120 likes | 140 Views
Learn about IP Masquerade techniques in Linux, design of content switches, and the challenges faced in distributing load based on payload content. Content is presented in flowcharts and approaches to handle delay binding, sequence number changes, content extraction, and multiple HTTP requests within one TCP connection are discussed.
E N D
Content Switch Design • Introduce Linux-2.2.16 networking source code. • IP Masquerade techniques. • LVS(Linux Virtual Server). • Design of the Content Switch.
Input/Output Processing in IP Layer Transport protocol Ip_forward Ip_input Ip_output Ip packet queue Network Interface
IP Packet input Processing • Ethernet Input • - Ethernet device interrupted. • - Ethernet driver receive packet and queue it. • - Raise a software interrupt. • IP Input • - Process ip packet, header,checksum. • - Destination is local, deliver to upper layer. • Use protocol field in ip header to decide witch upper layer input • routine is called. • - Otherwise send to ip_forward. • TCP Input • - Use tcp header information to locate the socket which is create • by the receiving process. Signal the waiting process.
IP Masquerade A-box 192.168.0.2 128.198.192.192 192.168.0.1 Internet B-box 192.168.0.3 Linux Maq_Gate C-box 192.168.0.4 • Configure as firewall of private network. • How it works: • - When first packet comes, create a ip_masq entry in hash table, • which contains the information of the connection. • - The following packet of the same connection can be • masqueraded based on the ip_masq entry. • Ip Masquerade is called in ip_input.
LVS(Linux Virtual Server) • Based on IP Masquerade. • Distribute incoming packet load to the different back servers. • - rr, lwc, wc, lc. • - Load balancing based on source ip address and source port. • Fail over. • In ip_masq entry contains the current load of each server.
Content Switch Design • Based on IP Masquerade and LVS. • Distribute load also based on payload(content) • of the packet. • Some problems need to be solved: • - Delay Binding. • - Sequence number changed. • - Content Extraction. • - Multiple http request within one TCP connection. • - Timeout problem.
Flow Chart of Content Switch (NAT) packet from client input to ip_input y masquerade ip addr port,seq. connection established? n n n n y UDP? TCP/SYN? TCP/data/ack forward ip packet y y Create ip_masq entry,Save the packet deliver to upper layer choose server choose server return masq UDP packet Return to upper Get data from queue forward to server forward to server return
Flow Chart of Content Switch(NAT) packet from back server input to ip_forward y n n Connection established? SYN/ACK? msaq packet Dequeue the saved data forward it Return to ip_input forward as normal return
Apporach 1: Discard the first Request Content Switch Server1 Server2 Client ACK(SSEQ+lenD1+1) ACK(DSEQ+lenD1+1) FIN DATA(CSEQ+lenR1+1) ACK(DSEQ+lenD1+1) R2 in this packet SYN(CSEQ+lenR1) SYN(S2EQ) ACK(CSEQ+lenR1+1) DATA(CSEQ+lenR1+1) ACK(S2EQ+1) Diff(DSEQ+lenD1,S2EQ) DATA(DSEQ+lenD1+1) ACK(CSEQ+lenR+lenR2+1) DATA(S2EQ+1) ACK(CSEQ+lenR1+lenR2+1) ACK(DSEQ+lenD+lenD2+1)
Approach 2: Out of Order Delivery, Incorrect? Content Switch Server1 Server2 Client step8 ACK(SSEQ+lenD+1) ACK(DSEQ+lenD+1) DATA(CSEQ+lenR+1) ACK(DSEQ+lenD+1) SYN(CSEQ+lenR) SYN(S2EQ) ACK(CSEQ+lenR+1) DATA(CSEQ+lenR+1) ACK(S2EQ+1) Diff(DSEQ+lenD,S2EQ) DATA(DSEQ+lenD+1) ACK(CSEQ+lenR+lenR2+1) DATA(S2EQ+1) ACK(CSEQ+lenR+lenR2+1) ACK(DSEQ+lenD+lenD2+1) DATA(DSEQ+lenD+1) ACK(CSEQ+lenR+1) DATA(SSEQ+lenD+1) ACK(CSEQ+lenR+1) ---------------------------------------------------------- DATA(DSEQ+lenD+D2+1) ACK(CSEQ+lenR+lenR2+1+1) Keep the latest passing packet’s seq and ack_seq. Return ack needs to be decided which server it belongs.
Approach 3: Preserve Request Sequence • Require the later document to be buffered if it is returned earlier? • Adjust the TCP sequence # and send it back before first response comes back. This requires the knowledge of the size of first response.