Embed Size (px)
Citation preview
Load balancing basics Updated 12-07
White paper
Table of ContentsOverview
Traditional load balancing .................................................................................................................... 3Improving network traffic management ................................................................................................ 4Accelerating application performance .................................................................................................. 4Application-aware delivery ................................................................................................................... 6Conclusion ...........................................................................................................................................7About Citrix NetScaler ..........................................................................................................................7
Glossary of terms
Appendix A ...........................................................................................................................................8
3
OverviewAs the global business environment has evolved, companies have significantly expanded their reliance on remote and mobile access to business applications over the Internet. Applications that must be available to employees in the field, in branch offices and in home offices are increasingly delivered via a corporate intranet or portal. Further, for many organizations, externally facing websites are an integral component of day-in/day-out business interactions with customers, suppliers and partners. In addition, due to the incorporation of Web 2.0 functionality, applications have become far more dynamic and interactive compared to their predecessors. For all these reasons, businesses recognize they cannot function effectively without a robust solution to ensure uninterrupted, secure and high-performance access to network-based business applications and corporate websites.
This reliance upon Internet-delivered applications has also changed how businesses look at their underlying network infrastructure. On one hand, organizations’ understanding of how critical network infrastructure works has never been higher. On the other, companies want to know explicitly how the network is enhancing their ability to deliver new application services. To a business, the network’s value is not its own availability, performance and security, but rather its ability to improve the availability, performance and security of the businesses applications it serves.
As such, networks must evolve from highways designed to push packets into more-active participants in the end-to-end delivery of application services. For this to occur, many components of the network will need to evolve at a fundamental level.
Traditional load balancing
What has traditionally been known as “load balancing” is one such component. Load balancers sit at a critical junction between users and the applications they access, which are typically hosted on servers. They are designed to evenly distribute among available servers the user requests that come in over the network so an individual server does not become overwhelmed with traffic. Basic load balancers direct traffic based on Layer 4 – the connection layer – of the Open System Interconnection (OSI) model. Layer 4 load balancers look at the packet’s addressing information — IP address and port number – and must support:
• Server health checks that determine whether individual servers are “up” or “down”
• Load balancing algorithms that determine which of the “up” application servers will receive the request
The most common algorithm is a round-robin that prompts the load balancer to go down the list of servers from top to bottom and then begin again. However, this assumes all requests will have a similar load and duration, and that all servers are available. More-advanced algorithms use factors such as server utilization level and current-connection counts to select the most appropriate server.
Initially, load-balancing capabilities were built directly into the application software or the operating system of the underlying application server. These approaches transitioned into using application-neutral, purpose-built, network-based appliances. Network-based appliances enable load-balancing of all applications, not just those with built-in functionality.
In addition to these advancements, the load balancing process itself needs to evolve from simple packet delivery to application delivery. The increasing demands for high availability, reliability and security of application access are driving the need for load balancers to provide not only traditional networking traffic management functions, but also a comprehensive set of network-level and application-level services.
To ensure the business is getting the investment protection to meet both near and longer-term requirements, today’s load-balancing solutions should provide the following functionality as part of either the base offering, or as post-deployment software upgrades:
• Network traffic management functionality to ensure application availability and even distribution of load across a server farm or multiple farms
• Application acceleration functionality to accelerate application performance by 5X or more
• Application-aware delivery functionality to protect applications and their data, control access and monitor end-user performance
4
Improving network traffic management
Layer 4 load balancing
Directing traffic based upon IP address and port number has become standard functionality, but that doesn’t diminish its importance. Solutions must support a wide variety of load-balancing algorithms that direct traffic based upon network, server and application loads.
• Session persistence: In some cases it is important to have a single server handle all of a user’s transactions for the length of that session. The obvious one is online shopping. Regardless of how the user jumps around looking at brochure content, their shopping cart entries have to go to the same place all the time. Session persistence ties the requests from one client to the same server node. Common functionality used to maintain session persistence includes cookies and header IDs. However, maintaining persistence for the latest generation of applications can require basing persistence on application-specific content (e.g., a transaction ID in an XML document) carried in the payload body.
• Server health monitoring: Health checks to ensure a server’s availability can prevent directing of a request to a failed server. At a basic level, the load balancer can keep checking the server port to determine its status. However, just because the network and server are responding doesn’t mean the application itself is available. Solutions should be able to check the health of the applications themselves when marking servers or services up or down.
Layer 7 request switching
To advance to the next generation of traffic management, load balancers began to use Layer 7 of the OSI model – the application layer — to read the packet payload instead of just the addressing information to determine the best place to send the traffic. Content switching at Layer 7 provides intelligent traffic management, enabling application-layer information such as client type, requested URL, cookie information and application software usage to be used to optimize delivery, without requiring changes to Layer 4 network addressing.
Switching at Layer 7 instead of at the connection level (Layer 4) enables better utilization of server resources. For example, because different types of content have different requirements for CPU usage, I/O throughput, etc., it is possible to increase efficiency by using some servers to handle transactions, and others to provide storage or other functions. Also, with Layer 7 request switching, certain users can be directed to higher-power servers to provide the highest service level.
Global server load balancing
In addition to enhancing load balancing with Layer 7 request switching, organizations can benefit from global server load balancing (GSLB) across the entire enterprise. GSLB balances requests from users across a geographically distributed set of server farms based on health, load or proximity. Effective solutions support several load-balancing algorithms (e.g., least response time, least packets), as well as geographic proximity and network proximity, to intelligently distribute the load across multiple datacenters. GSLB gives network administrators the ability to provide high availability and optimal application performance for remote users worldwide. Other benefits include reducing bandwidth costs and latency.
As part of a comprehensive business continuity solution, global server load balancing transparently ensures that requests are routed only to datacenters or failover sites that are operating normally. GSLB technology gives IT administrators the ability to create policies defining site health based upon site status, connection load and packet rate. By continuously monitoring the health of each datacenter and associated network links, GSLB solutions maintain a global view of the entire hosting infrastructure’s status. In the event that a hosting site cannot meet the criteria of the health policy, further incoming requests are automatically directed to sites still deemed healthy. When availability is restored, new requests are transparently directed back to the original site.
High application availability with Global Server Load Balancing
A U.S. beverage company needed a solution to load-balance requests from global users to access a mission-critical application over the web. Through global server load balancing capability, the solution directs user requests to the optimal server, provides high availability, maximizes server resources, and provides traffic management for the company’s multi-site enterprise.
Accelerating application performance
Initially, users were willing to accept slow application performance in exchange for the convenient, widely available access the Web provides. But not any more. Users now expect applications delivered via the Internet to offer performance similar to that of locally deployed applications. The flexibility to add functionality
5
that accelerates application performance has become critical in meeting the larger business goal of successfully delivering applications over the Internet.
All too often, problems with application performance are deemed to be a function of server hardware after network infrastructure has been ruled out. Although the server has a direct impact on processing performance, it is not necessarily directly related to application performance. There needs to be a distinction between processing and application performance. Simply increasing processing power in a server may have little or no effect on application performance and scalability. The same may be said for adding load-balanced servers to cope with increased load.
Offloading tedious or repetitive processes from application servers can free them to perform their main functions of serving content. Offloading also enables servers to scale up beyond their original capacity while accelerating application content delivery.
Following are important technologies that can enhance basic load balancing by reducing server workload and accelerating application performance:
• Caching: Caching static content can help relieve the burden on servers. However, more and more applications rely upon content that is dynamically generated each time a request is made. In many cases, the same content (e.g., sales reports) is repetitively generated for every user. The load balancer can store content in a cache so that some requests can be handled without contacting the server. Caching dynamic content can accelerate application performance by up to 30X.
Using caching to optimize server performance
A government organization overseeing public transport was experiencing huge growth in traffic needed to ensure its public website could cope with more users, as well as unpredictable spikes in Web traffic. Because much of the information requested on the site is repetitive, the solution caches all commonly required content — such as HTML, images, PDFs, JavaScript and XML. Removing this burden from the Web server infrastructure optimized existing servers and considerably improved response times. Up to 40 percent of all server requests are delivered entirely from the cache.
• Compression: Compressing content minimizes the amount of data that must traverse the wire and also decreases the “back and forth” overhead of TCP that is so sensitive to latency. Network congestion is reduced, and applications can be accelerated by three to five times.
• SSL Offload: Offloading encryption/decryption onto a dedicated device to reduce datacenter costs removes the burden of SSL processing from the server. Offloading can significantly lower CPU utilization and even enable fewer servers to handle application loads.
• TCP Multiplexing: TCP overhead can slow any application’s performance. TCP optimization reduces the number of client connections each application server has to deal with while optimizing server response. The result is a server that can support an increased number of users. This can extend the life of existing hardware while delivering application content with much better performance.
Reducing server load with TCP multiplexing
An online media provider sought a way to support dramatic increases in online traffic during major sports events without over-investing in servers. A TCP multiplexing solution that consolidated multiple user TCP sessions into fewer sessions on the Web servers allowed the servers to focus on processing user requests. As a result, the servers’ load dropped dramatically, while throughput experienced a strong increase — all without the cost of adding more servers. The company was able to reduce the number of servers required to support its Web site by 66 percent.
• TCP optimization: Latency, network congestion and TCP overhead can slow any application’s performance. In order to minimize the unnecessary TCP transmissions and round trips that increase network congestion, solutions should support network optimizations such as limited transmit and fast retransmit, windows scaling, selective acknowledgement and TCP buffering.
6
Application-aware delivery
For networks to provide true business value, they must advance from merely transporting network packets from point A to point B to actively improving the applications themselves. To do this, solutions must be able to inspect all aspects of application traffic, take action based upon this inspection, and potentially change or act on behalf of the applications themselves. With these capabilities, the network becomes an enabler of overall business agility and flexibility.
One of the most important capabilities is improved application security. Network firewalls and authentication solutions have largely secured the network itself. However, applications themselves remain surprisingly vulnerable to attack. Cross-site scripting, buffer overflows, SQL injection and other common hacking techniques are continually used to steal valuable customer and corporate data from applications.
As application services are rolled out to employees, agents, customers and contractors on a global basis, the need to finely control which users have access to which functions in which applications has increased. SSL VPNs have emerged as the de facto method for providing trusted application access. Integrating SSL VPNs and application security with load balancing and traffic management strengthens end-to-end application security and simplifies the IT infrastructure. Another important functionality that improves application delivery is end-user performance monitoring solutions.
• SSL VPN with granular access control: With the prevalence of Internet threats, organizations need to control who is accessing corporate applications and what actions they are taking with each application. By integrating special SSL VPN technology with granular access control into a load-balancing solution, administrators can control both access and actions (such as downloading, printing or saving) of remote and mobile users who want to connect to applications over the Internet, mitigating the risk of opening the corporate network to threats.
• Application firewall: With over 70% of successful Internet attacks now exploiting application vulnerabilities, network firewalls are not enough. Standard firewalls are designed to restrict access to certain ports or services that an administrator doesn’t want unauthorized people to access. In contrast, application firewalls are often called “deep packet inspection
firewalls” because they look at all content within every request and response. Some application firewalls look for certain attack signatures to try to identify a specific attack that an intruder may be sending, but this only protects against known attacks. True application-layer defense protects against known and unknown attacks.
Improved security of access by home-based workers
A newspaper publishing company wanted to enable employees to connect to network resources from home computers to meet tight deadlines – without compromising security. An advanced SSL VPN solution allows IT administrators to define granular access policies for different users. End-point analysis allows them to thoroughly check each device that connects to the network and ensure it meets security requirements. With these security capabilities the company agreed to let workers monitor content and make changes necessitated by late-breaking news from home. Work is performed more quickly, deadlines are met and people do not have to drive into the office.
In many respects, the final frontier of successful application delivery is obtaining direct feedback on how the applications themselves are performing. Ultimately, applications and networks are only as good as the perception of the people who use them. Directly monitoring end users’ actual experience with an application is critical to understanding how effectively users are served, and how well the network is working. The point in the network where load balancers are traditionally deployed is an ideal “junction” for performing this monitoring. As such, solutions should provide the ability to directly and transparently measure and track end-user performance.
7
Conclusion
Fundamental changes are affecting networks, particularly the sweeping transformations of Web 2.0. Because Web 2.0 is driving greater user participation, openness and network effects, tomorrow’s networks will require infrastructure that is agile, flexible and dynamic. Is your organization prepared for these changes with a load-balancing solution that can optimize application performance, ensure high application availability and provide tools to safeguard data and improve the application experience? Citrix® NetScaler® offers a powerful and comprehensive solution to these challenges.
About Citrix NetScaler
Citrix® NetScaler® from Citrix Systems, Inc., is an ideal solution for any enterprise organization seeking basic and advanced load balancing capability combined with application performance enhancement, improved application security and increased application availability for users. Citrix NetScaler integrates all the critical functionality of Layer 4-7 network traffic management, application acceleration and application-aware delivery in a single appliance.
• Load balancing: NetScaler delivers fine-grained direction of client requests to ensure optimal distribution of traffic to servers. In addition to Layer 4 addressing information (protocol and port number), traffic management policies can be based on application content. For example, administrators can segment application traffic based upon information contained within an HTTP request body or TCP payload, as well as Layer 4-7 header information such as URL, application data type or cookie. Numerous load-balancing algorithms and extensive server health checks provide greater application availability by ensuring client requests are directed only to correctly behaving servers.
• Web application acceleration: Citrix NetScaler accelerates Web application performance by up to five times by leveraging multiple acceleration technologies including data compression and caching of static and dynamic content. NetScaler TCP optimizations overcome the issues caused by high latency and congested network links and are transparent to clients and servers, accelerating the delivery of any application while requiring little or no configuration.
• Application-aware delivery: NetScaler protects applications from application-layer attacks, helping to prevent the theft and leakage of valuable corporate and customer data. The latest version, 8.0, includes application firewall technology that proactively protects against application-layer attacks and helps prevent theft and leakage of valuable corporate and customer data. It also includes real-time and historical page-level monitoring of the end-user experience with application performance. NetScaler 8.0 makes secure access to applications easier by tightly integrating SSL technology that automatically responds to each user scenario with the appropriate level of application access, including control of actions such as print, save and edit.
Appendix A
Glossary of termsApplication firewall — An enhanced firewall that limits access to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.
Application-layer attack — Targets application servers by deliberately causing a fault in a server’s operating system or applications, which results in the attacker gaining the ability to bypass normal access controls.
Caching — Local storage of remote data on a file server, which is designed to reduce network transfers and therefore increase speed of download.
Compression — Encoding data to take up less storage space and less bandwidth for transmission.
Content switching – Allows traffic management to be based on application-layer content such as the information contained in the body of a TCP or HTTP request.
Global server load balancing, GSLB, (also known as global traffic management) — The load balancer distributes load to a geographically distributed set of server farms based on health, server load or proximity.
Layer 4 (Transport layer of the Open System Interconnection model) — Provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control.
Layer 7 – (Application layer of the Open System Interconnection model) – Defines the services that directly support applications, such as software for network management, electronic mail or file transfers. It interfaces directly to and performs common application services for the application processes.
Load balancing — A technique performed by load balancers to spread work between many computers, processes, hard disks or other resources in order to get optimal resource utilization and decrease computing time.
SSL offloading — Relieves a Web server of the processing burden of encrypting and/or decrypting traffic sent via SSL, the security protocol that is implemented in every Web browser. The processing is offloaded to a separate device designed specifically to perform SSL acceleration.
SSL VPN — Provides a comprehensive, secure remote access technology for remote users without the use of additional remote client software, but instead uses common client technology and industry-standard Secure Sockets Layer technology for content privacy.
TCP optimization — Reduces the number of client connections each application server has to deal with while optimizing server responses.
Web 2.0 applications — Deliver software as a continually updated service that gets better the more that people use it, consuming and remixing data from multiple sources – including individual users.
Web server farm — A redundant cluster of several Web servers serving a single IP address.
8
NoticeThe information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. CITRIX SYSTEMS, INC. (“CITRIX”), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. THE USE CASES IN THIS PAPER ARE PROVIDED ONLY AS POTENTIAL EXAMPLES AND YOUR ACTUAL COSTS AND RESULTS MAY VARY.
About CitrixCitrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest security, and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion.
©2007 Citrix Systems, Inc. All rights reserved. Citrix® and NetScaler® are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.
PDF-12-07
Citrix WorldwideWorldwide headquarters
Citrix Systems, Inc.851 West Cypress Creek RoadFort Lauderdale, FL 33309USAT +1 800 393 1888T +1 954 267 3000
Regional headquarters
AmericasCitrix Silicon Valley4988 Great America ParkwaySanta Clara, CA 95054USAT +1 408 790 8000
EuropeCitrix Systems International GmbHRheinweg 98200 SchaffhausenSwitzerlandT +41 52 635 7700
Asia PacificCitrix Systems Hong Kong Ltd.Suite 3201, 32nd FloorOne International Finance Centre1 Harbour View StreetCentralHong KongT +852 2100 5000
Citrix Online division5385 Hollister AvenueSanta Barbara, CA 93111USAT +1 805 690 6400
www.citrix.com
www.citrix.com
