You are previewing Designing Content Switching Solutions.
O'Reilly logo
Designing Content Switching Solutions

Book Description

A practical guide to the design and deployment of content switching solutions for mission-critical applications in data center environments

  • Design and deploy content switching solutions in the data center using this definitive guide

  • Learn about various content switching design approaches with implementation details, requirements for each solution, and design caveats

  • Examine detailed case studies that include configuration examples based on deployed content switching solutions

  • Explore scaling server load balancing within the data center, integrated data center design, and GSLB using DNS or IP

  • Assists network administrators in managing their content switching solutions

  • With the advent of e-commerce and Internet-accessible applications, more and more enterprises and service providers rely on data center services to grow their businesses. Content switching solutions, such as load balancing, caching, and disaster recovery for applications, are an essential data center technology and a key to helping businesses run in an efficient and redundant fashion. Understanding content switching solutions is a must for network designers, engineers, and administrators who need to scale their networks to meet the demands of their business.

    Designing Content Switching Solutions helps you understand content switching solutions using Cisco® content switching products. You’ll get a thorough grounding in the theories and concepts behind content switching and then examine specific solutions through case studies. The case studies in Designing Content Switching Solutions emulate real-world scenarios for the solutions covering some of the common features and functionality deployed in production networks.

    Designing Content Switching Solutions begins by introducing you to server load balancing (SLB), load balancing HTTP, VPNs, firewalls, and migrations between SLB devices. From there, you move to Secure Socket Layer (SSL) using Cisco products, including providing end-to-end encryption from client to server using backend SSL. Later chapters explore advanced techniques, such as how to provide distributed data center solutions using global server load balancing (GSLB) and how to conduct scaling and integration of SLB with SSL and GSLB.

    Intended for data center architects and managers, network engineers, network administrators, and project managers, Designing Content Switching Solutions shows you the best practices for each content switching solution, enabling you to design and deploy the most critical content switching solutions in the data center.

    Table of Contents

    1. Copyright
      1. Dedications
    2. About the Authors
      1. About the Technical Reviewers
    3. Acknowledgments
    4. Icons Used in This Book
    5. Command Syntax Conventions
    6. Foreword
    7. Introduction
      1. Goals and Methods
      2. Who Should Read This Book?
      3. How This Book Is Organized
    8. I. Server Load Balancing (SLB)
      1. 1. Introduction to Server Load Balancing
        1. Why Load Balance?
          1. Scalability
          2. Availability and Redundancy
          3. Security
          4. Cost Effectiveness
        2. History of Server Load Balancing
          1. First-Generation Load Balancers
            1. DNS-Based Load Balancing
            2. IP Anycast
          2. Second-Generation Load Balancers
            1. Local Director
            2. Accelerated SLB
            3. IOS SLB
          3. Third-Generation Load Balancers
            1. Content Services Switch
            2. Content Switching Module
        3. Characterization of the Application
          1. Protocol and Port
          2. Sessions per Second
          3. Duration of Transaction
          4. Concurrent Sessions
          5. Idle Timeout
          6. Back End Sessions
          7. Session Stickiness
        4. SLB and SLB Modes
          1. Dispatch Mode
          2. Directed Mode
        5. SLB Designs
          1. Layer 2 Design
          2. Layer 3 Design
          3. One-Armed Design
            1. Policy-Based Routing
            2. Source NAT
          4. Direct Server Return
        6. Deciding on a Load Balancer
        7. Review of Infrastructure Design Concepts
          1. VLANs
          2. STP
          3. Dot1Q Trunking
          4. Dual Homed Servers
        8. Summary
      2. 2. Introduction to the Cisco Content Services Switch
        1. CSS 11500 Platforms Overview
          1. CSS 11501
          2. CSS 11503
          3. CSS 11506
        2. CSS 11500 Architecture
          1. Distributed Architecture
          2. CSS 11500 Modules
          3. Switch Control Module for the Cisco 11500
          4. SSL Module for the Cisco 11500
          5. I/O Modules for the Cisco 11500
          6. Session Accelerator Module for the Cisco 11500
        3. Load Balancing with CSS 11500
          1. Services, Owners, and Content Rules
          2. CSS 11500 Flow Overview
            1. Flow Control Block
            2. Persistent Reset Redirect
            3. Persistent Reset Remap
            4. Flow Cleanup
        4. WebNS Software Features
          1. Infrastructure-Level Features
          2. Load-Balancing Algorithms
          3. High Availability
          4. SSL Integration for Security and Performance
          5. Local and Global Load Balancing
          6. Site and System Security
          7. Summary of WebNS Features
        5. Case Study: CSS-Based Solution
          1. Server and Application Requirements
          2. Management and Security Requirements
          3. Infrastructure Requirements
          4. Design Options
            1. HTTP and HTTPS Server Stickiness
              1. Option A: Server-Specific VIPs for HTTPS
              2. Option B: Source IP–Based Hash for HTTP and HTTPS Rules
          5. Traffic Flow
          6. Test and Verification
        6. Summary
      3. 3. Introduction to the Cisco Content Switching Module
        1. Benefits of the Content Switch Module
        2. CSM Architecture
          1. CSM Hardware
          2. CSM Configuration Limits
        3. Load Balancing with Content Switching Module
          1. Real Server, Virtual Server, SLB Policy, and More
          2. Load Balancing Methods
          3. VLAN Tag
          4. Client Group (Access Control List)
          5. IP Protocol Support
          6. High Availability
          7. Connection Redundancy
          8. User Session Persistence
        4. A Typical CSM Traffic Flow
        5. Routing with CSM
        6. CSM Network Integration Options
          1. CSM Layer 2 Design—Bridged Mode
          2. CSM Layer 3 Design I—Routed Mode with MSFC on the Client Side
          3. CSM Layer 3 Design II—Routed Mode with MSFC on the Server Side
          4. CSM Layer 3 Design III—One-Armed CSM Design
          5. CSM Layer 3 Design IV—Direct Server Return
        7. Case Study: CSM-Based Solution
          1. Server and Application Requirements
          2. Management and Security Requirements
          3. Infrastructure Requirements
          4. Design Options
            1. CSM Configurations
            2. Catalyst 6509 Layer 2 Configurations
            3. Catalyst 6509 Layer 3 Configurations
          5. Traffic Flow
          6. Test and Verification
        8. Summary
      4. 4. Layer 7 Load Balancing and Content Customization
        1. Benefits of Layer 7 Load Balancing
          1. Scalability and Application Acceleration
          2. Session Persistence
          3. Content Customization
        2. Introduction to TCP
          1. Data Segments
          2. TCP Headers
            1. Source and Destination Port
            2. Sequence Number
            3. Acknowledgement Number
            4. Header Length
            5. Reserved
            6. Control Bits
            7. Window
            8. Checksum
            9. Urgent Pointer
            10. Options
            11. Padding
          3. TCP Connection Establishment and Termination
            1. TCP Connection Establishment
            2. TCP Connection Termination
          4. TCP Flow Control
            1. TCP Acknowledgements, Retransmission, and Timeout
            2. Sliding Window
        3. Introduction to HTTP
          1. Protocol Details
            1. HTTP Methods
              1. GET Method
              2. HEAD Method
              3. POST Method
              4. PUT Method
              5. DELETE Method
              6. TRACE Method
            2. URL
            3. HTTP Cookie
            4. HTTP Cookie Parameters
          2. HTTP Header Fields
            1. General Headers
            2. Request Headers
            3. Response Headers
            4. Entity Headers
          3. Differences Between HTTP Versions 1.0 and 1.1
            1. Persistent Connections
            2. Chunked Messages
            3. Hostname
            4. Pipelining Requests
        4. Layer 7 Load Balancing Mechanisms
          1. HTTP Methods-Based Load Balancing
          2. HTTP URL-Based Load Balancing
          3. HTTP Cookie-Based Load Balancing
          4. HTTP Cookie Passive-Based Persistence
          5. HTTP Cookie Learn-Based Persistence
          6. HTTP Cookie Insert-Based Persistence
        5. Case Study: Layer 7–Based Solution
          1. Server and Application Requirements
          2. Infrastructure Configuration
          3. Probe Configuration
          4. Online Download Application
          5. Online Shop Application
          6. Online User Profile Application
          7. Maximum HTTP Request Parse Length
          8. CSM Configuration
          9. Test and Verification
        6. Summary
      5. 5. Firewall Load Balancing
        1. Reasons for and Benefits of FWLB
          1. Scalability
          2. Redundancy
          3. Manageability
        2. Types of Firewalls
          1. Packet-Based Firewalls
          2. Application-Based Firewalls
          3. Application Gateway or Proxy Firewalls
          4. Layer 2 or Stealth Firewalls
        3. Case Study: Firewall Load Balancing
          1. Server and Application Requirements
          2. Security Requirements
          3. Infrastructure Requirements
          4. FWLB Design Considerations
          5. FWLB Probes
          6. Traffic to the Firewalls
          7. Traffic from the Firewalls
          8. Router or Secure Mode
          9. Bridge Mode
          10. FWLB Algorithms
          11. Configuration Details of the INET Segment
            1. CSM Configurations
            2. Catalyst 6509 Layer 3 Configurations
          12. Configuration Details of the DMZ Segment
            1. CSM Configurations
            2. Catalyst 6509 Layer 3 Configurations
          13. Configuration Details of the LAN Segment
            1. CSM Configurations
            2. Catalyst 6509 Layer 3 Configurations
          14. Test and Verification
        4. Summary
      6. 6. Transparent and Proxy Cache Load Balancing
        1. Benefits of Caching
        2. Caching Overview
          1. Caching Terminology
        3. Mechanics of HTTP Caching
          1. HTTP Response Status Code
          2. HTTP Request Methods
          3. HTTP Cache-Control Directives
          4. Expiration and Validation
          5. Request Authentication
        4. Cisco Application Content Networking and Caching
          1. ACNS Roles
          2. ACNS Content Types
          3. Content Engine Architecture
        5. Transparent Caching Modes
          1. WCCP Protocols
            1. WCCP Version 1
            2. WCCP Version 2
          2. Redirection with the CSS
          3. IP Spoofing
        6. Proxy Caching Overview
        7. Server Proxy (Reverse Proxy Caching)
        8. Supported Protocols on the Content Engine
        9. Authentication and Management on the Content Engine
        10. Content Engine Models
        11. Case Study: Content Engine in a Transparent Caching-Based Solution
          1. Design Requirements
          2. Design Options
            1. Layer 2 Redirection
            2. HTTP Configuration
            3. URL Filtering Configuration with Local Lists
          3. Configuration Details
        12. Summary
      7. 7. Load Balancing Streaming Video Servers
        1. Benefits of Load Balancing Streaming Video Servers
          1. Scalability
          2. Redundancy
        2. Introduction to Streaming
          1. Video Streaming Clients and Protocols
          2. Methods of Video Stream Initiation
        3. Types of Streaming Video Servers
          1. Apple QuickTime
          2. RealMedia
          3. Windows Media Technology
        4. Streaming Video Protocols
          1. Microsoft Media Server (MMS)
            1. Microsoft Media Server - Universal Datagram Protocol (MMSU)
            2. Microsoft Media Server - Transmission Control Protocol (MMST)
            3. Microsoft Media Server over HTTP
          2. RTP and RTSP
        5. Case Study: Load-Balancing Solution for Video Streaming
          1. CSS-Based Solution
            1. QuickTime Video Stream: Session Flow
            2. QuickTime Load Balancing: First Failure Scenario
            3. QuickTime Load Balancing: Second Failure Scenario
            4. QuickTime Load Balancing
            5. CSS Configuration Details
            6. MSFC Configuration Details for the CSS-Based Solution
            7. HTML Code Used in the Solution
          2. CSM-Based Solution
            1. QuickTime Load Balancing
            2. CSM Configuration Details
            3. MSFC Configuration Details for the CSM-Based Solution
        6. Summary
      8. 8. Virtual Private Network Load Balancing
        1. Benefits of VPN Load Balancing
        2. Introduction to Virtual Private Networks
        3. Virtual Private Network Protocols
          1. Internet Key Exchange Protocol (IKE)
          2. ESP and AH
            1. Authentication Header (AH)
            2. The Encapsulating Security Payload (ESP)
        4. Case Study: VPN Load-Balanced Solution
          1. IKE Requirements
          2. ESP Requirements
          3. IPsec over UDP Requirements
          4. Design Options
          5. Directed Mode Solution
            1. CSM Configurations for Directed Mode
            2. CSM show Commands for Directed Mode
            3. IPsec Router Configurations for Directed Mode
          6. Dispatch Mode Solution
            1. CSM Configurations for Dispatch Mode
            2. CSM show Commands for Dispatch Mode
            3. IPsec Router Configurations for Dispatch Mode
        5. Summary
      9. 9. Content Switching Device Migrations
        1. Motivation Behind Migration
          1. Evolution of Load Balancing
          2. Advanced Load-Balancing Methods
          3. Scalability and Performance
          4. Software Features and Functionality
        2. Migration Planning
          1. Migration Team
            1. Project Manager
            2. Content Engineer
            3. Network Operations Engineer
            4. Core (Layer 2/Layer 3) Engineer
            5. Application Administrator
          2. Fallback Plan
          3. Methods and Procedures for the Maintenance Window
          4. Application Testing
        3. Case Study: Migration from CSS to CSM
          1. Infrastructure Requirements
            1. CSS and CSM Mode of Operation
            2. Server’s Default Gateway
            3. Redundancy and Fault Tolerance
          2. Server and Application Requirements
          3. Migration Configuration and Design Details
            1. CSS and CSM Mode of Operation
            2. Redundancy and Fault Tolerance
            3. Ready for Migration
            4. Source IP Sticky Configuration
            5. Layer 5 Content Rules
            6. Port Mapping or Port Redirection
            7. Keepalives
            8. CSS Configurations
            9. CSM Configurations
        4. Summary
    9. II. Secure Socket Layer
      1. 10. SSL Offloading
        1. Introduction to SSL
          1. Public Key Cryptography
            1. SSL Certificates
          2. SSL Protocol Communication
          3. SSL Protocol Structure
          4. SSL Protocol Versions
        2. Introduction to SSLMs
          1. SSLM for the Catalyst 6500
          2. SSLM Deployments
            1. SSLM in Bridge Mode with the CSM
            2. SSLM in Routed Mode with the CSM
          3. SSLM on the CSS
            1. SSL Flows on the CSS-SSLM
        3. Case Study: CSM and SSLM–Based Solution
          1. Design Requirements
          2. Design Details of a CSM and an SSLM–Based Solution
            1. SSLM Certificate Management
            2. SSLM and CSM Flow Overview
            3. Client Connection to the CSM
            4. CSM Connection to the SSLM
            5. SSLM to the CSM
            6. CSM Connection to the Server
          3. Configuration Details
            1. CSM Configuration
            2. SSLM Configuration—Primary
            3. SSLM Configuration—Secondary
        4. Summary
      2. 11. Back-End SSL Offloading
        1. Back-End SSL on Modules
          1. Back-End SSL on the SSLM for the Catalyst 6500
          2. Back-End SSL on the SSLM on the CSS
        2. Case Study: Back-End SSL Solution
          1. Requirements
          2. Design Options
            1. SSLM Certificate Management
            2. SSLM and CSM Flow Overview
            3. Client Connection to the CSM
            4. CSM Connection to the SSLM
            5. SSLM to the CSM
            6. CSM to the SSLM
            7. SSLM to the Server (via CSM)
          3. Configuration Details
        3. Summary
    10. III. Distributed Data Centers
      1. 12. Global Server Load Balancing
        1. Motivation for GSLB
        2. Domain Name System (DNS) Overview
          1. DNS Architecture Components
          2. DNS Resolution Process
          3. DNS Resource Records and Zones
            1. Resource Records
            2. Zones
          4. Types of DNS Queries
        3. Global Site Selector
          1. GSLB Using GSS
          2. GSS Features and Performance
            1. GSS Roles
            2. GSS DNS Rules
            3. GSS Balance Methods
              1. Hashed
              2. Least Loaded
              3. Ordered List
              4. Round Robin
              5. Weighted Round Robin
              6. Boomerang (DNS Race)
            4. GSS Domains
            5. GSS Answers
            6. GSS Keepalives
              1. ICMP Keepalives
              2. TCP Keepalives
              3. HTTP HEAD Keepalives
              4. KAL-AP Keepalives
              5. CRA Keepalives
              6. NS Keepalives
              7. None Keepalives
            7. GSS Resources, Locations, Regions, and Owners
            8. GSS DNS Stickiness
            9. GSS Network Proximity
        4. Case Study: GSLB Solution Using GSS
          1. Requirements
          2. Topology
          3. GSS Network Setup
            1. Primary GSSM
            2. Secondary GSSM
          4. GSS Secondary GSSM Activation
          5. CSS Setup in Primary Data Center
          6. CSS Setup in Secondary Data Center
          7. GSS Setup for the www.roundrobin.com Domain
            1. GSS DNS Rule Configuration for www.roundrobin.com
            2. GSS DNS Rule Testing for www.roundrobin.com
            3. GSS TCP Keepalive for the www.roundrobin.com Domain
          8. GSS Setup for the www.sticky.com Domain
            1. GSS DNS Rule Testing for www.sticky.com
          9. Configuration Details
        5. Summary
      2. 13. IP-Based GSLB Using RHI
        1. Benefits of Using RHI
        2. Architecture
        3. Active/Standby Site-to-Site Recovery
          1. Autonomous System Prepending
          2. BGP Conditional Advertisements
          3. Design Limitations
        4. Implementation Details for Active/Standby Scenarios
          1. AS Prepending
            1. Primary Site Configuration
            2. Standby Site Configuration
          2. BGP Conditional Advertisement
            1. Primary Site Configuration
            2. Standby Site Configuration
        5. Active/Active Site-to-Site Load Distribution
        6. Implementation Details for Active/Active Scenarios
          1. OSPF Route Redistribution and Summarization
          2. BGP Route Redistribution and Route Preference
            1. BGP Configuration of Primary Site Edge Router
            2. BGP Configuration of Secondary Site Edge Router
          3. Load Balancing Without IGP Between Sites
            1. Routes During Steady State
            2. Routes After All Servers on the Primary Site Are Down
            3. Limitations and Restrictions
          4. Subnet-Based Load Balancing Using IGP Between Sites
            1. Changing IGP Cost for Site Maintenance
            2. Routes During Steady State
            3. Limitations and Restrictions
          5. Application-Based Load Balancing Using IGP Between Sites
            1. Configuration on Primary Site
            2. Configuration on Secondary Site
            3. Routes During Steady State
            4. Limitations and Restrictions
          6. Using NAT in Active/Active Load-Balancing Solutions
            1. Primary Site Edge Router Configuration
            2. Secondary Site Edge Router Configuration
            3. Steady State Routes
            4. Routes When Servers in Primary Data Center Goes Down
        7. Summary
    11. IV. Data Center Designs
      1. 14. Scaling Server Load Balancing Within a Data Center
        1. Benefits of Scaling Content Switching
          1. Scalability
          2. Performance
        2. Scaling Methodologies
          1. Distribution of Applications
          2. Using DNS for Application Scalability
          3. Using Route Health Injection for Application Scalability
        3. Application Distribution Approach
        4. DNS-Based Scaling Approach
          1. Predictable Traffic Flow
          2. Ease of Management and Maintenance
        5. RHI-Based Scaling Approach
          1. CSM RHI Configuration
          2. MSFC RHI Configuration and Routes
        6. Scaling Beyond Server Capacity
        7. Case Study: Scalable SLB Environment
          1. Server and Application Requirements
          2. Management and Security Requirements
          3. Infrastructure Requirements
          4. DNS-Based Design
            1. CSM-1 Configuration for DNS-Based Solution
            2. CSM-2 Configuration for DNS-Based Solution
          5. RHI-Based Design
            1. CSM-1 Configuration for RHI-Based Solution
            2. CSM-2 Configuration for RHI-Based Solution
          6. Testing Maximum Connections
            1. Test Case 1
            2. Test Case 2
            3. Test Case 3
        8. Summary
      2. 15. Integrated Data Center Designs
        1. Motivations Behind Integrated Data Center Designs
        2. Data Center Design 1: FWSM in the Core and Layer 3 CSM in Aggregation
          1. Design 1 Topology Details
          2. Design 1 Details
          3. Design 1 Configuration Details
        3. Data Center Design 2: Layer 3 FWSM and Layer 2 CSM in Aggregation
          1. Design 2 Topology Details
          2. Design 2 Caveats
          3. Design 2 Configuration Details
        4. Data Center Design 3: Layer 3 FWSM and Layer 2 CSM in Aggregation
          1. Design 3 Topology Details
          2. Design 3 Caveats
          3. Design 3 Configuration Details
        5. Data Center Design 4: Layer 3 FWSM and Layer 2 CSM in Aggregation
          1. Design 4 Topology Details
          2. Design 4 Caveats
          3. Design 4 Configuration Details
        6. Case Study: Integrated Data Center Design
          1. Design Details
          2. Primary CSS (CSS 11506-1) Configuration Details
          3. Backup CSS (CSS 11506-2) Configuration Details
          4. Catalyst 6509 Configuration Details
            1. Layer 2 Port-Channel Configuration Details
            2. NAT Configuration Details
            3. Policy-Based Routing Configuration Details
          5. FWSM Configuration Details
            1. DMZWeb Virtual Context
            2. DMZApp Virtual Context
            3. Outside Virtual Context
            4. Inside Virtual Context
        7. Summary