Internet
From Consultancy.EdVoncken.NET
Contents |
Businesses are deploying a huge number of Internet-facing applications. These should be well-configured and protected.
[edit] High Availability
High Availability setups are sometimes needed to reduce the risk of a service outage. HA comes in Active/Passive and Active/Active configurations.
The goal is to eliminate any Single Points of Failure (SPoF) in the IT infrastructure.
[edit] Network
The router is normally a Single Point of Failure. The use of a "Virtual Router" can mitigate this risk. In this scenario, two or more physical routers maintain a Virtual Router IP-address that is used by the clients. Should one physical router fail, the other(s) will take control of the IP-address, ensuring uninterrupted service to all clients in the subnet.
- CARP (Common Address Redundancy Protocol)
- An open standard, patent-free redundancy protocol.
- HSRP (Hot Standby Router Protocol)
- a Cisco-proprietary protocol for router availability, described in RFC2281.
- VRRP (Virtual Router Redundancy Protocol)
- a standards-based (RFC3768) redundancy protocol.
[edit] Web Servers
A single webserver can provide many websites, for example through the use of Name-Based Virtual Hosting. A webserver failure may lead to serious impact on business continuity.
For scalability reasons, Load Balancing solutions are implemented that distributes the workload evenly across multiple webservers. These do not by themselves provide High Availability!
One of the simplest Load Balancing solutions is Round Robin DNS, where multiple A-records are configured for each website address. The DNS server will now return a list of addresses for the website, in rotating order. With a large number of clients, the load is distributed evenly across the different webservers. In a scenario with 3 webservers, if one server fails, on average 33% of traffic will still be directed at the malfunctioning webserver!
With a proper HA solution, the Load Balancer / HA device will check if the webservers are actually available before sending traffic there.
- HAProxy
- IPVS, maintained by the Linux Virtual Server Project