CERN DNS Load Balancing VladimírBahylIT-FIO NicholasGarfieldIT-CS.

Slides:



Advertisements
Similar presentations
Windows® Deployment Services
Advertisements

Scheduling in Web Server Clusters CS 260 LECTURE 3 From: IBM Technical Report.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
© 2005 Global Knowledge Network, Inc. All rights reserved. Section 2: High Availability Clustering Network Load Balancing Geographical Clustering Remote.
Mecanismos de alta disponibilidad con Microsoft SQL Server 2008 Por: ISC Lenin López Fernández de Lara.
ITIS 3110 Jason Watson. Replication methods o Primary/Backup o Master/Slave o Multi-master Load-balancing methods o DNS Round-Robin o Reverse Proxy.
Chapter 5: Server Hardware and Availability. Hardware Reliability and LAN The more reliable a component, the more expensive it is. Server hardware is.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
NETWORK LOAD BALANCING NLB.  Network Load Balancing (NLB) is a Clustering Technology.  Windows Based. (windows server).  To scale performance, Network.
1 Routing and Scheduling in Web Server Clusters. 2 Reference The State of the Art in Locally Distributed Web-server Systems Valeria Cardellini, Emiliano.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
ManageEngine TM Applications Manager 8 Monitoring Custom Applications.
Dr. Zahid Anwar. Simplified Architecture of Linux Cluster Simplified Architecture of a Single Computer Simplified architecture of an enterprise cluster.
Module 8: Concepts of a Network Load Balancing Cluster
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Lesson 1: Configuring Network Load Balancing
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Ten Configuring Windows Server 2008 for High.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Understanding Active Directory
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 © Talend 2014 Service Locator Talend ESB Training 2014 Jan Bernhardt Zsolt Beothy-Elo
CERN DNS Load Balancing Vladimír Bahyl IT-FIO. 26 November 2007WLCG Service Reliability Workshop2 Outline  Problem description and possible solutions.
10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.
Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.
Name Resolution Domain Name System.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Module 2: Implementing DNS to Support Active Directory
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Submitted by: Shailendra Kumar Sharma 06EYTCS049.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 5: Designing a Terminal Services Infrastructure.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Windows Azure Virtual Machines Anton Boyko. A Continuous Offering From Private to Public Cloud.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.
High Availability in DB2 Nishant Sinha
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer configuration HEPiX Fall 2014 Aris Angelogiannopoulos,
OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.
70-412: Configuring Advanced Windows Server 2012 services
High Availability Technologies for Tier2 Services June 16 th 2006 Tim Bell CERN IT/FIO/TSI.
Introduction to Active Directory
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Homework 5 DNS 、 HTTPD 、 SNMP. Requirements One dedicated domain name for yourself Setup DNS server with following records  SOA, NS, MX  Make them reasonable.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
CompTIA Security+ Study Guide (SY0-401)
NAT、DHCP、Firewall、FTP、Proxy
Consulting Services JobScheduler Architecture Decision Template
REPLICATION & LOAD BALANCING
Services DFS, DHCP, and WINS are cluster-aware.
High Availability Linux (HA Linux)
Consulting Services JobScheduler Architecture Decision Template
Network Load Balancing
VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)
Working at a Small-to-Medium Business or ISP – Chapter 7
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 7
Examining a Windows NT Infrastructure (2)
Working at a Small-to-Medium Business or ISP – Chapter 7
Presentation transcript:

CERN DNS Load Balancing VladimírBahylIT-FIO NicholasGarfieldIT-CS

13 FebruaryCHEP 2006, Mumbai, India2 Outline  Problem description  Possible solutions  DNS – an ideal medium  Round robin vs. Load Balancing  Evolution of DNS setup at CERN  Application Load Balancing system  Server process  Client configuration  Operational examples  Statistics  Conclusion

13 FebruaryCHEP 2006, Mumbai, India3 Problem description  User expectations of IT services:  100% availability  Response time converging to zero  Several approaches:  Bigger and better hardware (= increasing MTBF)  Redundant architecture  Load balancing + Failover  Situation at CERN:  Has to provide uninterrupted services  Transparently migrate nodes in and out of production  Caused either by scheduled intervention or a high load  Very large and complex network infrastructure

13 FebruaryCHEP 2006, Mumbai, India4 Possible solutions  Network Load Balancing  A device/driver monitors network traffic flow and makes packet forwarding decisions  Example: Microsoft Windows 2003 Server NLB  Disadvantages:  Not applications aware  Simple network topology only  Proprietary  OSI Layer 4 (the Transport Layer – TCP/UDP) switching  Cluster is hidden by a switch behind a single virtual IP address  Switch role also includes:  Monitoring of all nodes in the cluster  Keep track of the network flow  Forwarding of packets according to policies  Example: Linux Virtual Server, Cisco Catalyst switches  Disadvantages:  Simplistic tests; All cluster nodes should be on the same subnet  Expensive for large subnets with many services  Switch becomes single point of failure

13 FebruaryCHEP 2006, Mumbai, India5 Domain Name System – ideal medium Ubiquitous, standardized and globally accessible database Connections to any service have to contact DNS first Provides a way for rapid updates Offers round robin load distribution (see later)  Unaware of the applications  Need for an arbitration process to select best nodes  Decision process is not going to be affected by the load on the service  Application load balancing and failover

13 FebruaryCHEP 2006, Mumbai, India6 DNS Round Robin lxplus001 ~ > host lxplus lxplus.cern.ch has address (1) lxplus.cern.ch has address (2) lxplus.cern.ch has address (3) lxplus.cern.ch has address (4) lxplus.cern.ch has address (5) lxplus001 ~ > host lxplus lxplus.cern.ch has address (2) lxplus.cern.ch has address (3) lxplus.cern.ch has address (4) lxplus.cern.ch has address (5) lxplus.cern.ch has address (1)  Allows basic load distribution  No withdrawal of overloaded or failed nodes

13 FebruaryCHEP 2006, Mumbai, India7 lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address lxplus.cern.ch has address DNS Load Balancing and Failover  Requires an additional server = arbiter  Monitors the cluster members  Adds and withdraw nodes as required  Updates are transactional  Client never sees an empty list lxplus001 ~ > host lxplus

13 FebruaryCHEP 2006, Mumbai, India8 DNS evolution at CERN – static model Primary DNS Server Secondary DNS Server Generated static data filesAXFR or NFS AXFR= full zone transfer IXFR= incremental zone transfer zone= [view, domain] pair (example: [internal, cern.ch]) Network Database Server Delegated Primary DNS Server Delegated Secondary DNS Server Arbiter AXFR Segmented DNS name space – Sub-Domain delegation Not scalable. No high-availability. Obsolete.

13 FebruaryCHEP 2006, Mumbai, India9 DNS 1 (e.g. internal view) DNS 2 (e.g. external view) Network Database Server DNS evolution at CERN – scalable model Master DNS Server Slave 2A Generated static data files AXFR= full zone transfer IXFR= incremental zone transfer zone= [view, domain] pair (example: [internal, cern.ch]) Slave 2B Slave 1A Slave 1B AXFR No support for frequent 3 rd party updates. Only full zone transfers.

13 FebruaryCHEP 2006, Mumbai, India10 DNS 1 (e.g. internal view) DNS 2 (e.g. external view) DNS evolution at CERN – 3 rd party updates Slave 2A Generated static data files AXFR= full zone transfer IXFR= incremental zone transfer zone= [view, domain] pair (example: [internal, cern.ch]) Slave 2B Slave 1A Slave 1B AXFR Network Database Server Arbiter Update trigger Dynamic Data Database Server Master DNS Server Dynamic Data Multiple points of failure. Management nightmare.

13 FebruaryCHEP 2006, Mumbai, India11 DNS 1 (e.g. internal view) DNS 2 (e.g. external view) DNS evolution at CERN – Dynamic DNS Master DNS Server Slave 2A AXFR= full zone transfer IXFR= incremental zone transfer zone= [view, domain] pair (example: [internal, cern.ch]) Slave 2B Slave 1A Slave 1B AXFR or IXFR Network Database Server Arbiter Generated static data files Dynamic DNS 

13 FebruaryCHEP 2006, Mumbai, India12 Application Load Balancing System

13 FebruaryCHEP 2006, Mumbai, India13 Load Balancing Arbiter  Collects metric values  Polls the data over SNMP  Sequentially scans all cluster members  Selects the best candidates  Lowest positive value = best value  Other options possible as well  Round robin of alive nodes  Updates the master DNS  Uses Dynamic DNS  With transactional signature keys (TSIG) authentication  At most once per minute per cluster  Active and Standby setup  Simple failover mechanism  Heartbeat file periodically fetched over HTTP  Daemon is:  Written in Perl  Packaged in RPM  Configured by a Quattor NCM component

13 FebruaryCHEP 2006, Mumbai, India14 Application Cluster nodes  SNMP daemon  Expects to receive a specific MIB OID  Passes control to an external program  Load Balancing Metric  /usr/local/bin/lbclient  Examines the conditions of the running system  Computes a metric value  Written in C  Available as RPM  Configured by a Quattor NCM component

13 FebruaryCHEP 2006, Mumbai, India15 Load Balancing Metric  System checks – return Boolean value  Are daemons running (FTP, HTTP, SSH) ?  Is the node opened for users ?  Is there some space left on /tmp ?  System state indicators  Return a (positive) number  Compose the metric formula  System CPU load  Number of unique users logged in  Swapping activity  Number of running X sessions  Integration with monitoring  Decouple checking and reporting  Replace internal formula by a monitoring metric  Disadvantage – introduction of a delay  Easily replaceable by another site specific binary

13 FebruaryCHEP 2006, Mumbai, India16 Operational examples  LXPLUS – Interactive Login cluster  SSH protocol  Users log on to a server and interact with it  CASTORGRID – GridFTP cluster  Specific application on a specific port  Experimented with live evaluation of the network traffic by the metric binary  WWW servers  Could be any application – client metric concept is sufficiently universal !

13 FebruaryCHEP 2006, Mumbai, India17 State Less vs. State Aware  System is not aware of the state of connections  State Less Application  For any connection, any server will do  Our system only keeps the list of available hosts up-to-date  Example: WWW server serving static content  State Aware Application  Initial connection to a server; subsequent connection to the same server  Our load balancing system can not help here  Solution: after the initial connection the application must indicate to the client where to connect  Effective bypass of the load balancing  Example: ServerName directive in Apache daemon

13 FebruaryCHEP 2006, Mumbai, India18 LXPLUS statistics

13 FebruaryCHEP 2006, Mumbai, India19 LXPLUS statistics

13 FebruaryCHEP 2006, Mumbai, India20 LXPLUS statistics

13 FebruaryCHEP 2006, Mumbai, India21 Future enhancements  Improve the high availability of the DNS master server  Currently, there is only a single instance  Use SNMP v3 for polling  Increases security  Polling parallelization  Ask all cluster members at once  Wait a time-out interval and then collect the received data

13 FebruaryCHEP 2006, Mumbai, India22 Conclusion  Dynamic DNS switching offers possibility to implement automated and intelligent load-balancing and failover system  Scalable  From two node cluster to complex application clusters  Decoupled from complexity of the network topology  Need for an Arbiter  Monitor the cluster members  Select the best candidates  Update the published DNS records  Built around OpenSource tools  Easy to adopt anywhere

13 FebruaryCHEP 2006, Mumbai, India23 Thank you.  (accessible from inside CERN network only) Vladimír Bahyl

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.