Monday, November 15, 2010

IPv6: How GSLB can gain?

With advent of smartphones and intelligent house hold devices connecting to internet, the address space problem is going to blow up soon. IPv6 is soon to find its place in large extent in ADCs. In one of my articles, I have written the cons of DNS GSLB. It described how client proximity feature can help a client to reach nearest site. I was wondering if we can solve our GSLB problems with IPv6.

IPv6 provides anycast address. For quick reference, I pasted here few text.
An identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to an
anycast address is delivered to one of the interfaces
identified by that address (the "nearest" one,
according to the routing protocol's measure of
distance).


As the above text explains router can find nearest host that listens on the anycast address. This can be used as advantage in GSLB. All the sites can have anycast address as a virtual IP. When the domain name resolves to this anycast address, V6 router can find a nearest site for the client.

Implementation must note the cases with site failover in which case the router will chose a different site and the existing connection will break. In order to maintain site stickiness I would leave to the implementation. One way is to redirect the client to an unicast address as soon a site is selected.

In summary, IPv6 brought in advantage with anycast address in GSLB. Soon, we will see this implementation in ADCs.

Tuesday, March 23, 2010

WAN optimization on Smart phones

With increasing usage of smart phones in enterprises, the ADC vendors got a new market open up. Mobile users would want to access documents, send emails seamlessly.
Some vendors have already ventured into this smart phone ADC market. They started giving a proxy application that can run on the smart phones. Smart phone would require considerably large memory, CPU processing speed and battery power to run these proxies. Seeing the evolution of mobile phones these days, these things should not be problem in the days to come.

I visualize two different paths
1) WAN optimization client proxy combined with IPsec client as a offering.

Apart from providing security this offering would give benefits by WAN optimization.
And, the enterprises can restrict the access level to their documents from the remote user.

2) WAN optimization client proxy as a plug-in in the smart phone browsers.

A browser plug-in for WAN optimization in a smart phone can work in hand with browser caching capabilities and can only download the changes for a given file from the WAN optimization device/appliance running in their head office. This also holds good for enterprise laptops who would roam mostly out of their office networks.

In any case, the market would see ADC vendors emerging into smart phone segment.

Sunday, March 21, 2010

Reduce costs: WAN optimization in your hands

WAN optimization market is expected to get a revenue of 1.2billion is 2010 as per this site
Indeed its a growing market and many vendors are venturing into this market.

The basis for any WAN optimization technique is to reduce usage of WAN bandwidth. They help in data de-duplication, compression etc.,

But,the commerical solutions are very expensive. There are open source projects for WAN optimization. Check these links if you want to deploy at a low cost.
WANProxy
TrafficSqueezer

The basis for WANProxy is rsync utility.Almost every linux user knows about rsync utility. As a first step towards WAN optimization users can rely on this.
Setup a rsync server at each site of your company and sync the files when needed or on a daily basis. It would save lot of money if your requirement is not so critically prominent. Here is a good tutorial to setup rsync. File transfers can be encrypted and that adds to the security of your file transfer.

One good use case in a mutli branch environment- clearcase servers cannot be hosted at all branches due to cost constraint. Users login onto remote servers and use clearcase remotely. Users tend to download the files and binaries that are built on the remote site by FTP/SCP. In some cases, they may be in several megabytes and transfer over WAN links is very slow. In such scenarios, I would recommend to setup a rsync daemon on remote server. rysnc on client machine can fetch you only the differences in file content saving lot of time and cost.

To Developers: Way to improve ADC performance

In any ADC devices or networking appliances, there exists a data that will be accessed very often like session table, routing table, shared memory for IPC communications. In case of ADC, its cached objects, signature files for WAN optimization etc., Depending on the size, these memory entities will spawn in multiple pages. When ever there is a context switch, CPU needs to load these pages and that involves TLB lookup and cache lookup.

TLB(A translation lookaside buffer) is a CPU cache used to improve virtual address to physical address mapping.A TLB has a fixed number of slots that contain page table entries, which map virtual addresses to physical addresses. And,number of TLB entries are very few. If the requested address is present in the TLB, its a TLB hit and If the requested address is not in the TLB, the translation proceeds by looking up the page table in a process called a page walk. The page walk is an expensive process, as it involves reading the contents of multiple memory locations and using them to compute the physical address. After the physical address is determined, the virtual address to physical address mapping is entered into TLB.

Less number of TLB misses will give good performance. Since, session tables, routing tables, cached objects will be contiguous, using that fact if one TLB entry is allotted for such contiguous memory need for more TLB entries can be avoided. Each TLB entry mapping to huge chunks of contiguous memory is made possible by "hugetlbfs"

Allocate the session table, routing table, cached object memory from this hugetlfs and CPU performance is improved greatly as it conserves TLB entries and avoids costly page walk.
You can check this link to see how MySql was benefited with hugetlfs.

You can go through this linux documentation for implementation details and for more information.

References:
http://netsecinfo.blogspot.com

TLB wikipedia