HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM...
Transcript of HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM...
![Page 1: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/1.jpg)
www.zevenet.com
HIGH SPEED LOAD BALANCING FROMTHE LINUX KERNELLaura GarcíaZEVENET
![Page 2: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/2.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Capabilities
Multilayer
REST API
Multiplatform
Web GUI
![Page 3: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/3.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Focused on
Security High Availability
Scalability Performance
![Page 4: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/4.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Research
+ Concurrent users
- CPU cycles
![Page 5: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/5.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Research
Layer 7
Layer 3
Layer 4
![Page 6: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/6.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Research
Linux Kernel
net
netfilter
ipvs
![Page 7: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/7.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with iptables
{ sNATdNAT { conntrack
helpersconntrackdsyncdxtables
{ multiportlimitsrecentstatistic{ sip
(t)ftpsctp...
} }} }
![Page 8: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/8.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with iptables
destination NAT source NAT
![Page 9: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/9.jpg)
rewritesourcesecurity marking rewrite
destination
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with iptables
raw
prerouting
mangle
prerouting
nat
prerouting
nat
postroutingrouting
Network layer
![Page 11: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/11.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
API
curl -k -H "ZAPI_KEY: MyK3y...X" https://192.168.100.204:444/zapi/v3.1/zapi.cgi/farms
{ "description" : "List farms", "params" : [ { "farmname" : "http-profile-farm1", "profile" : "http", "status" : "up", "vip" : "192.168.100.208", "vport" : "80" }, { "farmname" : "LSLB-farm1", "profile" : "l4xnat", "status" : "up", "vip" : "192.168.100.207", "vport" : "222" }, { "farmname" : "NewGSLB-farm1", "profile" : "gslb", "status" : "up", "vip" : "192.168.100.207", "vport" : "53" } ]}
![Page 12: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/12.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
API
curl -k -X POST -H 'Content-Type: application/json' -H "ZAPI_KEY: MyK3y...X" -d '{"ip":"192.168.100.254","port":80}' \https://192.168.100.204:444/zapi/v3.1/zapi.cgi/farms/webfrontend/backends
{ "description" : "New farm backend", "message" : "Backend added", "params" : { "id" : 1, "ip" : "192.168.100.254", "max_conns" : "0", "port" : 80, "priority" : null, "weight" : null }, "status" : "up"}
![Page 13: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/13.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with nftables
{{ Expressions: nth, random, hash, etc.
Models for dNAT, sNAT and DSR
expressivenative expressionsIngress, egress hookconntrack, helpers, etc.stateless NAT
}}
![Page 14: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/14.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with nftables
Direct Server Return
![Page 15: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/15.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with nftables
table netdev filter {chain ingress {
type filter hook ingress device <if_lb> priority 0; policy accept;
ip daddr <ip_lb> udp dport <port_lb> ether saddr set <mac_lb> \
ether daddr set numgen inc mod 3 \
map { \
0: <mac_bck0>, \
1: <mac_bck1>, \
2: <mac_bck2> } \
fwd to <if_lb>
}
}
![Page 16: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/16.jpg)
security & nat
rewritesourcesecurity marking rewrite
destination
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Development with nftables
raw
prerouting
mangle
prerouting
nat
prerouting
nat
postrouting
Network layer
ingress
Fast Path
routing
![Page 17: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/17.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Benchmarks
~5x-6x
10x
![Page 18: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/18.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
New L4 core zvnftd
![Page 19: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/19.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
New challenges
★ libnftables★ Layer 7 preprocessor★ kTLS★ HW offload★ programmability
![Page 20: HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL · 2017. 11. 15. · HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL Development with nftables{ {Expressions: nth, random, hash, etc.](https://reader035.fdocuments.in/reader035/viewer/2022070208/60f8d6ad82289657c10a2574/html5/thumbnails/20.jpg)
HIGH SPEED LOAD BALANCING FROM THE LINUX KERNEL
www.zevenet.com
Thank you!
https://github.com/zevenet
https://hub.docker.com/r/zevenet/