1 / 21

APV Technical Training

APV Technical Training. LLB-DD Method. 9/5/2014. Overview. Introduction to LLB DD DD Object How to Perform DD? DD Result How to Use the DD Result? Related Parameters and Specifications Performance Notes Related CLI Commands Usage Examples. 9/5/2014. 2. Introduction to LLB DD.

denise
Download Presentation

APV Technical Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. APV Technical Training LLB-DD Method 9/5/2014

  2. Overview Introduction to LLB DD DD Object How to Perform DD? DD Result How to Use the DD Result? Related Parameters and Specifications Performance Notes Related CLI Commands Usage Examples 9/5/2014 2

  3. Introduction to LLB DD Meaning of DD DD is short for Dynamic Detecting. DD is one of the LLB Link Selection methods. Besides DD, the LLB also supports RR, WRR and so on. The DD method is used to find the fastest route when multiple links are available. DD Detection The response time on each link to a destination IP address (IP Segment) from the APV is detected. The detection is performed by low priority daemon. Therefore, when LLB-DD is used, minimum to none system performance impact. 9/5/2014 3

  4. LLB-DD Software Architecture

  5. DD Object I • Timing for Obtaining the DD Object • When the system (Packet Processing Engine – ATCP) searches for routes/links for outbound traffic. • Conditions for Becoming the DD Object (pending for detection) • New DD Object will be created when multiple links to the destination IP address are available and without DD result. • If DD result existed, corresponding new DD object will be created every other minute. This is to help extend the DD coverage. • The new DD Object will periodically pass to the userland DD Object queue. • Contents of the DD Object • dstip+dport+protocol (for TCP or UDP) • dstip+protocol (for protocols besides TCP and UDP) 9/5/2014 5

  6. DD Object II • Storage and Update of DD Objects (Userland) • All DD Objects are stored in a queue for Detector to use (up to 160K). Only one DD Object exists for the same network segment. • DD Object may be changed with new detection target (DestIP/port and protocol). • When a new DD Object is added or updated, the DD Object is placed in the front of the queue. • Timeout of the DD Object • The timeout period of every DD object is 1 day. When a DD object is moved to the front of the queue, the timeout period of the DD object will be reset. 9/5/2014 6

  7. How to Perform DD? • Obtaining DD Objects • Detector retrieves target DD information from front of the queue and do response time detection through all available links. • The used DD objects will placed at the end of queue (not freed, only free when timeout). • If DD Object been used within the last 5 minutes, the DD Object will be skipped. • Construct the DD Packets • The daemon will sends a DD packet through each link route with the destination IP address and port are obtained from the DD object. • For TCP DD objects, TCP DD packets are sent. For other types of DD objects, ICMP DD packets are sent. • The source IP address is the same as the source IP of the health check. • Records of the DD Result • The daemon will record the response time on each link for each DD object. • DD Frequency • The Detector should detect at least three IP addresses per second and at most 20 IP addresses per second. • DD is performed for a DD object only once within 5 minutes. 9/5/2014 7

  8. DD Result • Contents of the DD Result • The network segment where the DD object falls on • The response time on each link to destination identified the DD object • Update of the DD Result • The daemon updates the DD result entries based on the latest DD test result. • In case of links are all unreachable, the DD test result is marked as "invalid". • The DD result is updated in the DD table and reset the timeout. • If the DD result is invalid, the existing DD table is unchanged. If not exist, will add one. • Timeout of the DD Result Entries • 2 days; the timeout period is reset when the DD result is updated • Specification of the DD Result Table (Entry Quantity) • memory<=4G: 20000 • memory<=8G: 40000 • memory<=16G:80000 • memory<=32G:160000 • memory>32G: 160000 9/5/2014 8

  9. How to Use the DD Result? • Timing for Using the DD Result • When the system finds multiple routes • Route Selection Based on the DD Result • Find the network segment where the destination IP address falls on, that is, destination IP and mask. • A route is selected when both the following conditions are met: (1) The route is the fastest route in the DD result. (2) The route can be find in the Eroute table. • Solution in Case of No DD Result or Only Invalid DD Result • Use WRR for route selection 9/5/2014 9

  10. Related Parameters and Specifications • The DD Result table size is depend on the system memory size. • memory<=4G: 20,000 • memory<=8G: 40,000 • memory<=16G:80,000 • memory<=32G:160,000 • memory>32G: 160,000 • Timeout period of DD result entries: 2 days • Timeout period of DD objects: 1 days • One object can be put in the queue only once a minute when there is DD result about this object. • One DD object is detected only once within 5 minutes. 9/5/2014 10

  11. Performance • Impact of DD on the CPU • Ignorable • Impact of Querying the DD Result Table on the CPU • Ignorable • Impact on the System Memory • APV8600 (32 G/12 ATCPs): The entry quantity of the DD result table is 160000. When there are four available links, about 300 MB of memory is consumed. On other APVmodels, the memory consumption may reduce accordingly. • Convergence Speed • 3 to 20 IP addresses are detected per second. On the APV8600, 160000 IP addresses can be detected in 2 to 4 hours. 9/5/2014 11

  12. Notes • Interaction Between DD and Webwall • If Webwall is turned on, corresponding ACL rules must be configured to allow packets with the source IP addresses of the DD packets as the source IP addresses to pass. In this way, DD can work with Webwall properly. • Currently, the import or export of the DD result table is not supported. • DD is performed based on the links configured by the “llb link route” command. • Interaction Between DD and IP Flow • If IP flow is turned on and some traffic generates IP flow routes, the DD result cannot be used. The DD result will be used when the all the IP flow entries times out. The DD result can be used by all traffic routes that match the specified conditions. • When only one route is found, the DD result will not be used. 9/5/2014 12

  13. LLB-DD CLI To set the DD method, execute: llb method outbound dd <mask> Only one IP address is detected in the network segment with the specified "mask". "mask" ranges from 1 to 32. The default value is 24. 9/5/2014 13

  14. LLB-DD CLI (Continued) "dstip" specifies an IP address. The default value is 0.0.0.0. "mask" specifies an IP mask. The default value is 255.255.255.255. The preceding parameters are used to filter the information to be displayed. WanGW_Master(config)#show llb dd table Table of LLB DD route Destination : 61.135.124.98/24, UDP(port 4466), Expire:0h2m43s, Invalid result:288 gateway : 172.20.20.49, response time: Timeout, hits: 0, status: UP. gateway : 192.168.171.1, response time: Timeout, hits: 0, status: UP. Destination : 61.135.125.158/24, UDP(port 1042), Expire:0h5m57s, Invalid result:288 gateway : 172.20.20.49, response time: Timeout, hits: 0, status: UP. gateway : 192.168.171.1, response time: Timeout, hits: 0, status: UP. Destination : 74.125.232.255/24, TCP(port 80), Expire:0h7m30s, Invalid result:0 gateway : 192.168.171.1, response time: 472ms, hits: 2, status: UP. gateway : 172.20.20.49, response time: 717ms, hits: 0, status: UP. To view the contents in the DD result table, execute: show llb dd table <dstip> <mask> 9/5/2014 14

  15. LLB-DD CLI (Continued) • All entries are listed in the asending order of timeout periods. The entry with the shortest timeout period is listed in the front. • "dstip" and "mask" are used to filter the DD result. • Each DD result entry corresponds to a DD object, for example, dstip+dport+protocol for TCP type of objects. • If the deamon does not receives the response on a link within 5 second, it will mark this link as “timeout” in the DD result. • "hits" indicates the number of timers that the DD route is hit. • “Invalid results” indicates the number of consecutive invalid DD result (all links are irreachable). When a new DD result is valid (at least one link is irreachable), this filed is set to 0. An invalid result indicats that the DD results of all links are "timeout". When the DD result entry to be updated is invalid, we do not reset the timeout period beacuse we hope the entry will time out as soon as possible. 9/5/2014 15

  16. LLB-DD CLI (Continued) WanGW_Master#show statistics llb dd dd entry num: 598 dd sent packets num: 1160086 dd probing dstip num: 389 detector llb link route num: 2 daemon detector detect times: 88076 • dd entry num: indicates the number of entries in the DD result table. • dd sent packets num: indicates the number of detections performed by the daemon. • dd probing dstip num: indicates the number of DD objects, that is, the number of IP addrsses that the daemon is detecting. • detector llb link route num: indicates the number of current LLB links. • daemon detector detect times: indicates the rounds of detection performed by the daemon. A round is the detection of 20 IP addresses. To view the statistics on DD, execute: show statistics llb dd 9/5/2014 16

  17. LLB-DD CLI (Continued) WanGW_Master#clear llb dd table INFO: this operation will cost about 30 seconds. • A prompt is given to inform the administrator that the clearing operation will take a period of time. When the LLB method is changed from DD to another method, the contents of the DD result table are not cleared. In the following scenarios, the contents of the DD result table are cleared: • The "clear llbdd table" command is executed. • The "clear config all/secondary" command is executed. • The status of LLB links is changes. For example, a LLB link is added or deleted. Note that the status change of LLB links caused by the health check or executing the "enable/disable" command on LLB links will not clear the contents of the DD result table.Execution of the "[no] iperoute" command also will not clear the contents of the DD result table. • The "mask" is changed by executing the "llb method outbound dd mask" command. To clear the contents of the DD result table, execute: clear llb dd table 9/5/2014 17

  18. Usage Example A • The following configurations are available: • llb link route “cet” 1.1.1.12 • llb link route “ctc” 2.2.2.22 • llb method outbound dd 24 • The DD will be performed on the "cet" and "ctc" links to the destination. 9/5/2014 18

  19. Usage Example B • The following configurations are available: • llb link route “cet” 1.1.1.12 • llb link route “ctc” 2.2.2.22 • ip eroute “ert1” 1500 0.0.0.0 0.0.0.0 0 4.4.4.0 255.255.255.0 0 any 1.1.1.12 • ip eroute “ert2” 1500 0.0.0.0 0.0.0.0 0 4.4.4.0 255.255.255.0 0 any 2.2.2.22 • llb method outbound dd 24 • Two routes are available for the destination on the network segment of 4.4.4.0. DD will be performed on the "ert1" and "ert2" and the DD result will be used. 9/5/2014 19

  20. Usage Example C • The following configurations are available: • llb link route “tel” 1.1.1.12 • llb link route “ctc” 2.2.2.22 • llb link route “cert” 3.2.2.22 • ip eroute “mail” 1889 0.0.0.0 0.0.0.0 0 4.4.4.4 255.255.255.255 25 any 1.1.1.12 • ip eroute “ert1” 1500 0.0.0.0 0.0.0.0 0 4.4.4.0 255.255.255.0 0 any 1.1.1.12 • ip eroute “ert2” 1500 0.0.0.0 0.0.0.0 0 4.4.4.0 255.255.255.0 0 any 2.2.2.22 • llb method outbound dd 24 • When 4.4.4.4:25 is visited, the route "mail" with the priority 1889 will be directly selected without searching the DD result. 9/5/2014 20

  21. Thank You!

More Related