Content Switch
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Content Switch PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on
  • Presentation posted in: General

Content Switch. . Introduction of content web switch. . Some content switch products in the market. . Design of a content switch. Introduction of Content Switch (1). What is web server load balancing?. . Distribute incoming request to achieve parallel services.

Download Presentation

Content Switch

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Content switch

Content Switch

. Introduction of content web switch.

. Some content switch products in the market.

. Design of a content switch.


Content switch

Introduction of Content Switch (1)

What is web server load balancing?

.Distribute incoming request to achieve parallel services.

. Transport layer load balancing, balancing the incoming request based on

address and port number.

. Application layer load balancing, redirecting the user request based on

the content of the request. (e.g. url, http header…)


Content switch

Introduction of Content Switch (2)

What is Content Switch?

. An application layer load distribution.

.A network device which routes the unique user request for specific

content to the optimal server best able to handle the request.

. For example, a Content Switch can classify the incoming request

based on its url, http meta header, cookie value and so on.


Content switch

An example of Content Switch

ArrowPoint Network Services

(Support url and cookie-based switching)

.Who the customer is based on user cookie located within HTTP header.

. What information or transaction the customer is requesting.

. Where best to service the customers.


Content switch

Component of Content Switch

. Defining the rules.

Determine the type of web content being request.

. Rule matching process

Identifying specific type of traffic, then routing that traffic to

the location best able to serve the traffic or customer request.


Content switch

Two different design approach of Content Switch

. Process content type classification and routing policy on

application level.

For example: application level proxies.

. Process content type classification and routing policy on

tcp/ip level. Need to modify operating system kernel.

For example: using NAT to develop a content switch.


Content switch

Content Switch Products in Market (1)

Cisco Content Engine 2.20(CE)

. Cisco CE supports HTTP and HTTPS proxy server.

. CE examines web request and makes the action decision such as block,

cache, or proxy.

. CE is worked in application level.

. An example of the matching rules:

rule no-cache url-regex\. *cgi-bin.*

This rule configures that the incoming packets with the url matching the pattern “*cgi-bin” will not be forward to the proxy servers.


Content switch

Content Switch Products in Market (2)

Intel Action/Classification Engines(ACEs)

. ACE classifies incoming packets according to the predefined rule files.

. ACE then triggers action in the associated action files.

. ACE use Network Classification Language(NCL) to configure rules.

. ACE is developed in tcp/ip level.

. Example of NCL,

Rule check_http{tcp&&(tcp.sport==80)}{action_scan()}

. check_http is the name of the rule, {tcp&&(tcp.sport==80)} is class matching

condition, and {action_scan()} is action function of this condition.

. This rule means that incoming request with protocol=tcp and port=80 will go to

action “action_scan()”.

. NCL is simple for configuration.


Content switch

Design of the Content Switch

. Architecture of Content Switch.

. Matching rules and routing policy.

. Flow chart.


Content switch

TCP/IP level Content Switch Architecture (1)

NAT(network address translation)

. Incoming and out going packets all pass through Content Switch.

. Content Switch masquerades the ip address and port number of incoming

and out going packets.

. Content Switch uses delayed binding to connect with back server.


Content switch

TCP/IP level Content Switch Architecture (1)

NAT Content Switch delayed binding

delayed binding graph

. Content Switch establishes a connection with client first.

. When get data, choose a server to establish another connection, forward original syn msg,

discard the ack from back server.

. For the following data transmission, Content Switch only forward it after masquerades

its ip address and port number.


Content switch

TCP/IP level Content Switch Architecture (2)

IP Tunnel and IP Direct Routing

. Content Switch accepts request and forward it to the choosed server.

. The server then connects with client directly.

. Delayed binding .

. Need to modify back end server’s tcp protocol.

. Faster than NAT approach.


Content switch

Content Switch Rules

The contents should be covered :

. Source IP address and TCP/UDP port number.

. URL regular expression.

. HTTP meta header.

. SSL session ID.

. Values of XML tags.


Content switch

Content Switch Rules (1)

Examples of Content Switch Rules

Cisco Network Based Application Recognition

Foundry ServerIron

Router(config)#class-map match-all http_secure

Router(config)#match protocol secure-http

Router(ifconfig)#class-map match any audio_video

Router(config)#match protocol http mime “audio/*”

Router(config)#match protocol http mime “video/*”

Router(config)#policy-map e-express

Router(config-pmap-c)#class http_secure

Router(config-pmap-c)#bandwidth 32

Router(config-pmap-c)#class audio_video

Router(config-pmap-c)#bandwidth 10

ServerIron(config)#url-map gifPolicy

ServerIron(config-url-gifPolicy)#method suffix

ServerIron(config-url-gifPolicy)#match “gif”1

ServerIron(config-gifPolicy)#default 2

ServerIron(config-gifPolicy)#exit

If the suffix of url in the incoming packets is gif,

route to server group 1, else route to server group 2.

Intel IX-API SDK

Rule check_src {ip.src==10.10.10.30} {action_A()}

Rule check_http{tcp&&(tcp.sport==80)}{action_scan()}

First define classes for secure http request and

audio/video request, and then distribute the

outbound bandwidth for each class.

The meaning of rule check_src is: if source ip address

is 10.10.10.30, then execute the action function “action_A()”.


Content switch

Content Switch Rules (2)

. Precompiled Sequential configuration.

. Easy to solve conflict problem.

. To speed up the process of rule matching, we can do:

-

-

-

. Example ,


Content switch

Flow Chart of Content Switch (1)

packet from client

input to ip_input

y

masquerade ip addr

port,seq.

connection established?

n

n

n

n

y

UDP?

TCP/SYN?

TCP/data/ack

forward ib packet

y

y

deliver to

upper layer

create ACK back msg

choose server

choose server

return

masq UDP packet

send back ACK

to client

masq SYN msg

forward to server

forward to server

return


Content switch

Flow Chart of Content Switch (2)

packet from back server

input to ip_forward

Connection established?

SYN/ACK?

msaq packet

create connection hash table

masq ip addr,

port,seq.

forward it

forward as normal

forward saved

ip packet

return


  • Login