11/2/2000Weihong Wang/Content Switch Page 1 Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of.

Slides:



Advertisements
Similar presentations
Scheduling in Web Server Clusters CS 260 LECTURE 3 From: IBM Technical Report.
Advertisements

CCNA – Network Fundamentals
Lecture 7 Transport Layer
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Module 8: Concepts of a Network Load Balancing Cluster
Content Switch Design Introduce Linux networking source code. IP Masquerade techniques. LVS(Linux Virtual Server). Design of the Content Switch.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
UCB Switches Jean Walrand U.C. Berkeley
11/2/2000Weihong Wang/Content Switch Page 1 Content Web Switch Weihong Wang.
Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Cornell CS502 Web Basics and Protocols CS 502 – Carl Lagoze Acks to McCracken Syracuse Univ.
NPCSlli 1 DESIGN AND IMPLEMENTATION OF CONTENT SWITCH ON IXP1200EB Presenter: Longhua Li Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita Dr.
Chapter 9 Caching, NAT Professor Rick Han University of Colorado at Boulder
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
11/2/2000Weihong Wang/Content Switch Page 1 Content Web Switch Weihong Wang.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
UCB Switches Jean Walrand U.C. Berkeley
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
A Brief Taxonomy of Firewalls
OSI Model Routing Connection-oriented/Connectionless Network Services.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Redirection and Load Balancing
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Chapter 6: Packet Filtering
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
Our Last Class!!  summary  what does the future look like?
Web Application Firewall (WAF) RSA ® Conference 2013.
Othman Othman M.M., Koji Okamura Kyushu University 1.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Module 10: How Middleboxes Impact Performance
TCP/IP (Transmission Control Protocol / Internet Protocol)
Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.
Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.
1 An Introduction to Internet Firewalls Dr. Rocky K. C. Chang 12 April 2007.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Communication Networks NETW 501 Tutorial 2
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.
Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University
Web acceleration: PoP Infrastructures
Distributed Systems.
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
Computer Data Security & Privacy
Prepared By : Pina Chhatrala
VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)
Introduction to Networking
* Essential Network Security Book Slides.
POOJA Programmer, CSE Department
دیواره ی آتش.
Firewalls Chapter 8.
Protocol Application TCP/IP Layer Model
INFORMATION FLOW ACROSS THE INTERNET
Presentation transcript:

11/2/2000Weihong Wang/Content Switch Page 1 Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.

11/2/2000Weihong Wang/Content Switch Page 2 Introduction of Content Switch (1) What is web server load balancing?. Distribute incoming request to achieve parallel services.. Transport layer load balancing, balancing the incoming request based on address and port number.. Application layer load balancing, redirecting the user request based on the content of the request. (e.g. url, http header…)

11/2/2000Weihong Wang/Content Switch Page 3 Introduction of Content Switch (2) What is Content Switch?. An application layer load distribution.. A network device which routes the unique user request for specific content to the optimal server best able to handle the request.. For example, a Content Switch can classify the incoming request based on its url, http meta header, cookie value and so on.

11/2/2000Weihong Wang/Content Switch Page 4 ArrowPoint Network Services (Support url and cookie-based switching). Who the customer is based on user cookie located within HTTP header.. What information or transaction the customer is requesting.. Where best to service the customers.

11/2/2000Weihong Wang/Content Switch Page 5 Content Switch Architecture From Apostolopoulos2000. Apostolopoulos2000. Port controller matches incoming packets Forward packets to content switch processor or route them directly. Rule matching results download to port controller Content switch processor

11/2/2000Weihong Wang/Content Switch Page 6 Content Switch Operations Content Switching Rule Matching Algorithm Header Content Extraction Packet Classification Content Switch Rules Packet Routing (Load Balancing) CS Rule Editor Incoming Packets Forward Packet To Servers Network Path Info Server Load Status

11/2/2000Weihong Wang/Content Switch Page 7 Component of Content Switch. Defining the rules. Determine the type of web content being request.. Rule matching process Identifying specific type of traffic, then routing that traffic to the location best able to serve the traffic or customer request.

11/2/2000Weihong Wang/Content Switch Page 8 Two different design approach of Content Switch. Process content type classification and routing policy on application level. For example: application level proxies.. Process content type classification and routing policy on tcp/ip level. Need to modify operating system kernel. For example: using NAT to develop a content switch.

11/2/2000Weihong Wang/Content Switch Page 9 Cisco Content Engine 2.20(CE). Cisco CE supports HTTP and HTTPS proxy server.. CE examines web request and makes the action decision such as block, cache, or proxy.. CE is worked in application level.. An example of the matching rules: rule no-cache url-regex\. *cgi-bin.* This rule configures that the incoming packets with the url matching the pattern “*cgi-bin” will not be forward to the proxy servers.

11/2/2000Weihong Wang/Content Switch Page 10 Intel Action/Classification Engines(ACEs). ACE classifies incoming packets according to the predefined rule files.. ACE then triggers action in the associated action files.. ACE use Network Classification Language(NCL) to configure rules.. ACE is developed in tcp/ip level.. Example of NCL, Rule check_http{tcp&&(tcp.sport==80)}{action_scan()}. check_http is the name of the rule, {tcp&&(tcp.sport==80)} is class matching condition, and {action_scan()} is action function of this condition.. This rule means that incoming request with protocol=tcp and port=80 will go to action “action_scan()”.. NCL is simple for configuration.

11/2/2000Weihong Wang/Content Switch Page 11 Design of the Content Switch. Architecture of Content Switch.. Matching rules and routing policy.. Flow chart.

11/2/2000Weihong Wang/Content Switch Page 12 TCP/IP level Content Switch Architecture (1) NAT(network address translation). Incoming and out going packets all pass through Content Switch.. Content Switch masquerades the ip address and port number of incoming and out going packets.. Content Switch uses delayed binding to connect with back server.

11/2/2000Weihong Wang/Content Switch Page 13 Packet Processing in Content Switch Phase 1: Phase 2: Phase 3:

11/2/2000Weihong Wang/Content Switch Page 14 TCP Delay Binding

11/2/2000Weihong Wang/Content Switch Page 15 NAT Content Switch delayed binding. Content Switch establishes a connection with client first.. When get data, choose a server to establish another connection, forward original syn msg, discard the ack from back server.. For the following data transmission, Content Switch only forward it after masquerades its ip address and port number.

11/2/2000Weihong Wang/Content Switch Page 16 TCP/IP level Content Switch Architecture (2) IP Tunnel and IP Direct Routing. Content Switch accepts request and forward it to the choosed server.. The server then connects with client directly.. Delayed binding.. Need to modify back end server’s tcp protocol.. Faster than NAT approach.

11/2/2000Weihong Wang/Content Switch Page 17 Content Switch Rules The contents should be covered :. Source IP address and TCP/UDP port number.. URL regular expression.. HTTP meta header.. SSL session ID.. Values of XML tags.

11/2/2000Weihong Wang/Content Switch Page 18 Content Switch Rules (1) Examples of Content Switch Rules Foundry ServerIron ServerIron(config)#url-map gifPolicy ServerIron(config-url-gifPolicy)#method suffix ServerIron(config-url-gifPolicy)#match “gif”1 ServerIron(config-gifPolicy)#default 2 ServerIron(config-gifPolicy)#exit If the suffix of url in the incoming packets is gif, route to server group 1, else route to server group 2. Cisco Network Based Application Recognition Router(config)#class-map match-all http_secure Router(config)#match protocol secure-http Router(ifconfig)#class-map match any audio_video Router(config)#match protocol http mime “audio/*” Router(config)#match protocol http mime “video/*” Router(config)#policy-map e-express Router(config-pmap-c)#class http_secure Router(config-pmap-c)#bandwidth 32 Router(config-pmap-c)#class audio_video Router(config-pmap-c)#bandwidth 10 First define classes for secure http request and audio/video request, and then distribute the outbound bandwidth for each class. Intel IX-API SDK Rule check_src {ip.src== } {action_A()} Rule check_http{tcp&&(tcp.sport==80)}{action_scan()} The meaning of rule check_src is: if source ip address is , then execute the action function “action_A()”.

11/2/2000Weihong Wang/Content Switch Page 19 Content Switching Rule Matching Algorithm. Brute Forced Sequential Execution – Early rules have higher priority.. Easy to solve conflict problem.. Ways to speed up the process of rule matching: - Set flags based on the headers and content by-passed rules not related. - Use compiler-optimization techniques to speed up the set of rule

11/2/2000Weihong Wang/Content Switch Page 20 Flow Chart of Content Switch (1) packet from client input to ip_input connection established? TCP/SYN? create ACK back msg send back ACK to client masquerade ip addr port,seq. forward ib packet return choose server masq SYN msg forward to server choose server masq UDP packet forward to server deliver to upper layer TCP/data/ack UDP? y n y yy nnn

11/2/2000Weihong Wang/Content Switch Page 21 Flow Chart of Content Switch packet from back server Connection established? msaq packet forward it return SYN/ACK? create connection hash table masq ip addr, port,seq. forward saved ip packet forward as normal input to ip_forward

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.