1 / 106

With agere as login and ag2003ere as password

Introduction to Content Switch C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs chow@cs.uccs.edu This tutorial is available at http://cs.uccs.edu/~chow/pub/agere/contentswitch.ppt. With agere as login and ag2003ere as password. Outline of the Talk.

evadne
Download Presentation

With agere as login and ag2003ere as password

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Content SwitchC. Edward ChowDepartment of Computer ScienceUniversity of Colorado at Colorado Springschow@cs.uccs.eduThis tutorial is available at http://cs.uccs.edu/~chow/pub/agere/contentswitch.ppt With agere as login and ag2003ere as password Edward Chow Content Switch 1

  2. Outline of the Talk • Overview of Content Delivery Network and Linux Virtual Server Technologies. • Overview of Content Switching Concepts • TCP Delayed Binding and Their Improvement • Conflict Detection in Content switching Rule Set • Persistent Issues • Problems Encountered in Content Processing and their Solutions • Specific Implementations and Their Performance: • Achieving High Availability with Content Switch. Edward Chow Content Switch 2

  3. Host Server Sprint UUnet Gloobix QWest Clients Content Delivery Network (CDN) Slow Response Huge Requests @Home Clients PSINet Server Crash MindSpring Clients Edward Chow Content Switch 3

  4. Content Delivery Problems http://www.akamai.com Edward Chow Content Switch 4

  5. Host Server QWest Use Client Cache/Client Side Cache Server Fewer Requests Clients @Home PSINet Fast Response Sprint UUnet Client Cache Gloobix MindSpring Client Side Cache Server Clients Clients Edward Chow Content Switch 5

  6. Fewer Requests Host Server UUnet Sprint Server Gloobix QWest MirrorSite Use Mirror Sites Need improvement by guiding the selection of mirror servers with server load/network bandwidth measurement Mirror Site Clients @Home PSINet Clients MindSpring Fast Response Clients Edward Chow Content Switch 6

  7. Cache Server Cache Server Cache Server Cache Server Fewer Requests Host Server Sprint UUnet Server Gloobix QWest MirrorSite Mirror Site Edge Network Cache Servers Fast Response Clients @Home PSINet Client Cache MindSpring Edge Network Cache Server Client Side Cache Server Clients Clients Edward Chow Content Switch 7

  8. Content Delivery Problem • Cache Location Problem: Where to put cache servers? • How many are needed? • When/where/how to push/delivery the content? • How about dynamic content? Edward Chow Content Switch 8

  9. Akamai Edge Delivery Service • Peering Bottleneck Problem: Access traffic evenly spread over 7400+ networks (no one over 5%; most << 1%) Need to put edge servers in many networks. • 11/2000, 4 billion bits/day for 2800 sites. • Source Http://www.akamai.com Edward Chow Content Switch 9

  10. Caching Dynamic Content at Web Proxies • Active Cache Project : [PeiCao 98] Univ. Wisconsin • Cache Java applet to be executed at proxies • Choice of passing to server, delivery cached copy, or generate dynamically. • Edge Side Include (ESI): • XML tag to specify ESI fragment in a web page. • Each ESI fragment can have different cache/ Edward Chow Content Switch 10

  11. Edge Side Include Examplehttp://www.esi.org/ <table><tr><td colspan=“2”><esi:try> <esi:attempt> <esi:include src=http://www.myxyz.com/news/top.html onerror=“contineu” /> </esi:attempt> <esi:except> <!- -esi This spot is reserved for your company’s advertising. For more info <a href=www.myxyz.com> click here </a> - - > </esi:except></esi:try></td></tr></table> Edward Chow Content Switch 11

  12. Solution to First Mile Problem • First Mile Problem: Hugh requests at web site of CDN • High Bandwidth Connection • Caching • End System Cache • Client Cache • Client Site Proxy Cache Server • Mirror Site Caches • Cache Servers in Internet • Hierarchical Cache Servers, e.g., Squid/Harvest/Adaptive Web • Edge Servers of Akamai • Faster Server/Server Farm (Server Side Caching+Cluster) • Layer4 Load balancer+Real Servers • Content Switch+Real Servers • Distributed Packet Rewrite Edward Chow Content Switch 12

  13. Real Server Real Server Real Server Real Server Load Balancer or Content Switch Web Server Cluster • Load balancer can run at • Application Level — Reverse Proxy • Kernel level — Linux Virtual Server • Load balancer can distribute requests based on • Layer 3-4 info — fixe field/fast hash • Layer 7 info — var. length/slow parsing Edward Chow Content Switch 13

  14. Comparison of Load Balancers • Reverse Proxy runs as application process requires more memory/packet copying. • Linux Virtual Server runs in kernelno memory copying Edward Chow Content Switch 14

  15. Real Server2 Linux Virtual Server (LVS) • “Virtual server is a highly scalable and highly available server built on a cluster of real servers. The architecture of the cluster is transparent to end users, and the users see only a single virtual server” with Virtual IP address (VIP). • Http://www.linuxvirtualserver.org/ RIP1 Real Server1 RIP2 WAN/LAN Internet VIP RIP3 CIP Load Balancer/Director Linux Box Real Server3 Client CIP: Client IP Address VIP: Virutal IP Address RIP: Real Server IP Address Edward Chow Content Switch 15

  16. Real Server1 Real Server2 Real Server3 LVS-NAT Configuration (Network Address Translation) • All return traffic go through DirectorSlow • Modify IP addr/port #/Checksum at Director • Director and real servers at same LAN • No modification needed on real-servers • Port remapping: real web server can run on 8080 RIP1 RIP2 Internet VIP Switch RIP3 Director CIP Client Edward Chow Content Switch 16

  17. CIP VIP Real Server3 Real Server1 Real Server2 CIP RIP1 LVS-NAT Configuration Step 2. Director routes Pkt • Based on CIP, source port#, VIP and dst port#, director selects one of the real servers • Change the dst IP addr or port # of pkt. RIP1 2. Scheduling/Rewrite packet 1. request RIP2 Internet VIP Director Switch RIP3 CIP ipvsadm cmd Client LVS RoutingScheduling Rules Edward Chow Content Switch 17

  18. CIP VIP Real Server1 Real Server2 Real Server3 CIP RIP1 LVS-NAT Configuration Step 3. Real Server Replies • Real server retrieves response. • All real servers set default gateway to Director; like any other NAT or IP masquerade setup • Packet will be sent back to Director. 3. Process Request RIP1 2. Scheduling/Rewrite packet 1. request RIP1 CIP RIP2 Internet VIP Switch RIP3 Director CIP Client Edward Chow Content Switch 18

  19. VIP CIP CIP VIP Real Server2 Real Server1 Real Server3 CIP RIP1 LVS-NAT Configuration Step 4. Director rewrites reply • Director changes the dst IP addr. (RIP1) of pkt to VIP • Modify port # if needed. • Modify the checksum; send back pkt. 3. Process Request RIP1 2. Scheduling/Rewrite packet 1. request RIP1 CIP RIP2 Internet VIP Switch RIP3 Director CIP 4. Rewrite reply Client Edward Chow Content Switch 19

  20. VIP CIP CIP VIP Real Server2 Real Server1 Real Server3 CIP RIP1 LVS-NAT Configuration (Network Address Translation) • All return traffic go through DirectorSlow • Modify IP addr/port #/Checksum at Director. • Director and real servers at same LAN 3. Process Request RIP1 2. Scheduling/Rewrite packet 1. request RIP1 CIP RIP2 Internet VIP Switch RIP3 Director CIP Client 4. Rewrite reply 5. Receive reply Edward Chow Content Switch 20

  21. LVS-NAT Setup Commands # make the director forward the masquerading packets echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -A forward -j MASQ -s 172.16.0.0/24 -d 0.0.0.0/0 # Add virtual service and link a scheduler to it ipvsadm -A -t 202.103.106.5:80 -s wlc(Weighted Least-Connection scheduling) ipvsadm -A -t 202.103.106.5:21 -s wrr(Weighted Round Robin scheduling ) #Add real servers and select forwarding method and weight ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.2:80 -m ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.3:8000 -m -w 2 ipvsadm -a -t 202.103.106.5:21 -R 172.16.0.2:21 -m Edward Chow Content Switch 21

  22. VIP CIP Real Server1 Real Server2 Real Server3 CIP VIP CIP VIP LVS-Tunnel Configuration(IP Tunneling) • Real Servers need to handle IP over IP packets. • Real Servers can be geographically separated and return traffic go through different routes. • Security implication! RIP1 2. Scheduling/Put packet in IP Tunnel 3. Process Request IP Tunnel 1. request IP Tunnel RIP2 RIP0 RIP0 RIP2 Internet VIP Load Balancer Linux Box CIP RIP3 IP Tunnel Client 4. Receive reply Edward Chow Content Switch 22

  23. LVS-Tunnel Setup Commands #The load balancer (LinuxDirector), kernel 2.2.14 echo 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i #The real server 1, kernel 2.2.14 echo 1 > /proc/sys/net/ipv4/ip_forward # insert it if it is compiled as module insmod ipip ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev tunl0 echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden Edward Chow Content Switch 23

  24. VMAC RMAC3 GMAC VMAC Real Server1 Real Server2 Real Server3 CIP VIP CIP VIP LVS-DR Configuration (Direct Routing) • Real servers need to configure a non-arp alias interface with virtual IP address and that interface must share same physical segment with load balancer. • Only Director’s interface replies to VIP ARP request. • Director only rewrites server MAC address; IP packet not changed Fast! 2. Scheduling/Rewrite packet VMAC Director RMAC1 1. request RMAC2 Internet RMAC3 CIP Route/Switch Client GMAC: Gateway MAC address Edward Chow Content Switch 24

  25. RMAC3 GMAC VMAC RMAC3 GMAC VMAC VIP CIP Real Server1 Real Server2 Real Server3 CIP VIP VIP CIP CIP VIP LVS-DR Configuration Step 3. Process Request • Real server returns request. • Request goes directly throughswitch/router; not Director. 2. Scheduling/Rewrite packet LinuxDirector VMAC RMAC1 1. request RMAC2 Internet RMAC3 CIP Switch 3. Process Request Client 4. Receive reply GMAC: Gateway MAC address Edward Chow Content Switch 25

  26. LVS-DR Setup Commands #The load balancer (LinuxDirector), kernel 2.2.14 or laterecho 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 –g #The real server 1, 172.26.20.112, kernel 2.2.14 or later echo 1 > /proc/sys/net/ipv4/ip_forward ifconfig lo:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev lo:0 echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/lo/hidden Edward Chow Content Switch 26

  27. Performance of LVS-based Systems “We ran a very simple LVS-DR arrangement with one PII-400 (2.2.14 kernel)directing about 20,000 HTTP requests/second to a bank of about 20 Web servers answering with tiny identical dummy responses for a few minutes. Worked just fine.” Jerry Glomph Black, Director, Internet & Technical Operations, RealNetworks. “I had basically (1024) four class-Cs of virtual servers which were loadbalanced through a LinuxDirector (two, actually -- I used redundant directors) onto four real servers which each had the four different class-Cs aliased on them.” "Ted Pavlic" <tpavlic@netwalk.com> Edward Chow Content Switch 27

  28. LVS Usage Survey 2/15/2001 Lorn Key Edward Chow Content Switch 28

  29. C. Edward ChowDepartment of Computer ScienceUniversity of Colorado at Colorado Springs Sponsored by Computer Comm. Lab/ITRI

  30. Content Switch Topics • What is a Content Switch? • What Services it Can Provide • Content Switch Example • Related Technologies • Content Switch Architecture and Basic Operations • TCP Delay Binding and Related Improvement • Content Switch Rule and Conflict Detection • Conclusion Edward Chow Content Switch 30

  31. Content Switch (CS) • Route packets based on high layer (Layer 5/7) headers and content. • Examples: • Direct Web traffic based on pattern of • URLs, cookies – URL Switching • XML Tag Value– Web Switching • Can Route incoming email based on email address;Connect POP/IMAP based on login • Web switches and Intel XML Director/accelerator are special cases of content switch. Edward Chow Content Switch 31

  32. What Services It Can Provide • Enabling premium services for e-commerce, ISP, and Web hosting providers • Load Balancing and High Available Server Clusters: Web, E-commerce, Email, Computing, File, SAN • Policy-based networking, differential/QoS services. • Firewall, Strengthening DoS protection, cache/firewall load-balancing • ‘Flash-crowd' management • Email Spam Protection, Virus Detection/Removal • Applet Authentication/Filtering Edward Chow Content Switch 32

  33. Site II losangeles.domain.com Internet Internet Site I newyork.domain.com Router 3-DNS BIG-IP BIG-IP Local DNS GLOBAL-SITE Webmaster Site III tokyo.domain.com Server Array User london.domain.com F5 VRM Solution Edward Chow Content Switch 33

  34. ServerIron 100 Web Switch • Integrated Layer 2 through Layer 7 switching • Support for up to 7,000,000 concurrent sessions, and 20 Gbps of throughput • High-availability server load balancing with active/active configuration and stateful fail-over • Industry's most powerful content switching capabilities, including URL, Cookie and SSL Session ID based switching • Content-aware cache switching • High performance VPN/Firewall load balancing • Robust protection against Denial of Service (DoS) attacks • Most comprehensive global server load balancing with DNS Proxy and client proximity measurements Edward Chow Content Switch 34

  35. Cisco CSS11000 Content Service Switch comprises four high-speed RISC processors, with 512 MB of memory, and 20.0 Gbps of throughput, Distributed flow forwarding engines feature up to 16 port-level network processors with up to 128 MB of memory for wire-speed delivery of Web content. Support for "sticky" connections based on IP address, Secure Socket Layer (SSL) session ID, and cookies ensures reliability and security for e- commerce transactions. The unique Cisco content replication technology enables dynamic expansion of site capacity in response to sudden "flash crowds" for "hot" content or seasonal peaks in traffic that can overwhelm servers. Edward Chow Content Switch 35

  36. Nortel Alteon Web Switch • Provides wire-speed Layer 2/3 Ethernet switching, plus high-speed processing based on Layer 4 through 7 information (TCP ports, URLs, HTTP headers and cookies, SSL session ID, etc.) • Processes hundreds of thousands of concurrent sessions each second on eight multi-rate Ethernet ports, (rate selectable per port), with one Gigabit or 100/1000 Mbps Ethernet uplink port • Performs local and global server load balancing, application redirection, content filtering, streaming media load balancing, wireless Internet load balancing and content-aware Layer 7 switching • Filters packets based on up to 2048 filtering rules (224 filtering rules for Alteon AD3/180e Web Switches), uniquely definable per switch and per port • Meters, controls, and accounts for bandwidth use-by client, server farm, virtual service, application, user class, content type and other traffic classes-and supports guaranteed minimum, metered available, and maximum burst bandwidth rates Edward Chow Content Switch 36

  37. Intel Netstructure XML Director 7280 • Example of Rule:Server1: create */order.asp & //Amount[Value >= 10000] Edward Chow Content Switch 37

  38. Phobos In-Switch • Only load balancing switch in a PCI card form factor • Plugs directly into any server PCI slot • Supports up to 8,192 servers, ensuring availability and maximum performance • Six different algorithms are available for optimum performance: Round Robin, Weighted Percentage, Least Connections, Fastest Response Time, Adaptive and Fixed. • Provides failover to other servers for high-availability of the web site • U.S. Retail $1995.00 Edward Chow Content Switch 38

  39. E-Commerce Example: 1. Client Client submits via HTTP/Post (or SOAP) the following purchase in XML: <purchase> <customerName>CCL</customerName> <customerID>111222333</customerID> <item><productID>309121544</productID> <productName>IBM Thinkpad T21</productName> <unitPrice>5000</unitPrice> <noOfUnits>10</noOfUnits> <subTotal>50000</subTotal> </item> <item><productID>309121538</productID> <productName>Intel wireless LAN PC Card</productName> <unitPrice>200</unitPrice> <noOfUnits>10</noOfUnits> <subTotal>2000</subTotal> </item> <totalAmount>52000</totalAmount> </purchase> Edward Chow Content Switch 39

  40. E-Commerce Example: 2. Content Switch • Content switch receives the packet. • Recognize it is a http post request from http request line POST /purchase.cgi HTTP/1.1 • Recognize it is an XML document from the meta headercontent-type: TEXT/XML • Parsing XML content • Extract values of tag sequences:52000purchase/totalAmountCCLpurchase/customerName • Rule 1 is matched and packet is routed to one of highSpeedServers.Rule 1:if (xml.purchase/totalAmount > 5000) routeTo(highSpeedServers);Rule 2: if (xml.purchase/customerName == CCL) routeTo(specialCustomerServers); Edward Chow Content Switch 40

  41. No Free Lunch:Penalty of Having Content Switch •  Increased packet processing time. • For XML Director/Accelerator, it needs to parse XML document and match tag sequences. 1-3? order of processing time Edward Chow Content Switch 41

  42. Related Technologies • Application level solution: Proxy server; Apache/Tomcat/Servlet; Microsoft NLB • Kernel level layer 4 load balancing solution: http://www.linuxvirtualserver.org/ • Joseph Mark’s presentation • LVS-NAT(Network Address Translation) web page • LVS-IP Tunnel web page • LVS-DR (Direct Routing) web page • Hardware solution: Cisco 11000, F5 (Big IP), Alteon Web Systems, Foundry Networks (ServerIron),Excellent information on: Foundry ServerIron Installation and Configuration Guide, May 2000. http://www.foundrynet.com/services/documentation/siug/ Edward Chow Content Switch 42

  43. Basic Operations of Content Switching CS: Content Switching CS RuleEditor CS Rules Incoming Packets Packet Classification Header ContentExtraction CS Rule Matching Algorithm Forward Packet To Servers Packet Routing(Load Balancing) Network Path Info Server Load Status Edward Chow Content Switch 43

  44. Content Switch Architecture Apostolopoulos Infocom 2000 Edward Chow Content Switch 44

  45. Real Server1 Client Content Switch Architecture Case A: Controller finds there is an entry in its Hash Table, Route request to “sticky connection” outgoing port Hash Table Edward Chow Content Switch 45

  46. Real Server1 Client Content Switch Architecture Case B: Step 1. Controller finds there is no entry in Hash Table, Route request to content switch processor Hash Table Edward Chow Content Switch 46

  47. CS Rules Real Server1 pkt Modification info Client Content Switch Architecture Step2. CS processora. Extract content/Match CS rulesb.Route requestc. Setup Sequence# modification on server side port Case B: Step 1. Controller finds there is no entry in Hash Table, Route request to content switch processor Hash Table Edward Chow Content Switch 47

  48. CS Rules Real Server1 pkt Modification info Client Content Switch Architecture Step2. CS processora. Extract content/Match CS rulesb.Route requestc. Setup Sequence# modification on server side port Case B: Step 1. Controller finds there is no entry in Hash Table, Route request to content switch processor Step 3. At server side port, Return pkts are modified Sequence#/IP addr/ChksumRoute back to client Hash Table Edward Chow Content Switch 48

  49. Efficient Content Switching Architecture • Tasks: Million packets with thousand of rules to match and load balancing algorithms to run. • How to assign tasks to the (network) processors and threads? • Packet Extraction (Understand header formats, XML parsing) • Content Switching Rule Matching • Packet Routing (Load Balancing, Bandwidth Control) • How Much Packet Processing Should Controllers Do? • What a controller can do? • A Typical Parallel Processing Problem? Edward Chow Content Switch 49

  50. step3 ACK(DSEQ+1) DATA(CSEQ+1) DATA(?) 2nd request ACK(DSEQ+1) ACK(?) TCP Delay Binding (Splicing) client server content switch SYN(CSEQ) step1 SYN(DSEQ) step2 ACK(CSEQ+1) step4 SYN(CSEQ) step5 SYN(SSEQ) step6 ACK(CSEQ+1) step7 ACK(SSEQ+1) step8 DATA(CSEQ+1) ACK(SSEQ+1) DATA(DSEQ+1) DATA(SSEQ+1) step9 ACK(CSEQ+LenR+1) ACK(CSEQ+lenR+1) step10 ACK(DSEQ+ lenD+1) ACK(SSEQ+lenD+1) step11 lenR: size of http request. . lenD: size of return document Edward Chow Content Switch 50

More Related