Can anyone point me in the right direction to find out more information regarding using cisco switches to provide load balancing for webservers?
I have two servers with I would like to load balance between for redundancy... they are in separate sites. As I understand it, a switch capable of layer 4 switching can accomplish this. Will this work with two separate switches as the servers are not in the same site? What hardware would I need?
Many thanks in advance,
Was going to post a longer answer but since it is not "any" layer 4 switch I will let it at this.
Cisco really wants to sell you one of their content solution boxes . Either a css 15500 or a similar card that goes into a 6500.
There is some limited native support in 6500 switches and some 7200 series routers for server load balancing. If you have this type of equipment laying around then you could try it and see if meets your needs. Not sure it is cost effective to buy these devices unless you are buying end of life equipment.
The main command to configure this on both these platforms is
If you search cisco site you will find the documetation for configuring this on those platforms. It is a very basic load balancer but if thats all you need it may work.
Many thanks for the quick reply.
I will have to buy additional kit which ever way I go about it. With this in mind, would it be better to use a load balancing appliance instead of a switch?
The cisco content switches seem to have 8 ports which is more that what is required here, and I can't find anything that says its possible to do load balancing on ports accross two switches. It looks as though something like HSRP is needed to do the balancing between the physical switches.
Does anyone have experience of using cisco SLB in practice?
A dediated load balance appliance will give you much more flexibility than the basic stuff in IOS SLB, so if that is an option, I would say go for the dedicated box.
If going for the CSS11501, have a think about whether of not you will ever want SSL as the SSL cannot be added later to the box. The list price is a little over 10kUSD, so in the great scheme of things, it is not a stupid amount of money.
It is easier to make things work if the servers are close together in the network logically, but it is not a stopper. HSRP is not the answer unfortunately.
Ideally, the CSS would be positioned such that it looks like a router in the topology, with the servers imemdiately behind. That way the CSS is the default gateway for the servers, and return traffic gets handled correctly. When looking where to put it, think of it as an 8-port router.
The fun with remote servers is that the user points their browser at the name of the server. DNS gets the address, which is a virtyal address handled by the load balancer, and the browser then starts talking to the VIP address. The load balancer decides what to do with the packet, and changes the destination address to one of the servers. The server gets that and responds to the client address. If this is remote from the load balancer, the chances are that the route back to the client does not pass through the load balancer. So the response gets to the client, but with a source address of the real server. As that is not the address the client is talking to, it is ignored and the connection fails.
The proper solution is to make sure the return traffic goes back through the load balancer. I say proper, as you could use some form of load balancer that redirects rather than translates IYSWIM. That can be done a few ways. The tidy solution is to move the servers local to the load balancer and they have the load balancer as the default gateway.
If you cannot do that, you need to look at forcing the traffic back through the network to the load balancer. The easier way to do that is to use NAT (the implementation of that may not be called NAT, but that is what it boils down to) to translate the client address to be an address associated with the load balancer, such that normal routing will take traffic from the server to the client back to the load balancer.
The messy solution is to use PBR to force traffic from the server, from port 80 (and any other ports used for this) bach to the load balancer. That would have to be configured on every hop between the server and the load balancer, and just deciding to open an extra port means all those devices have to be reconfigured.
There are a few levels at which this can be accomplished. The salient point may be the diverse locations of the servers.
The simple option is IP SLB on IOS, but that is comparatively simple. You will almost certainly need to look at NAT for siurce addresses to make sure traffic is returned through the same device.
From there up you can look at the CSS or the CSM. These are fully fledged load balancers that offer many more options for load balancing. The same comment about NAT applies.
Then you can look at the GSS - global site selector, and multiple CSSs and the like or simple DNS load balancing.
Thanks Paul. Just a quick point, i've had a look around the cisco site, but not found anything conclusive - might have been looking in the wrong place...
which switches could I just for IP SLB? Is it just a case of having the correct version of IOS on say a 3750 ? or is it only certain switches?
you mention the point that the servers are diverse - does this mean, as i thought earlier that HSRP or similar would be needed?
It only runs on 6500 series. So its not going to be really cheap even if you buy old stuff.
I will let paul expand on the NAT issue if he wishes. I had that in a long post before I realized that it will depend on your hardware selection. It will be a little tricky to run servers at 2 locations behind a load balancers but it can be done with creative configurations.
Have you thought of using DNS for load balancing your web servers.
This wont give you great redundancy but is cheap and easy to implement.