1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

2 Internet Networking Motivation  Make server load balancing on the Internet  Example: Many web clients want to get information from a popular web site. In order to make such a web site scalable, distribution between a group of servers is needed.  Candidate applications could be: Web browsers, remote login, file transfer, mail applications

3 Internet Networking NAT (Reminding)  Regularly, the source and destination IP remain unchanged while an IP packet is routed from the source to the destination  However there are cases when it is required to change the source and/or the destination IP address to a new one  Traditionally, NAT (Network Address Translation) were used to connect private networks domains to globally unique public domain IP networks

4 Internet Networking NAT (Reminding)  Basic NAT  A method by which hosts in a private domain are allowed access to hosts in the external network transparently  A block of external addresses are set aside for translating addresses of private hosts as the private hosts originate sessions to applications in external domain (Private IP -> Global IP)  Once binding done it remains in place for all subsequent sessions originating from the same private host. It will be terminated when there are no more session to use this binding.

5 Internet Networking NAT (Reminding)  NAPT (Network Address Port Translation)  A method by which hosts in a private domain are allowed access to hosts in the external network transparently and simultaneously, using a single registered address  Made possible by multiplexing transport layer identifiers of private hosts into the transport level identifiers of the single assigned external address (Private IP, port -> Global IP, port)  Only TCP/UDP applications and ICMP queries are supported by NAPT

6 Internet Networking Load Sharing  Load sharing is defined here as the spread of session load amongst a cluster of servers which are functionally similar or the same  Once a node is assigned to service a session, that session is bound to that node till termination  Sessions are not allowed to swap between nodes in the midst of session  Load sharing may be applicable for all services or to be limited to one or more specific services

7 Internet Networking Load Share NAT - Overview  A client attempts to access a server by using the server virtual address  LSNAT router transparently redirects the request to one of the hosts in server pool, selected using a real-time load sharing algorithm  Multiple sessions may be initiated from the same client, and each session could be directed to a different host based on load balancing algorithm  Configuration on LSNAT could be defined to restrict load share for just few specific desired services  LSNAT is also applicable during individual server upgrades

8 Internet Networking LSNAT (Servers confined to a Stub Domain)  Servers S1 ( ), S2 ( ), S3 ( ) form a server pool, confined to a stub domain  Router runs LSNAT, with virtual server address ( )  When a client initiates HTTP session to the virtual server, the LSNAT router examines the load on hosts in server pool and select a server to service the request  Transparent address and port translation performed by LSNAT router according to the diagram in the next slide  IP packets on the return path go through similar address translation  Servers in server pool can have a private addresses

9 Internet Networking S1S2S3 LSNAT Router s= , 2745 d= , 80 s= , 2745 d= , 80 s= , 3200 d= , 23 LAN s= , 3200 d= , 23 LSNAT (Servers confined to a Stub Domain)

10 Internet Networking LSNAT (with no Topological Restraints on Servers)  In this configuration, servers in the server pool can be located at different places  Now, the LSNAT router translates the client address and port in the packets with the address and port of the virtual server  As a result, there is no need to require servers to be under topological constraints o There is a limitations in this case to a number of session that such router is able to support concurrently - that is about 63K*2 sessions (per UDP/TCP). o Why not sending a “redirect” message to the client ?

11 Internet Networking S1S2S3 LSNAT Router s= , 2745 d= , 80 s= , 7001 d= , 80 s= , 3200 d= , 23 LAN s= , 7002 d= , 23 LSNAT (with no Topological Restraints on Servers)

12 Internet Networking Translation Phase in LSNAT Router  Session Binding – is the phase in which an incoming session is associated with the address of a host in server pool  This association sets the translation parameters for all subsequent datagrams of this session  Each incoming session is dynamically bound to a different host based on a load sharing algorithm  Address lookup and translation  Source/Destination IP addresses and ports undergo translation according to the lookup table  TCP/UDP and IP header checksums should be also recalculated

13 Internet Networking Translation Phase in LSNAT Router  Session Unbinding – is the phase in which a server node is no longer responsible for the session.  Session unbinding happen when the end of session is detected  For appropriate closed TCP session the end could be detected when FIN is acknowledged by both halves or when either half receives RST bit in TCP flags field  Otherwise (for UDP for example) timeouts are used to terminate idle session

14 Internet Networking LSNAT Cons/Pros  Advantages:  It can be installed without changes to clients or servers  Changes in the server pool are transparent for clients (Servers in the pool may be replaced, added, removed or upgraded)  Limitations:  Inability to switch loads between hosts in the midst of sessions  Bounded to to NAT limitations Some of the applications must be dealt explicitly, since they have the source and destination addresses in their payloads (like ftp).

15 Internet Networking Load Share Algorithms  Local load share algorithms:  Assumption: all server pool members are at equal proximity to LSNAT router  Load distribution will be based solely on system load or resource availability on remote servers  Round-Robin algorithm  Least Load first algorithm (number of session)  Least Traffic first algorithm (traffic load)  Least Weighted Load first approach (weights to session – resource consumption and to hosts – resource availability)  Load detection:  Ping to find the most responsive server  Active Monitoring agent running on the servers  The LSNAT router must check periodically for each server that its alive.

16 Internet Networking Load Share Algorithms  Distributed load share algorithms:  Server nodes are distributed geographically across different areas and cost to access them vary widely  We assume that all server pool members have equal resource availability  Weighted Least Load first algorithm:  combining cost of access to server and number of session assigned  Weighted Least traffic first algorithm  combining cost of access to server and the traffic load