Project Report for UT Starcom

HOUSTON TECHNOLOGIES LTD

CUSTOMER UT StarcomDATE June 01,2010Version/Revision 1.0/0

Sub: Project Report for UT Starcom Load Balancer solution to be implemented in BSNL

Dear Sriram

This is further to our discussion we had regarding the project report for Load Balancer for BSNL Multiplay.

In adherence to our discussion Houston Technologies proposes the following project report

Kindly feel free to revert to the undersigned for any clarification or further information

Houston Business Contact

NAME Phone Number E-mail

Santosh Singh +91-9582262270 santoshs@houstontechnologies.com

Contents

1) Houston Technologies Overview.2) Objective3) Description

i. Server Load balancing Overviewii. Content Filtering Overview

4) Challenge5) Proposed Solution6) Implementation

i. Physical Implementationii. Configuration Details

a) Switch Configurationb) ACE Configuration

7) Dependencies8) Sign Off

Objective: To integrate the Server Load balancers with BSNL MPLS network and to load balance the traffic between 4 Netsweeper servers.

Description:

Server Load balancing Overview

Server load balancing is a technique to distribute workload evenly across two or more servers, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload. There are 4 Netsweeper servers at each location i.e. Banglore, Pune and Chennai. The purpose of the deploying these load balancers is to load balance the internet traffic coming from BSNL Multiplay VRF towards these Netsweeper Servers.

Content Filtering Overview

Content filtering in an ISP cloud describes an implementation model where the content filter is “invisible” to the clients. A content filtering device works by intercepting network traffic, at a network egress point typically destined from internet. The content filter accepts the incoming TCP connection from the web browser and returns the requested content as per the content filtering policy. If it determines that the request is blocked from an object/URL it issues a sorry webpage to the client. This process is transparent to the web browser, requiring no special configuration.

Challenge

In order to scale up to the high volume of internet traffic, the content filtering server farm will typically be deployed with multiple content filtering devices. The client request is transparently intercepted and redirected to the content filtering farm by SLB (Server load balancer).The main challenges for this deployment are

1 Optimizing Content Filter performance2 Providing high throughput3 Protecting the content filtering devices from overload4 Providing uninterrupted access to internet

The SLB has to distribute the traffic to the content filter server farm without changing the source and destination IP address of the packet. In a typical load balancing deployment SLB would be inline to the traffic flow.

Proposed Solution

The Cisco ACE supports load balancing transparent content filtering devices. The Cisco ACE provides several load-balancing methods depending on how you want to distribute data over content filter server farm.If all content filter servers are unavailable, the Cisco ACE allows all client requests to progress to the internet router.The network diagram and traffic flows for this solution are shown below.

The Catalyst 6500 provides the routing function between the client network and the internet. Internet bound traffic from the client network arrives on VLAN 300 and exits on VLAN 301.The Catalyst 6500 is uplinked to BSNL PE Multiplay VRF and INET VRF.BGP is configured on both the uplinks. A default route is received from the INET VRF through BGP. The default is then advertised to the Multiplay VRF. Hence all the traffic coming to Multiplay VRF is directed to 6500 which then further sends it to the Internet.PBR is implemented on 6500 to redirect only HTTP traffic towards the next hop ip of ACE LB.The 6500 is also configured to advertise the local PBR next hop and receive the remote PBR next hops from the other 3 locations.Also multi-tracking option is implemented on PBR to track the availability of ACE VIP.In the event of the VIP becoming unavailable the PBR is configured to route the traffic to alternate next hop IP. The Cisco ACE (part of 6500) is load balancing content filters on VLAN 401 and uses the catalyst 6500 as its default gateway on VLAN 400. The Cisco ACE load balances the traffic across the content filter server farm transparently by performing a L2 rewrite and retains the destination IP address of the packet.

Client

NetworkInternet

Catalyst 6500

Cisco ACE

VLAN 300 VLAN 301

VLAN 400

VLAN 401

Content Filtering Servers

1

2

3

Content filters process the web request and determine to forward it to origin web server or drop it. In case of forwarding it to origin web server, content filters forwards the traffic to ACE (which is default gateway of content filters i.e. VLAN 401) and ACE forwards it to catalyst 6500 (which is default gateway of Cisco ACE i.e. VLAN 400)

ACE Design.

Below are the steps for configuring Cisco ACE for load balancing content filters1 Virtual IP address: The VIP address typically is a catch-all address with a specific

L4 port which is port 80 in this case.2 Predictor Algorithm : in order to optimize content filters , typical predictor that

can be used is “predictor hash URL”3 Load Balancing Policy: A Layer 4 class-map can be configured so that request

can be load balanced among multiple content filter servers.4 Probes: in order to verify the correct function of content filters, HTTP & TCP

probes in fail-on-all combination can be used. HTTP probes can be configured to request a web page from internet web site via content filter server to determine if they are working as desired.

Back up server farm : To help ensure uninterrupted service if all the content filter servers fail, a backup server farm that transparently forwards traffic to the catalyst 6500 on VLAN 400 can be configured.

Implementation

Implementation consists of two stages.I) Physical Installation of the switchII) Configuration Details

Physical Implementation

Following are the requirements for Physical Installation

A) Rack Space: Rack Space for 6503 Switch ( 4 RU).Below are the Rack requirements.

The width of the rack, measured between the two front mounting strips, must be 17.75 inches (45.09 cm).

The depth of the rack, measured between the front and rear mounting strips, must be at least 19.25 inches (48.9 cm) but not more than 32 inches (81.3 cm).

The rack must have at least 7 inches (17.8 cm) (4 RU) of vertical clearance to insert the chassis. Chassis height is measured in rack units (RU).

B) Electrical Requirement : 2 No's 1400 W AC

Configuration Details

This configuration consists of 2 parts

A) Switch ConfigurationB) ACE Configuration

SWITCH Configuration

A) IP Addressing of the switch. Both the management port and interface IP addressing.

B) Create 4 vlan’s.

Vlan 300 - Internet bound Traffic from BSNL Multiplay VRF enters the switch Vlan 301 - Internet Bound traffic after getting load balanced/filtered by

Netsweeper server’s exits for Inet VRF. Vlan 400 - This acts as a gateway for Load Balancer Vlan 401 - The Cisco ACE (part of 6500) is load balancing content filters on

VLAN 401The command to be entered for creating Vlan is

Switch(config)# vlan 300

C) Now on the Switchport which connects the router and the switch for the Multiplay VRF. Enter the Switchport command & make the port part of Vlan 300 by entering the following command.

Switch(config-if)# switchport mode access

Switch(config-if)# switchport negotiateSwitch(config-if)# switchport access vlan 300

D) Similarly the port that connects the switch with Inet VRF of PE router needs to be made part of the VLAN 301.

E) Now configure BGP on this device with following commands. Two eBGP neighbors are to be configured. Router BGP AS numberNeigh x.x.x.x ( IP address of PE router’s Multiplay VRF) remote-As ( AS number of PE router).Neigh x.x.x.x ( IP address of PE router’s Multiplay VRF) Default-information originate.Neigh x.x.x.x ( IP address of PE router’s Inet VRF) remote-As ( AS number of PE router).

F) Configuration of Policy-Based routing and Failover.G) Now create Two extended Access-List H) First Access-list matches HTTP i.e. port 80 traffic.I) Second access-list matches all other traffic The commands to be used are

IP access-list extended InternetPermit tcp 0.0.0.0 255.255.255.255 any eq 80

IP access-list extended REST Permit ip any any

J) Now create a route-map Internet. In this route map call the access-list Internet and set the next hop as virtual IP of the load balancer. After this call Access-list Rest and set the next hop IP as the Internet Vrf of the PE router.

Rtr 1Type echo protocol ipicmpecho x.x.x.x ( IP address of VIP of ACE)

ExitRtr schedule 1 life forever start-time now

Track 123 rtr 1 reachabilityDelay up 60 down 30

exitroute-map Internet permit 10

Set Ip next-hop verify reachability track 123match ip address internet

set ip next-hop x.x.x.x ( ACE virtual IP)match IP address rest

set next-hop x.x.x.x ( IP address of Inet VRF)

K) After the BGP has been configured we need to go on the interface through which the PE router is connected and enter the following command.In this case the interface will be VLAN 300.

ip policy route-map internet

Part II) Configuring the ACE

A) Now first configure the IP address of the 4 servers to the following

i) First Server – 172.16.1.2 255.255.255.248 ii) Second Server - 172.16.1.3 255.255.255.248iii) Third Server - 172.16.1.4 255.255.255.248iv) Fourth Server – 172.16.1.5 255.255.255.248

B) create a Vlan Interfaceinterface Vlan 401

ip address 172.16.1.1 255.255.255.248

C) Now all the servers should be part of this VLAN.D) Now we need to create VIP address on the Load balancer.E) Now we need to decide the predictor (Load Balancing Method). F) Now we need to configure the Real Server and create Server farm on the ACE.

The following commands need to be entered.

host1/Admin(config)# rserver SERVER1host1/Admin(config-rserver-host)# ip address 172.16.1.2host1/Admin(config-rserver-host)# inservicehost1/Admin(config)# rserver SERVER2host1/Admin(config-rserver-host)# ip address 172.16.1.3host1/Admin(config-rserver-host)# inservicehost1/Admin(config)# rserver SERVER3host1/Admin(config-rserver-host)# ip address 172.16.1.4host1/Admin(config-rserver-host)# inservicehost1/Admin(config)# rserver SERVER4host1/Admin(config-rserver-host)# ip address 172.16.1.5host1/Admin(config-rserver-host)# inservicehost1/Admin(config)# serverfarm SFARM1host1/Admin(config-sfarm-host)# predictor ( Predictor needs to be decided)host1/Admin(config-sfarm-host)# rserver SERVER1host1/Admin(config-sfarm-host-rs)# inservicehost1/Admin(config-sfarm-host)# rserver SERVER2host1/Admin(config-sfarm-host-rs)# inservicehost1/Admin(config-sfarm-host)# rserver SERVER3host1/Admin(config-sfarm-host-rs)# inservicehost1/Admin(config-sfarm-host)# rserver SERVER4host1/Admin(config-sfarm-host-rs)# inservice

Dependencies( Following are the pre-requisites before installation can commence)1) Rack Space for 6503 Switch ( 4 RU).Below are the Rack requirments. •The width of the rack, measured between the two front mounting strips, must be 17.75 inches (45.09 cm).

•The depth of the rack, measured between the front and rear mounting strips, must be at least 19.25 inches (48.9 cm) but not more than 32 inches (81.3 cm).

•The rack must have at least 7 inches (17.8 cm) (4 RU) of vertical clearance to insert the chassis. Chassis height is measured in rack units (RU). 2) Power supply - 2 No's 1400 W AC3) 2 Ethernet Cables needed to connect the Router and Switch4) IP Addressing: We need IP addressing scheme for 4 Vlans' i.e 3 sets of /29 Addresses will be required & 1 /28 subnet is required for the VLAN catering to 4 Netsweeper servers. Along with that we will need a host or /32 Address for management port.5) The eBGP neighborship needs to be formed between a) 6500 switch and PE router's Multiplay VRF- we need the IP address and AS number b) 6500 Switch and PE routers Inet VRF - we need the IP address and AS number, also the PE router needs to announce a default route to this neigh.6) We need to decide on the predictor algorithm in consultation with the client. The options are

I. Round-RobinII. Least Connections

III. Hash AddressIV. Hash CookieV. Hash URL

VI. Hash Header

Sign Off

To demonstrate the complete solution i.e Load Balancing plus Failover capability we need atleast 2 functional sites. However we can demonstrate the load balancing capability be showing the output of SHOW LOADBALANCE command on the switch with the ACE module even with one functional site.