Scribd Logo
Upload

Welcome to Scribd!

  • GTM Load Balancing

    Uploaded by

    Srabani Das
    6 views21 pages

    Original Title

    GTM

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views21 pages

    GTM Load Balancing

    Uploaded by

    Srabani Das

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    GTM Load Balancing

    GTM Load balancing


    •Static
    Pre-Defined Pattern
    •Dynamic
    Current Performance
    Metrics
    •Pool  LBMs Wide IP
    Preferred (First)
    Static / Dynamic
    Alternate
    Static Only Pool 1 Pool 2 Pool 3
    Metric Collection (Fail)
    None of VSs Available
    Fallback
    Static / Dynamic
    Preferred & Alternate
    Fail
    •Options Some or Old Metric Information
    Ignore Path TTL
    DLB mode 
    Verify VS Availability
    Static Load balancing Modes
    Use for Use for Use for
    Load balancing mode Use for wide IP preferred alternate fallback
    (static) load balancing
    method method method
    Drop Packet   X X X
    Fallback IP   X X X
    Global Availability X X X X
    None     X X
    Ratio X X X X
    Return to DNS   X X X
    Round Robin X X X X
    Static Persist   X X X
    Topology X X X X
    Dynamic Load balancing Modes
    Load balancing mode Use for wide IP Use for Use for Use for
    preferred alternate fallback
    (dynamic) load balancing method method method

    Completion Rate   X   X
    CPU   X   X
    Hops   X   X
    Kilobytes/Second   X   X

    Least Connections   X   X
    Packet Rate   X X X
    Quality of Service   X   X

    Round Trip Time   X   X

    Virtual Server Score   X X X


    VS Capacity   X X X
    Topology
    Topology Based Load Balancing: Topology records
    • Proximity-Based LBM
    – Closest VS based on Geographical Info.
    • Topology Records
    – Bigip_gtm.conf
    – Match LDNS Request  Specific Destination Object
    • Topology Record Format
    – LDNS Request Source Statement
    • Origin of Name Resolution Request
    – Continent, Country, ISP, IP Subnet (CIDR), Region (user-defined), State.
    • Destination Statement
    – GTM directs the incoming DNS request  Resource
    • Operator
    – Name Resolution Request Matches the statement
    • Weight
    – Score given to the record

    – Topology Record Matching Mode


    • Ordering of TRs
    – Longest Match Enabled
    » Default
    » Statement that completely matches the source IP of name resolution request
    – Longest Match Disabled
    » Topology Statement Unsorted
    » Scan Entire Topology  Matching Topology (Highest Weight)
    Monitoring
    Monitoring
    Health Monitors Availability

    Monitors
    Performance Performance & Load
    Monitors

    Simple Active Passive

    • ICMP • HTTP • Client Request


    • Gateway ICMP • FTP
    • TCP_ECHO • External, etc.,
    – Server • Active Polling
    – VS
    – Pool
    – Pool Member
    – Link
    • Up / Down
    DNSSEC
    DNS Data Flow
    DNS Vulnerabilities
    Benefits of DNSSEC
    Cryptography

    • Public Key Cryptography


    • X.509, PGP, ssh, DNSSEC
    • (Public, Private) Key Pairs
    • use the private key to sign data
    • use the public key to verify signature
    DNSSEC Protocol
    Verifying Data Authenticity and
    Integrity
    • Each RRset sent as a reply to a DNS query will be accompanied by a
    digital signature generated with the sender’s private key
    • The receiver can verify the authenticity and integrity of the message
    by verifying the signature
    1. DNS Request

    Host A 2. DNS Answer || Signature(DNS Answer) NS for


    Host B
    3. Host A verifies signature

    • DNSSEC specifies a new RR called KEY, the public key of a system


    – As always, we MUST have an authentic public key
    • The SIG resource record is the digital signature of a reply/request
    The SIG RR
    • Contains RDATA and the signature field that
    binds all RR data to a sender
    – The digital signature algorithm can be specified
    – Takes input of data = RDATA | RR(s)...
    – RDATA is the plaintext data in the SIG RR
    – RR(s) is the set of RR's being transmitted
    – Sender computes s = Ekr[h(data)]
    • Receiver: verifies
    – Dku[s] =? h(data)
    The SIG RR
    The SIG RR

    • Usually doesn't require changes to the


    original DNS protocol.
    • However, we do need authentic public
    keys...
    Walking the chain of trust -
    Obtaining Authentic Public Keys
    • Host A queries for information about Host B
    • There is 1 trusted server (the authentic public key
    is known)
    • That server knows the public key of Host B
    • The trusted server sends the public key of Host B
    to Host A with a digital signature of the key
    • Host A can authenticate Host B’s public key
    because the trusted server’s public key is known
    • Can be recursively applied to obtain the public key
    of any system
    GTM Synchronizatoin
    Timestamp / commit .conf with

    Synchronization process
    remote gtm commit_id

    mcpd

    Here is
    w
    ne new config Here is
    e n
    th tio new config
    e a invoke
    m gur
    end nfi Local
    iqsyncer
    mcpd S co gtmd

    Forwards the new


    configuration invoke
    Here is

    id
    new config
    Local it_ Local
    m
    gtmd gtmd
    m
    co
    ew

    updates the commit_id


    eN

    value and updates


    d
    av

    config.  mit_i
    Ih

    com
    ew
    bigip_gtm eN
    .conf I hav
    Local
    big3d
    Send me full
    configuration

    You might also like