F5-GTM广域网流量管理与优化方案

BIG-IPGlobalTrafficManager

广域网流量管理与优化方案应用全球部署以后的挑战异地容灾、故障切换客户感受：易于使用、最佳访问效果应用的协同多数据中心资源的充分利用扩展性可管理性容灾方案：宕机的代价是沉重的“47%ofthebusinessescitedthatdisasterrecoverywasaprimetargetforITSpending”–NetworkComputingSurvivor’sGuideto2006survey

33%ofbusinessesdidnothaveDisasterRecoveryplansinplace16%ofbusinesseslostbetween$100-$500K/day26%ofbusinessesdon’tknowhowmuchtheylostSource:AT&TandIAEMreport传统的应用容灾方案的切换机制手动修改客户端访问目的地址手动修改DNS解析记录方式应用层重定向都是需要人工介入！！！指望人工进行容灾切换是靠不住的$$$$ErrorProneSlowtoImplementCostlyLaborIntensive网络管理员“Microsoft'swebsiteswereofflineforupto23hours-themostdramaticsnafutodateontheInternet-becauseofDNSequipmentmisconfigurationaffectingmorethan72millionusers.”“Wescrewedup.Thisistheworstdayofmyprofessionallife“

–NetworkAdministratoratMicrosoft错误修改DNS记录的后果是极其严重的客户感受易于使用最快响应速度UNIXWINSInternalDNSServers跨ISP访问：南北电信互访问题测试项目网通北京ADSL用户访问12月2日凌晨1时广东电信用户访问，宽带用户，带宽未知，12月2日16:30网通北京ADSL用户访问，12月2日16:00上海ADSL宽带用户访问，12月2日20:00DNSResult202.xxx.xxx.209219.xxx.xxx.11202.xxx.xxx.209219.xxx.xxx.11网通电信网通电信网通电信网通电信Numberofhits:726947652471935RequestsperSecond71.270.870.780.320.58SocketConnects737057753482036TotalBytesSent(inKB)14.1913.470.9614.9613.6112.233.877.03BytesSentRate(inKB/s)00.060.12TotalBytesRecv(inKB)4148.244001.90256.584388.543019.942703.2621.7339.83BytesRecvRate(inKB/s)69.1266.684.2873.1250.3245.050.360.66多应用在多数据中心中的协同问题ClinicalrecordsdowninDallasdatacenter!ClinicalRecordServicesEmployeeInformationServicesPersonalInformationServicesServiceOrientedArchitecture特性：应用智能、可管理性与高性能SOAApplicationManagementZoneRunner®-EliminateDNSErrorsBIG-IPGlobalTrafficManager(GTM)AdvancedapplicationandcomponentmonitoringiRules-FlexibilitytodefinedistributionpoliciesIPv6AAAArecordsupportLeadingDNSperformance(40KRes/s)TMOS极大提升全球交付应用的可用性与可靠性主要功能与优势支持应用在多个数据中心间进行透明交付确保全球业务的连续性和应用的可用性灵活的负载均衡算法，能够根据任何一项业务政策（包括地理信息、负载情况、网络就近性等），并通过为直接用户交付全球流量控制，来增强灵活性。引导用户进入全球最佳站点，能够显著改进性能并提高客户的体验。集中管理与监控，实现从单一地点提供全面的应用和数据中心状态信息，降低管理开销通过充分利用备份数据中心，以提高全球网络的效率、可扩展性以及投资回报。能够实现复杂任务的自动化流程，从而降低维护和管理开销。广州数据中心上海数据中心User查询LocalDNSF5BIG-IPGTM--广域网流量管理与优化方案BIG-IPServerfarmWebmaster北京数据中心RouterBIG-IPInternetInternetGTMGTM基本工作机制GTMisaWideArealoadbalancerusingDNSastheTrafficManagementmechanism.BINDisversion9.3.1BINDzonefileUIisnowZoneRunnerWideIPrecordsarewrittentotheappropriatezonefilesGTMgetsBIG-IPstylemonitorsandpools.Big3d’sareusedtocommunicateavailabilitybetweenGTMandBIG-IPsystems.Big3d’scommunicateviaiQueryoverSSL,andutilizegziptocompressmessagingBig3dshimdaemonfacilitatescommunicationbetween9.x(big3d)and4.x3-DNS.GTM决策过程

WhenaDNSrequestisreceivedbytheGTMlistener,tmmandgtmdgothroughthefollowingdecisionmakingprocessbeforeanyIPaddressisreturned:TMMcheckstoseeifthereisaWideIPthatmatchestherequestIfthereismatchgtmdhandlestherequest.IfthereisnomatchtherequestispasseddowntoBIND.IfaWideIPmatchestherequest,gtmdchecksit’spersistencetableforapersistencerecord.Ifamatchexiststhengtmdwillgiveouttherecordinthepersistencetable.IfnotthenGTMdetermineswhatpooltosendthetraffictobasedupontheWideIPLBmethod,andtheavailabilityofeachpool.GTMreturnsArecordsonly(AAAAandA6recordsincluded)Oncetherequestreachesthepoollevel,thepoolmustmakeaload-balancingdecisionbaseduponit’sLBconfigurationandtheavailabilityofthepoolmembers.GTMLBMechanismGTM’s采用分层的负载均衡机制AWideIPloadbalancesbetweenitspools.Apoolloadbalancesbetweenpoolmembers.InthecontextofGTMapoolmemberisaVirtualServer.AvirtualserverisasubcomponentofaServerObject.ThusyoumustconfigureTopologyaccordingly:1stpass:pickapool2ndpass:withinapooltoselectapoolmember广域网访问流量优化欧洲用户美洲用户GTM德国DataCenter美国DataCenter=集成的性能结构商业标准控制全球用户访问在多个数据中心之间的流量分配地址位置就近访问－Topology亚洲用户新加坡DataCenterTopology举例来自北美（NorthAmerica）的访问请求导向到北美的两个数据中心（NA）来自北美（Europe）的访问请求导向到北美的两个数据中心（London）来自其它地方的访问请求导向到北美的两个数据中心（Tokyo）Topology举例(cont.)Fromtopology.inctopology{//6Items//server ldns scoredc."London" continent."Europe" 250pool."nor_am_web"continent."NorthAmerica" 250pool."nor_am_web"/0 25dc."Tokyo" continent."Asia" 250dc."Tokyo" continent."Australia" 250pool."nor_am_web"continent."SouthAmerica" 250}Topologyexample(cont.)FromtheGUI网络就近性动态探测GTM支持的负载均衡算法循环全球可用性LDNS持续性应用可用性地理分布虚拟服务器容量最少连接Pkt/sec（数据包/每秒）KB/sec（千字节/每秒）往返时间中继段（hop）数据包完整率用户定义服务质量（QoS）动态比率LDNS循环比率随机组合的负载均衡算法TheBelowpoolcontainsaVirtualServeronaBIG-IP,andaVirtualServerfromaGenericHost: pool{ name"bigip_and_host" ttl30 preferredga alternateratio member00:80ratio2 member05:80 }PoolName: bigip_and_hostttl: 30secondsPreferredLB: GlobalAvailabilityAlernateLB: ratioFallbackLB: ReturntoDNS(default)FallbackIP: noneGTMWideIPPersistenceTherearetwotypesofpersistence:StaticPersist:AStaticLBmode.WideIPPersistence:AppliedoneachWideIPobjectasadrop-downconfigurationoption.WideIPpersistenceworksinthefollowingway:firsttimethroughapoolmemberispicked(LB)andputintothepersistencetable(andsync'dtoallotherlisteningGTM's)secondtimethroughifthepersistentpoolmemberisstillavailable(green)thenthatpoolmemberisreturnedandthetimestampupdatedonthepersistenceentry(andwesyncthattoo)ifthepoolmemberisnotavailable(!green)thenthepersistenceentryistossedandanewonecreatedonceLBiscomplete.Iftherearenorequestsforapersistenceentryitisremovedfromthetableoncethatentryhasexpired.PersistencerecordsaresynchronizedbetweenGTMsynchronizationpeersPersistencerecordscanbeviewedintheUI:Navigate:Statistics->GlobalTraffic->PersistenceRecordsStaticPersistLBmethodisdiscussedinapreviousslide.自动容灾切换RouterL-DNSBIG-IPGTMBIG-IPLTMCorporateServersSite1(Primary)ClientRouterBIG-IPLTMCorporateServersSite2(Backup)BIG-IPGTMGTM服务器可用性检查（Monitors）GTMinheritsit’smonitorsfromLTM.AnadministratorcancreatethesamemonitorsthatareavailableinLTMtomonitorGTMobjects.Monitorscanbeappliedon:ServersVirtualServersPools(andpoolmembers)服务器可用性检查ApplicationDeviceFTP…HTTP…DB.DHTTPS…SiebelAppOracleDB内容/文件检查

DataCenterIntranetApp:Siebelin纽约

HTTPServer DBServer SiebelApp OracleDB Siebelcontent verification可用性解决方案:

web服务穿过特定区域、设备，使应用得到一个统一服务检测的批量可用性好处: 可探测到任意标准的web服务套件的失败多应用协同－－DistributedApplicationsdistributedapplication是一个要使用到多个域名（wideip）的应用，这些域名分布在不同的服务器上，由这组服务器协同工作构成一个完整的应用.DistributedApplications将多个Wideip当作一个对象来进行管理，可以同时Enable或Disable.DistributedApplicationManagementManagemultipleservicesaspartofacollectiveapplicationBenefitsLowercomplexity,easemanagement

ReducedmanagementoverheadCostsavingsfromreducedstaffEliminatecostofdowntime

BIG-IPGlobalTrafficManagerSolution-DataCenterADataCenterBNewCarAppOnestepfailoverManageServiceDependenciesChallengeHundredsofapplicationsManualfailoverisslow,errorproneMulti-stepfailovertoshutdown

eachapplicationserviceNoinstantaneousfailoverDistributedApplicationsExample1:DataCenterDependency当构成DistributedApplication的Wideip中有任何一个，其对应的virtualserver都不同用的话，对这个DistributedApplication来说，这个virtualserver所属的数据中心就是不可用的。但其它不属于这个DistributedApplication的访问请求，仍然可以被分发到这个数据中心的。Example2:ServerDependency当构成DistributedApplication的Wideip中有任何一个，其对应的virtualserver都不同用的话，对这个DistributedApplication来说，这个virtualserver所属的服务器就是不可用的。但其它不属于这个DistributedApplication的访问请求，仍然可以被分发到这个服务器上来。ZoneRunner减少DNS配置错误EasyDNSmanagementAutopopulationofprotocolsValidation/errorcheckingRollbacktothelasttransactionImportationofzonesAutomaticreverselookupsZoneRunner®OnlyintegratedDNSManagementUtility成功案例-TOM.COMCDNSite沈阳Site西安Site成都Site长沙Site广州Site杭州Site北京Site教育网Site中国移动100MFE1000MGESwitchRouterF53DNSF5bigip2400Netapp6200Netapp2100成功案例-ChinaCacheChinaCache中国最大的CDN服务提供商Solutionrequirement:Nodedeployment:30-50inChinaCapacityofeachnode:40-1000MBImplementation:DeployBIGIP,3DNS,F5totalCDNsolutionBIG/IPLBforCache3DNSforWANLBSee-ITformanagement

21cnGSLB解决方案SEE-ITWEB/StreamingServer3DNS3DNSBigIP2400CoreSwitch21cn广州机房GBFECacheServerWEB/StreamingServerBigIP5000BigIP500021cn上海节点CoreSwitchInternetWEB/StreamingServerBigIP2400CoreSwitch21cn河北节点Summary:BIG-IPGTMBIG-IPGlobalTrafficManagerApplicationHealthFeaturesCompositemonitorsApplication-specificmonitorsDistributedapplicationmonitoringManagementFeaturesNewandimproveduserinterfaceZoneRunner