Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4194
Views
0
Helpful
4
Replies

Predictor Hash address

rafael2gc
Level 1
Level 1

‎01-05-2011 05:34 AM

Hi,

The command "predictor hash address source"  "Selects the server using a hash value based on the source IP address." but it is too vague.

What it means? How can i determine at which server on serverfarm a client connection will be redirected for?

I would like to know how it realy works? Predictors methods like Least-Connections, Least-Loaded, Application Response etc are easy to understand.

Thanks

Rafael2gc

Labels:
0 Helpful
4 Replies 4

sachinga.hcl
Level 4
Level 4

‎01-05-2011 12:44 PM

Hi Rafael,

For what purpose are you using "predictor hash address" or planning to use. Please share your scenario along with if it is CSM or ACE.


Are you using it to load balance firewall.

For FWLB, it is recommend that you use only the hash address source and the hash address destination predictors. Using any other predictor with FWLB may fail and block traffic, especially for applications that have separate control and data channels, for example, FTP.


Source IP hashing also provides a simple stateless way to stick a client to the same real server in SLB environments.

A benefit of source address hashing in some environments is that the client connects to the same server for every request, causing the client to stick to the same real server for all requests to the virtual server. This benefit proves useful for e-commerce applications that store client-specific information across content requests.

When using hash address as the predictor, the load balancer selects the real server by using a hash value that is calculated by using both the source and destination IP address. This predictor can be used to achieve session persistence when no proxy servers are in front of the clients. The proxy servers issue the requests on behalf of the clients, thus changing the client IP address. The hash value is calculated so that there is statistical distribution based on source and destination IP addresses, which works best when there is a wide range of source or destination IP addresses.

Hashing the packet's source IP address is useful only in environments where there are vast numbers of clients, because the same keys provide the same hash value. A small number of clients may cause an over-selection of particular real servers. Additionally, some ISPs use mega-proxy servers to NAT hundreds or even thousands of clients to a single IP address. As a result, your load balancer will forward all requests from clients behind the proxy to the same real server, potentially causing that real server to overload.

Typically, the default balancing method, round robin is used. Since support of multiconnection protocols, such as FTP as I said above, is required in firewall loadbalancing design, you have to use predictor hash address Source | Destination in your configuration. For multiconnection protocols where some connections are open by clients and others by servers and you need to make sure all the connections belonging to the same session go through the same firewall, you will have to use source IP hash for incoming connection and destination IP hash for outgoing, or vice versa.

The hash algorithm is something like this:

((_key) + (_key >> 8) + (_key >> 16) + (_key >> 24))


The _key in this case is the source ip address has an unsigned 32 bits number.


You then do rserver_index = hash % number_of_rserver.


Source or destination IP hash method maps the IP address in the request to a real in a server farm. The configuration options are shown below.


predictor hash address [source | destination] [netmask]

     

!--- Source/Destination IP hash or predictor hash address.

The default (netmask) is 255.255.255.255. The hash value is produced with the following algorithm:


ip_addr = (Src_or_Dest_Ip_addr & Cfg_Netmask) hash_index = (ip_addr) + (ip_addr >> 8) + ip_addr >> 16) + (ip_addr >> 24);

Also for detail configuration examples for hash predictor kindly refer the below mentioned URL:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/fwldbal.html#wpxref70632

---


For Least connections— it selects the server with the fewest number of active connections based on the server weight. For the least-connections predictor, you can configure a slow-start mechanism to avoid sending a high rate of new connections to servers that you have just put into service.

For Least loaded— as it selects the server with the lowest load based on information obtained from Simple Network Management Protocol (SNMP) probes. To use this predictor, you must associate an SNMP probe with it.


You can configure stickiness when you require load balancing multiple TCP flows of a session to the same server as the original flow, to retain information stored about the flow on the server. The same principle is true with FWLB. For applications that require multiple connections in the same direction within the same application session, such as HTTP and Passive-FTP, you can use IP session stickiness or distribution via address hashing to ensure that multiple TCP sessions stick to the same firewall.

Kindly rate.


HTH


Sachin Garg
'

0 Helpful

rafael2gc
Level 1
Level 1
In response to sachinga.hcl

‎01-05-2011 03:46 PM

Hi Sachin

thanks for you awser. Very nice document.

i´m already using predictor hash source to stick clients to real server in SLB.

My doubt is about after the client ip address is hashed, which method is used to choose the real server. i understood from your doc that the method used to balance is round robin ...."Typically, the default balancing method, round robin is used" is it right?

Best Regards

Rafael

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to rafael2gc

‎01-05-2011 05:41 PM

Yes You are right.

If you do not configure any predictor in your load balancer then by default it will use round robin which is not the best in all scenarios.

HTH

Sachin

0 Helpful

Surya ARBY
Level 4
Level 4
In response to rafael2gc

‎01-05-2011 10:32 PM

there is no dynamic load balancing, as the server is chosen according to the result of the hash function. So no least conn or round robin, hash based algorithms are static loadbalcing according to the input on which you apply the hash function.

This is modulo n arithmetic, if you have n services to loadbalance to.

Also if a service fails or a new service is added to the serverfarm, the global persistance may fail as the output of the hash function will not be based on modulo n arithemetic but instead on modulo (n+1) or modulo (n-1)

0 Helpful
Customers Also Viewed These Support Documents