Delivering good online service is driving companies with heavy Web-site traffic to add Web-server load-balancing to networks.
West Group, a publisher of law books and online legal information, started its load-balancing environment five years ago with a home grown application. The Eagan, Minn.-based firm used round robin and a proxy to open TCP connections to its Web servers. In January 1998, with just under 60 Web servers, no means to monitor applications and transparently remove downed servers, Senior Network Architect Duane Torborg and his team began to research Web-server load-balancing products. With growing usage of its Westlaw online legal research service and several other online services, a heightened quality of service to the network's short, bursty HTTP traffic and long running telnet sessions had become a necessity. Torborg's team found three types of load-balancing products: bi-directional Network Address Translation (NAT), server side NAT and MAC forwarding. Bi-directional NAT, like a proxy, terminates one session and starts another. The drawback is you loose the originating IP address in the Web-server logs. Server side NAT changes the destination IP address of the packet to the server and changes it back on the way out. The drawback is the packet has to go out the same way it came in. This can be difficult in a fully redundant environment. With MAC forwarding, the load-balancer has an alias address for each product that is bound to the loopback adapter of each Web server. The load-balancer then builds a table of MAC addresses for each server. When a packet comes in, the load-balancer changes the destination MAC address and sends it to the server. The server looks at the IP address, checks its validity against the loopback adapter and the return traffic goes directly back to the browser. Torborg's team realized that NAT technology wouldn't work in their fully redundant network environment; there was no guarantee that traffic would go out the same way it came in. They decided to evaluate the two MAC forwarding products they found in early 1998 from IBM and Resonate. Torborg's team wasn't able to get Resonate's Central Dispatch product or the IBM WebSphere product working on NT. They narrowed the problem down to the interaction of the application with the NT IP stack. And, because they had a large Unix environment and the WebSphere product supported this, the team installed WebSphere on AIX and had it up and running quickly. Using IBM's WebSphere on four AIX boxes, Torborg's team set up two high availability load balancing pairs to support the existing servers spread out over four switched Ethernet segments. West Group's services have since grown to 70 online products load-balanced across 125 Web servers defined on two load-balancing pairs. Monitoring 125 Web servers is a very resource intensive task. They have already added a second processor in each load balancer and are planning to add more load balancers for additional growth. "Because we went with the MAC forwarding load-balancers, we can add additional capacity without making architectural changes," Torborg says. They are re-evaluating IBM, Resonate and other load-balancing products to ensure they expand with the best possible product. Another factor Torborg considered was product licensing. Some products are licensed on a per load-balancing box basis and others on a per Web-server basis. In his situation, the WebSphere's pricing per load-balancing box was optimal for supporting 60 Web servers. Torborg also likes WebSphere's high-availability feature, which lets him shut down a load-balancer without dropping any sessions. The product's weakness is in the area of manageability. Torborg's team needed to build their own user interface to add and manage clusters. "Make sure the management features are there," he recommends. "Management is an ongoing cost." Before you choose a load-balancing product make sure you understand your scalability and redundancy requirements and understand how the product is licensed, Torborg advises. Like West Group, the highly visited Internet site Lycos, was using a Domain Name System (DNS) load balancing method early last year for WhoWhere, one of its business units. Subra Kumaraswamy, network architect at the Waltham, Mass., firm, says DNS round robin techniques work well if you only have a few servers. Although DNS is effective in most cases, it's not a reliable solution for large-scale sites because there is the possibility that traffic could be directed to a downed server. Feeling an immediate need for load balancing, Kumaraswamy didn't have the luxury to do an orchestrated product evaluation. He did a lot of paper research on the Web and narrowed his search down to Alteon's ACEdirector and Cisco's Local Director. He compared product prices and decided that Alteon had the best price per port and better architecture. The Alteon ACEdirector switches' current pricing ranges from $10,995 to $17,995; Cisco's LocalDirector switches are priced from $9,900 to $25,000. And, Cisco employed a software-based load-balancer on its switch, while Alteon had opted to architect the load-balancing around ASIC architecture. To provide fault-tolerance and continuous availability, Kumaraswamy set up two ACEdirectors for load balancing across a dozen Linux and Solaris servers. ACEdirector's intuitive Web-based and command-line interface eased configuration and let Kumaraswamy deploy the product within a day. He likes that it offers an event log and virtual IP statistics. And, ACEdirector employs the 'pbind' feature to bind sessions to the same server instead of using cookies or application level session management. The product's support for a heterogeneous server farm was a plus, and Kumaraswamy liked the fact that he could use the product as a Layer 2 switch. However, Kumaraswamy has a wish list for the ACEdirector. It took him a few tries to set up the failover configuration. Moreover, the ACEdirector's failover takes as long as 30 seconds to take effect due to its use of spanning tree. The spanning tree protocol, a Layer 2-based mechanism, by nature requires 30 seconds to complete its protocol dialog to the routers and secondary load-balancing switch during the failover process. Conversely, a Layer 3-based failover involves continuous server pinging, which results in a five-second failover delay. Additionally, ACEdirector lacks Syn attack protection, secure shell login and support for Border Gateway Protocol and Open Shortest Path First routing. All of this aside, Kumaraswamy was impressed with Alteon's technical support and ability to quickly respond to his questions. Kumaraswamy purchased the ACEdirector switches to address local load-balancing Web-server needs. "Knowing that Alteon was moving to design their next switches to support global load-balancing, was helpful to me for future planning when we may need to employ global load balancing," says Kumaraswamy. "We could use the same hardware and would just need to add software on top of it." Kumaraswamy advises that the most important thing to keep in mind when you deploy a load-balancer is network integration. He suggests rigorous testing of the product for all conditions you may encounter such as link failure on the primary and secondary load-balancing switch. Test the time it takes the switch to failover and test the power-off response on both the primary and secondary switches. And, use a tool to generate various load conditions on your server farm. Include your application programmer and network engineer during the trial runs so everyone understands the load-balancer's capabilities. Rodney Loges, revenue master for Internet service provider DigitalNATION, employed a similar strategy for selecting a Web-server load-balancer. Involving his technical team during the product evaluation was merely one step in the process. Loges researched products using trade publications, professional groups, newsgroup postings and vendor meetings. He says that newsgroups in particular offer frank input about best of breed solutions. Loges' strategy also included an analysis of the technology in terms of profit and revenue. He needed to ensure that the purchase and implementation of the load-balancing product would let DigitalNATION build revenue. DigitalNATION wanted to find at least two Web-server load-balancing product options to offer its Web-hosting clients. The company wanted products with different strengths to assist its clients with different levels of need. Loges evaluated load-balancing products based on speed, ease of configuration, reliability, load processing, architecture, product reviews, technical support, marketing strategy and vendor funding. He settled on Alteon's ACEdirector and IPivot's Commerce Director 8000. He chose ACEdirector for its speed and ease of configuration. And, the Commerce Director 8000 got the nod for its Layer 7 support and "intelligent session recovery" also known as egress error detection. This involves reading the actual HTML text, finding error messages such as 404 - file not found, or 403 - server to busy. The server winds back the transaction and sends the request to another server with the process being transparent to the user all the while. And, the Secure Sockets Layer (SSL) acceleration feature, a process through which an encryption engine speeds up the encryption process was also attractive. He has already deployed ACEdirector and is in the process of purchasing IPivot's Commerce Director 8000. The Alteon ACEdirector switches' price ranges from $10,995 to $17,995 and IPivot's Commerce Director 8000, due to ship in July, has a price of $39,950. The ISP uses ACEdirector for clients who need Layer 4 load-balancing and failover. Loges says this is a good choice for customers who don't need all the functionality of the IPivot, and who want to have complete control over the load-balancing system. In the future, Loges plans to offer Commerce Director 8000 to clients who need layer 7 load-balancing and SSL acceleration. "We're not going to bet on one platform. We need a core level of product experience with two best-of-breed solutions," Loges says. "The biggest challenge is to not buy into a solution that will be dead in a year, either because the company will be out of business or better products will come along." RELATED LINKSContact Associate Features Editor Suzanne Gaspar
Load balancing forum
Discuss load balancing with Mark Hoover, author of our article on load balancing trends.
Balancing act
Review: load balancers
Interactive buyer's guide
User study: Dense traffic drives Web-server load balancing
Don't be swayed by fancy features when a fast, scalable load balancer should be your top priority.
All nine products we tested improved Web server performance significantly, making it tough to select a single winner. But in the end, the fastest product under the greatest load, Resonate's Central Dispatch, won our Blue Ribbon Award. Network World, 6/14/99.
Find a product that best matches your criteria, compare two or more load balancers in several categories or download a spreadsheet with all the product data.
With nearly 60 Web servers, the West Group needed load balancing quickly. See what they decided on and why. Network World Fusion, 6/14/99.
