Suitable for Linux Red Hat and Windows NT platforms, the SonicWALL LB-PCI does exactly that and is most useful for overworked web sites and e-commerce servers that need to maintain their cost-effectiveness without compromising the necessary high performance.

Unusually, this load-balancing switch comes in the form of a PCI card that may be installed directly into a host server running standard network operating systems. It then functions as an NIC for the hosting computer without impacting the performance of the CPU when in switching or load-balancing mode. This is because it has its own processor and onboard memory.

Operating as a five-port, transparent bridge straight from the box, spanning tree protocols are enabled by default. Concerned specifically with local IP traffic load balancing, LB-PCI auto-senses and auto-negotiates connections for both 10Base-T and 100Base-T connections, while also providing what I would call disaster recovery features. So, as well as balancing IP traffic loads between multiple web servers within a local server cluster, its other features should ensure a smooth and uninterrupted service. These include the automatic switching to the most available server based on six different load-balancing options, continuous monitoring of local servers for availability and optimal performance, and failover to other local servers for a high-availability web site.

Failover is obviously an important area of interest for readers. Put simply, the primary device will perform all the load-balancing and switching tasks while the designated secondary device is in permanent hot standby mode, constantly aware of the heartbeat of the primary device. If it fails to detect a heartbeat, the secondary device verifies the failure, commands the primary device to shut down and assumes its identity by taking over its MAC address. Once the failed device has been fixed and brought back online, it detects the presence of the standby device now in primary mode and automatically assumes the secondary role. It is then merely a simple matter of invoking the 'activate primary' command to reactivate the fixed primary device.

The load-balancing paradigm is neat and understandable. Once everything is installed and configured you will be working with three logical levels of addressing, virtual front-end servers, server groups and physical servers. The virtual front-end servers, of which you can have up to 256, are the IP addresses, which receive all the Internet traffic and each must have a unique IP address. LB-PCI directs requests to the virtual front-end servers and then sends each request to an appropriate server group. Server groups are actual collections of physical servers used to satisfy requests to a particular port on a virtual IP address. They may be used to group servers logically based on the services they provide. For example, all requests could go to the same virtual IP address, which then maps them to a particular server group, with the server group subsequently directing each request to a suitable physical server. The third element to the paradigm is the physical server, and each one should have a unique IP address. All servers in the same group should be redundant, although each one can provide a mixture of services.

There are six load-balancing algorithms to choose from - the Round Robin algorithm is the default. Distributing connections evenly across servers, each time a new connection is requested LB-PCI passes it to the next server in line. The advantages of the Round Robin algorithm are that it treats all servers within the group as equal, regardless of the number of connections or response time, and is the fastest of all the algorithms. The Least Connections algorithm obviously enough directs connections to the server with the least number of open connections, those servers capable of processing connections the fastest getting the most connections. Least Connections is most effective when the cluster of servers is similar in performance. Weighted Least Connections is a refinement of Least Connections, whereby servers with a higher weight value will receive a greater percentage of connections when the number of open connections is equal. Therefore, a server with a weight of three will receive three times as many connections as a server with a weight of one. The main advantage of this algorithm is that it guarantees that the faster servers get more traffic.

The Fastest Response Time algorithm passes a new connection to a server based on the fastest measured response time of currently active servers, relying on server speed and ignoring the number of connections. The Adaptive algorithm directs network connections to the server with the least number of open and pending connections, its advantages increasing as the number of client threads per second increases. Finally, with the Fixed algorithm, LB-PCI uses the source IP address of each incoming request to decide which server should receive the request, and is most suitable for an environment with a mixed source of requests.

Load Balancer utilizes two levels of password protection, attach and configuration level, important for a device that can be administered over the network. Attach-level passwords give control over who can attach the configuration manager to a device to view statistics or other non-sensitive data. Configuration level passwords give control over who can also view sensitive data as well as configure the device. Because LB-PCI is shipped without passwords it is important not to omit setting them. While LB-PCI may be attached and configured remotely, access lists may be set up to define which computers are allowed to manage devices. This is achieved by specifying their IP addresses in access lists for each device. True 'hackers' will be glad to know that LB-PCI can be configured using a command line interface, although there is a QuickStart wizard there for the rest of us!

 

SC On-Line
SC Magazine
www.scmagazine.com