This document discusses software defined networking (SDN) based load balancing. It describes how SDN allows load balancers to be configured through APIs instead of complex network configurations, enabling automation. An example API call is shown to create a load balancing pool. SDN load balancers can be flexibly deployed at different sizes for high performance, per-pod, or per-application use. An example is given of integrating SDN load balancing with OpenStack through Neutron LBaaS.

1. 1 Proprietary and Confidential 2015
Load Balancing | Automation | Analytics
SDN based Load Balancing
SDN Meetup Belgium 26-may-16
Philippe Bogaerts
philippe@avinetworks.com
Senior Field Systems Engineer EMEA
@AviNetworks

2. 2 Proprietary and Confidential 2015
• Who AM I?
– Working @Avinetworks, http://www.avinetworks.com
– OWASP Belgium board member @owasp_be https://www.owasp.org/index.php/Belgium
– BruCON co-founder / co-organizer @brucon http://www.brucon.org
– DockerSec – new initiative around networking and security in Docker
– +18 years experience in ADC & Network security
– +13 years Web Application Security, pentesting
• You can reach out to me
– @xxradar
– philippe.bogaerts@radarhack.com
– https://be.linkedin.com/in/philippebogaerts

3. 3 Proprietary and Confidential 2015
Why Application Delivery and Load Balancing at all ?
• Today’s application require
– Availability
– Security
– Acceleration
– End User Experience is critical !!
– Scalability (auto scaling infrastructure and applications)
– New emerging eco-systems (DC/OS, Docker, Kubernetes, etc …)

4. 4 Proprietary and Confidential 2015
ADC vs. LB
• LB – Load Balancers (SLB Server LB)
– Distributes Load (Round Robin, Least connections, Fastest, etc …)
• ADC – Application Delivery Controllers
– LB + L7 Content Switching, Caching, Compression, SSL offloading, Security, etc …
• Load Balancing comes in many forms
– LB based on routers (ex. ECMP, RHI)
– LB L3/4
– LB based on DNS
– LB 3/7

5. 5 Proprietary and Confidential 2015
Basic Load balancing (L3/4)
• Simple load balancing is typically (only) based on
– IP addresses
– TCP/UDP ports
– L4 Proxy
• LB decision is based only INGRESS packet
– Simple and fast HASH based decision
– Health Checking
• What about
– NAT / SNAT, Proxies
– Load Distribution
– Persistency

6. 6 Proprietary and Confidential 2015
Advanced Load balancing (L3/7)
• Advanced load balancing
– IP addresses & TCP/UDP ports
– Content based (HTTP URI, HTTP headers, SIP Headers, FTP …)
– L4/7 Proxy
• LB decision based on Request/Response data
– More advanced LB
– Content Switching, caching, compression …
– Advanced Persistency
– Session based LB vs IP/TCP
----------------------------------------------------------
https://avinetworks.com/media/template_images/ab2.jpg
GET /media/template_images/ab2.jpg HTTP/1.1
Host: avinetworks.com
User-Agent: Mozilla/5.0 (Macintosh; Intel MacOS X10.11; rv:46.0)
Gecko/20100101 Firefox/46.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avinetworks.com/company/
Cookie: csrftoken=b26HynXtLZ5pguvfwQJkkXRPisEzlg2S; name=Philippe
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type:image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 26 May 2016 08:26:17 GMT
Last-Modified: Wed, 03 Feb 2016 17:38:42 GMT
Expires: Sun, 26 Jun 2016 08:26:17 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
----------------------------------------------------------

7. 7 Proprietary and Confidential 2015
DNS based Load Balancing
• Distribution based on DNS request lookup
– Round Robin DNS mechanism
– No Health Checking (in general)
• Commercially available
• Global Service Load Balacing
– Between DC
– Health Checking
– Geo Location based LB
– Combined with SLB

8. 8 Proprietary and Confidential 2015
ECMP and RHI
• Equal-cost multi-path routing (ECMP)
– routing strategy
– next-hop packet forwarding can occur over multiple "best paths"
• RHI
– Route Health Injection
– Advertise next hop to upstream router

9. 9 Proprietary and Confidential 2015
Infrastructure Diversity and Application Evolution
Increasing need for cloud-like scale and efficiency
3-Tier
Microservices
WEB APP DB
ContainerBare Metal Virtualized Public Cloud
App Architecture Evolution
Monolithic
Core Infrastructure Design Principles
• Fluid Scalability
• Commodity x86
• Automation
• Self-Service
• On-Premise & Cloud
• Immediate

10. 10 Proprietary and Confidential 2015
Software Defined Application Services
• Configuring ADC in the legacy world typically requires (complex)
– Network related configuration
– Application related configurations
• Configuring ADC in the SDN world typically requires
– Decoulping Control Plane / Data Plane
– Control plane requires easy to use API
• Automation becomes easy and scriptable
– Multi-tenant, isolation, etc …

11. 11 Proprietary and Confidential 2015
API Example

12. 12 Proprietary and Confidential 2015
API Example
/api/macro
{"model_name":"VirtualService","data":{"name":"demo","services":[{"port":80}],"ip_a
ddress":{"type":"V4","addr":"10.130.129.25"},"pool_ref_data":{"name":"demo_pool",
"lb_algorithm":"LB_ALGORITHM_ROUND_ROBIN","servers":[{"ip":{"type":"V4","addr":
"192.168.1.157"}},{"ip":{"type":"V4","addr":"192.168.1.229"}}]}}}

13. 13 Proprietary and Confidential 2015
Flexible Deployment Model
Deploy load balancers of any size
High-performance LB
with Multi-vCPU SE
Per-Pod / Tenant LB
With 2-vCPU SE
Per-App LB
With per-APP SE

14. 14 Proprietary and Confidential 2015
OpenStack example
CONTROLLER
UI
REST API
OpenStack
Neutron
LBaaS
Keystone
Load Balancer
Configuration
Server, Tenant, &
Network
Configuration
Nova

15. 15 Proprietary and Confidential 2015
AviNetworks

16. 16 Proprietary and Confidential 2015
Questions

17. 17 Proprietary and Confidential 2015
See You Next Time !