Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 2.1 PTF-01, 2.1.2, 2.1.0
6
Configuring Specialized Load Balancing
Configuring load balancing using specialized modes
This chapter describes the following specialized load balancing modes:
- Quality of service
- Global availability
- E-commerce
- Topology access control
- Topology load balancing
You configure a specialized load balancing mode just as you do the standard modes, by editing the wide IP definition. See Adding a wide IP, on page 5-12 . You can also set global alternate and fallback load balancing modes. See Setting global alternate and fallback modes, on page 5-17 .
Setting up Quality of Service (QOS) mode
The Quality of Service (QOS) mode is a user-definable mode that includes a configurable combination of the RTT, Completion Rate, Packet Rate, Topology, Hops, and VS Capacity modes. The QOS mode is based on an equation that takes each of these performance factors into account. When the 3-DNS Controller selects a virtual server, it chooses the server with the best overall score.
The Quality of Service mode has default settings that make it easy to use: simply specify QOS as your preferred load balancing mode, and start work. There is no need to configure it, but if you want to change the settings, you can customize the equation to put more or less weight on each individual factor. The following topics explain how to use and adjust the various settings.
Understanding QOS coefficients
The following table lists each QOS coefficient, its scale, a likely upper limit for each, and whether a higher or lower value is more efficient.
If you change the default QOS coefficients, keep the following issues in mind.
- Scale
The raw metrics for each coefficient are not on the same scale. For example, completion rate is measured in percentages while the packet rate is measured in packets per second. - Normalization
The 3-DNS Controller normalizes the raw metrics to values in the range of 0 to10. As the QOS value is calculated, a high measurement for completion rate is good, because a high percentage of completed connections are being made, but a high value for packet rate is not desirable because the packet rate load balancing mode attempts to find a virtual server that is not overly taxed at the moment. - Emphasis
You can adjust coefficients to emphasize one normalized metric over another. For example, by changing the coefficients to the values shown in Figure 6.1 , you are putting the most emphasis on completion rate.Figure 6.1 Emphasizing completion rate
globals {
qos_coeff_rtt 20
qos_coeff_completion_rate 100
qos_coeff_packet_rate 50
qos_coeff_topology 0
qos_coeff_hops 0
qos_coeff_vs_capacity 0
}In the preceding example, if completion rates for two virtual servers are close, the virtual server with the best packet rate is chosen. If both completion rates and packet rates are close, the round trip time (RTT) breaks the tie. In this example, the metrics for topology, hops, and vs modes are not used in determining how to distribute connections.
Customizing the QOS equation
You can customize the QOS equation globally, meaning that the equation applies to all wide IPs that use the QOS mode. You can also customize individual wide IPs, in which case the global QOS equation settings are overwritten.
To assign global QOS coefficients using the Configuration utility
- In the navigation pane, click System.
The System - General screen opens. - On the toolbar, click Load Balancing.
The System - Load Balancing screen opens. - Define the global QOS coefficients in the Round Trip Time, Completion Rate, Hops, BIG-IP Packet Rate, Topology, and VS Capacity boxes.
- Click Update.
To assign QOS coefficients for a specific wide IP using the Configuration utility
- In the navigation pane, click Wide IPs.
- In the Wide IP column, click a wide IP name.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of a pool.
The Modify Load Balancing screen opens. - Define the wide IP's QOS coefficients in the Round Trip Time, Completion Rate, Hops, Packet Rate, Topology, and VS Capacity boxes.
- Click Update.
To manually assign global QOS coefficients
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate or add the globals statement. The globals statement should be at the top of the file.
- Refer to the example syntax shown in Figure 6.2 to define a global QOS equation.
Figure 6.2 Sample global QOS equation
globals {
qos_coeff_rtt 20
qos_coeff_completion_rate 5
qos_coeff_packet_rate 3
qos_coeff_topology 0
qos_coeff_hops 0
qos_coeff_vs_capacity 0
}
To manually assign QOS coefficients for a specific wide IP
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate the wideip statement you want to edit.
- Refer to the example syntax shown in Figure 6.3 to define a wide IP's QOS equation. Figure 6.3 displays a wide IP definition that uses overrides for the global settings shown in Figure 6.2 .
Figure 6.3 QOS coefficient settings that override the global default settings
wideip {
address 192.168.101.50
service "http"
name "www.wip.domain.com"
ttl 60 // increase the domain default ttl
qos_coeff {
rtt 21
hops 0
completion_rate 7
packet_rate 5
topology 1
vs_capacity 0
}
pool {
name "Pool_1"
ratio 2 // applies to pool_lbmode == ratio
preferred qos
alternate ratio
address 192.168.101.50 ratio 2
address 192.168.102.50 ratio 1
address 192.168.103.50 ratio 1
}
pool {
name "Pool_2"
ratio 1
preferred rr
address 192.168.102.60 ratio 2
address 192.168.103.60 ratio 1
}
}
Using the Dynamic Ratio option
When the Dynamic Ratio option is turned on, the 3-DNS Controller treats QOS scores as ratios, and it uses each server in proportion to the ratio determined by the QOS calculation. When the Dynamic Ratio option is turned off (the default), the 3-DNS Controller uses only the server with the highest QOS score for load balancing (in which case it is a winner takes all situation) until metrics information is refreshed.
To turn on the Dynamic Ratio option using the Configuration utility
- In the navigation pane, click Wide IPs.
- In the Wide IP column, click a wide IP name.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of a pool.
The Modify Load Balancing screen opens. - Check Use Dynamic Ratio.
- Click Update.
To manually turn on the Dynamic Ratio option
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate the wideip statement and the pool definition you want to edit.
- Add the syntax (shown in bold in Figure 6.4 ) to the pool definition.
Figure 6.4 Enabling dynamic ratio
pool {
name <"pool_name">
[ ratio <pool_ratio> ]
dynamic_ratio yes
[ rr_ldns < yes | no > ]
[ rr_ldns_limit <number> ]
[ preferred < completion_rate | ga | hops | leastconn |
packet_rate | qos | random | ratio | return_to_dns | rr |
rtt | topology | null | vs_capacity | static_persist> ]
[ alternate < ga | null | random | ratio | return_to_dns |
rr | topology | vs_capacity | static_persist> ]
[ fallback <completion_rate | ga | hops | leastconn | null |
packet_rate | qos | random | ratio | return_to_dns | rr |
rtt | topology | vs_capacity | static_persist> ]
address <vs_addr>[:<port>] [ratio <weight>]
}
}
Setting up Global Availability mode
The global availability mode selects the first available virtual server in a wide IP definition. If that virtual server becomes unavailable, subsequent connections go to the next listed virtual server in the wide IP definition.
The 3-DNS Controller always starts with the first virtual server in the list. Over time, the first server in the list receives the most connections, and the last server in the list receives the fewest connections. Figure 6.5 shows the 3-DNS Controller using the global availability load balancing mode.
Figure 6.5 Global Availability mode
To implement the global availability load balancing mode using the Configuration utility
- In the navigation pane, click Wide IPs.
- In the Wide IP column, click a wide IP name.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of a pool.
The Modify Load Balancing screen opens. - Select Global Availability as the Preferred, Alternate, or Fallback load balancing mode.
- Click Update.
- A popup screen appears, indicating that with the Global Availability load balancing mode you must order the virtual servers. Click OK.
The Modify Virtual Servers screen opens. - In the Order column, specify the order in which you want to list the virtual servers for Global Availability.
- Click Update.
To manually implement the global availability load balancing mode
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate the wideip statement you want to edit.
- Define global availability as the preferred, alternate, or fallback load balancing mode.
- List the virtual servers in descending order of preference. See Figure 6.6 for details.
A Global Availability configuration example
With the global availability load balancing mode, you can configure one data center as your primary service and have several alternate services on standby. In the wideip statement, list the virtual servers in descending order of preference. The first available virtual server is chosen for each resolution request.
Figure 6.6 shows a sample wideip definition where global availability is the preferred load balancing mode.
Figure 6.6 Configuring a standby data center
// Global availability
wideip {
address 192.168.101.60
port 80 // http
name "cgi.wip.domain.com"
pool {
name "mypool"
preferred ga
address 192.168.101.60
address 192.168.102.60
address 192.168.103.60
}
}
The first listed virtual server (192.168.101.60 in this example) receives all resolution requests unless it becomes unavailable. If the first listed virtual server does become unavailable, then the 3-DNS Controller sends resolution requests to the second listed virtual server, and so on.
Setting up load balancing for services that require multiple ports
Some sites require that you use multiple ports or services to access them. For these cases, you can configure a wide IP so that connections are not sent to a given address unless all specified ports or services are available.
To configure multiple ports for a wide IP using the Configuration utility
- In the navigation pane, click Wide IPs.
- In the Wide IP column, click a wide IP name.
The Modify Wide IP screen opens. - On the toolbar, click Port List.
The Wide IP Port List screen opens. - Type a port number in the box or select a service from the list, then click the right arrow button.
- Repeat step 4 for each port or service you need to add.
- Click Update.
To manually configure multiple ports for a wide IP
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate the wideip statement you want to edit.
- Add the port_list line as indicated in bold in Figure 6.7 .
Figure 6.7 Enabling the port_list option
wideip {
address <ip_addr>
port <port_number> | <"service name">
name <"domain_name">
[ alias <"alias_name"> ]
[ ttl <number> ]
[ port_list <port_number> <port_number> ... ]
[ qos_coeff {
rtt <n>
completion_rate <n>
packet_rate <n>
topology <n>
hops <n>
vs_capacity <n>
} ]
[ pool_lbmode <rr | ratio | ga | random | topology> ]
[ pool definitions ...]
An example configuration for e-commerce services
In this example, you are setting up a site for selling a product on the Internet. This site contains a non-secure area that contains the product catalog, and a secure area for placing orders. You can configure a wide IP so that clients are sent to a virtual server only when both the secure and non-secure areas are available.
The key entry for this configuration is port_list. The port_list entry specifies that requests can be sent to virtual servers in this pool only if ports 80 (non-secure area) and 443 (secure area) are available.
Figure 6.8 Syntax for e-commerce services
wideip {
address 192.168.101.70
port 80 // http
port_list 80 443 // e-commerce
name "ssl.wip.domain.com"
pool_lbmode rr
pool {
name "bigip_pool"
ratio 2
preferred qos
alternate ratio
address 192.168.101.70 ratio 7
address 192.168.102.60 ratio 2
}
pool {
name "host_pool"
ratio 1
preferred ratio
address 192.168.104.50 ratio 2
address 192.168.105.60 ratio 1
}
}
For every virtual server address in the pool, a virtual server definition must exist for each port in the port list. For the example shown in Figure 6.8 , the BIG-IP Controllers and host machines must have the following virtual servers defined:
192.168.101.70:80
192.168.101.70:443
192.168.102.60:80
192.168.102.60:443
192.168.104.50:80
192.168.104.50:443
192.168.105.60:80
192.168.105.60:443
Setting up topology-based features
The 3-DNS Controller supports two topology-based features: topology-based access control, and topology load balancing mode.
To use the topology load balancing mode, you should first set up topology-based access control so that the list records are defined. Otherwise, the topology load balancing mode has no effect.
Setting up topology-based access control is described next. Using the topology load balancing mode is described on page 6-23 .
Setting up topology-based access control
You can use topology-based access control to implement a form of wide-area IP filtering. Topology-based access control allows you to specify which virtual servers are acceptable for a given resolution request, based on the proximity of the virtual server's IP address to the requesting LDNS server's IP address.
Understanding the list records
The list records in the topology definition define a score for pairs of known LDNS servers and virtual servers.
For example, here is a sample list record:
192.168.101.0/24 198.0.0.0/24 6
Essentially, each record defines two network endpoints in CIDR (Classless Inter-domain Routing) format, and a score. The CIDR format consists of an IP address and a number n designating a subnet bitmask. The bitmask is made up of n ones followed by 32 - n zeros. For example, for n = 8, the bitmask is:
11111111000000000000000000000000
\______/\______________________/
8 ones 24 zeros
The first endpoint, A, corresponds to the IP address of a server (either a BIG-IP Controller or a host). The second endpoint, B, corresponds to the IP address of the LDNS. Suppose an LDNS, L, requests a name resolution from the 3-DNS Controller, and the virtual server being considered as an answer is managed by a BIG-IP Controller, S. The list record that matches is the one where the following equation is TRUE:
((S & A-mask == A & A-mask) && (L & B-mask == B & B-mask))
Referring to the example topology statement that starts on page 6-20 , say that the LDNS 198.0.0.0 requested name resolution for www.domain.com, and a virtual server in the pool belonged to the BIG-IP Controller 192.168.101.0. In this scenario, the 3-DNS Controller considers the first list record to be a match.
Note that in the above list record, the single ampersand (&) is a bitwise operator, and the double ampersands (&&) are logical operators.
Understanding the topology score
Each list record includes a score, which is used both in topology-based load balancing, and in topology-based access control. If multiple list records in a topology statement have the exact same server IP/mask and LDNS IP/mask but have different scores, only the last record is declared valid. For example, the first set of records is equivalent to the second set of records.
192.168.101.0/24 198.0.0.0/24 6
192.168.101.0/8 198.0.0.0/8 1
192.168.101.0/24 198.0.0.0/24 89 <-- replaces 1st record
192.168.101.0/24 198.0.0.0/24 0 <-- replaces previous record
192.168.101.0/24 198.0.0.0/24 3 <-- replaces previous record
This set of records is equivalent to the above set of five records.
192.168.101.0/8 198.0.0.0/8 1
192.168.101.0/24 198.0.0.0/24 3
Using the longest match rule
The 3-DNS Controller uses the same type of longest match rule that routers commonly use. If there are several IP/mask items that match a particular IP address, the 3-DNS Controller selects the record that is most specific, and thus has the longest mask (n is the largest).
For example, 192.168.101.4 matches 192.168.101.4/0, 192.168.101.4/8, 192.168.101.4/13, 192.168.101.4/24, and 192.168.101.4/32, but the longest matching IP/mask is 192.168.101.4/32. When the longest_match parameter is set to yes (the default), the longest match rule is obeyed for LDNS IP addresses, and also for server IP addresses, when there are multiple matches for a server/LDNS combination. This means that for the virtual server 192.168.101.50 owned by BIG-IP Controller 192.168.101.40 and LDNS 198.0.0.40, the third list record is the longest match:
192.168.101.0/24 198.0.0.40/24 2
192.168.101.0/8 198.0.0.40/16 0
192.168.101.0/8 198.0.0.40/27 6 <-- Longest Match
192.168.101.0/16 198.0.0.0/24 7
192.168.101.0/32 198.0.0.0/24 3 <-- Second Longest Match
Although this is not how the search is implemented, consider that all the records matching the server and LDNS IP address are gathered into a set. The records in this set are sorted in descending order first by LDNS mask, and then by server mask. The highest record in the sorted set determines which is the shortest path between the client and a virtual server. For example, if the third list record in the above example is removed, then the first and fifth records tie for longest match on LDNS, but the fifth wins because it has the more specific server mask.
Implementing topology-based access control
Any virtual server/LDNS matching a list record with a score below the acl_threshold is interpreted as if the virtual server were unavailable. For example, if a LDNS 198.0.0.0 requests a name resolution, any virtual server in the class C subnet 192.168.101 is considered down for load balancing purposes due to the first list entry. This provides a hook for an administrator to set up access control to virtual servers based on LDNS IP addresses.
Explicitly allowing or denying access
You may want to define a wildcard list record that you can use to prevent users from being locked out when access control is turned on (when the acl_threshold is set to a value greater than zero). If the 3-DNS Controller compares the LDNS server's IP address to the specific list records but does not find a match, it can use a wildcard list record to determine how to handle the resolution request.
A wildcard list record is the last list record in the topology statement and uses the following syntax:
0.0.0.0/0 0.0.0.0/0 <score>
By using the subnet bitmask values 0 in the wildcard list record, this record will always be chosen last by the longest match rule.
The <score> parameter setting either allows or denies access, depending on whether its value is set greater than or less than the acl_threshold setting. A <score> value that is greater than or equal to the acl_threshold setting allows access. A <score> value that is less than the acl_threshold setting denies access.
If no wildcard list record is provided, the following is assumed:
0.0.0.0/0 0.0.0.0/0 0
Using access control to limit path probing
The limit_probes parameter specifies whether to apply access control to the probing of paths. If this parameter is set to yes, the 3-DNS Controller requests a particular BIG-IP Controller to probe only those LDNS servers that can connect to it according to the probe_threshold value and the topology map scores. In the example topology statement that starts on page 6-20 , the 3-DNS Controller would not send an LDNS 200.0.0.0 to the BIG-IP Controller 192.168.101.0 for probing, but would send it to the BIG-IP Controller 192.168.103.0.
To configure topology-based probe access control using the Configuration utility
- In the navigation pane, click Topology.
- On the toolbar, click Topology Settings.
- Add the topology settings. For help on configuring the topology settings, click Help on the toolbar.
To manually configure topology-based probe access control
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Place the topology statement at the end of the wideip.conf file.
- Use the syntax shown in Figure 6.9 to define the topology statement. Also see the example that starts on page 6-20 .
Figure 6.9 Syntax for topology statement
topology {
acl_threshold <0..4294967295>
probe_threshold <0..4294967295>
limit_probes <yes | no>
longest_match <yes | no>
<server cidr> <LDNS cidr> <score>
}
An example configuration for topology access control
Suppose that your company maintains Spanish web sites. You have data centers in New York, Los Angeles, and Tokyo. You prefer that resolution requests made from clients located in North America are resolved by North American data centers. However, you do not mind if a few requests are sent to Tokyo when requests cannot be resolved in New York or Los Angeles.
Because of cost issues, you do not want requests from clients in South America to be sent to the New York data center. To achieve this, you can configure the topology statement as shown.
Figure 6.10 Example syntax for the topology statement (continued on next page)
topology {
acl_threshold 5
probe_threshold 5
limit_probes yes
longest_match yes
// server/mask ldns/mask score
///////////////////////////
// North American LDNS's:
// 198.0.0.0/8
// 199.0.0.0/8
// North America Priority List
//
// 1. New York
// 2. L.A.
// 3. Tokyo
// New York
192.168.101.0/24 198.0.0.0/8 30
192.168.101.0/24 199.0.0.0/8 30
// Los Angeles
192.168.102.0/24 198.0.0.0/8 20
192.168.102.0/24 199.0.0.0/8 20
// Tokyo
192.168.103.0/24 198.0.0.0/8 10
192.168.103.0/24 199.0.0.0/8 10
Figure 6.10 Example syntax for the topology statement (continued from previous page)
///////////////////////////
// South American LDNS's:
// 200.0.0.0/8
// 201.0.0.0/8
// South America Priority List
//
// 1. Tokyo
// 2. L.A.
// (New York excluded by acl_threshold)
// Tokyo
192.168.103.0/24 200.0.0.0/8 30
192.168.103.0/24 201.0.0.0/8 30
// Los Angeles
192.168.102.0/24 200.0.0.0/8 20
192.168.102.0/24 201.0.0.0/8 20
// New York
192.168.101.0/24 200.0.0.0/8 0
192.168.101.0/24 201.0.0.0/8 0
///////////////////////////
// Wildcard List Record
//
// By default, if a list record is not found in the
// topology map for an LDNS, the score is assumed to
// be 0. By including the following "wildcard" list
// record, all other LDNS's (not North or South America
// as specified above) are assigned a score of 1 so
// the acl_threshold does not indicate that the
// virtual servers are down.
0.0.0.0/0 0.0.0.0/0 1
}
Using the topology load balancing mode
The topology load balancing mode distributes connections based on the proximity of LDNS servers to particular data center. Proximity is determined by network IP addresses of the LDNS servers compared to network IP addresses of the virtual servers, and not necessarily by geographical location.
Configure topology access control before attempting to use the Topology load balancing mode. If the topology list records are empty, the virtual servers are load balanced as Global Availability.
To implement the topology load balancing mode using the Configuration utility
- In the navigation pane, click Wide IPs.
- In the Wide IP column, click a wide IP name.
The Modify Wide IP screen opens. - On the toolbar, click Modify Pool.
The Modify Wide IP Pools screen opens. - In the Pool Name column, click the name of a pool.
The Modify Load Balancing screen opens. - Select Topology as the Preferred, Alternate, or Fallback load balancing mode.
- Click Update.
To manually implement the topology load balancing mode
- At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
- On the 3-DNS Maintenance menu, select Edit 3-DNS Configuration to open the wideip.conf file.
- Locate the wideip statement you want to edit.
- Define topology as the preferred, alternate, or fallback load balancing mode.
Figure 6.11 shows a sample wideip definition where topology is the preferred load balancing mode.
Figure 6.11 Specifying load balancing according to topology score
wideip {
address 192.168.103.60
port 80
name "ntp.wip.domain.com"
pool {
name "poolA"
preferred topology
alternate rtt
address 192.168.101.60 // New York
address 192.168.102.60 // Los Angeles
address 192.168.103.60 // Tokyo
}
}
