Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update.

Published bySandra Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update."— Presentation transcript:

1 draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update

2 Why V6OPS Should Care Every serious content provider runs load balancers. IPv6 support in load balancers has been a delaying factor for IPv6 deployment. The flow label may enhance load balancer efficiency, and even act as an incentive for IPv6 adoption No protocol changes – this is implementation and deployment only 2/9

3 Updated Scenario Diagram 3/9 IPv6 Clients in the Internet HTTP server L3/L4 balancer HTTP proxy Ingress router TLS proxyHTTP proxyTLS proxy L3/L4 balancer HTTP server DNS-based ←load splitting→ … … … … Ingress router Possible flow label use

4 Use Flow Label to Reduce Work on L3/L4 Load Balancers A new flow is directed to a server according to a L7 load balancing algorithm. The flow label doesn’t help there. In subsequent packets, the flow label is immediately available regardless of extension headers – more efficient for ASICs. The 3-tuple {source address, destination address, flow label} would be sufficient to identify a transport flow, replacing the traditional 5-tuple It can be reduced to 2 tuple {source address, flow label} since destination address is always the same 4/9

5 Clarification: Who Sets The Label? According to RFC 6437, the flow label SHOULD be set to a suitable (uniformly distributed) value at the source Until that becomes general practice, a site using it for server load balancing has two choices when the incoming label is zero:  Set the label, per RFC 6437, in an ingress router, thus reducing L3/L4 balancer load except for the first packet.  Use the full 5-tuple (as today). 5/9

6 Use Flow Label to Reduce Work on L7 Load Balancers LBs need to maintain session persistence (i.e. always pick the same server) when a transaction includes several transport flows (even different source addresses)  Passive-mode FTP picks a new port number.  Sessions mix HTTP and HTTPS.  Clients behind a web proxy with a dynamic address pool. If applications used the same flow label for all parts of a transaction, LBs could maintain persistence without DPI or session cookies.  One flow label per transaction, which may involve multiple transport connections, some of them may from different source addresses.  [RFC6437] a flow is not necessarily 1:1 mapped to a transport connection 6/9

7 New Security Considerations Using a flow label as a transaction handle would require some precautions. An unguessable flow label will help in avoiding DDOS attacks on a single server, by making it hard to fool the LB algorithm. The LB will store the association between a given flow label value and a given server. This will improve session recovery after a server failure, and also makes it harder for an attacker to target a single server, because this association is not known externally. 7/9

8 Possible Benefits Assuming that 80-90% of users will reach the net without a proxy, large sites will be able to off-load most of their load balancing into ASIC- based LBs or even switches.  Ingress router sets flow label if zero The remaining 10-20% of sessions will have persistence issues (multiple ports or source addresses) and will follow the normal route via the L7 LBs.  Unless we deploy the extended role (same flow label for all parts of a transaction), newly proposed in this document 8/9

9 Questions? Does the WG want to take on this topic? Thanks 9/9

Download ppt "Draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update."

Similar presentations

COGNITIVE PACKET NETWORKS

COGNITIVE PACKET NETWORKS
SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
Network Localized Mobility Management using DHCP

Network Localized Mobility Management using DHCP
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
1 Routing and Scheduling in Web Server Clusters. 2 Reference The State of the Art in Locally Distributed Web-server Systems Valeria Cardellini, Emiliano.

1 Routing and Scheduling in Web Server Clusters. 2 Reference The State of the Art in Locally Distributed Web-server Systems Valeria Cardellini, Emiliano.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
CS335 Networking & Network Administration Tuesday, April 20, 2010.

CS335 Networking & Network Administration Tuesday, April 20, 2010.
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Similar presentations

Ads by Google