1 Getting Started with Oracle Traffic Director

Oracle Traffic Director is a fast, reliable, and scalable layer-7 software load balancer. You can set up Oracle Traffic Director to serve as the reliable entry point for all HTTP, HTTPS and TCP traffic to application servers and web servers in the back end. Depending on the needs of your IT environment, you can configure Oracle Traffic Director to apply multiple, complex rules when distributing requests to the back-end servers and when forwarding responses to clients.

Oracle Traffic Director distributes the requests that it receives from clients to servers in the back end based on the specified load-balancing method, routes the requests based on specified rules, caches frequently accessed data, prioritizes traffic, and controls the quality of service.

The architecture of Oracle Traffic Director enables it to handle large volumes of application traffic with low latency. The product is optimized for use in Oracle Exalogic Elastic Cloud and Oracle SuperCluster. It can communicate with servers in the back end over Exalogic's InfiniBand fabric. For more information about Exalogic, see the Oracle Exalogic Elastic Cloud documentation, http://docs.oracle.com/cd/E18476_01/index.htm. Oracle Traffic Director is also certified with various Fusion Middleware products.

Oracle Traffic Director is easy to install, configure, and use. It includes a simple, wizard-driven graphical interface as well as a robust command-line interface to help you administer Oracle Traffic Director instances.

This chapter provides information to help you understand and get started with Oracle Traffic Director. It contains the following sections:

Features of Oracle Traffic Director

On engineered systems platforms, you can set up pairs of Oracle Traffic Director instances and leverage its built-in High Availability capability to setup either Active-Passive or Active-Active failover. As the volume of traffic to your network grows, you can easily scale the environment by reconfiguring Oracle Traffic Director with additional back-end servers to which it can route requests.

Oracle Traffic Director provides the following features:

  • Advanced methods for load distribution

    Configure Oracle Traffic Director to distribute client requests to servers in the back-end using one of these methods:

    • Round robin

    • Least connection count

    • Least response time

    • Weighted round robin

    • Weighted least connection count

  • Flexible routing and load control on back-end servers

    • Request-based routing

      Oracle Traffic Director can be configured to route HTTP/S requests to specific servers in the back end based on information in the request URI: pattern, query string, domain, source and destination IP addresses, and so on.

    • Content-based routing

      Oracle Traffic Director can be configured to route HTTP/S requests to specific servers in the back end based on contents within a request. This way, web service requests such as XML or JSON can be easily routed to specific origin servers based on specific elements within the body content. Content-based routing is enabled by default.

    • Request rate acceleration

      Administrators can configure the rate at which Oracle Traffic Director increases the load (number of requests) for specific servers in the back end. By using this feature, administrators can allow a server that has just been added to the pool, or has restarted, to perform startup tasks such as loading data and allocating system resources.

    • Connection limiting

      Oracle Traffic Director can be configured to limit the number of concurrent connections to a server in the back end. When the configured connection limit for a server is reached, further requests that require new connections are not sent to that server.

  • Controlling the request load and quality of service

    • Request rate limiting

      Oracle Traffic Director can be set up to limit the rate of incoming requests from specific clients and for specific types of requests. This feature enables administrators to optimize the utilization of the available bandwidth, guarantee a certain level of quality of service, and prevent denial-of-service (DoS) attacks.

    • Quality of service tuning

      To ensure equitable utilization of the available network resources for incoming requests, you can configure Oracle Traffic Director virtual servers to limit the maximum number of concurrent connections to clients and the maximum speed at which data can be transferred to clients.

  • Support for WebSocket connections

    Oracle Traffic Director handles WebSocket connections by default. WebSocket connections are long-lived and allow support for live content, games in real-time, video chatting, and so on. In addition, Oracle Traffic Director can be configured to ensure that only those clients that strictly adhere to R FC 6455 are allowed. For more information, see the section Configuring Routes for a Virtual Server and the Oracle Traffic Director Command-Line Reference.

  • Integration with Oracle Fusion Middleware

    • Oracle Traffic Director is designed to recognize and handle headers that are part of requests to, and responses from, Oracle WebLogic Server managed servers in the back end.

    • When an Oracle Traffic Director instance is configured to distribute client requests to clustered Oracle WebLogic Server managed servers, Oracle Traffic Director automatically detects changes in the cluster—such as the removal or addition of managed servers, and considers such changes while routing requests.

    • Patches that Oracle delivers for the Oracle Traffic Director software can be applied by using OPatch, a Java-based utility, which is the standard method for applying patches to Oracle Fusion Middleware products.

  • Easy-to-use administration interfaces

    Administrators can use either a graphical user interface or a command-line interface to administer Oracle Traffic Director instances.

    Administrators can also use Fusion Middleware Control, a browser-based graphical user interface, to monitor statistics and perform lifecycle tasks for Oracle Traffic Director instances.

  • Security

    Oracle Traffic Director enables and enhances security for your IT infrastructure in the following ways:

    • Reverse proxy

      By serving as an intermediary between clients outside the network and servers in the back end, Oracle Traffic Director masks the names of servers in the back end and provides a single point at which you can track access to critical data and applications hosted by multiple servers in the back end.

    • Support for TLS 1.0, 1.1, and 1.2

      To secure data during transmission and to ensure that only authorized users access the servers in the back end, you can configure TLS-enabled HTTP and TCP listeners for Oracle Traffic Director instances.

      You can either use digital certificates issued by commercial CAs such as VeriSign or generate RSA- and Elliptic Curve Cryptography (ECC)-type self-signed certificates with key sizes of up to 4096 bits by using the administration console or the WLST.

    • Web Application Firewall

      A Web application firewall enables you to apply a set of rules to an HTTP request, which are useful for preventing common attacks such as Cross-site Scripting (XSS) and SQL Injection. The Web Application Firewall module for Oracle Traffic Director supports open source ModSecurity 2.6.

    • HTTP Forward Proxy Support in Origin Server Pools

      In an environment where access to intended origin servers is restricted through corporate proxy servers, you can optionally associate an HTTP forward proxy server with an origin server pool so that all member origin servers (of said pool) are communicated with via the configured HTTP forward proxy server.

  • High availability

    Oracle Traffic Director provides high availability for your enterprise applications and services through the following mechanisms:

    • Health checks for the back end

      If a server in the back end is no longer available or is fully loaded, Oracle Traffic Director detects this situation automatically through periodic health checks and stops sending client requests to that server. When the failed server becomes available again, Oracle Traffic Director detects this automatically and resumes sending requests to the server.

    • Backup servers in the back end

      When setting up server pools for an Oracle Traffic Director instance, you can designate a few servers in the back end as backup servers. Oracle Traffic Director sends requests to the backup servers only when none of the primary servers are available. This feature ensures continued availability even when some servers in the back end fail.

    • Failover for load balancing

      Oracle Traffic Director instances can be deployed in an active-passive or active-active configuration. If the primary Oracle Traffic Director instance fails, the backup instance takes over.

    • Dynamic reconfiguration

      Most configuration changes to Oracle Traffic Director instances can be deployed dynamically, without restarting the instances and without affecting requests that are being processed.

  • Monitoring statistics

    Administrators can monitor a wide range of statistics pertaining to the performance of Oracle Traffic Director instances through several methods: the administration console, the command-line interface, and a report in XML format.

  • High performance

    • SSL/TLS offloading

      Oracle Traffic Director can be configured as the SSL/TLS termination point for HTTP/S and TCP requests. This reduces the processing of overhead on the servers in the back end.

    • Content caching

      Oracle Traffic Director can be configured to cache (in its process memory) content that it receives from origin servers. By caching content, Oracle Traffic Director helps reduce the load on servers in the back end and helps improve performance for clients.

    • HTTP compression

      Administrators can configure Oracle Traffic Director instances to compress the data received from servers in the back end and forward the compressed content to the requesting clients. This feature improves the response time for clients connected on slow connections.

Oracle Traffic Director Terminology

An Oracle Traffic Director configuration is a collection of elements that define the run-time behavior of an Oracle Traffic Director instance. An Oracle Traffic Director configuration contains information about various elements of an Oracle Traffic Director instance such as listeners, origin servers, failover groups, and logs.

The following table describes the terms used in this document when describing administrative tasks for Oracle Traffic Director.

Term Description

Configuration

A collection of elements (metadata) that can be configured and determine the run-time behavior of an Oracle Traffic Director instance.

A typical configuration contains definitions for the listeners (IP address and port combinations) on which Oracle Traffic Director should listen for requests and information about the servers in the back end to which the requests should be sent. Oracle Traffic Director reads the configuration when an Oracle Traffic Director instance starts and while processing client requests.

Instance

An Oracle Traffic Director server that is instantiated from a configuration and deployed on an administration node.

Failover group

Two Oracle Traffic Director instances grouped by a virtual IP address (VIP), to provide high availability in active-passive mode. Requests are received at the VIP and routed to the Oracle Traffic Director instance that is designated as the primary instance. If the primary instance is not reachable, requests are routed to the backup instance.

Administration server

A specially configured Oracle Traffic Director instance that hosts the administration console and command-line interfaces, using which you can create and manage Oracle Traffic Director configurations, deploy instances on administration nodes, and manage the lifecycle of these instances. Note that you can deploy instances of Oracle Traffic Director configuration on the administration server. In this sense, the administration server can function as an administration node as well.

Administration node

A specially configured Oracle Traffic director instance that is registered with the remote administration server. The administration node running on a host acts as the agent of the remote administration server and assists the administration server in managing the instances running on the host.

Note that, on a given node, you can deploy only one instance of a configuration.

INSTANCE_HOME

A directory of your choice, on the administration server or an administration node, in which the configuration data and binary files pertaining to Oracle Traffic Director instances are stored.

ORACLE_HOME

A directory of your choice in which you install the Oracle Traffic Director binaries.

Administration console

A web-based graphical interface on the administration server that you can use to create, deploy, and manage Oracle Traffic Director instances.

Client

Any agent—a browser or an application, for example—that sends HTTP, HTTPS and TCP requests to Oracle Traffic Director instances.

Origin server

A server in the back end, to which Oracle Traffic Director forwards the HTTP, HTTPS and TCP requests that it receives from clients, and from which it receives responses to client requests.

Origin servers can be application servers like Oracle WebLogic Server managed servers, web servers, and so on.

Origin-server pool

A collection of origin servers that host the same application or service that you can load-balance by using Oracle Traffic Director.

Oracle Traffic Director distributes client requests to servers in the origin-server pool based on the load-distribution method that is specified for the pool.

Oracle Traffic Director can communicate with the origin servers in the origin-server pool directly, or through a configured HTTP forward proxy server.

Virtual server

A virtual entity within an Oracle Traffic Director server instance that provides a unique IP address (or host name) and port combination through which Oracle Traffic Director can serve requests for one or more domains.

An Oracle Traffic Director instance on a node can contain multiple virtual servers. Administrators can configure settings such as the maximum number of incoming connections specifically for each virtual server. They can also customize how each virtual server handles requests.

Typical Network Topology

The network topology that you create for Oracle Traffic Director varies depending on your business requirements such as the number of back-end applications for which you want to use Oracle Traffic Director to balance requests, IT requirements such as security, and the features of Oracle Traffic Director that you want to use.

In the simplest implementation, you can have a single Oracle Traffic Director instance running on a dedicated compute node distributing client requests to a pool of servers in the back end.

To ensure that the node on which an Oracle Traffic Director instance runs does not become the single point of failure in the topology, you can have Oracle Traffic Director instances running on different nodes forming a failover group for high availability.

Figure 1-1 shows a typical Oracle Traffic Director network topology for a high-availability use case in an active-passive mode.

Figure 1-1 Oracle Traffic Director Network Topology

Description of Figure 1-1 follows
Description of "Figure 1-1 Oracle Traffic Director Network Topology"

The topology shown in Figure 1-1 consists of two Oracle Traffic Director instances—otd_1 and otd_2—forming a failover pair and providing a single virtual IP address for client requests. Based on the mode of failover configured, the primary node will determine how and where to forward the request. For information on failover modes, see Creating and Managing Failover Groups.

Note that Figure 1-1 shows only two server pools in the back end, but you can configure Oracle Traffic Director to route requests to servers in multiple pools.

Overview of Administration Tasks

Administrators can use either a graphical user interface or a command-line interface to administer Oracle Traffic Director instances.

These standard tasks include:

  • Install the product

    You can install Oracle Traffic Director on Oracle Linux 6.5+ on an x86_64 system, by using an interactive graphical wizard or in silent mode. Note that in 12c, Oracle Traffic Director does not have its own separate Admin Server, but uses the Admin Server in Oracle WebLogic Server.

    For more information, see Installing Oracle Traffic Director.

  • Create a WebLogic domain for Oracle Traffic Director. For more information, see Configuring the WebLogic Server Domain for Oracle Traffic Director.

  • Access Fusion Middleware Control and WLST

    You can use Fusion Middleware Control and command-line interface of Oracle Traffic Director to create, modify, and monitor Oracle Traffic Director configurations.

    For information about accessing Fusion Middleware Control and command-line interface, see Administration Interfaces.

  • Create and manage configurations

    Create configurations that define your Oracle Traffic Director instances. A configuration is a collection of metadata that you can use to instantiate Oracle Traffic Director. Oracle Traffic Director reads the configuration when a server instance starts and while processing client requests.

    For more information, see Managing Configurations.

  • Create and manage instances

    After creating a configuration, you can create Oracle Traffic Director server instances by deploying the configuration on one or more hosts. You can view the current state of each instance, start or stop it, reconfigure it to reflect configuration changes, and so on.

    For more information, see Managing Instances.

  • Define and manage origin-server pools

    For an Oracle Traffic Director instance to distribute client requests, you should define one or more origin-server pools or in the back end. For each origin-server pool, you can define the load-distribution method that Oracle Traffic Director should use to distribute requests. In addition, for each origin server in a pool, you can define how Oracle Traffic Director should control the request load.

    For more information, see Managing Origin Servers and Managing Origin-Server Pools.

  • Create and manage virtual servers and listeners

    An Oracle Traffic Director instance running on a node contains one or more virtual servers. Each virtual server provides one or more listeners for receiving requests from clients. For each virtual server, you can configure parameters such as the origin-server pool to which the virtual server should route requests, the quality of service settings, request limits, caching rules, and log preferences.

    For more information, see Managing Virtual Servers and Managing Listeners.

  • Manage security

    Oracle Traffic Director, by virtue of its external-facing position in a typical network, plays a critical role in protecting data and applications in the back end against attacks and unauthorized access from outside the network. In addition, the security and integrity of data traversing through Oracle Traffic Director to the rest of the network needs to be guaranteed.

    For more information, see Managing Security.

  • Manage logs

    Oracle Traffic Director records data about server events such as configuration changes, instances being started and stopped, errors while processing requests, and so on in log files. You can use the logs to troubleshoot errors and to tune the system for improved performance.

    For more information, see Managing Logs.

  • Monitor statistics

    The state and performance of Oracle Traffic Director instances are influenced by several factors: configuration settings, volume of incoming requests, health of origin servers, nature of data passing through the instances, and so on. As the administrator, you can view metrics for all of these factors through the command-line interface and Fusion Middleware Control, and extract the statistics in the form of XML files for detailed analysis. You can also adjust the granularity at which Oracle Traffic Director collects statistics.

    For more information, see Monitoring Oracle Traffic Director Instances.

  • Set up Oracle Traffic Director instances for high availability

    In the event that an Oracle Traffic Director instance or the node on which it runs fails, you need to ensure that the load-balancing service that the instance provides continues to be available uninterrupted. You can achieve this goal by configuring a backup Oracle Traffic Director instance that can take over processing of requests when the primary instance fails.

    For more information, see Configuring Oracle Traffic Director for High Availability.

  • Tune for performance

    Based on your analysis of performance statistics and to respond to changes in the request load profile, you might want to adjust the request processing parameters of Oracle Traffic Director to maintain or improve the performance. Oracle Traffic Director provides a range of performance-tuning controls and knobs that you can use to limit the size and volume of individual requests, control timeout settings, configure thread pool settings, SSL/TLS caching behavior, and so on.

    For more information, see Tuning Oracle Traffic Director for Performance.

  • Diagnose and troubleshoot problems

    Despite the best possible precautions, you might occasionally run into problems when installing, configuring, and monitoring Oracle Traffic Director instances. You can diagnose and solve some of these problems based on the information available in error messages and logs. For complex problems, you would need to gather certain data that Oracle support personnel can use to understand, reproduce, and diagnose the problem.

    For more information, see Diagnosing and Troubleshooting Problems.

Administration Interfaces

Oracle Traffic Director is easy to install, configure, and use. It includes a simple, wizard-driven graphical interface as well as a robust command-line interface to help you administer Oracle Traffic Director instances. The administration server of Oracle Traffic Director provides interfaces through which you can create, modify, and manage Oracle Traffic Director instances:

Accessing the WebLogic Scripting Tool

The command line interface in Oracle Traffic Director is the Weblogic Scripting Tool (WLST).

The WLST scripting environment is based on Jython which is an implementation of the Python language for the Java platform. The tool can be used both online and offline. Oracle Traffic Director ships custom WLST commands that you can run using WLST.

Note:

Oracle Traffic Director ships a wlst.sh wrapper <oracle_home>/otd/common/bin/wlst.sh which initializes the required environment and libraries for Oracle Traffic Director commands. All Oracle Traffic Director custom commands can only be executed from this wlst.sh.

For more information about using WLST, see the WebLogic Scripting Tool Command Reference for Oracle Traffic Director.

Usage Modes

You can use the following techniques to invoke Oracle Traffic Director custom commands.

For more information on using WLST in these modes, see WebLogic Scripting Tool Command Reference for Oracle Traffic Director.

Displaying Fusion Middleware Control

To display Fusion Middleware Control, you enter the Fusion Middleware Control URL, which includes the name of the host and the administration port number assigned during the installation. The following shows the format of the URL:

http://hostname.domain:port/em

The port number is the port number of the Fusion Middleware Control. By default, the port number is 7001. The port number is listed in the following file:

DOMAIN_HOME/config/config.xml

For some installation types, such as Web Tier, if you saved the installation information by clicking Save on the last installation screen, the URL for Fusion Middleware Control is included in the file that is written to disk (by default to your home directory). For other installation types, the information is displayed on the Create Domain screen of the Configuration Wizard when the configuration completes.

To display Fusion Middleware Control:

  1. Enter the URL in your Web browser. For example: 
    http://host1.example.com:7001/em
  2. Enter the Fusion Middleware Control administrator user name and password and click Login.

You can now create Oracle Traffic Director configurations and deploy them as instances on administration nodes. For more information, see WebLogic Scripting Tool Command Reference for Oracle Traffic Director.

Setting Up a Simple Load Balancer Using Oracle Traffic Director

You can set up a load-balanced service using Oracle Traffic Director with the minimum necessary configuration. The purpose of this section is to reinforce and illustrate the concepts discussed earlier in this chapter and to prepare you for the configuration tasks described in the remaining chapters.

This section contains the following topics:

Example Topology

In this example, we will create a single instance of Oracle Traffic Director that will receive HTTP requests and distribute them to two origin servers in the back end, both serving identical content.

Figure 1-2 shows the example topology.

Figure 1-2 Oracle Traffic Director Deployment Example

Description of Figure 1-2 follows
Description of "Figure 1-2 Oracle Traffic Director Deployment Example"

The example topology is based on the following configuration:

  • Administration server host and port: bin.example.com:8989

  • Administration node host and port: apps.example.com:8900

  • Virtual server host and port to receive requests from clients: hr-apps.example.com:1905

  • Host and port of origin servers (web servers in this example):

    • hr-1.example.com:80

    • hr-2.example.com:80

    In the real world, both origin servers would serve identical content. But for this example, to be able to see load balancing in action, we will set up the index.html page to which the DocumentRoot directive of the web servers points, to show slightly different content, as follows:

    • For hr-1.example.com:80: "Page served from origin-server 1"

    • For hr-2.example.com:80: "Page served from origin-server 2"

  • Load-balancing method: Round robin

Creating the Load Balancer for the Example Topology

This section describes how to set up the topology described in Example Topology.

  1. Install Oracle Traffic Director on the hosts bin.example.com and apps.example.com, as described in the Installing Oracle Traffic Director.
  2. Create a configuration hr-config using the otd_createConfiguration WLST command. 
    props = {}
props['configuration'] = 'hr-config'
props['listener-port'] = '1905'
props['server-name'] = 'hr-apps.example.com'
props['origin-server'] = 'hr-1.example.com:80,hr-2.example.com:80'
otd_createConfiguration(props)
  3. Create an instance of the configuration hr-config by running the otd_createInstance WLST command. Specify the machine as the name you specified when creating the machine in Fusion Middleware Control, corresponding to the host name of the machine on which the OTD instance is running. 
    props = {}
props['configuration'] = 'hr-config'
props['machine'] = 'machine1'
otd_createInstance(props)
  4. Start the Oracle Traffic Director instance that you just created by running the start WLST command. 
    start('otd_foo_machine1')

Note:

The steps in this procedure use only WLST, but you can use Fusion Middleware Control as well.

We have now successfully created an Oracle Traffic Director configuration, and started the instance.

Verifying the Load-Balancing Behavior of the Oracle Traffic Director Instance

The Oracle Traffic Director instance that we created and started earlier is now listening for HTTP requests at the URL http://hr-apps.example.com:1905.

This section describes how you can verify the load-balancing behavior of the Oracle Traffic Director instance by using your browser.

Note:

  • Make sure that the web servers hr-1.example.com:80 and hr-2.example.com:80 are running.

  • If necessary, update the /etc/hosts file on the host from which you are going to access the Oracle Traffic Director virtual server, to make sure that the browser can resolve hr-apps.example.com to the correct IP address.

  1. Enter the URL http://hr-apps.example.com:1905 in your browser.

    A page with the following text is displayed:

    "Page served from origin-server 1"

    This indicates that the Oracle Traffic Director instance running on the apps.example.com administration node received the HTTP request that you sent from the browser, and forwarded it to the origin server hr-1.example.com:80.

  2. Send another HTTP request to http://hr-apps.example.com:1905 by refreshing the browser window.

    A page with the following text is displayed:

    "Page served from origin-server 2"

    This indicates that Oracle Traffic Director sent the second request to the origin server hr-2.example.com:80

  3. Send a third HTTP request to http://hr-apps.example.com:1905 by refreshing the browser window again.

    A page with the following text is displayed:

    "Page served from origin-server 1"

    This indicates that Oracle Traffic Director used the simple round-robin load-distribution method to send the third HTTP request to the origin server hr-1.example.com:80.