+ All Categories
Home > Documents > HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM...

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM...

Date post: 25-Feb-2021
Category:

Documents
Upload: others
View: 3 times
Download: 1 times
Download Report this document
Share this document with a friend
20
www.zevenet.com HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Laura García ZEVENET
Transcript
Page 1: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

www.zevenet.com

HIGH SPEED LOAD BALANCING FROMTHE LINUX KERNELLaura GarcíaZEVENET

Page 2: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Capabilities

Multilayer

REST API

Multiplatform

Web GUI

https://www.zevenet.com
Page 3: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Focused on

Security High Availability

Scalability Performance

https://www.zevenet.com
Page 4: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Research

+ Concurrent users

- CPU cycles

https://www.zevenet.com
Page 5: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Research

Layer 7

Layer 3

Layer 4

https://www.zevenet.com
Page 6: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Research

Linux Kernel

net

netfilter

ipvs

https://www.zevenet.com
Page 7: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with iptables

{ sNATdNAT { conntrack

helpersconntrackdsyncdxtables

{ multiportlimitsrecentstatistic{ sip

(t)ftpsctp...

} }} }

https://www.zevenet.com
Page 8: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with iptables

destination NAT source NAT

https://www.zevenet.com
Page 9: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

rewritesourcesecurity marking rewrite

destination

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with iptables

raw

prerouting

mangle

prerouting

nat

prerouting

nat

postroutingrouting

Network layer

https://www.zevenet.com
Page 10: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Web GUI

https://www.zevenet.com
Page 11: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

API

curl -k -H "ZAPI_KEY: MyK3y...X" https://192.168.100.204:444/zapi/v3.1/zapi.cgi/farms

{ "description" : "List farms", "params" : [ { "farmname" : "http-profile-farm1", "profile" : "http", "status" : "up", "vip" : "192.168.100.208", "vport" : "80" }, { "farmname" : "LSLB-farm1", "profile" : "l4xnat", "status" : "up", "vip" : "192.168.100.207", "vport" : "222" }, { "farmname" : "NewGSLB-farm1", "profile" : "gslb", "status" : "up", "vip" : "192.168.100.207", "vport" : "53" } ]}

https://www.zevenet.com
Page 12: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

API

curl -k -X POST -H 'Content-Type: application/json' -H "ZAPI_KEY: MyK3y...X" -d '{"ip":"192.168.100.254","port":80}' \https://192.168.100.204:444/zapi/v3.1/zapi.cgi/farms/webfrontend/backends

{ "description" : "New farm backend", "message" : "Backend added", "params" : { "id" : 1, "ip" : "192.168.100.254", "max_conns" : "0", "port" : 80, "priority" : null, "weight" : null }, "status" : "up"}

https://www.zevenet.com
Page 13: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with nftables

{{ Expressions: nth, random, hash, etc.

Models for dNAT, sNAT and DSR

expressivenative expressionsIngress, egress hookconntrack, helpers, etc.stateless NAT

}}

https://www.zevenet.com
Page 14: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with nftables

Direct Server Return

https://www.zevenet.com
Page 15: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with nftables

table netdev filter {chain ingress {

type filter hook ingress device <if_lb> priority 0; policy accept;

ip daddr <ip_lb> udp dport <port_lb> ether saddr set <mac_lb> \

ether daddr set numgen inc mod 3 \

map { \

0: <mac_bck0>, \

1: <mac_bck1>, \

2: <mac_bck2> } \

fwd to <if_lb>

}

}

https://www.zevenet.com
Page 16: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

security & nat

rewritesourcesecurity marking rewrite

destination

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Development with nftables

raw

prerouting

mangle

prerouting

nat

prerouting

nat

postrouting

Network layer

ingress

Fast Path

routing

https://www.zevenet.com
Page 17: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Benchmarks

~5x-6x

10x

https://www.zevenet.com
Page 18: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

New L4 core zvnftd

https://www.zevenet.com
Page 19: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

New challenges

★ libnftables★ Layer 7 preprocessor★ kTLS★ HW offload★ programmability

https://www.zevenet.com
Page 20: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.

HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL

www.zevenet.com

Thank you!

[email protected]

https://github.com/zevenet

https://hub.docker.com/r/zevenet/

https://www.zevenet.com

Recommended
Linux kernel synchronization

Linux kernel synchronization

Documents

The Linux Kernel Internal · The Linux Kernel Internal Implementing a Linux kernel system call Ramin Farajpour Cami – Twitter : @MF4rr3ll. System Call • Communicating with the

The Linux Kernel Internal · The Linux Kernel Internal Implementing a Linux kernel system call Ramin Farajpour Cami – Twitter : @MF4rr3ll. System Call • Communicating with the

Documents

Linux Kernel architecture for device drivers - Enixthomas.enix.org/pub/conf/rmll2010/kernel-architecture-for-drivers.pdf · Linux Kernel architecture for device drivers Linux Kernel

Linux Kernel architecture for device drivers - Enixthomas.enix.org/pub/conf/rmll2010/kernel-architecture-for-drivers.pdf · Linux Kernel architecture for device drivers Linux Kernel

Documents

Linux kernel PID 00148468 - UOCopenaccess.uoc.edu/webapps/o2/bitstream/10609/61305... · GNUFDL • PID_00148468 7 Linux kernel 1.The kernel of the GNU/Linux system The core or kernel

Linux kernel PID 00148468 - UOCopenaccess.uoc.edu/webapps/o2/bitstream/10609/61305... · GNUFDL • PID_00148468 7 Linux kernel 1.The kernel of the GNU/Linux system The core or kernel

Documents

Basic Linux kernel

Basic Linux kernel

Education

Linux Kernel and Performance Tools support for AMD …cscads.rice.edu/linux-kernel-amd-pmu-support.pdf · Files: kernel/events/* include/linux/perf_event.h ... Linux kernel support

Linux Kernel and Performance Tools support for AMD …cscads.rice.edu/linux-kernel-amd-pmu-support.pdf · Files: kernel/events/* include/linux/perf_event.h ... Linux kernel support

Documents

Linux Kernel Networking

Linux Kernel Networking

Documents

Power Tuning Linux: A Case Study · • Ubuntu 13.10: Includes Ubuntu Linux Kernel 3.11.0-12.19. Based on upstream Linux Kernel 3.11.13, upstream Linux Kernel 3.13.7, and 3.14.0.

Power Tuning Linux: A Case Study · • Ubuntu 13.10: Includes Ubuntu Linux Kernel 3.11.0-12.19. Based on upstream Linux Kernel 3.11.13, upstream Linux Kernel 3.13.7, and 3.14.0.

Documents

Linux kernel tracing

Linux kernel tracing

Engineering

Linux kernel and driver development training Lab Bookzeuzoix.github.io/.../free_electrons_linux_kernel/linux-kernel-labs.pdf · Free Electrons Linux kernel and driver development

Linux kernel and driver development training Lab Bookzeuzoix.github.io/.../free_electrons_linux_kernel/linux-kernel-labs.pdf · Free Electrons Linux kernel and driver development

Documents

Linux Kernel Networking (3) advanced topics - Haifux · Linux Kernel Networking (3) advanced topics ... Linux Kernel Networking (3) advanced topics ... Sun Solaris has IPv6 support

Linux Kernel Networking (3) advanced topics - Haifux · Linux Kernel Networking (3) advanced topics ... Linux Kernel Networking (3) advanced topics ... Sun Solaris has IPv6 support

Documents

Linux Kernel Primer

Linux Kernel Primer

Documents

Linux Kernel Series

Linux Kernel Series

Documents

The Linux Kernel: Configuring the Kernel Part 22

The Linux Kernel: Configuring the Kernel Part 22

Documents

Linux Kernel Internal

Linux Kernel Internal

Documents

Linux Kernel Tour

Linux Kernel Tour

Engineering

Linux Kernel 2.6

Linux Kernel 2.6

Documents

MultiPath TCP : Linux Kernel implementation - Linux Plumbers

MultiPath TCP : Linux Kernel implementation - Linux Plumbers

Documents