Meeting the Challenges of an HA Architecture for IBM WebSphere SIP

Similar documents
Archived. Deploying the BIG-IP LTM with IBM Cognos Insight. Deployment Guide Document version 1.0. What s inside: 2 Products and versions tested

Deploying the BIG-IP LTM with IBM QRadar Logging

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

Deploying the BIG-IP System with CA SiteMinder

Prompta volumus denique eam ei, mel autem

Cookies, Sessions, and Persistence

Deploying the BIG-IP System with Oracle Hyperion Applications

Deploying the BIG-IP System v11 with DNS Servers

Enhancing VMware Horizon View with F5 Solutions

Data Center Virtualization Q&A

Deploying WAN-Optimized Acceleration for VMware vmotion Between Two BIG-IP Systems

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Improving VDI with Scalable Infrastructure

Archived. Configuring a single-tenant BIG-IP Virtual Edition in the Cloud. Deployment Guide Document Version: 1.0. What is F5 iapp?

Deploying the BIG-IP LTM with Oracle JD Edwards EnterpriseOne

Large FSI DDoS Protection Reference Architecture

The Programmable Network

Optimize and Accelerate Your Mission- Critical Applications across the WAN

Converting a Cisco ACE configuration file to F5 BIG IP Format

F5 and Nuage Networks Partnership Overview for Enterprises

Optimizing NetApp SnapMirror Data Replication with F5 BIG-IP WAN Optimization Manager

Deploying a Next-Generation IPS Infrastructure

Session Initiated Protocol (SIP): A Five-Function Protocol

Load Balancing 101: Nuts and Bolts

Enabling Long Distance Live Migration with F5 and VMware vmotion

Geolocation and Application Delivery

The F5 Application Services Reference Architecture

Archived. For more information of IBM Maximo Asset Management system see:

Archived. Deploying the BIG-IP LTM with IBM Lotus inotes BIG-IP LTM , 10.1, 11.2, IBM Lotus inotes 8.5 (applies to 8.5.

Load Balancing 101: Nuts and Bolts

F5 icontrol. In this white paper, get an introduction to F5 icontrol service-enabled management API. F5 White Paper

Deploying a Next-Generation IPS Infrastructure

Distributing Applications for Disaster Planning and Availability

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

Unified Application Delivery

Document version: 1.0 What's inside: Products and versions tested Important:

Complying with PCI DSS 3.0

Automating the Data Center

The F5 Intelligent DNS Scale Reference Architecture

Securing the Cloud. White Paper by Peter Silva

Managing BIG-IP Devices with HP and Microsoft Network Management Solutions

APM Cookbook: Single Sign On (SSO) using Kerberos

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

Simplifying Security for Mobile Networks

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP LTM for SIP Traffic Management. Archived

SNMP: Simplified. White Paper by F5

F5 in AWS Part 3 Advanced Topologies and More on Highly Available Services

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

BIG IQ Reporting for Subscription and ELA Programs

VMware vcenter Site Recovery Manager

Secure Mobile Access to Corporate Applications

Server Virtualization Incentive Program

Maintain Your F5 Solution with Fast, Reliable Support

Webshells. Webshell Examples. How does a webshell attack work? Nir Zigler,

SOA Infrastructure Reference Architecture: Defining the Key Elements of a Successful SOA Infrastructure Deployment

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

v.10 - Working the GTM Command Line Interface

F5 Reference Architecture for Cisco ACI

NGIPS Recommended Practices

Citrix Federated Authentication Service Integration with APM

Software-Defined Hardware: Enabling Performance and Agility with the BIG-IP iseries Architecture

Prompta volumus denique eam ei, mel autem

Creating a Hybrid ADN Architecture with both Virtual and Physical ADCs

Securing LTE Networks What, Why, and How

Considerations for VoLTE Implementation

Enhancing Exchange Mobile Device Security with the F5 BIG-IP Platform

Deploying BIG-IP LTM with Microsoft Lync Server 2010 and 2013

Deploying the BIG-IP LTM v11 with Microsoft Lync Server 2010 and 2013

The Myth of Network Address Translation as Security

MS Skype For Business. Deployment Guide

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

Providing Security and Acceleration for Remote Users

Deploying the BIG-IP LTM with Microsoft Skype for Business

SOA: Challenges and Solutions

Resource Provisioning Hardware Virtualization, Your Way

MS Lync Deployment Guide

A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE

DEPLOYMENT GUIDE DEPLOYING THE BIG-IP SYSTEM WITH BEA WEBLOGIC SERVER

Solutions Guide. F5 solutions for the emerging 5G landscape

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v9.x with Microsoft IIS 7.0 and 7.5

F5 iapps: Moving Application Delivery Beyond the Network

Deploying Microsoft SharePoint with the F5 WebAccelerator

Deploying the BIG-IP System v10 with Oracle s BEA WebLogic

One Time Passwords via an SMS Gateway with BIG IP Access Policy Manager

Dialogic PowerVille LB Load Balancer for Real-Time Communications

F5 Networks F5LTM12: F5 Networks Configuring BIG-IP LTM: Local Traffic Manager. Upcoming Dates. Course Description. Course Outline

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Configuring NAT for High Availability

Deployment Guide AX Series with Oracle E-Business Suite 12

OPTIMIZE. MONETIZE. SECURE. Agile, scalable network solutions for service providers.

Myths of Bandwidth Optimization

Protecting Against Online Banking Fraud with F5

MS Lync Deployment Guide

DEPLOYMENT GUIDE A10 THUNDER ADC FOR EPIC SYSTEMS

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with IBM WebSphere 7

APP NOTES TeamLink and Firewall Detect

Distil Networks & F5 Networks Integration Guide

Framework 8.0. SIP Server. Integration Reference Manual

Transcription:

Meeting the Challenges of an HA Architecture for IBM WebSphere SIP Voice and multi-media features available in IBM WebSphere Application Server enable a new generation of integrated applications but also introduce new challenges for IT staff. The inclusion of F5 BIG-IP LTM as a core component of a high availability SIP deployment addresses those challenges without increasing network complexity. White Paper by Lori MacVittie

Introduction For any network service, high availability is desirable, and it is absolutely mandatory for business continuity in many organizations. Such organizations increasing reliance on SIP (Session Initiation Protocol) to enable communication between employees, partners, and customers elevates the importance of ensuring a high availability (HA) environment. In recognition of that reliance, IBM introduced a SIP container into version 6.1 of its WebSphere Application Server (WAS). This included support for JSR 116 the SIP Servlet 1.0 API. JSR 116 enables developers to create services such as back-toback user agents (B2BUA) and proxy-based applications. An HA environment for proxies, however, involves several challenges. These challenges can be met with configurations of F5 BIG-IP Local Traffic Manager (LTM) in a WebSphere SIP deployment. F5 products and IBM WebSphere SIP proxies may be integrated into many possible architectures to deploy an HA environment for SIP-based communications. A highlevel illustration of the most common architectures and configurations can be useful for discussion but should not be considered an exhaustive study of all possible integration and configuration options. Detailed configuration information is available in the respective manuals for BIG-IP LTM and IBM WebSphere Application Server. Prerequisite Knowledge and Terminology An HA SIP deployment with F5 technologies requires general familiarity with SIP, high-availability architectures, and IBM WebSphere Application Server as well as a basic understanding of the workings of SSL and a working knowledge of load balancing techniques, functions, and features. A few common abbreviations, general SIP terms, and product-specific references include: Proxy: A proxy is a server or network component that forwards a request on behalf of the requestor. A proxy can be stateful or stateless. A stateless SIP proxy does not maintain the state of the SIP request or monitor the transaction once it is forwarded to the next hop (node). A stateful proxy does just the opposite, tracking and maintaining the transaction state throughout the session. User Agent Client (UAC): A UAC creates a request or initiates a dialog. User Agent Server (UAS): A UAS handles a request or dialog. Back-to-Back User Agent (B2BUA): A B2BUA is a converged UAS/UAC that mediates a dialog. A B2BUA terminates SIP sessions, acting as the ultimate endpoint, and duplicates the dialog with the actual client. This is often used to enable SIP when end-points are within protected networks, that is, when NAT is in use. In service provider networks, a B2BUA would be referred to as a session 1

use. In service provider networks, a B2BUA would be referred to as a session border controller (SBC). F5 BIG-IP LTM: An F5 product used to provide load balancing and application delivery services for a particular web service or other application. BIG-IP LTM manages traffic in a data center or a group of servers. Virtual IP address (VIP): An F5 term for a host representing a resource managed by BIG-IP LTM. Secure Network Address Translation (SNAT): SNATs are used when traffic originates inside a protected network and must be translated to a VIP or external network address to enable bidirectional communication. Figure 1: SIP sessions use proxies to mediate communication between clients across protected network boundaries. HA SIP Challenges The challenges associated with enabling an HA environment for proxies are threefold. First, the HA service provider must be able to accurately monitor and subsequently detect an outage. For SIP communications, this requires a more specific data exchange than is often used in simple HTTP monitoring. Second, because there may be more than one active SIP proxy, the HA provider 2

Second, because there may be more than one active SIP proxy, the HA provider must accurately route existing communications to the SIP proxy through which the session was originally established. This requires the insertion of persistence into the architecture at the load balancing service, which in turn necessitates the ability to perform deep content inspection on both secured and unsecured SIP protocol traffic. Finally, SIP, like many of its UDP-based predecessors, introduces unique challenges for proxies and load balancing services. SIP services assume direct, bidirectional communication between parties. Network data (IP and port) must be known prior to traversal through upstream routing devices, because they are encoded in the payload. This requirement is often met by the use of SNAT to ensure traffic is routed properly back through the network. The challenge with this technique is an ephemeral port constraint, limiting SNAT options to fewer than 65,000 a limit that is often exceeded even in modest SIP deployments because of the protocol s heavy reliance on multiple ports per session. Use of the Via header, which specifies a trail of upstream proxies, provides one solution by allowing proper reverse traversal of the network without imposing the capacity-limiting constraints of SNAT. With the appropriate architecture and configuration, BIG-IP LTM in a WebSphere SIP deployment can overcome these challenges to provide high availability while supporting secured and unsecured communications. General HA Architecture A high-availability environment for SIP when using IBM WebSphere Application Servers and proxies requires the configuration of replication domains to enable memory-to-memory replication between SIP containers. This ensures a nondisruptive failover of proxy to proxy or server to server what is often known more generally as a stateful failover. IBM SIP proxies, as noted earlier, are stateless. Therefore the pair of BIG-IP LTM devices providing load balancing services is also charged with providing persistence to ensure proper routing of communication to the proxy and server on which the session was originally established. 3

Figure 2: A high-availability architecture with BIG-IP LTM and IBM WebSphere. Figure 2 shows a high-availability architecture with F5 BIG-IP LTM devices and two IBM SIP proxy servers using IBM blade chassis, each housing four blade servers. In the first chassis, the WebSphere ND Deployment Manager runs on the same blade as the SIP Proxy. The remaining three blades contain two application servers each. In the second chassis, the first blade contains a proxy server and the remaining three blades contain two application servers each. In this configuration, BIG-IP LTM tracks availability of the SIP proxy servers by sending a stream of SIP OPTIONS messages at regular intervals. The proxy is expected to respond with a 200 OK message. For this configuration to provide the high availability required, the SIP proxy must be 4

For this configuration to provide the high availability required, the SIP proxy must be configured to accept and handle all incoming traffic from BIG-IP LTM. If the proxy server does not respond in a pre-determined amount of time, BIG-IP LTM interprets this lack of response as an acknowledgement of an inactive or disabled proxy server. BIG-IP LTM discontinues forwarding client traffic to the proxy, but continues to send OPTIONS requests to the server. If and when the proxy server responds with a 200 OK message, BIG-IP LTM will re-enable the proxy and again route requests to it. For this process to work, the WebSphere SIP Proxy must be configured to expect OPTIONS messages from BIG-IP LTM. In addition, a set of SIP proxy-specific custom properties must be present and configured to enable interoperability between BIG-IP LTM and the WebSphere SIP proxy server. Figure 3: The WebSphere SIP proxy settings required to communicate with BIG-IP LTM. Technical Architecture The architecture required to implement a high-availability SIP environment comprises multiple virtual servers, pools, and monitors on BIG-IP LTM. This is necessary to support use of both TCP and UDP with a secured (TLS) and unsecured traffic mix. The SIP proxies are instances of WebSphere with its "Proxy Mode" installed and 5

The SIP proxies are instances of WebSphere with its "Proxy Mode" installed and configured. The application servers are also WebSphere servers with the "SIP Persona" enabled. BIG-IP LTM is configured as a SIP proxy to fully participate in the flow while providing HA and load balancing services. See Figure 4. Figure 4: This BIG-IP LTM configuration enables an HA environment with WebSphere SIP proxies. In this architecture, BIG-IP LTM serves as the initial SIP proxy a B2BUA to which clients connect. In addition to monitoring the IBM SIP proxy instances for availability, BIG-IP LTM is also responsible for managing SIP sessions to ensure proper routing throughout the life of the session. On an initial connection (handshake), BIG-IP LTM will select an appropriate SIP proxy, insert a Via header, and store a mapping of Call-Id to the SIP proxy in its session state table to ensure all subsequent messages related to that call session are consistently routed to the same SIP proxy. The decision on which SIP proxy is appropriate can be as simple as selecting a node based on an industry standard load-balancing algorithm or it can be highly complex and based on both the ability of BIG-IP LTM to extract SIP variables and its monitoring of the health, current capacity, and performance of the SIP proxies. For example, BIG-IP LTM can be configured to route high-priority calls to the SIP proxy with the lightest load to ensure the fastest possible response. When managing encrypted communications, BIG-IP LTM terminates the secure 6

When managing encrypted communications, BIG-IP LTM terminates the secure session and performs the same inspection and insertion process. This effectively offloads the cryptographic processing burden from the SIP proxies and improves overall performance by executing that processing in a hardware-accelerated environment. This offloading has a cascading effect on the performance and capacity of the SIP proxies by freeing up resources that can be used to service other clients and perform SIP-specific processing. If required by operational policy, BIG-IP LTM will re-encrypt the session before forwarding it to the appropriate SIP proxy. In the event a SIP proxy becomes unavailable based on the configured monitoring, BIG-IP LTM will stop forwarding requests to the disabled proxy until it has responded appropriately. In the interim, BIG-IP LTM routes requests to available proxies and, by virtue of the session replication configured at the application server layer, conversations will continue uninterrupted. Unlike many load balancing services for SIP that monitor only the availability of the port on the SIP proxy, BIG-IP LTM can ensure that SIP services are not only available but executing correctly by understanding SIP and inspecting responses to ensure their correctness. Conclusion The deployment of multi-media features such as VoIP on traditional platforms will continue to increase as development platforms broaden their support for the protocols required to develop integrated applications. The challenges associated with these often more complex communication protocols can arise when high availability architectures are introduced. The nature of stateless proxies requires a mechanism by which sessions can be appropriately routed during both normal operation and a failover event. This mechanism requires sufficient capabilities to inspect and correctly interpret protocol-specific payloads as well as intelligent monitoring of downstream services for availability. The sensitivity of SIP to interruptions is high, causing call quality to degrade. Incorporating BIG-IP LTM as part of a WebSphere SIP implementation helps avoid degradation in the quality of communications that are increasingly critical to business operations. BIG-IP LTM helps safeguard the ability to connect with customers by intelligently monitoring the health of WebSphere SIP proxies and rerouting communications when necessary. By inspecting both unsecured and secured communications, BIG-IP LTM ensures proper routing of sessions and further eliminates limitations imposed by the use of SNAT at the network layer without increasing complexity at that layer. BIG-IP LTM is an integral component in a WebSphere SIP deployment, providing 7

BIG-IP LTM is an integral component in a WebSphere SIP deployment, providing the necessary intelligence and control required to scale seamlessly and handle effortlessly, without disruption, what would otherwise be highly noticeable failures. F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 f5.com Americas info@f5.com Asia-Pacific apacinfo@f5.com Europe/Middle-East/Africa emeainfo@f5.com Japan f5j-info@f5.com 2016 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. 0113 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback