Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

ORACLE TRAFFIC DIRECTOR a vital part of your Oracle infrastructure

Simon Haslam eProseed UK

Jacco Landlust ING

2

© 2016, eProseed 3

Simon Haslam Technical Director &

Partner @ eProseed UK

Jacco Landlust Senior Managing Consultant @ ING

Dad, spouse, adventurer, procrastinator, Oracle ACE and general tech-head. Lives in Dalen, The Netherlands

Oracle infrastructure specialist ACE Director Founder of Veriton & Lives in Sherborne, Dorset, UK

© 2016, eProseed

AGENDA

Load Balancing – what is it good for?!

What is OTD? What’s new in OTD 12c

OTD specifics for WLS, SOA Suite, EM

OTD specifics for Exalogic & ODA

Summary

4

1

2

3

4

5

Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

LOAD BALANCING What is it good for?!

6

Photo credit: Christian Holmér

© 2016, eProseed

WHY DO WE NEED LOAD BALANCERS?

• To distribute processing across nodes in a cluster

a) to allow for horizontal scaling

b) to handle failure

7

Load balancing algorithms

Health monitoring

Bonus feature! Good place for

SSL termination

• To distribute processing across sites

– Geographic Load Balancing

– Same principles except that client characteristics likely to be more significant

– Implemented using special DNS handling

– Not covered in this presentation

© 2016, eProseed

TYPICAL N-TIER ARCHITECTURE

8

Web Server

Web Server

App Server

App Server

Load balancer

Wouldn’t it be simpler if load balancer & web server were the same thing?

Database Server

Database Server

Firewall, IPS, IDS

App tier

DMZ

Data tier

Internet

© 2016, eProseed

HARDWARE LOAD BALANCERS

9

Application Delivery Controllers

Custom hardware High performance

Modular Robust

Appliance

NetScaler MPX

BIG-IP

© 2016, eProseed

LATEST BREED OF SOFTWARE LOAD BALANCERS

• BIG-IP VE

• NetScaler-VPX

• Oracle Traffic Director

• & others…

10

Exploit very fast processors Flexible, sold on bandwidth Smaller units owned by app

Scalable ‘cloud friendly’

+ Hybrid Hardware appliance

but virtualised (e.g. NetScaler SDX)

© 2016, eProseed

WHY NOT JUST USE ORACLE HTTP SERVER (OHS)?

OHS (web tier) licence is cheap so why not just use that?

• No built-in failover – either need:

– a load balancing layer in front of OHS, or,

– to use virtualization layer migration for OHS itself (slow)

– a home-grown solution

• OHS can’t do application-level health monitoring – it relies on WLS instance failure detection (not so good for complex products like SOA Suite)

• Arguably OTD is more secure

– OHS = Apache → big target

– Far fewer security patches for OTD

• OTD 12c config is more efficient than OHS

11

Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

ORACLE TRAFFIC DIRECTOR

13

© 2016, eProseed

BASIC EXAMPLE

14

Oracle Traffic Director listens on a VIP and routes requests to 2 back-end web servers

© 2016, eProseed

OTD TERMINOLOGY

• Configuration: the full collection of config details for one or more services, typically for an environment

• OTD Instance: the engines that handle the traffic

• Origin Server: the back-end server(s) providing the underlying service

• Listener: the definition of a single service (type, port, etc)

• Virtual Server: the front-end service presented to uses that gets routed, via a Listener, through to an Origin Server Pool

• Admin Server: the management unit that co-ordinates config & monitors system

• Failover Group: active-passive pair of Instances grouped together

• 11g: Admin Server + Admin Nodes

• 12c: Admin Server + OTD Instances

15

© 2016, eProseed

THE EDG DILEMMA

• Disconnect between:

– load balancing at network level (to cope with webserver failure), and,

– load balancing at webserver level (to cope with managed server failure)

• Do we really want two layers of load balancing in the same site?

19

© 2016, eProseed

WHAT’S NEW IN TRAFFIC DIRECTOR 12c?

20

© 2016, eProseed 21

11g

© 2016, eProseed 22

12c

© 2016, eProseed

KEY NEW FEATURES

• WebLogic Management Framework

– Managed like WebLogic managed servers and OHS 12c

– WLST available for provisioning

– Standalone Management Console has gone (now UI in EM FMWC if co-located, otherwise no UI)

• Multi-tenancy

– OTD is MT-aware and can handle traffic for specific WLS partitions

• Queueing, Request Throttling & Prioritisation

• Health check can use external executable

• Origin server pool maintenance (11.1.1.9+)

23

© 2016, eProseed

PRE-REQS

For management UI you need to configure OTD into a co-located WLS domain, either:

1. (Full) FMW Infrastructure

– also need Database with RCU schemas

– (OTD doesn’t use DB so probably only need min schema for Infra, e.g. OPSS etc)

2. FMW Infra with Restricted JRF

– “This is the recommended mode of creating an OTD domain” says Oracle doc

– No database required (note: this is a 12.2.1+ feature for FMW Infra )

24

© 2016, eProseed

WATCH OUT FOR…

• Oracle Traffic Director instances cannot be created using the Configuration Wizard

– you must use either FMWC or WLST

• Standalone domain limitations

– You can use the WLST in a standalone domain, but not all offline WLST commands are available

– No management capabilities available (including FMWC and WLST custom commands)

25

© 2016, eProseed

DIRECTORIES

• Oracle Home – $ORACLE_HOME/otd

• Instance – $ASERVER_HOME/config/fmwconfig/components/OTD/ <config>/config

– $MSERVER_HOME/config/fmwconfig/components/OTD/ otd_<instance-name>/config

• Note: OTD 12c works exactly like OHS (12.12+) except:

– OTD instead of OHS (obviously!) in path – in both cases the config is sync’d by Node Manager

– You can’t currently (12.2.1) create OTD instances from Config Wizard (even though it looks like you can!)

26

© 2016, eProseed

WATCH OUT FOR…

• There are quite a few subtleties with OTD 12c configuration. Consider:

– Domain specific or platform wide resource

– Patching

– UI or manual

• OTD 12.2.1 – see Release Notes “2.2 Configuration update fails after starting failover”

– Permissions issue when otd_startFailover has run

– Instead use WLST script for failover as described in note

27

© 2016, eProseed

TRAFFIC DIRECTOR LICENSING

• Exalogic (physical & virtual)

• Oracle WebLogic Suite + Multi-tenancy or Continuous Availability option

• Oracle Access Management Suite Plus and Oracle Enterprise Sign-On Suite Plus

– Restricted to load balancing OAM components inc. using OAM WebGate

• Enterprise Single Sign-On Suite Plus

– Restricted to load balancing ESSO components inc. using OAM WebGate

• SPARC Super Cluster

• Oracle Database Appliance

– With WebLogic licence

– Restricted to services within the ODA

28

New! 12.2.1

For Guidance Only Please check latest details with your

account manager or Oracle Partner

Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

OTD SPECIFICS FOR WLS, SOA, EM

29

Photo credit: Imm808

© 2016, eProseed

WEBLOGIC SPECIFIC

• (as with OHS) OTD uses HTTP headers on existing connection to WebLogic servers to:

– Detect failure of managed server

– Add new origin servers

• Health monitor times also monitor successful requests

– a bit like time to trust idle connection for data sources

30

© 2016, eProseed

SOA SPECIFIC

• Health monitors need to check the SOA fabric status, not just port

– /soa-infra/ – HTTP 401 status code

– /soa-infra/services/isSoaServerReady – HTTP 200 status code

– Less important with lazy loading of composites in SOA 12c

31

© 2016, eProseed

ENTERPRISE MANAGER CLOUD CONTROL SPECIFICS

• This example still keeps OHS running as part of “OMS unit”

• You need:

– 1 virtual server: forwards to the OHS pool without context or anything - just a default route to the ohs-pool

– 1 TCP proxy: for the upload port (e.g. port 4900)

• Note: if you do not have a real certificate on OMS but are stuck with demo ones, you have to disable "validate server certificate" at the general settings tab of the default route (this is not the certificate on the VIP, it is traffic between OTD and OMS)

33

Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

OTD ON ENGINEERED SYSTEMS Exalogic & Database Appliance (SSC later)

34

© 2016, eProseed

EXALOGIC SOA EDG

35

© 2016, eProseed

OTD ON EXALOGIC

• See “Tuning Oracle Traffic Director for Oracle Fusion Middleware, Business Applications”

– http://www.oracle.com/technetwork/middleware/otd/learnmore/otd-exalogic-tuning-whitepaper-2196721.pdf

• Key points:

– Exalogic network (IPoIB and EoIB alike) do not support multicast. This means that you cannot cluster OTD without the undocumented -unicast flag for (11g) tadm create-failover-group http://docs.oracle.com/cd/E23389_01/doc.11116/e21037/create-failover-group.htm

– Usage of TCP (instead of SDP) is a best practice for certain versions of virtualised Exalogic - see note 1932308.1. This has to do with a memory leak with SDP on OVM but has been fixed in a very recent kernel patch on Exalogic (Oct 15 PSU).

•

36

© 2016, eProseed 37

DOG’S BREAKFAST

htt

ps:

//h

emm

ingf

ord

do

gblo

g.w

ord

pre

ss.c

om

/20

12/1

0/1

5/i

t-se

em

s-th

at-b

reak

fast

-rea

lly-i

s-th

e-m

ost

-im

po

rtan

t-m

eal-

of-

the-

day

/

© 2016, eProseed

ODA

• There is a WLS ODA OTD template

– Fully configured single VIP with failure group

– Only 11.1.1.7 and no longer being maintained

– ODA X5-2, 12.1.2+

• License VMs with WebLogic to use OTD (for services within ODA)

• Same as on Exalogic on ODA – use the OTD white paper mentioned for Exalogic

39

Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential

SUMMARY

40

Photo credit: Steve-h

© 2016, eProseed

SUMMARY

• New licensing options (e.g. conventional hardware) mean Traffic Director is more widely available now

• OTD is a mature and stable product, well integrated into Oracle stack

• OTD is better suited to high performance pure Oracle infrastructures than OHS

• Big change in management in OTD 12c but now much more consistent with FMW admin

41