The architecture of Oracle Traffic Director enables it to handle large volumes of application traffic with low latency. The product is optimized for use in Oracle Exalogic Elastic Cloud and Oracle SuperCluster. It can communicate with servers in the back end over Exalogic's InfiniBand fabric. For more information about Exalogic, see the Oracle Exalogic Elastic Cloud documentation, http://docs.oracle.com/cd/E18476_01/index.htm. Oracle Traffic Director is also certified with various Fusion Middleware products.
Oracle Traffic Director is easy to install, configure, and use. It includes a simple, wizard-driven graphical interface as well as a robust command-line interface to help you administer Oracle Traffic Director instances.
For high availability, you can set up pairs of Oracle Traffic Director instances for either active-passive or active-active failover. As the volume of traffic to your network grows, you can easily scale the environment by reconfiguring Oracle Traffic Director with additional back-end servers to which it can route requests.
Depending on the needs of your IT environment, you can configure Oracle Traffic Director to apply multiple, complex rules when distributing requests to the back-end servers and when forwarding responses to clients.
This chapter provides information to help you understand and get started with Oracle Traffic Director. It contains the following sections:
The following are the new features in Oracle Traffic Director 11.1.1.7.0:
WebSocket protocol
This version of Oracle Traffic Director supports the WebSocket protocol. This feature enables Oracle Traffic Director to load balance applications built with WebSocket support.
Content-based routing
The previous version of Oracle Traffic Director enabled administrators to configure routing rules to route incoming HTTP/S traffic based on either HTTP/S headers or request URI/query information. Oracle Traffic Director now enables administrators to configure rules to route requests based on content in the body of a request.
Support for LDAP/T3 Load Balancing
Oracle Traffic Director now supports basic LDAP/T3 load balancing at layer 7, where requests are handled as generic TCP connections for traffic tunneling.
Web Logic Server keep-alive synchronization
To improve performance, HTTP keep-alive connections are maintained between Oracle Traffic Director and the origin servers. However, if an origin server closes a connection while Oracle Traffic Director has started sending a request to the server through the connection, it could result in a 503 server error. To prevent this, the connections should always be closed by Oracle Traffic Director, and not by the origin server. Oracle Traffic Director now takes advantage of Web Logic Server-specific HTTP/S headers, whereby Oracle Traffic Director obtains Web Logic Server's keep-alive timeout value and uses it to adjust its own timeout value. This feature is called Keep-Alive Timeout Synchronization.
Least response time algorithm
Oracle Traffic Director introduces a new load-balancing method called least response time. This method enables Oracle Traffic Director to generate more load on those origin servers that are responding faster than others.
Condition builder
Condition builder enables you to easily build conditions using an interactive GUI. Condition builder is available for use when configuring routes, caching rules, compression rules and request limits.
Web Application Firewalls
Oracle Traffic Director now supports web application firewalls. You can create web application firewalls that enable you to apply a set of rules to HTTP requests, for identifying and blocking attacks. For more information, see Managing Web Application Firewalls.
For information about how web application firewall rules are used for preventing attacks, and for some examples and use cases, see Web Application Firewall Examples and Use Cases.
Oracle Traffic Director on Solaris 11.1
Oracle Traffic Director can now be installed on Solaris 11.1 on Exalogic and Oracle SuperCluster.
Oracle Traffic Director provides the following features:
Advanced methods for load distribution
You can configure Oracle Traffic Director to distribute client requests to servers in the back end by using one of the following methods:
Round robin
Least connection count
Least response time
Weighted round robin
Weighted least connection count
Flexible routing and load control on back-end servers
Request-based routing
Oracle Traffic Director can be configured to route HTTP/S requests to specific servers in the back end based on information in the request URI: pattern, query string, domain, source and destination IP addresses, and so on.
Content-based routing
Oracle Traffic Director can be configured to route HTTP/S requests to specific servers in the back end based on contents within a request. This way, web service requests such as XML or JSON can be easily routed to specific origin servers based on specific elements within the body content. Content-based routing is enabled by default.
Request rate acceleration
Administrators can configure the rate at which Oracle Traffic Director increases the load (number of requests) for specific servers in the back end. By using this feature, administrators can allow a server that has just been added to the pool, or has restarted, to perform startup tasks such as loading data and allocating system resources.
Connection limiting
Oracle Traffic Director can be configured to limit the number of concurrent connections to a server in the back end. When the configured connection limit for a server is reached, further requests that require new connections are not sent to that server.
Controlling the request load and quality of service
Request rate limiting
Oracle Traffic Director can be set up to limit the rate of incoming requests from specific clients and for specific types of requests. This feature enables administrators to optimize the utilization of the available bandwidth, guarantee a certain level of quality of service, and prevent denial-of-service (DoS) attacks.
Quality of service tuning
To ensure equitable utilization of the available network resources for incoming requests, you can configure Oracle Traffic Director virtual servers to limit the maximum number of concurrent connections to clients and the maximum speed at which data can be transferred to clients.
Support for WebSocket connections
Oracle Traffic Director handles WebSocket connections by default. WebSocket connections are long-lived and allow support for live content, games in real-time, video chatting, and so on. In addition, Oracle Traffic Director can be configured to ensure that only those clients that strictly adhere to R FC 6455 are allowed. For more information, see the section Configuring Routes and the Oracle Traffic Director Command-Line Reference.
Integration with Oracle Fusion Middleware
Oracle Traffic Director is designed to recognize and handle headers that are part of requests to, and responses from, Oracle WebLogic Server managed servers in the back end.
When an Oracle Traffic Director instance is configured to distribute client requests to clustered Oracle WebLogic Server managed servers, Oracle Traffic Director automatically detects changes in the cluster—such as the removal or addition of managed servers, and considers such changes while routing requests.
Patches that Oracle delivers for the Oracle Traffic Director software can be applied by using OPatch, a Java-based utility, which is the standard method for applying patches to Oracle Fusion Middleware products.
Easy-to-use administration interfaces
Administrators can use either a graphical user interface or a command-line interface to administer Oracle Traffic Director instances.
Administrators can also use Fusion Middleware Control, a browser-based graphical user interface, to monitor statistics and perform lifecycle tasks for Oracle Traffic Director instances.
Security
Oracle Traffic Director enables and enhances security for your IT infrastructure in the following ways:
Reverse proxy
By serving as an intermediary between clients outside the network and servers in the back end, Oracle Traffic Director masks the names of servers in the back end and provides a single point at which you can track access to critical data and applications hosted by multiple servers in the back end.
Intrusion detection
You can prevent malicious traffic from passing through Oracle Traffic Director to the origin servers and clients by configuring Oracle Traffic Director to filter data received from clients and origin servers based on specified rules.
Support for SSL 3.0 and TLS 1.0
To secure data during transmission and to ensure that only authorized users access the servers in the back end, you can configure SSL/TLS-enabled HTTP and TCP listeners for Oracle Traffic Director instances.
You can either use digital certificates issued by commercial CAs such as VeriSign or generate RSA- and Elliptic Curve Cryptography (ECC)-type self-signed certificates with key sizes of up to 4096 bits by using the administration console or the CLI.
Web Application Firewalls
Web application firewalls enable you to apply a set of rules to an HTTP request, which are useful for preventing common attacks such as Cross-site Scripting (XSS) and SQL Injection. The Web Application Firewall module for Oracle Traffic Director supports open source ModSecurity 2.6.
High availability
Oracle Traffic Director provides high availability for your enterprise applications and services through the following mechanisms:
Health checks for the back end
If a server in the back end is no longer available or is fully loaded, Oracle Traffic Director detects this situation automatically through periodic health checks and stops sending client requests to that server. When the failed server becomes available again, Oracle Traffic Director detects this automatically and resumes sending requests to the server.
Backup servers in the back end
When setting up server pools for an Oracle Traffic Director instance, you can designate a few servers in the back end as backup servers. Oracle Traffic Director sends requests to the backup servers only when none of the primary servers is available. This feature ensures continued availability even when some servers in the back end fail.
Failover for load balancing
Two Oracle Traffic Director instances can be deployed in an active-passive or active-active configuration. If the primary Oracle Traffic Director instance fails, the backup instance takes over.
Dynamic reconfiguration
Most configuration changes to Oracle Traffic Director instances can be deployed dynamically, without restarting the instances and without affecting requests that are being processed.
Monitoring statistics
Administrators can monitor a wide range of statistics pertaining to the performance of Oracle Traffic Director instances through several methods: the administration console, the command-line interface, and a report in XML format.
High performance
SSL/TLS offloading
Oracle Traffic Director can be configured as the SSL/TLS termination point for HTTP/S and TCP requests. This reduces the processing of overhead on the servers in the back end.
Content caching
Oracle Traffic Director can be configured to cache (in its process memory) content that it receives from origin servers. By caching content, Oracle Traffic Director helps reduce the load on servers in the back end and helps improve performance for clients.
HTTP compression
Administrators can configure Oracle Traffic Director instances to compress the data received from servers in the back end and forward the compressed content to the requesting clients. This feature improves the response time for clients connected on slow connections.
Virtualization-enabled solution
Oracle Traffic Director can be deployed as a virtual appliance on cloud and virtual platforms.
After deploying Oracle Traffic Director as a physical application, you can create a virtual appliance from an Oracle Traffic Director instance or create an assembly containing multiple such appliances. You can then deploy the appliance or assembly on the Oracle Virtual Machine hypervisor. To enable such a deployment, Oracle provides an Oracle Traffic Director plug-in as part of Oracle Virtual Assembly Builder, a tool that you can use to build virtual appliances and assemblies from physical applications.
For more information about creating and deploying virtual assemblies containing Oracle Traffic Director instances, see the Oracle Virtual Assembly Builder User's Guide.
TCP load balancing
With TCP load balancing, Oracle Traffic Director accepts client connections and routes the requests to a pool of servers running TCP-based protocols.
In an Oracle Java Cloud Service instance with a load balancer, Oracle Java Cloud Service configures a single Oracle Traffic Director instance running on a dedicated compute node distributing client requests to a pool of servers in the back end.
An Oracle Traffic Director configuration is a collection of elements that define the run-time behavior of an Oracle Traffic Director instance. An Oracle Traffic Director configuration contains information about various elements of an Oracle Traffic Director instance such as listeners, origin servers, failover groups, and logs.
For more information about the features of Oracle Traffic Director, see the Oracle Traffic Director Administrator's Guide.
The following table describes the terms used in this document when describing administrative tasks for Oracle Traffic Director.
Oracle Traffic Director can be used either as a physical application or as a virtual appliance.
Physical application
You can install Oracle Traffic Director on an Oracle Linux 5.6 system and run one or more instances of the product to distribute client requests to servers in the back end.
For information about installing Oracle Traffic Director as a physical application, see the Oracle Traffic Director Installation Guide.
Appliance running on a virtual platform
After deploying Oracle Traffic Director as a physical application, you can create a virtual appliance from an Oracle Traffic Director instance or create an assembly containing multiple such appliances. You can then deploy the appliance or assembly on the Oracle Virtual Machine hypervisor. To enable such a deployment, Oracle provides an Oracle Traffic Director plug-in as part of Oracle Virtual Assembly Builder, a tool that you can use to build virtual appliances and assemblies from physical applications.
For more information about creating and deploying virtual assemblies containing Oracle Traffic Director instances, see the Oracle Virtual Assembly Builder User's Guide.
You can perform various administrative tasks—enabling a feature of Oracle Traffic Director, adjusting how the feature works, and instructing Oracle Traffic Director to handle requests and responses in specific ways—by using the administration interfaces provided by the administration server.
The following subsections describe the administration framework in detail:
The settings that you define for Oracle Traffic Director instances are stored as configurations in a configuration store on the administration server. You can instantiate a configuration by deploying it as instances on one or more administration nodes.
Figure 1-1 depicts the administration framework of Oracle Traffic Director.
Figure 1-1 Administration Framework of Oracle Traffic Director
Figure 1-1 shows an administration server running on one machine, hosting the command-line interface and administration console applications. The administration interfaces are used to create three configurations—pub.example.com
, app.example.com
, and adm.example.com
, which are stored in the configuration store of the administration server.
The adm.example.com
configuration is deployed as an instance on one administration node.
The app.example.com
configuration is deployed as an instance on two administration nodes.
The pub.example.com
configuration is deployed as an instance on two administration nodes, with a high-availability heartbeat between the two nodes.
You can perform all of the administrative tasks for Oracle Traffic Director through the administration server, which is a specially configured Oracle Traffic Director instance.
The Oracle Traffic Director administration server is created automatically when you create an Oracle Java Cloud Service instance with a load balancer or add a load balancer to an Oracle Java Cloud Service instance.
An administration node is a physical host on which you can create Oracle Traffic Director instances.
To make a host an administration node, you should do the following:
Install Oracle Traffic Director on the host, or mount a remote installation of Oracle Traffic Director on a local directory on the host.
Register the host with the administration server by running the configure-server
command. This command designates the host as an Oracle Traffic Director administration node and registers the administration node with a remote administration server.
You can now create instances of Oracle Traffic Director configurations on the administration node. Note that on an administration node, you can create only one instance of a particular configuration.
For more information about creating administration nodes and managing them, see Managing Administration Nodes.
The administration server of Oracle Traffic Director provides the following interfaces through which you can create, modify, and manage Oracle Traffic Director instances:
Command-line interface
Oracle Traffic Director provides a command-line interface (CLI) that supports a wide range of administrative operations. The syntax of the command-line interface is easy to understand and use. While you use the interface, you can look up help for specific commands and options. For information about accessing the CLI, see Accessing the Command-Line Interface.
Administration console
The administration console is an web-based graphical interface consisting of a set of screens and wizards that you can use to create, monitor, and manage Oracle Traffic Director instances. For information about accessing the administration console, see Accessing the Administration Console.
All of the configurable elements of an Oracle Traffic Director instance are stored as a configuration, which is a set of files created in a configuration store in the following directory:
INSTANCE_HOME/admin-server/config-store/config_name/config
config_name
is the name that you specified for the configuration while creating it.
The files in the configuration store are meant for internal use by Oracle Traffic Director. They can be created, updated, and deleted only through the administration interfaces—administration console and command-line interface.
Caution:
The files in the configuration store are updated automatically when you edit a configuration by using either the administration console or the CLI.
DO NOT edit the files in the configuration store manually.
When you create instances of an Oracle Traffic Director configuration, the configuration files that represent the configuration are copied from the administration server to the INSTANCE_HOME
/net-
config_name
/config
directory on each of the administration nodes.
Oracle Traffic Director uses the configuration files in the INSTANCE_HOME
/net-
config_name
/config
directory when the instance starts and while it processes requests from clients.
For information about the content and structure of the configuration files, see the Oracle Traffic Director Configuration Files Reference.
Figure 1-2 shows the typical order of tasks that you should perform to create and manage Oracle Traffic Director instances.
Figure 1-2 Oracle Traffic Director Administration Workflow
Note:
As the administrator of Oracle Traffic Director, you might perform several additional tasks such as managing security, tuning for performance, and troubleshooting problems. These tasks are not shown in the flowchart because they are not necessarily performed at definite points in a fixed sequence. All of these additional tasks are described in other chapters of this document.
Install the product
You can install Oracle Traffic Director on Oracle Linux 5.6+ on an x86_64 system, by using an interactive graphical wizard or in silent mode.
For more information, see the Oracle Traffic Director Installation Guide.
Create the administration server
After installing the product, you should create an administration server instance of Oracle Traffic Director. The administration server is a specially configured Oracle Traffic Director virtual server that you can use to administer Oracle Traffic Director instances.
For more information, see "Creating the Administration Server Instance" in the Oracle Traffic Director Installation Guide.
Manage the administration server
At times, you might want to stop the administration server and restart it, or change settings such as the administrator user name and password.
For more information, see Managing the Administration Server.
Access the administration console and command-line interface
You can use the administration console and command-line interface of Oracle Traffic Director to create, modify, and monitor Oracle Traffic Director instances.
For information about accessing the administration console and command-line interface, see Accessing the Administration Interfaces.
Create and manage administration nodes
Administration nodes are physical hosts on which you can create Oracle Traffic Director instances.
For information about managing administration nodes, see Managing Administration Nodes.
Create and manage configurations
After creating the administration nodes, create configurations that define your Oracle Traffic Director instances. A configuration is a collection of metadata that you can use to instantiate Oracle Traffic Director. Oracle Traffic Director reads the configuration when a server instance starts and while processing client requests.
For information about managing configurations, see Managing Configurations.
Create and manage instances
After creating a configuration, you can create Oracle Traffic Director server instances by deploying the configuration on one or more hosts. You can view the current state of each instance, start or stop it, reconfigure it to reflect configuration changes, and so on.
For information about managing instances, see Managing Instances.
Define and manage origin-server pools
For an Oracle Traffic Director instance to distribute client requests, you should define one or more origin-server pools or in the back end. For each origin-server pool, you can define the load-distribution method that Oracle Traffic Director should use to distribute requests. In addition, for each origin server in a pool, you can define how Oracle Traffic Director should control the request load.
For more information, see Managing Origin-Server Pools and Managing Origin Servers.
Create and manage virtual servers and listeners
An Oracle Traffic Director instance running on a node contains one or more virtual servers. Each virtual server provides one or more listeners for receiving requests from clients. For each virtual server, you can configure parameters such as the origin-server pool to which the virtual server should route requests, the quality of service settings, request limits, caching rules, and log preferences.
For more information, see Managing Virtual Servers and Managing Listeners.
Manage security
Oracle Traffic Director, by virtue of its external-facing position in a typical network, plays a critical role in protecting data and applications in the back end against attacks and unauthorized access from outside the network. In addition, the security and integrity of data traversing through Oracle Traffic Director to the rest of the network needs to be guaranteed.
For more information, see Managing Security.
Manage Logs
Oracle Traffic Director records data about server events such as configuration changes, instances being started and stopped, errors while processing requests, and so on in log files. You can use the logs to troubleshoot errors and to tune the system for improved performance.
For more information, see Managing Logs.
Monitor statistics
The state and performance of Oracle Traffic Director instances are influenced by several factors: configuration settings, volume of incoming requests, health of origin servers, nature of data passing through the instances, and so on. As the administrator, you can view metrics for all of these factors through the command-line interface and administration console, and extract the statistics in the form of XML files for detailed analysis. You can also adjust the granularity at which Oracle Traffic Director collects statistics.
For more information, see Monitoring Oracle Traffic Director Instances.
Tune for performance
Based on your analysis of performance statistics and to respond to changes in the request load profile, you might want to adjust the request processing parameters of Oracle Traffic Director to maintain or improve the performance. Oracle Traffic Director provides a range of performance-tuning controls and knobs that you can use to limit the size and volume of individual requests, control timeout settings, configure thread pool settings, SSL/TLS caching behavior, and so on.
For more information, see Tuning Oracle Traffic Director for Performance.
Diagnose and troubleshoot problems
Despite the best possible precautions, you might occasionally run into problems when installing, configuring, and monitoring Oracle Traffic Director instances. You can diagnose and solve some of these problems based on the information available in error messages and logs. For complex problems, you would need to gather certain data that Oracle support personnel can use to understand, reproduce, and diagnose the problem.
For more information, see Diagnosing and Troubleshooting Problems.
This section describes how you can set up a load-balanced service using Oracle Traffic Director with the minimum necessary configuration. The purpose of this section is to reinforce and illustrate the concepts discussed earlier in this chapter and to prepare you for the configuration tasks described in the remaining chapters.
This section contains the following topics:
In this example, we will create a single instance of Oracle Traffic Director that will receive HTTP requests and distribute them to two origin servers in the back end, both serving identical content.
Figure 1-3 shows the example topology.
Figure 1-3 Oracle Traffic Director Deployment Example
The example topology is based on the following configuration:
Administration server host and port: bin.example.com:8989
Administration node host and port: apps.example.com:8900
Virtual server host and port to receive requests from clients: hr-apps.example.com:1905
Host and port of origin servers (web servers in this example):
hr-1.example.com:80
hr-2.example.com:80
In the real world, both origin servers would serve identical content. But for this example, to be able to see load balancing in action, we will set up the index.html
page to which the DocumentRoot
directive of the web servers points, to show slightly different content, as follows:
For hr-1.example.com:80
: "Page served from origin-server 1"
For hr-2.example.com:80
: "Page served from origin-server 2"
Load-balancing method: Round robin
This section describes how to set up the topology described in Example Topology.
Note:
The steps in this procedure use only the CLI, but you can perform step 6 onward by using the administration console as well.
We have now successfully created an Oracle Traffic Director configuration, instantiated it on an administration node, and started the instance.
The Oracle Traffic Director instance that we created and started earlier is now listening for HTTP requests at the URL http://hr-apps.example.com:1905
.
This section describes how you can verify the load-balancing behavior of the Oracle Traffic Director instance by using your browser.
Note:
Make sure that the web servers hr-1.example.com:80
and hr-2.example.com:80
are running.
If necessary, update the /etc/hosts
file on the host from which you are going to access the Oracle Traffic Director virtual server, to make sure that the browser can resolve hr-apps.example.com
to the correct IP address.