Virtual Loadblanacers
Nowadays, you don't need a physical load balancer to setup a lab. Almost each and every vendor offers a "virtual appliance", which is just their appliance repacked as a virtual machine:Here is a list of few such virtual loadbalancers:
There are even opensource alternatives such as:
- OpenBSD's relayd - in OpenBSD very few tutorials are needed as the man pages are complete, but here are some few links: tutorial1 tutorial2. It has full support for many advance loadbalncer's features.
I plan to try it out. - nginx
- Linux LVS
So building a virtual lab on a laptop is just one download away, isn't it?
No, there are to missing pieces: Network topology with a router and web servers with content which is suitable for such labs.
Luckily for you, I have just setup such a lab, and I welcome you to use it as well.
Network topology
Basic topology
The usual loadbalancer lab looks like this:
But this is not how loadbalncers are usually deployed. And its also not the best way to deploy them, as not all traffic needs to go through the loadbalancer.
Realistic topology
.png) |
| Topology and IP addresses |
The laptop is the only physical device here. Every thing else is virtualized.
The router and the servers are running OpenBSD 5.6 snapshot Aug 8, 2014.
The host/laptop will be used as the client for testing.
If you are using just one loadbalancer, make sure it's IP address ends with .100 or ::100 as some routing depends on that.
If you are using just one loadbalancer, make sure it's IP address ends with .100 or ::100 as some routing depends on that.
VMWare setup
You will need to create 4 new networks, here is my VMWare workstation setup:
 |
| VMWare networks |
Here is a short reference:
- Name:
- For each interface on the list, VMWare create a virtual interface on the host with the same Name. We will use that later to add IPv6 address and IPv4/IPv6 routes.
- Type:
- Host-only means that your host/laptop has connectivity to that network, and it also has an IP address on that network.
- Custom means that you host/laptop is not connected to that network and that network is used for VM to VM communication.
- Subnet Address:
- For type Custom, where the host is not connected to, its not really important what the IP address is, but its a good reference.
- For type Host-only the IP address is actually important, as VMWare will configured the host's interface with an address from that network, usually .1
And here is how the GW VM is configured. You will need to match your own VMNet names to mine, using the network IP address as a key. The most important thing is the order of the network adapters:
Host/Laptop IPv6 configs
We need to add IPv6 addresses to the Host-only VMNet interfaces:
C:\Users\dan.shechter>netsh interface ipv6 add address "VMware Network Adapter VMnet12" fc00:3::100/64
C:\Users\dan.shechter>netsh interface ipv6 add address "VMware Network Adapter VMnet13" fc00:4::100/64
- 10.136.3.254
- 10.136.4.254
- fc00:3::254
- fc00:3::254
Routing
We need to add routes on laptop/host to get to the loadbalancers and to the VIPs.
| Route | Purpose |
|---|---|
| 10.136.85.0/24 fc00:85::/64 |
This is where the real web servers are. This is also used for VIPs with client NAT/SNAT |
| 10.136.1.0/24 fc00:1::/64 |
Some loadbalancers require separate management interface. |
| 10.136.5.0/24 fc00:5::/64 |
VIP network, which is routed by the router directly to the loadbalancer 10.136.85.100 or fc00:85::100 addresses. |
| 10.136.6.0/24 fc00:6::/64 |
Same as above but the host will use the 10.136.3.0 or the fc00:3:: network to get there. The web servers are configured to send replies to 10.136.3.0 or fc00:3:: through the loadbalancer 10.136.85.100or fc00:85::100 addresses. |
Here is a network diagram to show the routes:
| Client Network | VIP | SNAT | Logical VIP | DSR |
|---|---|---|---|---|
| 10.136.4.0/24 fc00::4::/64 |
10.136.8.150-250 fc00:85::150-250 |
X | ||
| 10.136.4.0/24 fc00::4::/64 |
10.136.5.X fc00:5::X |
X | X | |
| 10.136.5.0/24 fc00::5::/64 |
10.136.6.X fc00:6::X |
X | ||
| 10.136.4.0/24 fc00::4::/64 | 10.136.85.199 fc00:85::199 |
X |
Here is an explanation to the columns:
- Client Network - The client IP address from where the http/https connection is coming from. As we set the routing on the host/lpatop, the source IP address is determined by those routes, and more specifically, from which interface the connection is sourced.
- SNAT - or Cleint NAT. The loadbalancer needs to use client NAT/SNAT to get the replies from the web server back to it. For VIPs which do not need that, the web servers are configured to route traffic to the client via the loadbalancer .100 or ::100 address.
That is the sole reason why the host is connected to the router via two interfaces. - Logical VIP - VIP addresses that do not belong to a directly connected network.
- DSR - Direct Server Return/L4 Performance/Local Triangulation. That address is also configured as loopback interface on the web servers.
Host static routes
The GW and the web server routing is preconfigured. Only the host/laptop needs to be configured:
C:\Users\dan.shechter>netsh interface ipv4 add route 10.136.85.0/24 "VMware Network Adapter VMnet13" 10.136.4.254
Ok.
C:\Users\dan.shechter>netsh interface ipv4 add route 10.136.5.0/24 "VMware Network Adapter VMnet13" 10.136.4.254
Ok.
C:\Users\dan.shechter>netsh interface ipv6 add route fc00:85::/64 "VMware Network Adapter VMnet13" fc00:4::254
Ok.
C:\Users\dan.shechter>netsh interface ipv6 add route fc00:5::/64 "VMware Network Adapter VMnet13" fc00:4::254
Ok.
C:\Users\dan.shechter>netsh interface ipv4 add route 10.136.6.0/24 "VMware Network Adapter VMnet12" 10.136.3.254
Ok.
C:\Users\dan.shechter>netsh interface ipv6 add route fc00:6::/64 "VMware Network Adapter VMnet12" fc00:3::254
Ok.
C:\Users\dan.shechter>netsh interface ipv6 add route fc00:1::/64 "VMware Network Adapter VMnet13" fc00:4::254
Ok.
C:\Users\dan.shechter>netsh interface ipv4 add route 10.136.1.0/24 "VMware Network Adapter VMnet13" 10.136.4.254
Ok.
After we are done with the configuration we can test connectivity.
Web servers
Users
user: cisco
password: cisco!@34
Same for the gateway. Use sudo for root commands.
Web page
Browsing directly to 10.136.85.1 shows:
Few things to notice:
SRVX
Everything inside the table is iFrame, which means it get loaded on its own.Web server #1 will return SRV1 and images with 1 in them.
Web server #2 will return SRV2 and images with 2 in them.
Web server #3 will return SRV3 and images with 3 in them.
CSS
HTTP page is using CSS file named http.css with a blue background
HTTPS page is using CSS file named https.css with a red background
There is another CSS filse called green.css and yellow.css . You can use them for iRules / AppShape manipulations.
Direcories
You have alpha, beta and gamma directories, which you can use as a server selector.
Images
In the images directory there are the following files: number1.jpg and number2.jpg and number3.jpg.
On each server X, number.jpg will point to numberX.jpg, but you can manipulate that.
Java script
By default the page will load scripts/flash.js . There is also scripts/flash_fast.js for your iRules/appShape manipulations.
404 Error
That is on purpose. To fix that you need the client to request here.html or make the server think that the client has requested here.html instead of not_here
VMWare/vbox images
Last but not least here are the OVA (virtual appliance) images:
