Weihong Wang/Content Switch Page 1

1
Content Switch
. Introduction of content web switch. . Some
content switch products in the market. . Design
of a content switch.
2
Introduction of Content Switch (1)
What is web server load balancing?
. Distribute incoming request to achieve parallel
services. . Transport layer load balancing,
balancing the incoming request based on
address and port number. . Application layer
load balancing, redirecting the user request
based on the content of the request. (e.g.
url, http header)
3
Introduction of Content Switch (2)
What is Content Switch?
. An application layer load distribution. . A
network device which routes the unique user
request for specific content to the optimal
server best able to handle the request. . For
example, a Content Switch can classify the
incoming request based on its url, http meta
header, cookie value and so on.
4
ArrowPoint Network Services
(Support url and cookie-based switching)
. Who the customer is based on user cookie
located within HTTP header. . What information
or transaction the customer is requesting. .
Where best to service the customers.
5
Content Switch Architecture
Content switch processor

• From Apostolopoulos2000.
• Port controller matches incoming packets
• Forward packets tocontent switch processor or
  routethem directly.
• Rule matching resultsdownload toport controller

6
Content Switch Operations
Content Switch Rules
CS RuleEditor
Incoming Packets
Packet Classification
Header ContentExtraction
Content Switching Rule Matching Algorithm
Forward Packet To Servers
Packet Routing(Load Balancing)
Network Path Info
Server Load Status
7
Component of Content Switch
. Defining the rules. Determine the type of web
content being request. . Rule matching process
Identifying specific type of traffic, then
routing that traffic to the location best able
to serve the traffic or customer request.
8
Two different design approach of Content Switch
. Process content type classification and routing
policy on application level. For example
application level proxies. . Process content
type classification and routing policy on
tcp/ip level. Need to modify operating system
kernel. For example using NAT to develop a
content switch.
9
Cisco Content Engine 2.20(CE)
. Cisco CE supports HTTP and HTTPS proxy
server. . CE examines web request and makes the
action decision such as block, cache, or
proxy. . CE is worked in application level. . An
example of the matching rules rule no-cache
url-regex\. cgi-bin. This rule configures that
the incoming packets with the url matching the
pattern cgi-bin will not be forward to the
proxy servers.
10
Intel Action/Classification Engines(ACEs)
. ACE classifies incoming packets according to
the predefined rule files. . ACE then triggers
action in the associated action files. . ACE use
Network Classification Language(NCL) to configure
rules. . ACE is developed in tcp/ip level. .
Example of NCL,
Rule check_httptcp(tcp.sport80)action_scan(
)
. check_http is the name of the rule,
tcp(tcp.sport80) is class matching
condition, and action_scan() is action function
of this condition. . This rule means that
incoming request with protocoltcp and port80
will go to action action_scan(). . NCL is
simple for configuration.
11
Design of the Content Switch
. Architecture of Content Switch. . Matching
rules and routing policy. . Flow chart.
12
TCP/IP level Content Switch Architecture (1)
NAT(network address translation)
. Incoming and out going packets all pass through
Content Switch. . Content Switch masquerades the
ip address and port number of incoming and out
going packets. . Content Switch uses delayed
binding to connect with back server.
13
Packet Processing in Content Switch
Phase 1
Phase 2
Phase 3
14
TCP Delay Binding
15
NAT Content Switch delayed binding
. Content Switch establishes a connection with
client first. . When get data, choose a server to
establish another connection, forward original
syn msg, discard the ack from back server. .
For the following data transmission, Content
Switch only forward it after masquerades its ip
address and port number.
16
TCP/IP level Content Switch Architecture (2)
IP Tunnel and IP Direct Routing
. Content Switch accepts request and forward it
to the choosed server. . The server then
connects with client directly. . Delayed binding
. . Need to modify back end servers tcp
protocol. . Faster than NAT approach.
17
Content Switch Rules
The contents should be covered
. Source IP address and TCP/UDP port
number. . URL regular expression. . HTTP meta
header. . SSL session ID. . Values of XML tags.
18
Content Switch Rules (1)
Examples of Content Switch Rules
Foundry ServerIron
Cisco Network Based Application Recognition
ServerIron(config)url-map gifPolicy ServerIron(co
nfig-url-gifPolicy)method suffix ServerIron(confi
g-url-gifPolicy)match gif1 ServerIron(config-gi
fPolicy)default 2 ServerIron(config-gifPolicy)ex
it
Router(config)class-map match-all
http_secure Router(config)match protocol
secure-http Router(ifconfig)class-map match any
audio_video Router(config)match protocol http
mime audio/ Router(config)match protocol http
mime video/ Router(config)policy-map
e-express Router(config-pmap-c)class
http_secure Router(config-pmap-c)bandwidth
32 Router(config-pmap-c)class audio_video Router(
config-pmap-c)bandwidth 10
If the suffix of url in the incoming packets is
gif, route to server group 1, else route to
server group 2.
Intel IX-API SDK
Rule check_src ip.src10.10.10.30
action_A() Rule check_httptcp(tcp.sport80)
action_scan()
First define classes for secure http request and
audio/video request, and then distribute
the outbound bandwidth for each class.
The meaning of rule check_src is if source ip
address is 10.10.10.30, then execute the action
function action_A().
19
Content Switching Rule Matching Algorithm
. Brute Forced Sequential Execution Early rules
have higher priority. . Easy to solve conflict
problem. . Ways to speed up the process of rule
matching - Set flags based on the headers and
content by-passed rules not related. - Use
compiler-optimization techniques to speed up the
set of rule
20
Flow Chart of Content Switch (1)
packet from client
input to ip_input
y
masquerade ip addr port,seq.
connection established?
n
n
n
n
y
UDP?
TCP/SYN?
TCP/data/ack
forward ib packet
y
y
deliver to upper layer
create ACK back msg
choose server
choose server
return
masq UDP packet
send back ACK to client
masq SYN msg
forward to server
forward to server
return
21
Flow Chart of Content Switch
packet from back server
input to ip_forward
Connection established?
SYN/ACK?
msaq packet
create connection hash table
masq ip addr, port,seq.
forward it
forward as normal
forward saved ip packet
return