Accélération et Optimisation des Applications · Data Redundancy Elimination. Optimisation TCP....

© 2010 Cisco and/or its affiliates. All rights reserved. 1

Accélération et Optimisation des ApplicationsHicham El AlaouiSystems Engineer

Cisco Expo Alger, le 16 Mars [email protected]


Data Center Security

ASA 5580 Series

Firewall Services Module

Application Network Services

WAAS

WAAS Express

vWAAS

ACE

GSS

StorageNetworking

MDS 9500 Directors

MDS Fabric Switches

Blade Switches

Catalyst 6500

Catalyst 4900M

Catalyst Blade Switches

EthernetNetworking

Unified Networking

Nexus 7000

Nexus 5000

Nexus Blade Switch

Nexus 1000V

Unified Computing

UCS Blade Systems

UCS RackmountSystems

Data Center Networking


• Technologies d’Optimisation WAN

• WAAS Appliance

• WAAS Express

• vWAAS

• WAAS Mobile

• Partage de Charge entre Serveurs avec ACE

• Partage de Charge entre Sites avec GSS


Distribution ofServices

Data center consolidation

La distribution géographique des employés pousse vers la distribution des services du SI :

Plus de ProductivitéPlus de Profit

La protection des données, la haute disponibilité, la conformité aux législations pousse vers la consolidation des SI :

Moins d’Equipements à GérerMoins d’Equipements à Protéger

Data CenterPrimaire

Agences

Directions Régionales

Télétravail

Data CenterSecondaire


• Bonne Performance des Applications sur le LAN :Grande Bande PassanteFaible LatencePeu/Pas de Perte de Paquets

Round Trip Time (RTT) ~ 0mS

Client LAN Switch Server

Round Trip Time (RTT) ~ Bcp Bcp de milliseconds

ServerClientLAN Switch

LAN Switch

WAN

• Mauvaise Performance des Applications sur le WAN :CongestionnéFaible Bande PassanteGrande LatencePerte de Paquets


1.544Mbps

500Kbps

Latence

Déb

it

Débit Réel

Débit Théorique

Faible

5.02.1

pRTTMSSR =

R : Average Throughput

MSS: Packet Size

RTT: Round-Trip Time

P : Packet Loss

Grande


WAN à la Vitesse du LAN

Accélérateur Accélérateur

Data Redundancy Elimination

Optimisation TCP

Accelerations Spécifiques

Data Center

BranchUsers

MobileUsers

Optimisation Vidéo

Accélére les Performances de TCP sur le WAN

Les Données qui se Répètent n’ont pas Besoin de Re-Traverser le WAN

Optimisation des Protocoles comme MAPI, CIFS, NFS, HTTP

Une seule copie des Streaming Vidéo Traverse le WAN

CompressionCompression Avant envoi sur le WAN et Décompression à l’autre Bout


UtilisateurEn Voyage

LogicielWAAS Mobile

Sur VPN

UtilisateurItinérant

Agence

WAASServiceModule

WAN

Internet

AgenceWAAS

Express

AgenceWAAS

Appliance

Data CenterWAAS

Appliances

VPN

VMware ESXi vWAASAppliances

Server VMs


Category Applications 2X 5X 10X 25X 50X 100X+

File Sharing CIFSNFS

Email Microsoft ExchangeLotus NotesInternet Mail

Web andCollaboration

HTTPWebDAVFTPMicrosoft Sharepoint

Software Distribution

Microsoft SMSAltirisHP Radia

EnterpriseApplications

Microsoft SQLOracle, SAPLotus Notes

BackupApplications

Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy

Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator

2-20X Avg >100X Peak

2-5X Avg 20X Peak

2-10X Avg 100X Peak


2-5X Avg 20X Peak

2-10X Avg 50X Peak

2-10X Avg 50X Peak

Category Applications 2X 5X 10X 25X 50X 100X+

File Sharing CIFSNFS

Email Microsoft ExchangeLotus NotesInternet Mail

Web andCollaboration

HTTPWebDAVFTPMicrosoft Sharepoint

Software Distribution

Microsoft SMSAltirisHP Radia

EnterpriseApplications

Microsoft SQLOracle, SAPLotus Notes

BackupApplications

Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy

Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator


2-5X Avg 20X Peak

2-10X Avg 100X Peak


2-5X Avg 20X Peak

2-10X Avg 50X Peak

2-10X Avg 50X Peak


SharePoint Response Time (14.5MB Excel Download)

0

50

100

150

200

250

300

Without WAAS With WAAS (1stdownload)

With WAAS (2nddownload)

SecondsChallenges:•Customers scattered in rural areas

•R&D scientists distributed globally

•Time to market relied on real-time collaboration

Strategy:•Microsoft SharePoint portal centrally deployed for once

• LAN-like performance ensured for all

Results:•Average response time: From 270 to 8 seconds

•Bandwidth usage: From 90 to 50%

WAN Bandwidth Consumption

0%10%20%30%40%50%60%70%80%90%

Without WAAS With WAAS

Percentage

See Monsanto video testimonial: www.cisco.com/go/waas

Microsoft SharePoint Acceleration Case Study

http://www.cisco.com/go/waas�


Optimisations de Base (Applicables à Tout Echange TCP)

Elimination de Redondance (DRE)

OptimisationTCP (TFO)

Compression LZ

Accélération du Protocole CIFS

Accélération du Protocole NFS

Accélération du Protocole MAPI

Accélération du Protocole HTTP

Décryptage des Echanges SSL Optimisation VidéoAccélération

Spécifique à Certains Protocoles Applicatifs


• Persistent LZ Compression: –Session-based compression–Up to an additional 10:1 compression even after DRE

• Data Redundancy Elimination (DRE):–Application-agnostic compression–Up to 100:1 compression

DRE DRE

LZ LZ

SynchronizedCompressionHistory

WAN

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=�

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=�


Level-0 Chunk“Basic Chunk”~256 bytes

Level-1 Chunk~1024 bytes



Données Qui Passent sur le Réseau

• Chaque “Chunk” est stocké dans la base de données (sur disque)

• On Calcule une signature de 5 octets pour chaque “Chunk”


DRE Database

NO MATCHNO MATCHNO MATCHNO MATCHOriginal

MessageEncodedMessage


• Improves application throughput

• Improves existing WAN bandwidth utilization

• Shield end-nodes from unruly WAN conditionsBandwidth scalability - help certain applications ‘fill-the-pipe’Connection fairness - ensure bandwidth is allocated fairly amongst flowsLoss mitigation - selective acknowledgement and retransmissionSlow-start mitigation - improve connection setup time

• TCP Proxy architecture provides LAN-like TCP behavior and provides higher levels of compression than per-packet compression

• TFO provides adaptive buffering to help ensure that connections requiring additional memory to achieve higher throughput

LAN-like TCP Behavior

WAN DREPLZ

DREPLZ

TCP TCPTCP TCPLAN-like TCP BehaviorOptimized TCP Connections


Time (RTT)Slow Start Congestion Avoidance

Taill

e de

la F

enêt

re T

CP

TCP

Impossibilité d’Utiliser la Bande Passante Disponible

Réponse Inefficace aux Pertes de Paquets

Handicap pour les Connéxions de Courte Durée


Time (RTT)Slow start Congestion avoidance

TCP sans TFO

TCP avec TFO

Cisco TFO Permet d’Améliorer Significativement les Performances de TCP par Rapport au Standard

Taill

e de

la F

enêt

re T

CP




Optimisation TCP (TFO)

Compression LZ








Solution• Mise en Cache des Fichiers• Read-ahead• Pré-Positionnement Programmé• Intégration Transparente• Cache Dédié (SMS distribution

point, user home)

Problème

Certains protocoles comme CIFS, NFS et MAPI sont “bavards” et ont été conçus dans un environnement LAN.

=> Deviennent presque inutilisables dans un environnement WAN avec une grande latence, des pertes de paquets et des contraintes de bande passante.

FILE.DOC

Cache

Files

WAN


Problem• Slow page load on Interactive Web applications • Browsers serially open and close connections to fetch small objects (e.g graphics)• Latency in a connection open/close could be higher than object transmit time.Solution• Fast Connection Reuse - Optimized connections on the WAN remain active for a

short period of time to be re-used should additional data between the client-server pair need to be exchanged

• Proxy Connect to SSL Servers – Each HTTP request is being inspected and forwarded to the HTTP or SSL AO or general optimization

Connect (SYN, SYN-ACK, ACK)

Connect

HTTP Request

HTTP Response

HTTP Request

HTTP Response


• L’Optimisation et l’Accélération du Trafic ne sont Efficaces que si le Trafic est Décrypté

SSL Handshake

“session key” derived

Encrypted Data Exchange

WAN


WAN

• Core WAE acts as a Trusted Intermediary Node for SSL requests by client• Private Key and Server Certificate are stored on the Core WAE device• Core WAE participates in SSL Handshake to derive “session key”• Distributes the “session key” securely in-band to the Edge WAE over the established

connection between the Edge WAE and Core WAE

Send “session key”

SSL Session Core WAE to Server- Core WAE: Server Private Key

SSL Session Client to Core WAE (WAAS)

WAAS WAAS

TransparentSecure Channel

Données d’Origine(Cryptés)

Données Optimisées et Cryptées

Données d’Origine(Cryptés)

SSL HandshakeSSL Handshake




Optimisation TCP (TFO)

Compression LZ








• Boitier

• Boitier Rackble

• Module pour Routeur

• Fonction dans l’IOS d’un Routeur

• Boitier Virtuel (Virtual Appliance)

• Logiciel pour Utilisateurs Mobiles (sur Windows)


Cisco Wide Area Virtualization Engine (WAVE) appliances extend the Cisco WAN optimization appliance portfolio to provide the industry's only branch-office appliance family that incorporates comprehensive WAN optimization, embedded virtualization for local hosting, and branch-office video delivery.

WAVE-274 Appliance

WAVE-574 Appliance

WAVE-474 Appliance

WAE-674 Appliance


• The Cisco Wide Area Application Services (WAAS) network modules provide integrated WAN optimization with Cisco Integrated Services Routers (ISR), enabling you to implement full feature WAN optimization while minimizing total cost of ownership

• Supportés sur les Routeurs ISR G1 à partir du 2811 et sur les ISR G2 à partir du 2911.

NME-WAERouter-Integrated Network Modulefor the Cisco Integrated Services Router

Cisco Integrated ServicesRouter (ISR) Series

Reduce Branch Footprint

Reduce Cost with Integrated Support

Single Box Solution for Voice, Security, Wan Opt


• Simple Plug-and-Play DeploymentPhysical in-path deployment between switch and router or firewall requires no network changesMechanical fail-to-wire upon hardware, software, or power failure

• Scalability and High AvailabilityTwo two-port fail-to-wire groups provides support for redundant network paths and asymmetric routingSerial in-path clustering with load-sharing and fail-over

• Seamless Transparent IntegrationTransparency and automatic discovery802.1q VLAN trunking supportSupported on all WAE appliance models

Remote Office

WAN


• Transparent integration and automatic discovery regardless of interception method

• WCCPv2 InterceptionActive/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operationNear-linear scalability and performance improvement when adding devices

• Policy-Based Routing InterceptionRouting of flows to be optimized through a Cisco WAE as a next-hop routerActive/passive clustering provides high availability and failover using IP SLAs as a tracking mechanism

WAN

Optimized Flow

OriginalFlow

InterceptionRedirectionMonitoring

WAECluster

Remote Office


Compliance with critical network services

Industry’s only holistic and secure optimization, visibility, and control solution

Quality of Service (QoS)Classification, NBAR, markingPolicing, shaping, queuing, WREDLFI, header compression

Network ManagementNAM, PVM, NetFlowNetQoS, IP SLA

SecurityIOS Firewall, IDS, IPS, ACL, VPN

Optimized RoutingNetwork Path Affinity (NPA)Optimized Edge Routing, PBR

SrcIP 1.1.1.1DstIP 2.2.2.2

SrcPrt 1434DstPort 80 APP DATA

WAN

SrcIP 1.1.1.1DstIP 2.2.2.2

SrcPrt 1434DstPort 80

optimized

Cisco Integrated Services Router

Cisco Wide Area Application Services

Quality of Service (QoS) Network Analysis/NetFlow IOS Firewall Intrusion Prevention

Optimized Edge Routing Policy Based Routing IP Service Level Agreements VPN

Application Optimizers Advanced Compression

Transport Optimization


• Centralized ManagementRobust management, monitoring, and

reporting for up to 2500 nodesDevice grouping for simplified rollout of

configuration changesDevice and system alarms, as well as

integration with SNMP and syslog

• Secure Management PlatformSSL-encrypted HTTP GUI and intra-

device communicationRoles-based Access Control (RBAC) to

isolate users to specific capabilities and domains of management

Integrated IOS-like CLI accessible via SSH (also telnet, serial)

• High Availability ConfigurationsActive/standby deployments with

automatic failover, replication of Central Manager database, and encryption keys

• SOA-ready MonitoringStandard XML Web Service (SOAP) Integration with external reporting and

monitoring portals


Flexible, Optimized Branch IT

CiscoWAAS

Data Center

Technologie WAAS Virtual BladeOffre la Meilleure Combinaison des Modèles IT Distribué et CentraliséValidé par Microsoft pour Windows Services

Servers

Router

Cisco WAAS

Users

Storage Backup

Business and Communication Apps

WAN

LocalStorageBackup


Platform Management and Services

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Embedded virtualization

ConfigurationManagement

System(CMS)

CIFSAO

TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO

MAPIAO

HTTPAO

SSLAO

VideoAO WoW

VirtualBlade

# 2

VirtualBlade

# 3

NFSAO

Disk Storage (Cache, VB storage etc.)EthernetNetwork

I/O


• Remote access and management using Windows Management facilities

Example: Using Terminal Connection to Virtual Blade IP


Cisco WAASwith Virtualization

• Branch optimized IT servicesRead-only Domain ControllerPrint servicesDNS/DHCP services

• Complete WAN optimization + application acceleration

• Ability to host Windows services locally

Microsoft Windows Server 2008 Server Core

Jointly developed architecture

Joint customer support

Cisco WAAS with pre-packaged Windows Server 2008 services


Non-Optimized – Automatic bypass

Optimized – vPath Redirection

WAAS ExpressPOC Branch

WAN

Non-POC Branch

Web Server

VMware ESXi Server

Nexus 1000V

vWAAS

vPATH

• vWAAS indique à vPATH les flux qui l’intéressent

• vPATH n’envoi au vWAAS que le trafic qui doit être Optimisé

• Déploiement Facile et Progressif• L’Optimisation n’est pas

perturbée par des Opérations de vMotion


• Introducing WAAS Express – A small-footprint, cost-effective IOS-based WAN optimization solution

-Key component of Cisco WAAS product portfolio-Extend WAN Optimization solution across the entire ISR G2 family-Increase the amount of available bandwidth for small to medium branch offices and remote locations, while accelerating TCP-based application operating in a WAN environment-Natively use the capabilities of IOS software-Fully interoperable with WAAS on SM-SRE modules, WAAS appliances, and can be managed by a common WAAS Central Manager

WAAS ExpressBranch Office

WAN

Data CenterWAAS

ApplianceWAAS

Central Manager


• WAAS Express is a standard feature license

• License enabled on IP Base Image

• Enforced using a license key

• License key enforcement done in IOS on the router using Cisco Software Licensing Infrastructure

• 60 day trial license available

• WAAS Central Manager will not participate in license management

WAAS Express will not register with WAAS Central Manager unless valid and active license is presentWAAS Central Manager will periodically ensure (trial and extension) license is active to allow customer configuration

Security U.C. Data

IP Base

Universal Image

W.E


LAN

Files (CIFS, FTP)Internet and Web applications (HTTP / HTTPS)

Application Servers & Storage

E-Mail (MAPI, SMTP/POP)

Latency Mitigation

Poste de Travail Mobile

Serveur dansle Data Center

On installe le client “Cisco

WAAS Mobile” sur le Poste

On installe le logiciel serveur“Cisco WAAS Mobile” sur un

Serveur Windows dans le Data Center


Data Center

App Servers & Storage

Mobile UsersInternet

VPN Cisco WAAS Mobile client

VPN Concentrator

Cisco WAAS Mobile Server

VPN Tunnel

Optimized TCP connections

Un-optimized connections

WAAS Mobile Optimized connection


• Boitier

• Boitier Rackble

• Module pour Routeur

• Fonction dans l’IOS d’un Routeur

• Boitier Virtuel (Virtual Appliance)

• Logiciel pour Utilisateurs Mobiles (sur Windows)


Validation avec les Editeurs de Logiciels Majeurs•Architecture leadership and joint R&D•Lower risks via technology licensing•Ease of integration and support escalation

Intégration Facile, Sécurisée et Transparente au Réseau•Ease of operations via network transparency•Accurate application SLA monitoring•Secure acceleration•Better with VoIP and video

Coût de Possession Réduit•Minimized device complexity via router integration•Integrated high quality video•Reduced data center server OpEx via offload technology


Clients

ACE LoadBalancer

2ème Ferme de Serveurs

Keepalive(Probe)

Virtual IP Address (VIP)

Exemple :Si “URL = /news”Et “User-Agent = WindowsCE”Et “Client = 192.0.0.0/8”Alors Choisir “Ferme 2”Suivant “Predictor 1”

1ère Ferme de Serveurs


(Probe Options)

Probe DescriptionICMP Sends a ICMP request and waits for reply

Generic TCP Open a connection with server and disconnect with TCP FIN or RST. TCP FIN Default

Generic UDP Sends a packet, probe is considered successful, if no icmp error receivedHTTP Sends an HTTP HEAD or HTTP GET 1.1 requestHTTPs Establishes an SSL connection, send HTTP query and tears it down

FTP Similar to TCP probeTelnet Makes a connection, send a “QUIT” messageDNS Uses a default domain and waits for any response

SMTP Sends a “hello” followed by a “QUIT” messagePOP3 Similar to TCP probeIMAP Similar to TCP probe

Radius Similar to UDP probe. NAS-IP can be configuredSNMP Up to eight OIDs can be configured. Used mainly for load balancing

predictions and not health checking. Should be combined with another health probe to verify application


Ferme de Seveurs

Clients


• Round Robin: (Weighted) Very simple

• Least Connections: (Weighted) Dynamic, requires slow-start

• Hash on IP: (source/destination, with mask)No state required for stickiness issues with dynamic changes

• Hash on URL: or portion of URL• Server Watermarks: min and max number of connections per server.• Least Loaded: SNMP OIDs based server feedback for obtaining

useful information maintained as SNMP Object IDs• Least Bandwidth: Connection vs. Bandwidth based on the

bidirectional traffic flow.• Adaptive Response Predictor: Load-balancing based on server

response timeSYN to SYN-ACKSYN to FINApplication request to first packet of response

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53

Choix du Serveur le Moins Chargé en Utilisant SNMP

SNMP Object IDsCPU UtilizationMemory ResourcesDisk Drive Availability……. …….

Only SNMP agent is required on the server – no additional software

ACE queries server for the following three SNMP Object IDs

Query ResultCPU Utilization = 14%Memory Resources= 947300k freeDisk Drive Availability= 440GB free

Query Result CPU Utilization = 24%Memory Resources= 885300k freeDisk Drive Availability= 307GB free

Query ResultCPU Utilization = 34%Memory Resources= 785300k freeDisk Drive Availability= 202GB free


Je Navigue

Je Sélectionne

J’Achète

1

2

3

Panier Vide ?!?

Le Problème du “Panier de Shopping”

Je ne reviendrai plus jamais ici !

Internet


• Offload CPU-intensive SSL processingServers resources are dedicated to serving requests and running applications, rather than encrypting data

• Centralized key/certificate storage/management• Allows advanced content switching (URL-based, cookie-sticky,

payload parsing) and inspection of SSL traffic• Scalability: easy to add more SSL “performance”

ServersApplicationSwitch

Clear Text toServers:80

Encrypted toVIP:443


• On Décharge le Serveur Web des opérations d’établissement et de terminaison des connéxions TCP.

• Un nombre de connéxions TCP sont laissés ouverts par des “HTTP Keepalive”

• Réduction des Cycles CPU utilisés par TCP

• Les Nouvelles connéxions sont multipléxés sur les connéxions existantes.TCP1

ACE-TCP1 Pool1

TCP2

ACE-TCP2 Pool2


• Over 98% reduction in server side TCP connetions per second• Depends also on server configuration (HTTP GET’s per TCP connection)

Server Side

Client Side


Serveurs

ACE

Client

http://www.cisco.com

1

3Compression

4

Le Navigateur Web Décompresse la page et l’affiche

5

2

http://www.cisco.com/�


• ACE offload servers by serving directly the content

• ACE offers static caching and sophisticated dynamic caching

• Caching it’s enabled together with the other acceleration feature

• ACE allows Compression and Caching without source-nat!


• TCP/IP normalization–Built-in Transport Protocol Security–User Configurable, to meet Security Requirements

• SYN Cookies

• Advanced HTTP Inspection–RFC Compliance–MIME Type Validation–Prevent Tunneling Protocols over HTTP–Content Filtering

• Application Protocol Inspection–ICMP, FTP, DNS, RTSP–Voice, Video

Layer 2throughLayer 4

Layer 5throughLayer 7andApplicationSpecific


One physical deviceMultiple virtual systems(dedicated control and data path)

Traditional deviceSingle configuration fileSingle routing tableLimited RBACLimited resource allocation

25% 25% 20%15%15%100%

Cisco Application Infrastructure ControlDistinct configuration filesSeparate routing tablesRBAC with Contexts, Roles, DomainsManagement and data resource controlIndependent application rule setsGlobal administration and monitoring

Virtual Partitioning – System Separation


• Module ACE30 pour Catalyst 6500

• Boitier (Appliance) : ACE 4710

De 500 Mbps à 4 Gbps par Simple Activation de Licence (Pay As You Grow)


• High-availabilityWorks around server, application and network failures

• No single point of failureFailover is transparent to clients

• Disaster recoveryFails over across Data-Centers

• High and scalable performanceCan serve growing number of clients, with more content and transactions

• Intelligent content and load-based decisionsSelection of the best server

• Transaction assuranceEntire transaction sent to the same server

• SecurityProtect self, servers and applications

• FlexibilityAdapt to network topologies and application environments


• Server OffloadFree up server CPU and resources

• Application AccelerationBetter user experience, faster transactions

• Bandwidth ReductionEfficient WAN resources utilization

• Application and Protocol InspectionProtection against sophisticated application-specific attacks

• VirtualizationOne physical device behaves as many: maximum deployment flexibility and separation of resources

• Flexible Network ManagementAllows multiple users, with different responsibilities, to simultaneously managethe device


ContentSwitch

ACE GSS


Application AApplication B

Clients

PrimaryData Center(Active)

Site Selection Intelligence

SecondaryData Center (Standby)



ClientsSite Selection Intelligence

SecondaryData Center (Active)

While end users are serviced by Standby data center, begin logistics of recovering primary data center

PrimaryData Center(Failed / Inactive)



Clients

PrimaryData Center(Active)

Site Selection Intelligence

SecondaryData Center (Standby)

Application C



ClientsSite Selection Intelligence

SecondaryData Center (Active)

While end users are serviced by Standby data center, begin logistics of recovering primary data center

PrimaryData Center(Failed / Inactive)


Client

DNS Proxy

Site BSite A

http://www.cisco.com/

Root DNS for/ Root DNS for .com

Authoritative DNScisco.com

ACE GSSAuthoritative DNSwww.cisco.com


Keep Alive Types•Simple

• Layer 3 - ICMP Ping for device online status• Layer 4 – TCP three way handshake FIN/RST option • Layer 5 – HTTP Head : An HTTP Head request is sent to the target device and the GSS checks for 200 OK response from web page

•Advanced – KAL- AP used to check ACE load and VIP online status • Uses UDP protocol for transport

•SNMP – MIB values will be used in least loaded load balancing calculations


1. Ordered List- Uses next VIPs when all previous VIPs are

overloaded or down2. Static Based on Client’s DNS Address

- Maps IP address of client’s DNS to available VIPs3. Round Robin

– Cycles through available VIPs in order4. Weighted Round Robin

– Weighting causes repeat hits (up to 10) to a VIP


5. Least Loaded– Least connections or least loaded on ACE– Load communicated via CAPP UDP

6. Source Address and Domain hash- IP address of client’s DNS proxy and domain used- Always sticks same client to same VIP

7. DNS Race– Initiates race of A-record responses to client– Finds closest SLB to client’s d-proxy


8. DRP-based Dynamic Network Proximity – Actively localizes client traffic by probing the client DNS

Name servers and routing the client to the closest data center based on the lowest RTT measurement.

– Scales to greater than 400,000

9. Global Sticky DNS Database– Dynamically tracks where clients are sent then ensures they

are sent to the same device for subsequent requests– Entries are based the IP address of client name server and

the domain name requested – Sticky answers are shared between GSSs

10. Drop– Silently discards the DNS request


DNS

Normal Traffic Rates DNS request per second

100 D-RPS

50 D-RPS

500 D-RPS

500 D-RPS

10,000 D-RPS

10,000 D-RPS

D-Proxy 1

D-Proxy 2

D-Proxy 3

D-Proxy 4

Compromised

Compromised

Rate limit these requests


Data Center Security

ASA 5580 Series

Firewall Services Module

Application Network Services

WAAS

WAAS Express

vWAAS

ACE

GSS

StorageNetworking

MDS 9500 Directors

MDS Fabric Switches

Blade Switches

Catalyst 6500

Catalyst 4900M

Catalyst Blade Switches

EthernetNetworking

Unified Networking

Nexus 7000

Nexus 5000

Nexus Blade Switch

Nexus 1000V

Unified Computing

UCS Blade Systems

UCS RackmountSystems

Data Center Networking

MERCI

N’oubliez Pas S’il Vous Plait de Remplir la Fiche d’Evaluation pour Cette Session.

Accélération et Optimisation des Applications · Data Redundancy Elimination. Optimisation TCP....

Documents

Transcript of Accélération et Optimisation des Applications · Data Redundancy Elimination. Optimisation TCP....