In my last blog post, I discussed virtualized network protocols NVGRE and VXLAN – two essential components in data centers that are transforming into virtualized environments.
Another important component is balancing the traffic on each virtual server to optimize response time and overall resource loading. Many data centers have installed expensive load balancing appliances in the network. They are very surprised to find out that many of these same features are built into our Intel® Ethernet Switch FM6000 Series products. Here’s a little bit more about how it works.
Load balancing in the FM6000 Series architecture is done using advanced symmetric hashing mechanisms along with network address translation (NAT) to convert the IP address of the load balancer to the IP address of the virtual machine (VM) after determining the optimal virtual machine (or virtual service) to process the request. After the transaction is processed by the VM, the load balancer modifies the source IP address to its own address so that the client sees it as a single, monolithic server.
The FM6000 also provides fine-grain bandwidth allocation and fail-over mechanisms to each egress port using a flexible hash-based load distribution architecture. This avoids round-robin service distribution schemes, which may be less than optimal, and provides the ability to monitor the health of VMs and virtual services, so that failed ones can be quickly removed from the resource pool. These switches also come with connection persistence intelligence to know when not to load balance, as in the case of FTP requests that must stay connected to the same virtual service.
Some other load balancing functionality built into the switches includes:
Network Security: The frame filtering and forwarding unit (FFU) inside FM6000 Series can be used for network security, in addition to frame forwarding. It can be configured using bit masks to read any part of the L2/L3/L4 header. If there is a match, the switch can route, deny, modify, count, log, change VLAN or change priority of the packet to protect the network. The switch can also use access control lists to prevent denial of service attacks and other security violations.
Performance: The FM6000 series switches are the lowest latency switches on the market, which means they can connect to the network, to servers and to storage arrays with real-time performance. In addition, it’s extremely low L3 latency means that the load balancing and NAT functions act as a “bump on the wire”, minimizing the impact on network performance compared to coupling a ToR switch with a discrete load balancer.
Fail Over: FM6000 series chips use a link mask table to determine how to distribute the load across multiple egress ports. They also contain several mechanisms to detect link failure such as loss-of-signal (LOS) or CRC errors. As the packet header is processed, the forwarding unit resolves to the address of a pointer, which points to an entry in the mask table. If a link or connected device fails, this pointer can be quickly changed by software so that the failing link is no longer part of the load distribution group. Since distribution is flow based, only flows to the failed device will be affected.
As you can see, the FM6000 Series switches have full-featured, low latency load balancing capabilities, another feature that makes them the ideal solution for top-of-rack switch systems.