Load Balancing and Fault Tolerance
Novell Cool Solutions: Feature
Digg This -
Posted: 29 Jun 2004
Cool Update: It's come to our attention that the concepts in this article may not work as described for BorderManager 3.8. We've added some information on BMAS, VPN, and proxy to give a better picture. Thanks for your input!
BMAS will function in a clustered environment, but this is not something that's recommended. The problem is that BMAS binds itself to all the interfaces on the system, but will send responses only on the first interface. In other words, if a system is configured with a 10.0.0.1 and 10.0.0.2 interface, BMAS would listen on both interfaces, but only respond on the 10.0.0.1 interface. If a request is received on the 10.0.0.2 interface, the response would still be sent on the 10.0.0.1 interface. This is obviously a problem when the system is configured as a firewall (for instance) with both public and private interfaces. This issue will be addressed in the next version of RADIUS, which is based on the FreeRADIUS code from freeradius.org.
Because BMAS uses only Berkeley Sockets calls to do network I/O, I don't think there would be any problems with NIC teaming, but it has not been specifically tested.
BorderManager VPN and Proxy
For information on load balancing and fault tolerance as they apply to VPN and proxy use in BorderManager, see:
and this AppNote:
In NetWare 6 and NetWare 5.1 with Support Pack 4, you can set up fault tolerance and load balancing between two NICs in the same server that are bound to the same IP address. You can read more details in TID 10072189. Here's a summary to help you get started.
- Run INETCFG.
- In the binding, choose Configure TCPIP/IP Bind Options | Expert TCPIP options.
- Click Yes for "Group interface for LB/FT".
- On one interface you must click Yes for "Set as Primary Interface".
- On all other cards with the same IP binding, click No.
- On the main menu of INETCFG, select Protocols | TCPIP.
- If desired, enable Load Balancing and Fault Tolerance.
- You can enable load balancing or fault tolerance for other interface groups by changing the corresponding LB/FT group value to Enabled in "Configure Individual Groups".
You need to verify that the interfaces that will be load-balanced are plugged into the same switch. If the switch has multiple blades, select any blade. (If a VLAN is set up, the blade must be in the VLAN.) If you connect interfaces to different switches for further fault tolerance, this support is the responsibility of your switch manufacturer, not Novell.
Load sharing (no load balancing)
Load sharing is mainly done with the help of the ARP table. NetWare not only keeps the MAC address of the destination computer, but it also remembers which interface it uses for a particular destination. New addresses are assigned in round-robin fashion across all interfaces of a group. To achieve inbound load sharing, the server decides which local interface to use, depending on the remote IP address, and uses the MAC address of that interface in ARP replies. So, remote computers do not all have the same server MAC address in their ARP table, but they are more or less equally distributed among the different MAC addresses. Only addresses on the same LAN are used for load sharing. Packets that go through a same router will always go out on the same interface of the server.
Load sharing with load balancing
With load balancing enabled, outgoing traffic is distributed according to the load, not the destination address. This can possibly confuse remote computers if they get packets from different MAC addresses. They should, however, accept this. For example, with load balancing across multiple routers, it is also possible to get traffic from the same destination with different MAC addresses. Incoming traffic is still balanced, because the ARP replies rotate through the different MAC addresses of the server. That will statically distribute the remote servers to the different NICs of the server.
Fault tolerance is obtained through "Gratuitous ARP" packets. E.g. when a NIC of the server goes down, the server sends out ARP packets on the other NICs advertising the IP address of those NICs. If the remote computers accept gratuitous ARP packets, they will automatically switch to a different server NIC because using the newly advertised MAC address. Computers that do not accept gratuitous ARP packets will not be aware of the fail over, but they will also not work with a NetWare cluster as NetWare clusters uses the same gratuitous ARP mechanism to advertise resource fail-overFor more details on Novell's approach to load balancing and fault tolerance, see TID 10072189.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com