Friday, August 10, 2012

Load Balancing - Using Cisco IOS SLB Dispatched Mode

PHYSICAL TOPOLOGY


LOGICAL TOPOLOGY



In Today's post I am going to present fairly an old IOS feature Called Server load balancing, but still I believe not many people are aware of it. Most importantly the feature is documented very well in IOS 12.4(15)T guides 
which means some Evil CCIE Proctor or lab writer can turn your lab day into horrific experience by introducing something like this into configuration section of lab or into troubleshooting, which of course will be more obnoxious.

Now Before moving onto the configuration part, let's talk a little about Load Balancer or I should say application load balancing. The idea is simple: The traffic towards the Application originated from outer world is going to hit the Virtual IP or VIP. The VIP basically represents the IP Address towards which the traffic is sent out in order to access the application. Now Behind the load balancer we have our Physical Servers running that application. The job of the load balancer now is to distribute the incoming connections from outer world towards the Physical Servers. The distribution pretty much depends upon the Algorithm we have chosen for configuration. While most of load balancers in market choose ROUND ROBIN as the default method. Other may choose different ones like Weight Based where a certain Weight is assigned to a physical server to ensure it handles more requests compare to server with 
less weight. Which of course makes sense if server with Higher weight is a large Server compare to server with less weight which is say a P4 PC running Server application.

If you really want to dig a little deeper about load balancers from vendor independent point of view, I would recommend a fairly small book: Server Load Balancing From O'Reilly Publishers.

Now talking about Vendors, actually there are couple market players in Load Balancer Segment like - F5, Cisco, Citrix, Barracuda etc. 

From Implementation perspective, The load balancer can work on LAN side as well as WAN side. For example F5 has LAN Based load balancer products called LTM and WAN based load balancer products called GTM. In similar fashion Cisco has dedicated load balancer products for LAN side called ACE series and WAN based called GSS.

Now coming back to IOS Based SLB implementation. It provides a very basic LAN based load balancing features. Since it's not a dedicated load balancer products so granularity is of course going to be less. But again an idle feature for SOHO environments for things like FTP load balancing etc.

Talking about IOS SLB implementation, there are basically two ways of doing it or I should say two modes:

> Dispatched Mode
> Directed Mode

The basic difference between Dispatched Mode Vs Directed Mode is that in Dispatched mode the limitation is the Physical Servers should have direct Layer 2 reach-ability with Load Balancer. While this is not the case with Directed mode which essentially uses NAT feature to load balance.

From CCIE Lab perspective, since the current IOS version devices running is 12.4(15)T. The feature is documented under  - Server Load Balancing Configuration Guide. Which I believe is recent change since if I remember correctly when I took the lab last year it was documented under - IP Application Services Configuration Guide. Same logic applies to Command Reference guide just in case.


IP Application Services Configuration Guide, Cisco IOS Release 12.4T 

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-12-4t-book.html

Server Load Balancing Configuration Guide, Cisco IOS Release 12.4T 




Now in this post I'll be covering "Dispatched Mode" Implementation. Let's first establish the basic connectivity using our initials before jumping into SLB specific configuration:


R1
==

!
en
!
conf t
!
no ip do lo
no cdp run
!
ho R1
!
int lo0
 ip add 1.1.1.1 255.255.255.255
 exit
!
int f0/0
 ip add 12.12.12.1 255.255.255.0
 no sh
 exit
!
router eigrp 100
 no auto
 net 1.1.1.1 0.0.0.0
 net 12.12.12.1 0.0.0.0
 exit
!
end
!
wr
!
=============================================

R2
==

!
en
!
conf t
!
no ip do lo
no cdp run
!
ho R2
!
int lo0
 ip add 2.2.2.2 255.255.255.0
 exit
!
int f0/0
 ip add 12.12.12.2 255.255.255.0
 no sh
 exit
!
int f0/1
 ip add 23.23.23.2 255.255.255.0
 no sh
 exit
!
router eigrp 100
 no auto
 net 2.2.2.2 0.0.0.0
 net 12.12.12.2 0.0.0.0
 net 23.23.23.2 255.255.255.0
 exit
!
end
!
wr
!

=============================================

R3
==

!
en
!
conf t
!
no ip do lo
no cdp run
!
ho R3
!
int lo0
 ip add 3.3.3.3 255.255.255.0
 exit
!
int f0/0
 ip add 23.23.23.3 255.255.255.0
 no sh
 exit
!
int f1/0
 ip add 33.33.33.3 255.255.255.0
 no sh
 exit
!
int lo 100
 ip add 100.100.100.100 255.255.255.255
 exit
!
router eigrp 100
 no auto
 net 3.3.3.3 0.0.0.0
 net 23.23.23.3 0.0.0.0
 net 33.33.33.3 0.0.0.0
 net 100.100.100.100 0.0.0.0
 exit
!
line vty 0 4
 no login
 exit
!
end
!
wr
!

=============================================

R5
==

!
en
!
conf t
!
no ip do lo
no cdp run
!
ho R5
!
int lo0
 ip add 5.5.5.5 255.255.255.0
 exit
!
int f0/0
 ip add 33.33.33.5 255.255.255.0
 no sh
 exit
!
int lo 100
 ip add 100.100.100.100 255.255.255.255
 exit
!
router eigrp 100
 no auto
 net 5.5.5.5 0.0.0.0
 net 33.33.33.5 0.0.0.0
 net 100.100.100.100 0.0.0.0
 exit
!
line vty 0 4
 no login
 exit
!
end
!
wr
!
=============================================

R6
==

!
en
!
conf t
!
no ip do lo
no cdp run
!
ho R6
!
int lo0
 ip add 6.6.6.6 255.255.255.0
 exit
!
int f0/0
 ip add 33.33.33.6 255.255.255.0
 no sh
 exit
!
int lo 100
 ip add 100.100.100.100 255.255.255.255
 exit
!
router eigrp 100
 no auto
 net 6.6.6.6 0.0.0.0
 net 33.33.33.6 0.0.0.0
 net 100.100.100.100 0.0.0.0
 exit
!
line vty 0 4
 no login
 exit
!
end
!
wr
!

========

Now as you can see, the VIP or virtual IP address we chose earlier -  100.100.100.100 is configured not only on Router R3 acting as SLB but also on physical servers. Actually it's one of requirements of IOS SLB Dispatched Mode implementation. In dispatched mode the VIP address needs to configured on Physical Servers either as Secondary Address or on the loopback. In our scenario I am using loopbacks for this purpose. 

Now let's configure Router R3 as Server Load Balancer (SLB):


!
ip slb serverfarm DISPATCHED_MODE <- Pick any name you want here
 real 33.33.33.5 <- Physical Address Of First Server
 inservice <- This Command Enables the real server for use by IOS SLB
 maxconns 2 <- Optional
 weight 1 <- Optional
 exit
 real 33.33.33.6 <- Similar Steps to be repeated for 2nd Physical Server
 inservice
 maxconns 2
 weight 1
 exit
 exit
 exit
!
ip slb vserver ANYCAST_ADDRESS <- Let's Create the VIP
 virtual 100.100.100.100 tcp telnet <- Here we are configuring Telnet SLB
 serverfarm DISPATCHED_MODE <- Server Farm Configured Earlier
 inservice
 advertise 
 exit
!

Verification:
========


R1>telnet 100.100.100.100
Trying 100.100.100.100 ... Open

R5>exit


[Connection to 100.100.100.100 closed by foreign host]


R1>telnet 100.100.100.100

Trying 100.100.100.100 ... Open

R6>exit


[Connection to 100.100.100.100 closed by foreign host]


So as you can see our Telnet connections are getting load balanced between both Physical Server.


R3#sh ip slb stats

Pkts via normal switching:  60
Pkts via special switching: 0
Connections Created:        2
Connections Established:    2
Connections Destroyed:      2
Connections Reassigned:     0
Zombie Count:               0


R3#sh ip slb serverfarms detail
DISPATCHED_MODE, predictor = ROUNDROBIN, nat = none
                 virtuals inservice: 1, reals = 2, bind id = 0
  Real servers:
    33.33.33.5, weight = 1, OPERATIONAL, conns = 0
    33.33.33.6, weight = 1, OPERATIONAL, conns = 0
  Total connections = 0


Since there is no active connection, the connection count is 0. Let's initiate one connection:

R1>telnet 100.100.100.100
Trying 100.100.100.100 ... Open

R5>



R3#sh ip slb serverfarms detail
DISPATCHED_MODE, predictor = ROUNDROBIN, nat = none
                 virtuals inservice: 1, reals = 2, bind id = 0
  Real servers:
    33.33.33.5, weight = 1, OPERATIONAL, conns = 1
    33.33.33.6, weight = 1, OPERATIONAL, conns = 0
  Total connections = 1

The IOS Version used for this SLB Test Bed is:


R3#sh ver | i IOS
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(13a), RELEASE SOFTWARE (fc1)

HTH...
DEEPAK ARORA
EVIL CCIE

6 comments:

  1. Interesting. Never worked with that.
    -P

    ReplyDelete
  2. Hi deepk,

    Thanks for sharing this bogs.

    ReplyDelete
  3. Why did you run EIGRP on End Router. Suppose if we have real server, there we cant run EIRGP or any other routing protocol. Please explain

    ReplyDelete
  4. Yes, In real scenario your servers won't run EIGRP. Though EIGRP is now an open standard so in long term shouldn't be a problem too.

    But as SLB router doesn't have 100.X.X.X network directly attached so instead you can point static routes.

    ReplyDelete
  5. Thanks for providing this informative information you may also refer.
    http://www.s4techno.com/blog/2016/10/05/big-ip-f5-ltm-license-upgrade/

    ReplyDelete
  6. Thanks for providing this informative information you may also refer.
    http://www.s4techno.com/blog/2016/10/05/big-ip-f5-ltm-license-upgrade/

    ReplyDelete