aws cloudformation automation, trafficscript, and serverless architecture with brocade's vadc
TRANSCRIPT
Chris Kawchuk ([email protected])Systems EngineerBrocade
Brocade vADC Cloudformation and TrafficScript
Fill out the feedback form and go in a draw to win
a drone today.
Drone to be Won Today!
3
Agenda• What is the Brocade vADC‒ Quick Intro ‒…as you likely already know what a Load Balancer is
• I already have AWS’s ELB– Why do I need a vADC? What’s so special about it?
• Walkthrough of the CFT‒ From Heavy Lifting to Automated CloudFormation Builds ‒ TrafficScript – the Swiss Army Knife of HTTP
• Summary‒ Sample Deployments in AWS
Brocade vADC Introduction
High-level view of Traffic Manager
?Web and
Application Servers
? ?
Brocade vADC provides
visibility and control
Brocade VirtualTraffic Manager
Optimize Infrastructure- to improve performance and increase capacityOptimize Content- to improve response time and brand valueDifferentiate and Prioritize- to optimize user experienceInspect and Secure- to block attackers and secure data
Under the Hood
Web andApplication
Servers
Request Rules
SSL DecryptionService ProtectionTCP OffloadRate ShapingHTTP/2Application Firewall
Load BalancingSession PersistenceBandwidth ShapingSSL EncryptionHTTP MultiplexingConcurrency ControlApplication Auto-Scaling
Request
Response Monitors
Virtual Server Client
Connections
PoolServer
Connections
Response Rules
TCP OffloadHTTP CachingContent CompressionService Level MonitoringBandwidth ShapingTransaction LoggingHTTP/2Application Firewall
7
Ok, that’s great……but I already have AWS ELB
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
8
vADC is “ In Addition to…”ELB okay for most; vTM best for the rest…
As an abstracted service, Amazon ELB (Elastic Load Balancer) functions well as a basic web service load balancer. However, the demands of many modern global businesses require the greater sophistication that only an application delivery controller can offer.
Only recently has AWS released an upgraded ELB in the form of an Application Load Balancer (ALB) which operates at the Layer 7 Application Layer and allows you to define routing rules based on content across multiple services or containers running on one or more Amazon Elastic Compute Cloud (EC2) instances.
Brocade Virtual Traffic Manager (vTM) is designed to seamlessly integrate with any application deployed on Amazon Web Services to provide load balancing, user experience optimization, application scalability, and fine-grained application control.
Brocade vTM nicely complements (or replaces!) Amazon ELB/ALB for creating highly reliable global cloud deployments requiring advanced ADC features. © 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
Would you like to try it?We have a nice CloudFormation Template you can try now!
Brocade AWS Cloud Formation Template• A pre-canned Redunant vADC Deployment to try!‒ Dual vADCs in multiple AZs w/Clustering‒ vADC Management and Dual public EIPs allocated for Traffic‒ vADC Config Automation via Puppet Scripting/Automation‒ Autoscale Apache2 WebServers pre-built for you‒ Github integration for externally editable config
10© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
11
URL for the CFT and Instructions
• https://github.com/dkalintsev/Brocade/tree/master/vADC/CloudFormation/Templates/Variants-and-experimental/Configured-by-Puppet
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
Brocade AWS Cloud Formation Template
12© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
Traffic ScriptThe “Swiss Army Knife” of HTTP(or when you need to get stuff done)
Brocade vTM Traffic Management Tool: TrafficScript• An intuitive and powerful scripting language that lets you
manipulate your traffic as it passes through the Traffic Manager:‒ Request Rules ‒ Response Rules‒ Transaction Completion Rules
14© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
SIMPLE STATE MACHINE: TWO EVENTS, REQUEST AND RESPONSE
A Simple Model for Application Rules
Brocade VirtualTraffic ManagerClient Server Nodes
Write to server
Write to client
Retryrequest
1. Receives requestand runs Request Rules
2. Runs Response Rules then forwards on to the client
A More Detailed Look…..
16
RequestResponse
SSL DecryptionService
ProtectionTCP Offload
Rate ShapingApplication
Firewall
Content Compression
HTTP CachingTCP Offload
Service Level MonitoringBandwidth
ShapingTransaction
LoggingApplication
Firewall
Pool(Server
Connections)Virtual Server
(Client Connections)
Load BalancingSession
PersistenceBandwidth
ShapingSSL Encryption
HTTP MultiplexingConcurrency
ControlApplication Auto-
ScalingHealth Monitors
Request Rules
Rule BuilderTrafficScript
Java
Response Rules
Rule BuilderTrafficScript
Java
Completion Rules
TrafficScript
Web / ApplicationServers
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
TrafficScript Example #1• Update a copyright banner:
17
# Let's only grab the response if it is an HTML document:$responseType = http.getResponseHeader( "Content-Type" );if(string.contains($responseType, "text/html")){
# We grab the body the server sent: $oldBody = http.getResponseBody(); # We replace the old copyright string with the new one (note: case insensitive!) $newBody = string.replaceAllI($oldBody, "copyright 2013", "copyright 2016");
# Then we send the new HTML body to the user. http.setResponseBody($newBody);}
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
TrafficScript Example #2• Treat Platinum Frequent Flyers like Royalty:
18
# Let's extract the Frequent Flyer number from the URL$FFNumber = http.getFormParam("FFID");
# Let's look them up in a special web form to see what level Frequent Flyer they are:$FFLookup = http.request.get("http://fflookup.airline.com/ffLookup.php?FFID=".$FFNumber);
# If they are Platinum Frequent Flyer, let's roll out the Red Carpet:if(string.containsI($FFLookup, "platinum")){
# We have a dedicated pool of servers for Platinum Frequent Flyers: pool.select("pool_Platinum_FF");
# And apply a pair of special Bandwidth Classes so we don’t slow them down # when the site is under load like everyone else: request.setBandwidthClass("BW_Platinum_FF_REQ"); response.setBandwidthClass("BW_Platinum_FF_RES");}
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
TrafficScript Example #3• Serverless Architecture:
19
#Input Script
# Redirect All Requests to an S3 Buckethttp.setHeader("Host", "spa-11-14-test.s3-website-ap-southeast-2.amazonaws.com");pool.use("test-SPA-s3");
# Return Script – Rewrite the nasty S3 URL$body = http.getResponseBody();$newBody = string.regexsub($body, "spa-11-14-test.s3-website-ap-
southeast-2.amazonaws.com", "test.11-14.net", "g");http.setResponseBody($newBody);http.setHeader("Host", "test.11-14.net");
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
TrafficScript Example #4• Offload APIs to “real servers” or other sites and rewrite:
20
$client = request.getRemoteIP();$url = http.getPath();
#If the user wants to go to our “/blog”if (string.startsWith($url, "/blog")) { $path = http.getRawURL(); $newpath = string.regexsub($path, "^/blog(.*)", "/$1"); $path = string.regexsub($newpath, "//", "/"); http.setRawPath($path); http.setHeader("Host", "telecomoccasionally.wordpress.com"); pool.use("blog");}
#Return Script$body = http.getResponseBody();$newBody = string.regexsub($body, "telecomoccasionally.wordpress.com",
"test.11-14.net/blog", "g");http.setResponseBody($newBody);http.setHeader("Host", "test.11-14.net");
© 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
Brocade vADC Summary
Perpetual Term orSubscription
ServiceProvider
Bulk Licensefor ADCaaS
Evaluation30-day limited
DeveloperThroughput limited
Brocade vADC Licensing Models
Brocade vADC Content
Whitepapers – Application Delivery
• Application Delivery for Amazon AWS• Application Delivery for Microsoft Azure
Product Materials• Brocade vADC Data Sheets• Brocade vADC Licensing Guide• Brocade vADC Performance Reference• Brocade vADC Success Stories
• Deployment Guides for Microsoft, Oracle, SAP• Technical presentations• Brainshark product videos
www.brocade.com
Thought Leadership
• Video: A New Approach to Application Delivery
• Infographic: ADC-as-a-Service
Whitepapers – Application Security
• PCI-DSS compliance with Brocade vADC• Distributed Application Security• Application Security for Microsoft Azure• Security for DoD applications• Why Web Application Firewalls Matter
24
• vTM can do everything ELB can plus tons more!• Supports more protocols, more checks, integrated vWAF• Scale out your ELB without blowing your budget• Solve unexpected application problems with TrafficScript
• CloudFormation Template makes this easy to try!
Brocade vADC can help to:
Over to you Ross!
i = RND(0)*32;
Drone to be Won Now!
Thank you