Balancing traffic between web servers using IP CEF on network equipment

    The task was to implement a fault-tolerant solution for two web servers and, if possible, the implementation of load distribution between web servers, as sometimes one database did not cope with all requests. It was not possible to buy special equipment, and therefore the following scheme was invented. Perhaps the idea is not original, but I did not find anything like this on the Internet Our topology is:

    My image
    There is a Cisco Router that brings a web server to the Internet. Two web servers on Centos 7 with nginx. The IP addresses of the first and second web servers are and, respectively. To implement the plan, web servers need to set the same secondary ip address. This can be any private ip address that is not used on your network. I chose and registered it with the secondary ip address of the main eth0 interface of web servers. On Centos, this is done by creating the eth0: 0 file in the / etc / sysconfig / network-scripts / directory. File contents:


    It is important to note that the mask is used and this allows you to avoid any ip conflicts, since the web server will not use it to generate traffic. So to say, we will have Loopback interfaces on web servers.

    After that, the router can implement load balancing with static routing. This technology is implemented using Ip Cef on Cisco routers. Link here . Other vendors may have certain nuances.

    In Cisco, thread allocation can be done in two ways:

    • Per-Destination (default). We need this option. All packets from one stream will be sent to one of the two servers. The principle of operation is that the hash is calculated by the source and destination ip addresses and, depending on this hash, either the first route (server) or the second is selected. Next, we will slightly change this behavior.
    • Per-Packet. This option does not suit us, since balancing will occur by packages. Roughly speaking, the first packet is on the first route, the second packet is on the second one.

    We register two routes with the help of commands:

    ip route GigabitEthernet0/0192.168.20.176
    ip route GigabitEthernet0/0192.168.20.177

    Thus, both routes will be set up in the routing table and load distribution will be carried out over them: We also check if the balancing method is chosen correctly: the Source IP address will change, and the Destination IP will always remain the same. This can affect the uniformity of balancing, given the NAT. For optimization, you can consider the source port, which will be randomly different, depending on the client session. To do this, use the following command:

    My image

    My image

    ip cef load-sharing algorithm include-ports source

    You also need to configure static NAT to redirect web requests to

    ip nat inside source static tcp 80

    What do we get? Requests from users from the Internet will fall on our router, which will distribute them between our servers across streams, depending on the source port in TCP. When you open a new session, the client may fall on a new server.

    What happens if one of the servers falls? The route that led to this server will be removed from the routing table. To optimize this process, you can use IP SLA. Monitor the status of servers by ping every 10 seconds:

    ip sla 10
     frequency 10
    ip sla schedule 10 life forever start-timenow
    ip sla 20
     frequency 10
    ip sla schedule 20 life forever start-timenow

    Next, add monitoring to the appropriate routes:

    ip route GigabitEthernet0/0192.168.20.176 track 10
    ip route GigabitEthernet0/0192.168.20.177 track 20

    IP SLA on Cisco routers allows monitoring also via HTTP GET requests, which will help determine the fall of a web server, not only because it is not on the network, but also when the web service is down.

    Thus, to build such a scheme does not require additional equipment and any software for web servers. All you need is a router with the ability to balance traffic.

    Also popular now: