Zeus ZXTM Loadbalancer Review 07


Published on

Published in: Technology
1 Like
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Zeus ZXTM Loadbalancer Review 07

  1. 1. SYSADMIN Zeus Load Balancer Exploring the Linux-based Zeus load balancer OLYMPIAN On today’s networks, distributing requests in a cluster of web servers requires more than just assigning the requests in a round robin. The Zeus ZXTM 7400 appliance demonstrates the technical finesse necessary to keep busy websites running. BY JÖRG FRITSCH E ASICs. Fortunately, the CPU perfor- ven the most powerful web servers. Each web server has a unique IP mance of today’s server and PC hard- server eventually reaches its (real IP, or RIP). The VIP is only config- ware is sufficient to cope with demand- limit. Getting help isn’t a prob- ured on the load balancer. ing tasks, as the appliance that I tested lem; the load redistribution can be com- Web clients only see the IP address be- plicated. Each server cluster needs to longing to the website, and they connect Zeus ZXTM 7400 distribute requests intelligently to use to this address without realizing they’re resources in a meaningful way, and the talking to a load balancer that uses a client should not notice what is going on scheduling algorithm to assign client behind the scenes. One way of achieving requests to servers. this is the ZXTM 7400 appliance by Zeus A fairly simple implementation of this Technology [1], which I recently tested. principle works like destination network address translation (NAT), modifying the Task: Load balancing and application Techniques optimization for web applications target address in the request (from VIP to RIP) and modifying responses to Load balancers distinguish between Technology: PC-based appliance with match (from RIP to VIP). physical servers and virtual IPs (VIPs). Linux and proprietary software by Zeus This variant is typically found in appli- In this case, the physical servers are web Version tested: 4.1r1 on ZXTM appli- cation-specific integrated circuit (ASIC)- ance 7400 based devices, which use highly special- Jörg Fritsch has a degree in chemis- Price: Starts at around EUR 15,000 (US$ ized hardware to manipulate packets at THE AUTHOR try and works in the field of software 20,000) for the entry-level device, ZXTM development and IT security. He has extremely high speeds. In the early days 2000 LB, up to around EUR 57,000 (US$ worked in his current position as the of web load balancing (see the box titled 78,000) for the high-end ZXTM 7400 ap- Engineer for Communication and pliance including all software options “Seven Years of Load Balancing”), ASICs Information Security for the Nato C3 for the device tested here); the software were thought to virtually guarantee suf- Agency since 2003. Jörg has also without appliance costs between EUR ficient performance. published a variety of work on load 5,500 and 28,400 (US$ 7,500 and If you need more performance, algo- balancing, TCP/IP, and security. 39,600). rithms quickly become too complex for 68 ISSUE 80 JULY 2007 W W W. L I N U X - M A G A Z I N E . C O M
  2. 2. SYSADMIN Zeus Load Balancer just goes to prove. The ZXTM 7400 works more like a reverse proxy that doesn’t convert IP addresses but, instead, terminates the client’s TCP connection and opens up a new TCP connection to the physical server. This approach helps the appliance retain control over the connection, with the ability to manipulate the data stream. The physical server sees the load balancer’s source IP address and sends the response to the appliance, which in turn sends it to the client. Single Process Per Core To keep pace with ASICs, PCs need some clever programming. The UK-based manufacturer Zeus has put much effort into developing optimized network soft- ware, thanks to its own web server. On this basis, programmers deduced that a legacy multi-processing or multi- Figure 1: It is easy to create a simple pool with three physical web servers in the Zeus GUI. threading model would be insufficient The load balancer selects one of these servers for each request. because it would lose too much time on context changes. tings (network, default gateway). Be- To do so, the appliance analyzes the The Zeus approach also reflects Dan XML content of the messages. cause the appliance runs on Linux (a Kegel’s recommendations [2] for fast modified Debian Sarge with an Ubuntu ZXTM 7400 network software. The program uses the kernel), Linux experts will soon feel at epoll mechanism to search for data in all home at the command line. Zeus supplies the appliance with five open connections without blocking and The remaining configuration tasks are network interfaces (see the “Hardware” easy and intuitive: define a pool of phys- without context changes. The developers box). One of these interfaces is mainly ical servers (Figure 1), select Health- have used nonblocking functions for all used for out-of-band management processing steps. (OOB) – that is, for administrative access check, set up routing between physical via a separate cable. A web GUI or a servers and the load balancer, select VIP Health Status serial console are available for basic set- and scheduling algorithms (see Figure 2 One of the things that load balancers do is check the load and availability of the physical servers and evaluate these pa- rameters. The scheduler uses this infor- mation to decide to which server to as- sign which requests. At the same time, the scheduler has to keep sessions persistent on the servers on which they are running: In many web applications, the server stores informa- tion about the client status when users log in or fill virtual shopping carts, for example. The load balancer needs to take this into consideration to avoid tripping up the application. More advanced load balancers implement a variety of techniques to discover which requests belong to the shared session. For example, the Zeus appliance inves- tigates cookies, adding its own cookies if needed, or uses many other tech- niques. Thus, it can even accelerate Figure 2: The load balancer needs a separate IP address to which clients connect. In our lab, SOAP applications by load balancing. the VIP was The load balancer forwards requests just like a reverse proxy. 69 ISSUE 80 JULY 2007 W W W. L I N U X - M A G A Z I N E . C O M
  3. 3. SYSADMIN Zeus Load Balancer and Figure 3), decide whether some ses- sions need to be persistent on the server, and set up routing between the VIP and the clients. To generate load for the web servers and the appliance in our lab, I used the Apache benchmarking program, ab. It is included with the basic installation of many Linux distributions. Interestingly, Adam Twiss programmed the first ver- sion of ab in 1996, and he is one of the two founders of Zeus. Since then, the Apache Software Foundation has main- tained the tool. Additionally, Twiss has not worked for Zeus for many years. Thus, you can be certain that Zeus does not manipulate the measured values. The real point of performing the test was not to discover the response time for every single request. Users aren’t going to notice whether the virtual server takes 0.4 or 0.2 milliseconds to respond, Figure 3: Zeus can handle basic load balancing tasks, offering six algorithms for selecting the which are just normal delays on the In- physical server. Besides Layer 4 switching, the appliance also offers Layer 7 technology. ternet. What’s more important is linear- ity of the measured values – that is, that agement by means of keepalives, HTTP (Figure 6) running on normal PC hard- the virtual web server just takes twice as 1.1 compression and intelligent caching. ware. Load grew from 100 to 1000 con- long to respond to 200 simultaneous re- current HTTP requests. Of course, our Excellent Measured Values quests as it does to respond to 100, and lab conditions are fairly trivial compared not four times as long. We also wanted The measurements in Figure 4 were gen- with production use on e-commerce to find out whether it is possible to re- erated by requesting a 4KB web page websites. An enterprise-level product produce the effective connection man- from a cluster with two Apache servers like the Zeus ZXTM 7400 should be able to handle 50,000 to 100,000 HTTP re- Seven Years of Load Balancing quests per second. According to the vendor, the appliance The idea of using load balancing to run tures that offered PC-based systems at can handle up to 92,000 HTTP requests multiple parallel web servers has been the time are still in business today. Two per second. Although I was unable to through several reincarnations over the companies that survived are F5 Net- last seven years. When the dotcom bub- works and Arraynetworks. reproduce these results in our lab, I ble was at its peak (in 1999 to 2001), load noted an interesting effect below the The Long Way Up balancing was justified because, in the 1000 request level. Many CGI scripts and A modern Layer 7 load balancer, like the tough world of e-commerce, traders with web applications start to slow down Zeus ZXTM 7400 appliance tested here, the fastest systems would make deals. when faced with 70 or 100 simultaneous offers more performance and stability This form of load balancing typically requests, instead demonstrating linear than the sum of its individual compo- took place in OSI Layer 4, the transport nents. If you have four web servers and growth in response times. layer. connect into a modern load balancer, The measured values show that kee- After the events of September 11, the ar- you get more than four times the perfor- palives do not offer any real gains if the guments started to change. Flash Events mance – at least, that’s what the manu- load balancer only uses them in connec- (FEs) or Flash Crowds generated sudden facturers promise. The new systems use tions to the servers. Keepalives need to peak loads that could bring an under- a variety of approaches to achieve their be enabled client-side to show any posi- equipped server to its knees. An FE goals. For example, they harmonize the tive effect. In this case, the appliance could be anything from a successful ad- handling of TCP connections and use simply opens a couple of connections vertising campaigns to a popular news Layer 7 technologies such as compres- story. to each physical server and routes any sion and intelligent content caching. requests over the active connections. As a potential bottleneck, a load balancer In addition, manufactures of Layer 7 load The content cache also led to consid- couldn’t afford to be slow, which led to balancers can rely on most web presen- vendors opting for special ASIC-based erably improved measured values. In tations not being perfectly programmed hardware for their load balancers and contrast, I could not detect any notice- and thus offering some scope for optimi- application switches. Sophisticated able gains after enabling HTTP 1.1 com- zation. Because tricks of this kind require scheduling helped them achieve maxi- complex logic, many of today’s vendors pression, probably because of the HTTP mum performance with the existing web do without ASICs and use PC-based implementation in ab and because I had server hardware. Few of the manufac- server hardware instead. network bandwidth to spare. 70 ISSUE 80 JULY 2007 W W W. L I N U X - M A G A Z I N E . C O M
  4. 4. SYSADMIN Zeus Load Balancer to compare. If you look You can then use the web GUI to copy Requests per second at ASIC systems, the your script to the appliance. results apply to Layer 4 Trafficscript is a scripting language standalone web 4500 server load balancing, whereas that uses information from OSI Layers 3 4000 manufactures of PC- through 7 to support decision making not optimized 3500 based systems will tend and to manipulate data. Zeus distin- Requests per second 3000 to demonstrate perfor- guishes between request rules for incom- 2500 keepalives on mance in Layer 7. Flexi- ing requests and response rules for re- server-side 2000 bility, features, and sta- sponses from physical servers. The fol- 1500 bility are far more im- lowing example takes information from keepalives on client- and 1000 portant. Today’s intelli- Layer 7 (the /downloads URL here) and server-side gent load balancers dig adds a Layer 3 parameter (the type of 500 HTTP1.1 enabled deep into data commu- service [TOS] bit in the IP header). The 0 nications, and even into script is readable helps the admin by with caching 100 200 400 600 800 1000 content if necessary. hiding the complexity of the protocols: functionality Concurrent Requests Script-Based $url = http.getPath(); Figure 4: A cluster of two servers can serve up more than Optimization if (string.startsWith U twice the number of pages per second thanks to the Zeus load ($url, quot;/downloadsquot;)) Zeus really starts to balancer. { Performance-only values are no longer shine with its Trafficscript. For simple response.setToS U all that relevant because most load tasks, like evaluating the HTTP header (quot;THROUGHPUTquot;); balancers do little to distinguish them- fields, the browser-based GUI has a Rule } selves. It makes little difference whether Builder Wizard (Figure 7). For more de- a load balancer achieves 92,000 or manding tasks, you need to write the Global View 100,000 requests per second. Addition- rules yourself. To help you do so, Zeus ally, vendor specifications are difficult gives you a 154-page reference manual. Global server load balancing (GSLB) is designed for really large sites. The idea behind GSLB is to distribute requests for clients over geographically spread data centers to ensure the availability of the website in case of a disaster. At the same time, clients benefit from receiv- ing a response from the data center that they can reach most quickly. Adaptive content delivery networks (CDNs) really have no alternative to GSLB. DNS Travels The technology is based on the fact that clients use DNS requests to resolve the host and domain names to IP addresses for any websites they visit. The DNS server passes the request on to the load balancer, which retrieves the CNAME or Figure 5: A separate appliance available this summer will distribute client requests over IN A record for the VIP. This technology geographically diverse data centers. just has one weakness: The load bal- ancer does not see the requesting cli- Client ents directly, but only the request from the name server to which the client turned. Thus, it actually discovers the Zeus ZXTM 7400 Switch best VIP for the client’s name server and 1 GBPs hopes that the clients and the name 1 GBPs server are not too far apart. This as- VIP sumption is normally sensible because Server it is in the client’s and the network carri- er’s best interest to locate DNS servers as close as possible to clients. OOB-Management Internet GSLB will not be included as a standard feature of the ZXTM Appliance series; Figure 6: In our lab, the Zeus load balancer supported two physical servers. The administrator instead, Zeus has announced a separate can control the appliance via OOB. Clients only see the external VIP; load balancing is com- appliance for the summer of 2007. pletely invisible to them. 71 ISSUE 80 JULY 2007 W W W. L I N U X - M A G A Z I N E . C O M
  5. 5. SYSADMIN Zeus Load Balancer If this rule is bound to a virtual server that a client addresses to request a URL starting with /downloads, the appliance tags all the IP packets that belong to this connection with the TOS bit for through- put. The aim is to achieve maximum throughput for download files. Although the tag is only effective within a single Internet connection, this is often all it takes. The example also shows that the manufacturer has a very universal ap- proach capable of connecting and ma- nipulating Layers 3 through 7. Other possible deployment scenarios might include inserting meta tags, evalu- Figure 7: The Rule Builder wizard helps administrators quickly set up new Trafficscript rules. ating HTTP headers (User-Agent, Ac- If you need more sophisticated manipulation, you can add your own scripts. cept-Language, …), or restricting the bandwidth for downloads. Zeus does not cessive load. The techniques used to do iting (maximum number of connections just distribute the load; the appliance this range from simple white- and black- per client), to investigation of HTTP also protects physical servers from ex- lists of known clients, to connection lim- headers, to arbitrary rules implemented in Trafficscript. Hardware Well Balanced The Zeus ZXTM 7400 appliance hard- NIC, and another slot has a single-chan- The Zeus ZXTM appliance impressed me ware comes from Germany’s Pyramid nel RAID controller. The single-channel with its flexibility, simple configuration, Computer [3]. The appliance has a height controller appears to be fairly ancient on of two rack units and includes a redun- close inspection: it doesn’t have a type and excellent test results. A cluster can dant power supply and five network in- label, and you need to set jumpers to be more than the sum of all its servers terfaces, all of which support speeds of configure it. According to the vendor, the thanks to Web Application Optimization. 10/100/1000MBps. The design is the typi- controller is an ICP Vortex GDT8114RZ. In particular, Trafficscript gives adminis- cal Pyramid 2-HU server chassis with Two 73GB disks are attached to it. trators plenty of scope for customization. customized front panel for Zeus. The system also has a PCI Express slot Zeus loses a couple of points com- The basic hardware is quite popular on with a 32-bit network adapter sitting in it. pared with F5 and Nortel Networks the European market. When I looked You can expect lower throughput rates when it comes to IPv6. Whereas the under the hood (Figure 8), I noted that from this, so the manufacturer recom- competitors already advertise full IPv6 the Supermicro motherboard has a mends using it for OOB management support, Zeus refers to future releases, clear-cut layout, and everything else is (i.e., via separate lines). The CD ROM but without a tangible schedule. On the nicely arranged and connected. A plastic drive in the appliance is not state of the other hand, GSLB (see the “Global separator, which you can hardly see in art. A DVD drive would create a better View” box) just goes to show that Zeus the figure, divides the chassis into two impression. is on the right track and headed for a top halves – the CPUs and everything else. Although the system is professionally In each of these halves are two fans for spot in the major league. The hardware built and promises good performance, cooling. performed perfectly and also deserves the manufacturer loses a couple of top marks. You can expect this well- The ZXTM 7400 appliance has two AMD points for its choice of CPU and RAM. Opteron 280 CPUs (dual core, 2.64GHz, (Norbert Landowski) designed box to provide stable service. 64-bit). The 8GB of RAM For administrators, the ZXTM 7400 is comprises PC3200 a universal device that can handle any modules (DDR1-400), aspect of load balancing in a web server although the more re- cluster, offering an impressive portfolio cent DDR2 667 RAM of techniques, from simple Layer 4 would have been faster. switching to low-level manipulation of However, the vendor the HTTP datastream and even of HTML would have had to opt documents. ■ for the AMD Opteron 2000 series for DDR2 INFO support. The Supermicro moth- [1] Zeus: http://www.zeus.com erboard has two 64-bit [2] Dan Kegel, “The C10K problem”: network cards on http://www.kegel.com/c10k.html Figure 8: Inside the Zeus appliance:  CPU,  RAM,  fans,  board. One of the four [3] Pyramid: 32-bit NIC,  64-bit dual-port NIC,  raid controller,  power 64-bit PCI-X slots is oc- http://www.pyramid.de/en/index.php cupied by a dual-port supply. 72 ISSUE 80 JULY 2007 W W W. L I N U X - M A G A Z I N E . C O M