1. IP Front End User Guide
  2. Introduction to IPFE
  3. Traffic Distribution

2.2 Traffic Distribution

The IPFE is a packet-based load balancer that makes a large cluster accessible to incoming connections through a minimal number of IP addresses. These incoming connections can be TCP, unihomed SCTP, or multihomed SCTP. The IPFE distributes these connections among a list of target IP addresses by forwarding incoming packets. The list is called the Target Set IP List, and an outward-facing IP address is called a Target Set Address (TSA). A packet arriving at the IPFE and destined for the TSA is forwarded to an address in the Target Set IP List.

There can be as many as 16 IP addresses in the target set IP list and thus the IPFE may distribute traffic among as many as 32 physical or virtual application servers. Each server in the target set IP list can have a Weighting indicating that the IPFE should apportion more or fewer connections to that server. The load balancing algorithm for apportioning connections is also configurable through a number of settings. The TSA, target set IP list, weighting, and load balancing algorithm settings are together called a Target Set. There can be as many as 32 independent target sets configured on one IPFE.

The IPFE neither interprets nor modifies anything in the TCP or SCTP payload. The IPFE also does not maintain TCP or SCTP state, but keeps sufficient state to route all packets for a particular session to the same application server.

Return traffic from the application server to the client (both TCP and SCTP) does not pass through the IPFE, but routes directly to the gateway.

Switch MAC Address Cache and Ping Feature

In a certain deployments where all traffic passes through the IPFE, no Ethernet packets go directly to the DA-MP from the gateway (or remote peer, for the case that a remote peer is on the local network segment). If there is any connection in which the traffic flows to the DAMP through IPFE (a floating connection) and there are two or more switches in between IPFE and DAMP, this feature must be enabled. Any intermediate Switch would be unaware that the Ethernet jack ("switch port") of the gateway (or peer) is a viable path for packets emitted by the DA-MP. In this case, the Switch would broadcast that packet to all Ethernet switch ports as a last resort. This creates network flooding.

For this situation, even if the switch had knowledge of the aforementioned switch port, this information expires after five minutes on typical switch configurations.

The solution to this problem is to keep the switch tables up-to-date with periodic pings to remote peers or gateways. An ICMP or ARP ping every two minutes, from the DA-MPs, is sufficient.

To run the ping on a particular DA-MP, login as root and run 

/usr/TKLC/dsr/bin/pingAllLivePeers -v

Use pingAllLivePeers -h for options. These commands can be used for diagnostics. Note that background operation logs to /var/log/messages and /var/log/cron.