Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Avi Network SDN meetup

847 views

Published on

Avi Introduction on load balancing

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Avi Network SDN meetup

  1. 1. 1 Proprietary and Confidential 2015 Load Balancing | Automation | Analytics SDN based Load Balancing SDN Meetup Belgium 26-may-16 Philippe Bogaerts philippe@avinetworks.com Senior Field Systems Engineer EMEA @AviNetworks
  2. 2. 2 Proprietary and Confidential 2015 • Who AM I? – Working @Avinetworks, http://www.avinetworks.com – OWASP Belgium board member @owasp_be https://www.owasp.org/index.php/Belgium – BruCON co-founder / co-organizer @brucon http://www.brucon.org – DockerSec – new initiative around networking and security in Docker – +18 years experience in ADC & Network security – +13 years Web Application Security, pentesting • You can reach out to me – @xxradar – philippe.bogaerts@radarhack.com – https://be.linkedin.com/in/philippebogaerts
  3. 3. 3 Proprietary and Confidential 2015 Why Application Delivery and Load Balancing at all ? • Today’s application require – Availability – Security – Acceleration – End User Experience is critical !! – Scalability (auto scaling infrastructure and applications) – New emerging eco-systems (DC/OS, Docker, Kubernetes, etc …)
  4. 4. 4 Proprietary and Confidential 2015 ADC vs. LB • LB – Load Balancers (SLB Server LB) – Distributes Load (Round Robin, Least connections, Fastest, etc …) • ADC – Application Delivery Controllers – LB + L7 Content Switching, Caching, Compression, SSL offloading, Security, etc … • Load Balancing comes in many forms – LB based on routers (ex. ECMP, RHI) – LB L3/4 – LB based on DNS – LB 3/7
  5. 5. 5 Proprietary and Confidential 2015 Basic Load balancing (L3/4) • Simple load balancing is typically (only) based on – IP addresses – TCP/UDP ports – L4 Proxy • LB decision is based only INGRESS packet – Simple and fast HASH based decision – Health Checking • What about – NAT / SNAT, Proxies – Load Distribution – Persistency
  6. 6. 6 Proprietary and Confidential 2015 Advanced Load balancing (L3/7) • Advanced load balancing – IP addresses & TCP/UDP ports – Content based (HTTP URI, HTTP headers, SIP Headers, FTP …) – L4/7 Proxy • LB decision based on Request/Response data – More advanced LB – Content Switching, caching, compression … – Advanced Persistency – Session based LB vs IP/TCP ---------------------------------------------------------- https://avinetworks.com/media/template_images/ab2.jpg GET /media/template_images/ab2.jpg HTTP/1.1 Host: avinetworks.com User-Agent: Mozilla/5.0 (Macintosh; Intel MacOS X10.11; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://avinetworks.com/company/ Cookie: csrftoken=b26HynXtLZ5pguvfwQJkkXRPisEzlg2S; name=Philippe Connection: keep-alive HTTP/1.1 200 OK Content-Type:image/jpeg Transfer-Encoding: chunked Connection: keep-alive Server: nginx/1.4.6 (Ubuntu) Date: Thu, 26 May 2016 08:26:17 GMT Last-Modified: Wed, 03 Feb 2016 17:38:42 GMT Expires: Sun, 26 Jun 2016 08:26:17 GMT Cache-Control: max-age=2678400 Content-Encoding: gzip ----------------------------------------------------------
  7. 7. 7 Proprietary and Confidential 2015 DNS based Load Balancing • Distribution based on DNS request lookup – Round Robin DNS mechanism – No Health Checking (in general) • Commercially available • Global Service Load Balacing – Between DC – Health Checking – Geo Location based LB – Combined with SLB
  8. 8. 8 Proprietary and Confidential 2015 ECMP and RHI • Equal-cost multi-path routing (ECMP) – routing strategy – next-hop packet forwarding can occur over multiple "best paths" • RHI – Route Health Injection – Advertise next hop to upstream router
  9. 9. 9 Proprietary and Confidential 2015 Infrastructure Diversity and Application Evolution Increasing need for cloud-like scale and efficiency 3-Tier Microservices WEB APP DB ContainerBare Metal Virtualized Public Cloud App Architecture Evolution Monolithic Core Infrastructure Design Principles • Fluid Scalability • Commodity x86 • Automation • Self-Service • On-Premise & Cloud • Immediate
  10. 10. 10 Proprietary and Confidential 2015 Software Defined Application Services • Configuring ADC in the legacy world typically requires (complex) – Network related configuration – Application related configurations • Configuring ADC in the SDN world typically requires – Decoulping Control Plane / Data Plane – Control plane requires easy to use API • Automation becomes easy and scriptable – Multi-tenant, isolation, etc …
  11. 11. 11 Proprietary and Confidential 2015 API Example
  12. 12. 12 Proprietary and Confidential 2015 API Example /api/macro {"model_name":"VirtualService","data":{"name":"demo","services":[{"port":80}],"ip_a ddress":{"type":"V4","addr":"10.130.129.25"},"pool_ref_data":{"name":"demo_pool", "lb_algorithm":"LB_ALGORITHM_ROUND_ROBIN","servers":[{"ip":{"type":"V4","addr": "192.168.1.157"}},{"ip":{"type":"V4","addr":"192.168.1.229"}}]}}}
  13. 13. 13 Proprietary and Confidential 2015 Flexible Deployment Model Deploy load balancers of any size High-performance LB with Multi-vCPU SE Per-Pod / Tenant LB With 2-vCPU SE Per-App LB With per-APP SE
  14. 14. 14 Proprietary and Confidential 2015 OpenStack example CONTROLLER UI REST API OpenStack Neutron LBaaS Keystone Load Balancer Configuration Server, Tenant, & Network Configuration Nova
  15. 15. 15 Proprietary and Confidential 2015 AviNetworks
  16. 16. 16 Proprietary and Confidential 2015 Questions
  17. 17. 17 Proprietary and Confidential 2015 See You Next Time !

×