Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew Lahiff HEP SYSMAN June 2016 Hiding infrastructure problems from users: load balancers at the RAL Tier-1 1.

Published byRodney Robertson Modified over 8 years ago

Similar presentations

Presentation on theme: "Andrew Lahiff HEP SYSMAN June 2016 Hiding infrastructure problems from users: load balancers at the RAL Tier-1 1."— Presentation transcript:

1 Andrew Lahiff HEP SYSMAN June 2016 Hiding infrastructure problems from users: load balancers at the RAL Tier-1 1

2 DNS aliases -bash-4.1$ nslookup srm-atlas.gridpp.rl.ac.uk Server: 130.246.8.13 Address:130.246.8.13#53 Name:srm-atlas.gridpp.rl.ac.uk Address: 130.246.181.163 Name:srm-atlas.gridpp.rl.ac.uk Address: 130.246.181.164 Name:srm-atlas.gridpp.rl.ac.uk Address: 130.246.181.171 Name:srm-atlas.gridpp.rl.ac.uk Address: 130.246.181.162 What’s wrong with this? What we used to do (& still mostly do) 2

3 What if one ATLAS SRM dies overnight? –The dead machine is still visible to users via the DNS alias 1/N requests will fail We would need to contact RAL networking to change it –We get a pager alarm Someone will look into it, even at 2am Sunday morning Upgrades & reboots –As machines being updated are still in the DNS alias, maintainance is visible to users 1/N requests will fail what happens if a “quick reboot” takes longer than expected? (fsck, problem with VM,...) Problems with DNS aliases 3

4 CERN seem to do this (I think) This is perhaps better, but still has problems –What about DNS libraries not respecting DNS TTLs and caching the results of name lookups? –Many applications do DNS lookups once and cache the results –Issues with IPv6 DNS round-robin round-robin doesn’t work – many clients will always pick the “first” host What if we had a more dynamic DNS? 4

5 Instead of users connecting directly to servers... The alternative user server 1 server 2 server 3 server 4 5 site firewall hole

6 Put a load balancer in between The alternative load balancer user server 1 server 2 server 3 server 4 6 site firewall hole

7 HAProxy –Open source load balancer for TCP & HTTP Keepalived –Linux Virtual Server (LVS) router –Can provide HA floating IP addresses using Virtual Redundancy Routing Protocol (VRRP) Building blocks 7

8 Architecture at RAL Keepalived HAProxy Keepalived HAProxy user DNS floating IP 1 floating IP 2 server 1 server 2 server 3 server 4 load balancer 1 load balancer 2 Each service uses 2 floating IPs with a DNS alias 8 Each load balancer running on a VM

9 If a backend server dies Keepalived HAProxy Keepalived HAProxy user DNS floating IP 1 floating IP 2 server 1 server 2 server 3 server 4 load balancer 1 load balancer 2 HAProxy stops sending requests to the broken server 9

10 If a HAProxy dies Keepalived HAProxy Keepalived HAProxy user DNS floating IP 1 floating IP 2 server 1 server 2 server 3 server 4 load balancer 1 load balancer 2 The floating IP(s) move to the other load balancer 10 Keepalived checks if HAProxy is running

11 If a load balancer host dies Keepalived HAProxy Keepalived HAProxy user DNS floating IP 1 floating IP 2 server 1 server 2 server 3 server 4 load balancer 1 load balancer 2 The floating IP(s) move to the other load balancer 11

12 Add a new backend server Only need to update HAProxy config Keepalived HAProxy Keepalived HAProxy user DNS floating IP 1 floating IP 2 server 1 server 2 server 3 server 4 load balancer 1 load balancer 2 server 5 12

13 HAProxy has configurable built-in checks –tcp connection attempt –tcp, expect response to contain a specified string –SSLv3 client hello –http response code –http, expect response to contain a specified string –MySQL, PostgreSQL –SMPT For FTS3 –using tcp (SOAP API), SSLv3 (RESTful API, monitoring app) How to check if backend servers are healthy? 13

14 Round-robin –each backend server used in turn –using for FTS3 (soap), FTS3 (REST) Source –each client IP always goes to the same backend server –used for FTS3 (monitoring app) no more endless “identify yourself with a certificate” requests from your browser! compare https://fts3.cern.ch:8449/fts3/ftsmon/#/ to https://lcgfts3.gridpp.rl.ac.uk:8449/fts3/ftsmon/#/https://fts3.cern.ch:8449/fts3/ftsmon/#/ https://lcgfts3.gridpp.rl.ac.uk:8449/fts3/ftsmon/#/ Also some others –leastconn, first,... Load balancing options 14

15 HAProxy stats page Monitoring 15

16 Use Telegraf to send HAProxy metrics to InfluxDB Monitoring 16

17 Nagios tests per load balancer –check that the number of healthy backend servers for each service is above a minimum threshold Tests for floating IPs Monitoring 17

18 With FTS3 only, load is very, very low! –Average 13 sessions/sec, 3 concurrent sessions (per lb) Current load 18

19 Random example using Apache Bench, zero tuning –8000 sessions/sec, 800 concurrent sessions Testing at higher scales 19 (using backend servers running httpd)

20 Services fully using the load balancers: –FTS3 (“test” instance, i.e. ATLAS): since 26 th April –FTS3 (“prod” instance, i.e. CMS etc): since 31 st May No problems so far Current status 20

21 More advanced HAProxy health checks e.g. host cert expiry, CPU load too high,... More services –Other existing services –Future services that require true high availability SCD OpenStack (dev instance already using HAProxy, Keepalived) Ceph gateways (e.g. gridFTP control traffic) It’s also the first step required before moving to a more dynamic infrastructure –e.g. container orchestration Future plans 21

Download ppt "Andrew Lahiff HEP SYSMAN June 2016 Hiding infrastructure problems from users: load balancers at the RAL Tier-1 1."

Similar presentations

The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.

The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.

CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.
ALICE G RID SERVICES IP V 6 READINESS

ALICE G RID SERVICES IP V 6 READINESS
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
CSE 190: Internet E-Commerce Lecture 16: Performance.

CSE 190: Internet E-Commerce Lecture 16: Performance.
Chien-Chung Shen cshen@udel.edu Google Compute Engine Chien-Chung Shen cshen@udel.edu.

Chien-Chung Shen Google Compute Engine Chien-Chung Shen
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Putting the Network to Work

Putting the Network to Work
Load Sharing and Balancing - Saravanan Mathialagan Masters in Computer Science Georgia State University.

Load Sharing and Balancing - Saravanan Mathialagan Masters in Computer Science Georgia State University.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
1 Oracle 9i AS Availability and Scalability Margaret H. Mei Senior Product Manager, ST.

1 Oracle 9i AS Availability and Scalability Margaret H. Mei Senior Product Manager, ST.
G RID SERVICES IP V 6 READINESS

G RID SERVICES IP V 6 READINESS
Application-Layer Anycasting By Samarat Bhattacharjee et al. Presented by Matt Miller September 30, 2002.

Application-Layer Anycasting By Samarat Bhattacharjee et al. Presented by Matt Miller September 30, 2002.
Submitted by: Shailendra Kumar Sharma 06EYTCS049.

Submitted by: Shailendra Kumar Sharma 06EYTCS049.
Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.

Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.
Platform & Engineering Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t PES Network as a Service Use cases for load balancing.

Platform & Engineering Services CERN IT Department CH-1211 Geneva 23 Switzerland t PES Network as a Service Use cases for load balancing.
Addressing Issues David Conrad Internet Software Consortium.

Addressing Issues David Conrad Internet Software Consortium.
Windows Azure Virtual Machines Anton Boyko. A Continuous Offering From Private to Public Cloud.

Windows Azure Virtual Machines Anton Boyko. A Continuous Offering From Private to Public Cloud.

Similar presentations

Ads by Google