D-Link DFL-2500 User Guide - Page 284
Server Health Checks
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 284 highlights
24.2. SLB Implementation 265 1. Round-Robin Algorithm - treats all real servers as having equal capabilities, regardless of other facts, such as the number of existing connections or response time. 2. Connection-Rate Algorithm - redirects a connection to the server with the least number of new connections in a predefined time span. An array inside the firewall saves the number of new connections per second for each server. It updates every second to remove old connection counting values. The Round-Robin Algorithm is suitable when the real servers within the server farm have equal processing powers, while using Connection-Rate Algorithm can optimize the response time. Regardless which algorithm is chosen, if a server goes down, traffic will be sent to other servers. And when the sever comes back online, it can automatically be placed back into the server farm and start getting requests again. 24.2.3 Server Health Checks Performing various checks to determine the "health" condition of servers is one of the most important benefits of the SLB. At different OSI layers, D-Link firewalls can carry out certain network-level checks. When a server fails, the firewall removes it from the active server list, and will not route any packet to this server until it resumes back. An ICMP Destination Host Unreachable message will be sent by the firewall once the active server list is empty. ICMP Ping At OSI layer 3, the check involves a Ping to the real server's IP address to see whether the server is up and running. TCP Connection At OSI layer 4, the firewall attempts to connect to a configured port of the server where an application is running. For example, if the server is running web application (HTTP) on port 80, the firewall will try to establish a connection to bind to that port. It sends a TCP SYN request to port 80 on that server and waits for a TCP SYN/ACK in return; if failing, it marks the port 80 to be down on that server. D-Link Firewalls User's Guide