Introduction

Cisco LocalDirector (see Figure 1-1) is a hardware and software solution with a secure, real-time, embedded operating system that intelligently load balances TCP/IP traffic across multiple servers. Delivering very fast performance by distributing client requests across a cluster of low-cost servers, LocalDirector dramatically reduces the cost of providing large-scale Internet services, and speeds user access to those applications.

LocalDirector serves as a transparent learning bridge to forward data packets between its interfaces. Because of its bridge capability, LocalDirector must not be installed on the network parallel to another bridge.

Figure 1-1: LocalDirector Bridge Between Internet and Servers

The load-balancing options of LocalDirector provide a flexible and adaptable method for directing TCP/IP traffic. You can configure LocalDirector to maximize the number of TCP/IP connections a server farm can manage. TCP/IP traffic is directed to different servers based on service, speed, or quantity of connections.

Note LocalDirector provides load balancing for TCP/IP connections only.

LocalDirector is a high-performance Internet appliance with over 92 Mbps throughput. It supports a combined total of 10,240 virtual IP addresses and real servers. The real servers can be a collection of heterogeneous hardware platforms and operating systems. Quick setup with no network address changes reduces system administration time.

Ideal for mission-critical applications, LocalDirector provides the capability to build a highly redundant and fault-tolerant server system. Servers are automatically and transparently placed in and out of service, providing fault tolerance for servers. LocalDirector itself is equipped with an optional hot-standby failover mechanism, building increased redundancy for the server system. Figure 1-2 shows the front of the LocalDirector.

Figure 1-2: LocalDirector Front View

LocalDirector Features

LocalDirector has these features:

Hot-standby/failover (optional)--Enables configuration of highly redundant, fault-tolerant systems.
Provides over 92 Mbps throughput with 500 byte packets and greater--Scalable to meet the needs of large Web sites.
Real-time embedded operating system--Provides full utilization of the hardware, CPU, and memory.
Setup is simple--does not disrupt existing network.
Configurable with a total of 10,240 virtual addresses and physical addresses--Provides flexibility in domain names and network configuration.
Supports 600,000 simultaneous TCP connections.
Transparent support for all common TCP/IP Internet services--Web, File Transfer Protocol (FTP), Telnet, Gopher, and Simple Mail Transfer Protocol (SMTP) are all supported without special software configuration.
Easy administration of servers--Add and remove servers transparently, and increase quantities of servers as traffic grows.
Compatible with any server operating system--Administrators are able to mix and match server hardware and operating systems to retain technology investments.

LocalDirector Equipment

The LocalDirector shipping carton contains the following:

Rack-mountable LocalDirector unit:
- 19-inch rack-mount enclosure
- Two Ethernet 10/100 network interfaces with RJ45 connectors
  Optional Fiber Distributed Data Interface (FDDI) with SC connectors
- Data bus (DB)-9 EIA/TIA-232 console interface port
- 3.5-inch diskette drive
- 32 MB of RAM
- 2 MB of Flash memory
- 200 MHz Pentium Pro processor
Keys for the front panel lock
Power cord
DB-9 to DB-25 null modem serial cable
DB-25 gender adapter
LocalDirector system diskette
This guide
Cisco LocalDirector Release Notes
Regulatory Compliance and Safety Information for the Cisco LocalDirector

Before Installing LocalDirector

Note Read the Regulatory Compliance and Safety Information for the Cisco LocalDirector before installing. Even though you probably read safety guidelines for the other products in your network, studying the material in this guide and the brief section that follows can help keep you safe and focused as you continue preparing your LocalDirector for service.

Follow these guidelines to ensure general safety:

Keep the chassis area clear and dust-free during and after installation.
Put the removed chassis cover in a safe place.
Keep tools away from walk areas where you and others could fall over them.
Do not wear loose clothing that could get caught in the chassis. Fasten your tie or scarf and roll up your sleeves.
Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.
Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

Access Modes

The command interpreter provides a command set that emulates Cisco IOS technologies. This command set provides three administrator access modes:

Unprivileged mode displays the ">" prompt and lets you view current running settings.
Privileged mode displays the "#" prompt and lets you change current settings and write to flash memory. Unprivileged commands also work in privileged mode.
Configuration mode displays the "(config)#" prompt and lets you change system configurations. Configuration mode commands work only in this mode.

At startup, the console is in unprivileged mode. You can access privileged mode by entering the enable command. LocalDirector then prompts you for a password. When you first configure LocalDirector, a password is not required. Press the Enter key at the prompt. Assign a password to privileged mode with the enable password command. Exit privileged mode by entering the disable command.

Access configuration mode by entering the configure terminal command while in the privileged mode. You can then write your settings to flash memory, diskette, or to your console computer. Exit configuration mode by entering ^Z.

When you enter commands, you can erase characters with the Backspace or Del key. You can erase the previous word with ^W and erase the previous line with ^U.

LocalDirector Concepts

LocalDirector concepts covered in this section include the following:

LocalDirector Bridging Feature

If there is another path from the network to your servers, a bridge loop will be created and LocalDirector will not work properly. The LocalDirector automatically detects a bridge loop and tries to recover. SYSLOG messages will be generated to indicate that there is a bridge loop.

Virtual and Real Servers

Virtual servers present a single address for a group of real servers and load-balance service requests between the real servers in a site. Real servers are actual host machines with unique IP addresses that provide TCP/IP services to the network. The virtual server IP address is published to the user community, but the real IP addresses can remain unpublished, allowing you to hide actual site implementation details and provide single points of contact for users.

Clients and servers cannot be located on the same side of the LocalDirector. The LocalDirector uses network address translation (NAT) to make it appear as if the client is communicating directly with the real servers. If the client and server are on the same network segment, the response from the server will bypass the LocalDirector and the traffic will not be load balanced. All traffic must pass through the LocalDirector and be bridged to the real servers.

Virtual servers and real servers can also be seen as a "TCP service" instead of just an IP address. When you define virtual and real servers, you can specify the port traffic that will run on the server. These servers are referred to as port-bound servers, and they provide the following benefits:

You can configure application-specific server farms. In other words, with one virtual IP address and multiple virtual ports, File Transfer Protocol (FTP) traffic can be directed to one server farm, and HyperText Transfer Protocol (HTTP) traffic can be sent to another, allowing you to dedicate servers to specific tasks and allocate resources more efficiently.
You can deny or accept access to a server based on service. For example, LocalDirector can deny all TCP traffic except for HTTP traffic, providing an increased level of security.
You can continue to access services on a server that has a failed service daemon. If a particular daemon fails, only that daemon or port will fail, not the entire server. For example, multiple Web daemons might be running on the same server, and if one of the Web daemons fails, only that daemon will fail and not the whole server. This setup increases server farm reliability.

Note If you have a port-bound virtual server (for example, 192.168.89.220 80) traffic to any other port on the virtual server will result in a reset being sent to the client machine requesting the connection.

Server Backup

To ensure that TCP services will continue to run in the event that a server is failed or out-of-service, you can identify an alternative destination for server traffic by specifying a backup. The term "backup" is used to define a hot-standby for a real or virtual server defined on the LocalDirector. The backup can be a virtual or real server, thus it is possible to use the backup command in any combination.

For real servers, a backup is used if the real server is failed or out-of-service. For a virtual server, a backup is used if all real servers (and their backups) bound to the virtual server are failed or out-of-service. If the virtual server itself is out-of-service, a reset message will be sent to the client requesting the connection.

Note A server cannot be used as a backup for itself. For example, a real server cannot serve as a backup for a virtual server to which it is bound. If this configuration is attempted, an error message will be displayed.

When the server being backed up returns to service, connections are no longer directed to the backup server and they are sent according to the LocalDirector configuration.

Failed Server Recovery

When a real server is failed (it does not respond to a predetermined number of connections set by the threshold command), the following process is used to test the real server to see if it is ready to accept more connections:

After the number of minutes set with the retry command have passed, the real server will be put into "TESTING" state. The default for the retry command is one minute. If the show real command is used while in the testing state, TESTING will be displayed in the output.
In the testing state, the server will receive one live connection from a client. If the server responds, it will be moved back into "IS" (in-service) state; however, if the real server does not respond, it will be moved back to "FAILED" state and it will be retried again, after the number of minutes set with the retry command have passed (as before).

Slowstart

Previously, a server brought into service under heavy network traffic would be bombarded with connections since it had zero connections. The effect of too many connections at once would disable servers or seriously decrease their performance.

An automatic slowstart algorithm is available to help bring new servers up to speed with the weighted or leastconns predictor options. The slowstart option can be set to roundrobin or none. The roundrobin slowstart option will load balance network connections until network traffic is stable. When the number of connections on all bound real servers is within 80 percent of the desired distribution, the predictor will switch to either weighted or leastconns, as specified in the configuration.

Slowstart is used when:

A new real server is bound to a virtual server
A virtual server just comes out of being failed to in-service
A real server is taken from failed or out of service to in-service
The predictor option for the virtual server is changed

Note Slowstart is only used with leastconns and weighted predictors, and it is optional in version 1.6 and later. For more information, see the predictor command page in Chapter 4, "Command Reference."

Table of Contents

Introduction