/ filt ena add 10 Port2 Port3 Port1 VIP for Virtual Services VR2 - VIP1 10.1.1.10 for HTTP VR4 - VIP2 10.1.1.11 for FTP Alteon 1 Alteon 3 Alteon 2
    47. 47. IDC Network Content Cache Design WCR Design INTERNET 10/100 Mbps Switch With Gigabit uplink HUB HUB 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch Cache Cache filt 100 Sip any smask any dip any dmask any Dport 80 Rport 80 action redir Group 3 port 1/ filt ena add 100 Port1 Port1 RIP5 10.1.3.101 RIP5 10.1.3.102 Group 3 Cache Alteon 3 Alteon 2 Alteon 1 Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet
    48. 48. IDC Network e-Business Design SSL Offload Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch iSD - SSL iSD - SSL filt 110 Sip any smask any dip any dmask any Dport 443 Rport 81 action redir Group 255 port 1/ filt ena add 110 Port1 Port1 RIP7 10.1.4.101 RIP8 10.1.4.102 Group 255 iSD (SSL Offload) Alteon 2 Alteon 1 filt 120 Sip any smask any dip any dmask any Sport 81 action redir Group 255 port 7/ filt ena add 110 Port1 Alteon 3
    49. 49. Question & Answer Thank You !
    50. 50. GSLB Working Process 1. Client’s DNS request for www.foo.com sent to local DNS 2. Local DNS queries upstream DNS 3. Switch at site C receives DNS request and determines that sites B and C are closest to user. Acting as Authoritative Name Server, switch selects the best site (B) and returns site B’s IP to client’s local DNS 4. Local DNS server responds to client with site B’s VIP 5. Client opens application session to 205.178.2.2 (site B ) www.foo.com 205.178.2.2 www.foo.com 172.168.13.10 www.foo.com 162.113.25.20 Site health, response time and throughput exchanged between switches on a periodic or event-driven basis using encoded DSSP A B C DSSP Updates 1 4 2 3 5 Rank Site %Traffic 1 B 70 2 C 20 3 A 10 Rank Site Traffic 1 B 80 2 C 20 3 A 10 Rank Site Traffic 1 B 75 2 C 15 3 A 5 DNS
    51. 51. GSLB Static Tables for User Proximity 1. Client sends request to local DNS server 2. DNS request sent to switch DATABASE FIELDS <IP ADDRESS> <NETMASK> <VIP_1> <VIP_2> 3.Switch looks at database and responds 4.Client request forwarded to nearest location

    ×