Introduction

Cisco LocalDirector (see Figure 1-1) is a network appliance with a secure, real-time, embedded operating system that intelligently load balances TCP/IP traffic across multiple servers. Delivering very fast performance by distributing client requests across a cluster of low-cost servers, LocalDirector dramatically reduces the cost of providing large-scale Internet services, and speeds user access to those applications.

LocalDirector serves as a transparent learning bridge to forward data packets between its interfaces. Because of its bridge capability, LocalDirector must not be installed on the network parallel to another bridge.

Figure 1-1: LocalDirector Bridge Between Internet and Servers

The load-balancing options of LocalDirector provide a flexible and adaptable method for directing TCP/IP traffic. You can configure LocalDirector to maximize the number of TCP/IP connections a server farm can manage. TCP/IP traffic is directed to different servers based on service, speed, quantity of connections, or client IP address. The real servers can be a collection of heterogeneous hardware platforms and operating systems.

---

Note LocalDirector provides load balancing for TCP/IP connections only.

---

Ideal for mission-critical applications, LocalDirector provides the capability to build a highly redundant and fault-tolerant server system. Servers are automatically and transparently placed in and out of service, providing fault tolerance for servers. LocalDirector itself is equipped with an optional hot-standby failover mechanism, building increased redundancy for the server system. Quick setup with no network address changes reduces system administration time.

LocalDirector Features

LocalDirector has these features:

• Hot-standby stateful failover (optional)--Enables configuration of highly redundant, fault-tolerant systems.

• High throughput--Scalable to meet the needs of large Web sites.

• Real-time embedded operating system--Provides full utilization of the hardware, CPU, and memory.

• Migration into existing web farms is simple--IP addresses do not have to be re-configured.

• Combination of virtual addresses and physical addresses--Provides flexibility in domain names and network configuration.

• Transparent support for all common TCP/IP Internet services.

• Easy administration of servers--Add and remove servers transparently, and increase quantities of servers as traffic grows.

• Compatible with any server operating system--Administrators are able to mix and match server hardware and operating systems to retain technology investments.

LocalDirector Security

LocalDirector protects your network by only allowing specific traffic to pass between virtual and real servers, thus restricting both internal and external access to servers. LocalDirector security features include the following:

• SecureAccess

LocalDirector can determine how to handle connections based on the source IP address of the client. By using the assign command and the bind-id of the virtual server, traffic can be directed to a specific instance of a virtual server or dropped altogether based on the user's IP address.

• SecureBind

Use port-bound servers to restrict traffic to a specific port. Traffic to a port that is not specified will be sent a TCP RST.

• SecureBridging

Before version 2.1, LocalDirector bridged traffic that was not destined for a virtual server. If a real server had a valid registered IP address, clients could access the server through its IP address. For security, you can now turn bridging off and not allow direct access to real servers. By using the secure command to turn bridging off for real servers, client traffic must go through a LocalDirector virtual address.

• Secure IP Address

Use the static command to translate the IP address of real servers to a virtual IP address. This hides that actual IP address of the real server, but allows it to go outside the LocalDirector for information requests.

The SecureServices example in Chapter 4, "Installing and Configuring LocalDirector" provides details of implementing LocalDirector security features.

LocalDirector Concepts

LocalDirector concepts covered in this section include the following:

• LocalDirector Terminology

• Virtual and Real Servers

• Port-bound Servers (SecureBind)

• Client-Assigned Load Balancing (Traffic Shaping)

• Server Failure Adjustments

• Failed Server Recovery

• Slowstart

LocalDirector Terminology

The following are LocalDirector terms and definitions:

• Virtual Server--the representation of an application server farm for clients. Referrred to as the virtual_id in configuration commands. A virtual_id includes the virtual server IP address or name, and an optional port number and bind-id.

• Real Server--the representation of a TCP service being load balanced on a physical server. Referrred to as the real_id in configuration commands. A real_id includes the IP address or name of a real server, and an optional port.

• Bind-id--used with the assign command to direct client requests (based on IP address) to a specific instance of a virtual server.

• Predictor--the algorithm used to determine which real server will be assigned new connections for load balancing.

• Failover--a mechanism for providing fault tolerance and high availability.

Virtual and Real Servers

Virtual servers present a single address for a group of real servers and load-balance service requests between the real servers in a site. Real servers are actual host machines with unique IP addresses that provide TCP/IP services to the network. The virtual server IP address is published to the user community, but the real IP addresses can remain unpublished, allowing you to hide actual site implementation details and provide single points of contact for users.

Virtual server addresses can only be accessed from the client side of LocalDirector. Also, clients and the real servers bound to LocalDirector virtual servers cannot be located on the same side of the LocalDirector.

Port-bound Servers (SecureBind)

When you define virtual and real servers, you can specify the port traffic that will run on them. This provides the following benefits:

• You can configure application-specific server farms. In other words, with one virtual IP address and multiple virtual ports, File Transfer Protocol (FTP) traffic can be directed to one server farm, and Hypertext Transfer Protocol (HTTP) traffic can be sent to another, allowing you to allocate resources more efficiently.

• You can deny or accept access to a server based on service. For example, LocalDirector can deny all traffic except for HTTP traffic, providing increased security.

• You can continue to access services on a server that has a failed service daemon. If a particular daemon fails, only that daemon or port will fail, not the entire server. For example, multiple Web daemons might be running on the same server, and if one of the Web daemons fails, only that TCP service will fail and not the whole server. This setup increases server farm reliability.

---

Note If you have a port-bound virtual server (for example, 192.168.89.220:80), traffic to any other port on the virtual server will result in a TCP RST being sent to the client machine requesting the connection.

---

"Port-bound Servers" in Chapter 4, "Installing and Configuring LocalDirector" provides a configuration example.

Client-Assigned Load Balancing (Traffic Shaping)

This feature allows clients to get load balanced to different real servers according to their source IP address. This is accomplished by extending the concept of a virtual server to include a bind-id. The bind-id is used with the assign command to associate a client IP address with a specific instance of a virtual server.

There are many possible uses of this feature, including:

• Grades of Service

You can assign known users to a collection of more powerful servers in order to obtain faster service for them.

• Special Services

You could take users known to be a part of your company to an internal page, but send unknown users to a generic home page.

• Not Welcome Mats

You can assign "problem" clients to a real machine that serves a page indicating that the user is not welcome to your site.

• Restricted Access

Any client IP address not identified by an assign command statement will be directed to the default bind-id of 0. If you do not create the bind-id 0 version of the virtual server, then only specified IP addresses will be allowed in, and all other requests will be blocked.

Server Failure Adjustments

If a server is not responding to requests or responding with TCP RSTs, LocalDirector will fail the server. There are two cases when a real server will respond with a TCP RST:

• The daemon servicing that type of traffic is down (for example, the HTTP daemon on port 80 has failed).

• The server is too busy to accept any more connections.

Values set with the reassign and threshold commands are used to determine if a server is considered failed, and these commands can be used to adjust how quickly a server that is not accepting connections will be taken out of service. The default threshold value is 8, and the default reassign value is 3. Each real server can have different threshold and reassign values.

The reassign command controls how many times a packet from a requesting client is sent to a non-responding server before it is reassigned to another server. The default is three attempts. After the third packet receives no response or a TCP RST from the server, the fourth packet is sent to another server.

Each reassign process increments the reassign tally by one. When the tally reaches the threshold value, the server is considered failed. With a default threshold value of 8, the reassign process will happen eight times before the server is considered failed.

To increase how quickly servers are considered failed, reduce the threshold and reassign values. To keep servers that are refusing connections from being failed by the LocalDirector, increase the threshold and reassign values. (For example, a site receiving 400 connections per second may need to increase the threshold value to 30.)

The retry command determines how quickly a server is put in "testing" mode and given another packet after being failed by this process. The retry default is 60 seconds. On the sixty first second, a connection from a virtual server will be directed to the server to determine if it responds. If that connection receives a response, the server is no longer in the failed state, and it will be put back in-service with the reassign and threshold tallies reset to zero. To increase how quickly a server is given a packet after being failed by LocalDirector, reduce the value of the retry command.

---

Note Since a live connection is used to retry a failed server, a virtual server bound to the real server must also receive a connection to send to it. If the virtual server has no traffic, the real server will stay in testing mode regardless of the retry value.

---

The autounfail command is used to bring a failed server back in-service immediately if it responds with data on an existing connection (established before it was failed by the LocalDirector). The LocalDirector will put the server into testing mode, and if it responds to a new live connection it will then be put in-service. If the server does not accept the new connection (either by not answering or by responding with a TCP RST), then it will be marked as failed again.

When autounfail is on (it is by default), LocalDirector will bring the server back in-service as soon as it responds to an existing connection. This will bring a server back in service before waiting for the retry time to pass, and it will only work with servers that are responding with data.

Use the data command to limit the number of connections sent to a server that is not sending data. When a real machine reaches the number of unanswered connections set with the data command, the LocalDirector will check to see if other machines bound to the virtual server are also at 80 percent of their threshold capacity (DataIn value). If the other machines are close to reaching this value, then the LocalDirector assumes the site is busy and will not fail the machine.

The timeout command is used to set the number of minutes an idle connection to the server will be maintained. This will prevent incomplete connections from being counted toward LocalDirector load balancing.

Failed Server Recovery

When a real server is failed (it does not respond to a predetermined number of connections set by the threshold command), the following process is used to test the real server to see if it is ready to accept more connections:

• After the number of minutes set with the retry command have passed (the default is one minute), the real server will be put into "TESTING" state. The default for the retry command is one minute. If the show real command is used while in the testing state, TESTING will be displayed in the output.

• In the testing state, the server will receive one live connection from a client. If the server responds, it will be moved back into "IS" (in-service) state; however, if the real server does not respond (or if it responds with a TCP RST), it will be moved back to "FAILED" state and it will be retried again, after the number of minutes set with the retry command have passed (as before).

Slowstart

Previously, a server brought into service under heavy network traffic would be bombarded with connections since it had zero connections. The effect of too many connections at once would disable servers or seriously decrease their performance.

An automatic slowstart algorithm is available to help bring new servers up to speed with the weighted or leastconns predictor options. The slowstart option can be set to roundrobin or none. The roundrobin slowstart option will load balance network connections until network traffic is stable. When the number of connections on all bound real servers is within 80 percent of the desired distribution, the predictor will switch to either weighted or leastconns, as specified in the configuration.

Slowstart is used when:

• A new real server is bound to a virtual server

• A virtual server just comes out of being failed to in-service

• A real server is taken from failed or out of service to in-service

• The predictor option for the virtual server is changed

---

Note Slowstart is only used with the leastconns and weighted predictor commands.

---