基于应用交付网络技术的网络负载均衡研究与实现
摘要
应用交付网络技术是一种综合的平台,它通过服务器负载均衡、链路负载均衡、全局负载均衡、WAN优化加速、WEB加速等多种技术组成,从而专门解决用户关键应用网络访问瓶颈问题。如今的网络基础链路越来越好,然而,当关键的应用运行在网络上时,却或多或少地出现了关键应用访问速度慢等很多问题,这给用户带来了不少麻烦。在这种情况下,需要通过运用新技术,扩展思路,优化整合网络资源,提高网络管理水平,促进数据的高效流通和有效利用,使电子政务更加安全、高效、灵活、有序的运转。我们就需要引入应用交付网络技术。本文在介绍应用交付网络技术概念的基础上,重点研究在本次项目中如何使用应用交付网络技术来优化用户的现有网络。经过规划设计,选择用F5公司的应用交付网络控制器,采用网通电信双链路负载均衡、防火墙负载均衡、服务器负载均衡、以及内外网DOS(拒绝服务)攻击防护等应用交付网络技术,有效解决的电信拆分导致的南北互联问题,客户访问速度得到了提高,充分利用闲置服务器真正实现多个服务器负载均衡而不是原来的HA双机结构,恢复了80%的服务器资源,提高了系统的可靠性,同时使用户的安全水平达到了一个新的高度。
Application Delivery Networks Technology is a comprehensive platform, which specialize in the bottleneck problems of user’s key application network visit through load balances of service device, chains, overallandWan’soptimizing Accelerationand web’s Accelerating and many other technologies. With the development of China’selectronic government affairs, the government office network has a tendency towards every staff.Thenetwork is becoming larger and larger which involing in growing departmentsandareas;leading to more and more loading of the application and the datas.Meanwhile, the demands of the government’s employees are more higher and more diversified.These days,the net work basic chains are better,while there are more and less problems of slowliness of key application visit when it is used in the network, which cause a lot of troubles. Under this circumstances, which is required to apply new technologies, creating new ideas, perfecting and reorganizing the network resources, improving the network management level in orderto promote data’s effective and usage and make theeletrical governmeng affairs more safe, effective, quick and orderly operating, which is required to introduce Application Delivery Networks Technologies.The government office network is coming to every offical. The network is becoming larger and larger which involing in growing departments and areas; leading to more and more loading of the application and the datas. Meanwhile, the demands of the government’s employees are much higher and more diversified. These days, the network basic chains are better, However, many questions appears, such as the key application visit speed goes slowly, which cause a lot of troubles. Under this circumstances, to application of new technology is required, creating new ideas, perfecting and reorganizing the network resources, improving the network management level in order to promote data’s effective and usage and make the eletrica governmeng affairs more safe, effective, quick and orderly, which require to introduce application delivery networks technology.
The application delivery network technology connects the key application with the foundation network equipment. This seamless union of the platform and Microsoft, IBM, Oracle, SAP, BEA, People Soft and many other company's products realize the security, fast and high available delivery in their application in the network. This enables it to become the important control point in the network and it can increase the intelligence and the administration, unloading appliacation in order to lighten the server burden and avoide rewriting the application. Thus, the application delivery network technology which is similar to a network city manager guarantee the application fast, high available in any network all the time.
Several aspects of the questions has been discovered through thorough analysis of the project background network. First, how to promote fully the line by using the backup line emergency response ability and the band width; Secondly, how to provide the application service by using the old equipment resources and using the server cluster; Thirdly, how to guarantee the quality of the key application service in the band width resources in limited situation; Finally, how to guarantee the security of network in the complex network application environment. Transformational Network topology is proposed in view of the existing problems, by using four application delivery network controller 6400 of F5 Corporation to realize link load balance, server load balance, firewall load balance and the functions of inside and outside net DOS attack protection.
The design realization of double link load balance of China Net and China telecommunication, it aims at the demand of internal user load balance (the Outbound visit) and (the Inbound visit) the current capacity intelligence link chooses two aspects to Internet visit from Internet visit to network interior server, fully promotes the line using the backup line emergency response ability and the band width, guarantee normal visit of the Internet user when some link line is broken and can defer to the appropriate load equalization algorithm to choose a link of superior quality when two links are normal; while exterior user can act according to the link the automatic system checkout program result and the corresponding algorithm (Topology, RTT and so on) when establish domain name request connection, the intelligent chooses appropriate link to provide the response of the user.
Design realization of the server load balance use the idle server fully, enhance the whole service level, guarantee the quality of key application service in the band width resources within the limited situation, automatically inspecting server active status, dynamically increasing or deleting any quantity server of its load balance server group and do not need to make any change to the client side or the backstage in order to cause the system expansion to be relaxed. When any service engine is off, instantly the current capacity requested assignment for other servers, thus achieves the system high available.When the current capacity“the peak value”appears, it can mix all servers the resources simultaneously in order to provide the service. So-called“peak value jamming”pressure is weaken obviously when the system performance is enhanced greatly, simultaneously reducing the investment which increase for the regulating system performance.
With the firewall load balance design’s realization, the two different brand of user’s firewall can work together and share the pressure together. The load balance product is from top to bottom, the sandwich structure of firewall is in the middle which realize the firewall load balance, two firewalls can carry out their processing performance 100% without making HA, and has made some promotion preparations for future isomerism firewall system (different brand firewall, or different model firewall) the development and sharpen the firewall colony's handling ability.
The design’s realization of inside and outside net DOS attack and protection through surveying the server handling ability precisely, thus automaticly shield newly built link before the server handling ability is saturated. The link which surpass the server handling capacity is at the waiting condition on the load balance products until the servers have free time or TCP timeout. At the same time, regarding all foreign provides the application the server, the user is unable to get in touch with the server, and it has to link with the hypothesizing server which is established on the load balance product , therefore the hacker is unable to obtain the server the real address. and increase the difficulty of the hacker attack. The security has gotten further promotion in the increasing complex network application environment.
With the application of more complicated system of every units’, there are more and more users. The Application Delivery Networks Technogies will have chance to guard the system’s high-speed, safe and avaiable. In a word, our times need the Application Delivery Networks and the users are hoping Application Delivery.
Application Delivery Networks Technology is a comprehensive platform, which specialize in the bottleneck problems of user’s key application network visit through load balances of service device, chains, overallandWan’soptimizing Accelerationand web’s Accelerating and many other technologies. With the development of China’selectronic government affairs, the government office network has a tendency towards every staff.Thenetwork is becoming larger and larger which involing in growing departmentsandareas;leading to more and more loading of the application and the datas.Meanwhile, the demands of the government’s employees are more higher and more diversified.These days,the net work basic chains are better,while there are more and less problems of slowliness of key application visit when it is used in the network, which cause a lot of troubles. Under this circumstances, which is required to apply new technologies, creating new ideas, perfecting and reorganizing the network resources, improving the network management level in orderto promote data’s effective and usage and make theeletrical governmeng affairs more safe, effective, quick and orderly operating, which is required to introduce Application Delivery Networks Technologies.The government office network is coming to every offical. The network is becoming larger and larger which involing in growing departments and areas; leading to more and more loading of the application and the datas. Meanwhile, the demands of the government’s employees are much higher and more diversified. These days, the network basic chains are better, However, many questions appears, such as the key application visit speed goes slowly, which cause a lot of troubles. Under this circumstances, to application of new technology is required, creating new ideas, perfecting and reorganizing the network resources, improving the network management level in order to promote data’s effective and usage and make the eletrica governmeng affairs more safe, effective, quick and orderly, which require to introduce application delivery networks technology.
The application delivery network technology connects the key application with the foundation network equipment. This seamless union of the platform and Microsoft, IBM, Oracle, SAP, BEA, People Soft and many other company's products realize the security, fast and high available delivery in their application in the network. This enables it to become the important control point in the network and it can increase the intelligence and the administration, unloading appliacation in order to lighten the server burden and avoide rewriting the application. Thus, the application delivery network technology which is similar to a network city manager guarantee the application fast, high available in any network all the time.
Several aspects of the questions has been discovered through thorough analysis of the project background network. First, how to promote fully the line by using the backup line emergency response ability and the band width; Secondly, how to provide the application service by using the old equipment resources and using the server cluster; Thirdly, how to guarantee the quality of the key application service in the band width resources in limited situation; Finally, how to guarantee the security of network in the complex network application environment. Transformational Network topology is proposed in view of the existing problems, by using four application delivery network controller 6400 of F5 Corporation to realize link load balance, server load balance, firewall load balance and the functions of inside and outside net DOS attack protection.
The design realization of double link load balance of China Net and China telecommunication, it aims at the demand of internal user load balance (the Outbound visit) and (the Inbound visit) the current capacity intelligence link chooses two aspects to Internet visit from Internet visit to network interior server, fully promotes the line using the backup line emergency response ability and the band width, guarantee normal visit of the Internet user when some link line is broken and can defer to the appropriate load equalization algorithm to choose a link of superior quality when two links are normal; while exterior user can act according to the link the automatic system checkout program result and the corresponding algorithm (Topology, RTT and so on) when establish domain name request connection, the intelligent chooses appropriate link to provide the response of the user.
Design realization of the server load balance use the idle server fully, enhance the whole service level, guarantee the quality of key application service in the band width resources within the limited situation, automatically inspecting server active status, dynamically increasing or deleting any quantity server of its load balance server group and do not need to make any change to the client side or the backstage in order to cause the system expansion to be relaxed. When any service engine is off, instantly the current capacity requested assignment for other servers, thus achieves the system high available.When the current capacity“the peak value”appears, it can mix all servers the resources simultaneously in order to provide the service. So-called“peak value jamming”pressure is weaken obviously when the system performance is enhanced greatly, simultaneously reducing the investment which increase for the regulating system performance.
With the firewall load balance design’s realization, the two different brand of user’s firewall can work together and share the pressure together. The load balance product is from top to bottom, the sandwich structure of firewall is in the middle which realize the firewall load balance, two firewalls can carry out their processing performance 100% without making HA, and has made some promotion preparations for future isomerism firewall system (different brand firewall, or different model firewall) the development and sharpen the firewall colony's handling ability.
The design’s realization of inside and outside net DOS attack and protection through surveying the server handling ability precisely, thus automaticly shield newly built link before the server handling ability is saturated. The link which surpass the server handling capacity is at the waiting condition on the load balance products until the servers have free time or TCP timeout. At the same time, regarding all foreign provides the application the server, the user is unable to get in touch with the server, and it has to link with the hypothesizing server which is established on the load balance product , therefore the hacker is unable to obtain the server the real address. and increase the difficulty of the hacker attack. The security has gotten further promotion in the increasing complex network application environment.
With the application of more complicated system of every units’, there are more and more users. The Application Delivery Networks Technogies will have chance to guard the system’s high-speed, safe and avaiable. In a word, our times need the Application Delivery Networks and the users are hoping Application Delivery.
引文
[1]汤剑辉,网络负载均衡的企业应用,现代计算机, 2003年10期, 47-51
[2] TMOS :应用交付网络全代理解决方案F5飓风网络公司http://www.f5.com.cn/pdf/white-papers/tmos-full-proxy.pdf 2007-3
[3]陆国栋对网络QoS中拥塞控制的研究,电脑知识与技术(学术交流) 2006年03期
[4]张志方,陈拥兵,董瑞青,杜新华基于网络处理器的接入服务器QoS方案设计,电子测量技术2006年02期
[5]修长虹,基于Linux PC集群负载均衡的研究与实现,吉林大学, 2004年
[6]李先毅, LVS集群管理系统,大连理工大学, 2004年
[7]牛军山, Oracle数据库中网络连接的负载均衡,电脑知识与技术, 2005年12期, 5-6
[8]杨文军, CORBA环境下负载均衡的研究与设计,大连理工大学, 2002年
[9]杨刚,周兴社,杨志义,施笑安,基于CORBA的自适应负载均衡服务的研究,微电子学与计算机, 2002年05期, 2124
[10]时公涛,孟相如,刘志宏基于IP网络服务质量的研究与实现,微电子学与计算机2005年12期
[11]潘传志,远程虚拟实验信息平台负载均衡研究,华中科技大学, 2004年
[12]王新国,大型事务性COM+系统性能瓶颈分析与解决方案,吉林大学, 2005年
[13]路明怀,龚正虎, Linux服务器下多网卡负载均衡的研究与实现,第一届建立和谐人机环境联合学术会议(HHME2005)论文集, 2005年
[14]林水城,期货交易系统平台中负载均衡与灾难备份的研究与实现,浙江大学, 2006年
[15]陈武,王平,负载均衡技术在数字图书馆服务中的应用模式及实例分析,现代图书情报技术, 2004年11期, 8-11
[16]罗秋明,一种算法无关的PVFS负载均衡机制;计算机工程与应用,2006年19期; 119-120
[17]李乐平,吴泉源,消息中间件InforBroker中集群技术的应用,第一届建立和谐人机环境联合学术会议(HHME2005)论文集, 2005年
[18]冯青峰,基于Java RMI的分布对象负载均衡研究与实现,西安电子科技大学, 2002年
[19]梁丰,YAU D利用路由器自适应限流防御分布拒绝服务攻击,软件学报,2002
[20]李旺,吴礼发,胡谷雨.分布式网络入侵检测系统NetNumen的设计与实现.软件学报,2002,13(8):1723-1727
[2] TMOS :应用交付网络全代理解决方案F5飓风网络公司http://www.f5.com.cn/pdf/white-papers/tmos-full-proxy.pdf 2007-3
[3]陆国栋对网络QoS中拥塞控制的研究,电脑知识与技术(学术交流) 2006年03期
[4]张志方,陈拥兵,董瑞青,杜新华基于网络处理器的接入服务器QoS方案设计,电子测量技术2006年02期
[5]修长虹,基于Linux PC集群负载均衡的研究与实现,吉林大学, 2004年
[6]李先毅, LVS集群管理系统,大连理工大学, 2004年
[7]牛军山, Oracle数据库中网络连接的负载均衡,电脑知识与技术, 2005年12期, 5-6
[8]杨文军, CORBA环境下负载均衡的研究与设计,大连理工大学, 2002年
[9]杨刚,周兴社,杨志义,施笑安,基于CORBA的自适应负载均衡服务的研究,微电子学与计算机, 2002年05期, 2124
[10]时公涛,孟相如,刘志宏基于IP网络服务质量的研究与实现,微电子学与计算机2005年12期
[11]潘传志,远程虚拟实验信息平台负载均衡研究,华中科技大学, 2004年
[12]王新国,大型事务性COM+系统性能瓶颈分析与解决方案,吉林大学, 2005年
[13]路明怀,龚正虎, Linux服务器下多网卡负载均衡的研究与实现,第一届建立和谐人机环境联合学术会议(HHME2005)论文集, 2005年
[14]林水城,期货交易系统平台中负载均衡与灾难备份的研究与实现,浙江大学, 2006年
[15]陈武,王平,负载均衡技术在数字图书馆服务中的应用模式及实例分析,现代图书情报技术, 2004年11期, 8-11
[16]罗秋明,一种算法无关的PVFS负载均衡机制;计算机工程与应用,2006年19期; 119-120
[17]李乐平,吴泉源,消息中间件InforBroker中集群技术的应用,第一届建立和谐人机环境联合学术会议(HHME2005)论文集, 2005年
[18]冯青峰,基于Java RMI的分布对象负载均衡研究与实现,西安电子科技大学, 2002年
[19]梁丰,YAU D利用路由器自适应限流防御分布拒绝服务攻击,软件学报,2002
[20]李旺,吴礼发,胡谷雨.分布式网络入侵检测系统NetNumen的设计与实现.软件学报,2002,13(8):1723-1727