Avi Introduction on load balancing

1. 1 Proprietary and Confidential 2015
Load Balancing | Automation | Analytics
SDN based Load Balancing
SDN Meetup Belgium 26-may-16
Philippe Bogaerts
philippe@avinetworks.com
Senior Field Systems Engineer EMEA
@AviNetworks

2. 2 Proprietary and Confidential 2015
• Who AM I?
– Working @Avinetworks, http://www.avinetworks.com
– OWASP Belgium board member @owasp_be https://www.owasp.org/index.php/Belgium
– BruCON co-founder / co-organizer @brucon http://www.brucon.org
– DockerSec – new initiative around networking and security in Docker
– +18 years experience in ADC & Network security
– +13 years Web Application Security, pentesting
• You can reach out to me
– @xxradar
– philippe.bogaerts@radarhack.com
– https://be.linkedin.com/in/philippebogaerts

3. 3 Proprietary and Confidential 2015
Why Application Delivery and Load Balancing at all ?
• Today’s application require
– Availability
– Security
– Acceleration
– End User Experience is critical !!
– Scalability (auto scaling infrastructure and applications)
– New emerging eco-systems (DC/OS, Docker, Kubernetes, etc …)

4. 4 Proprietary and Confidential 2015
ADC vs. LB
• LB – Load Balancers (SLB Server LB)
– Distributes Load (Round Robin, Least connections, Fastest, etc …)
• ADC – Application Delivery Controllers
– LB + L7 Content Switching, Caching, Compression, SSL offloading, Security, etc …
• Load Balancing comes in many forms
– LB based on routers (ex. ECMP, RHI)
– LB L3/4
– LB based on DNS
– LB 3/7

5. 5 Proprietary and Confidential 2015
Basic Load balancing (L3/4)
• Simple load balancing is typically (only) based on
– IP addresses
– TCP/UDP ports
– L4 Proxy
• LB decision is based only INGRESS packet
– Simple and fast HASH based decision
– Health Checking
• What about
– NAT / SNAT, Proxies
– Load Distribution
– Persistency

6. 6 Proprietary and Confidential 2015
Advanced Load balancing (L3/7)
• Advanced load balancing
– IP addresses & TCP/UDP ports
– Content based (HTTP URI, HTTP headers, SIP Headers, FTP …)
– L4/7 Proxy
• LB decision based on Request/Response data
– More advanced LB
– Content Switching, caching, compression …
– Advanced Persistency
– Session based LB vs IP/TCP
----------------------------------------------------------
https://avinetworks.com/media/template_images/ab2.jpg
GET /media/template_images/ab2.jpg HTTP/1.1
Host: avinetworks.com
User-Agent: Mozilla/5.0 (Macintosh; Intel MacOS X10.11; rv:46.0)
Gecko/20100101 Firefox/46.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://avinetworks.com/company/
Cookie: csrftoken=b26HynXtLZ5pguvfwQJkkXRPisEzlg2S; name=Philippe
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type:image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 26 May 2016 08:26:17 GMT
Last-Modified: Wed, 03 Feb 2016 17:38:42 GMT
Expires: Sun, 26 Jun 2016 08:26:17 GMT
Cache-Control: max-age=2678400
Content-Encoding: gzip
----------------------------------------------------------

7. 7 Proprietary and Confidential 2015
DNS based Load Balancing
• Distribution based on DNS request lookup
– Round Robin DNS mechanism
– No Health Checking (in general)
• Commercially available
• Global Service Load Balacing
– Between DC
– Health Checking
– Geo Location based LB
– Combined with SLB

8. 8 Proprietary and Confidential 2015
ECMP and RHI
• Equal-cost multi-path routing (ECMP)
– routing strategy
– next-hop packet forwarding can occur over multiple "best paths"
• RHI
– Route Health Injection
– Advertise next hop to upstream router

9. 9 Proprietary and Confidential 2015
Infrastructure Diversity and Application Evolution
Increasing need for cloud-like scale and efficiency
3-Tier
Microservices
WEB APP DB
ContainerBare Metal Virtualized Public Cloud
App Architecture Evolution
Monolithic
Core Infrastructure Design Principles
• Fluid Scalability
• Commodity x86
• Automation
• Self-Service
• On-Premise & Cloud
• Immediate

10. 10 Proprietary and Confidential 2015
Software Defined Application Services
• Configuring ADC in the legacy world typically requires (complex)
– Network related configuration
– Application related configurations
• Configuring ADC in the SDN world typically requires
– Decoulping Control Plane / Data Plane
– Control plane requires easy to use API
• Automation becomes easy and scriptable
– Multi-tenant, isolation, etc …

11. 11 Proprietary and Confidential 2015
API Example

12. 12 Proprietary and Confidential 2015
API Example
/api/macro
{"model_name":"VirtualService","data":{"name":"demo","services":[{"port":80}],"ip_a
ddress":{"type":"V4","addr":"10.130.129.25"},"pool_ref_data":{"name":"demo_pool",
"lb_algorithm":"LB_ALGORITHM_ROUND_ROBIN","servers":[{"ip":{"type":"V4","addr":
"192.168.1.157"}},{"ip":{"type":"V4","addr":"192.168.1.229"}}]}}}

13. 13 Proprietary and Confidential 2015
Flexible Deployment Model
Deploy load balancers of any size
High-performance LB
with Multi-vCPU SE
Per-Pod / Tenant LB
With 2-vCPU SE
Per-App LB
With per-APP SE

14. 14 Proprietary and Confidential 2015
OpenStack example
CONTROLLER
UI
REST API
OpenStack
Neutron
LBaaS
Keystone
Load Balancer
Configuration
Server, Tenant, &
Network
Configuration
Nova

15. 15 Proprietary and Confidential 2015
AviNetworks

16. 16 Proprietary and Confidential 2015
Questions

17. 17 Proprietary and Confidential 2015
See You Next Time !