KR101364746B1 - Trouble diagnosis apparatus and method for application delivery controller - Google Patents

Abstract

The present invention relates to an apparatus and a method for diagnosing troubles of an application delivery controller, capable of effectively diagnosing load dispersion troubles and response time delay troubles and has an effect for accurately diagnosing the dispersion troubles and the server response time delay troubles based on a virtual server without a decline in service quality. Also, the method has an effect for effectively determining the possibility of trouble occurrence by obtaining processing time or load dispersion operation for an explicit request by separating the operation of the virtual server for a user request from the operation of a real server based on a TCP flag on a transmission layer by collecting packets inserted into the application transmission controller. [Reference numerals] (110) ADC inflow packet collecting unit; (120) User request analysis unit; (130) Real server request analysis unit; (140) Load distribution verification unit; (150) Delay time inspection unit

Description

Trouble diagnosis apparatus and method for application delivery controller

The present invention relates to an apparatus and method for diagnosing an application delivery controller failure, and more particularly, to an apparatus and method for diagnosing an application delivery controller failure capable of effectively diagnosing a load balancing failure and a server response time delay failure.

An Application Delivery Controller (ADC) is a network device that performs a server load distribution function to adjust application data.

Key features of these ADCs include Server Load Balancing, Firewall Load Balancing, Health Check, and Bandwidth Management.

Here, the server load distribution refers to a function that distributes the load of the server by efficiently distributing the traffic from one Internet service to the server to multiple servers providing the same service.

In more detail, the server load distribution manages a group of servers that perform the same role through a virtual IP address, and receives traffic destined for the server to a network device (ADC) having a virtual address. According to the distribution to the appropriate server. This virtual address may be referred to as a representative IP of the server group.

Recently, since most sites cannot handle the traffic of users with one server, there are several servers that play the same role, so that even if the traffic of users increases, the site operates flexibly and stably. Doing.

Server Load Balancing is a method of connecting to a server with fast response or a server with the fewest connections depending on the configuration. This method is called Load Balancing Method. There is a difference in the methods provided for each equipment.

On the other hand, in case of an ADC that provides such a function, a significant disruption in service operation occurs when a failure occurs. The failures that occur mainly in the ADC include load balancing failure and server response time delay failure.

Failure of server load balancing is when the equipment fails to load balance properly in accordance with the load balancing configuration. For example, the load is concentrated on one server even though the load balancing is set in a round-robin manner.

The server response time delay refers to a phenomenon in which the quality of service is deteriorated due to a late response time for a service request of a user.

1 is a diagram schematically illustrating a general embodiment in which an ADC is used.

As shown in the drawing, the conventional server load distribution management system includes a client terminal 10 to which a user accesses a virtual address, an application server 14, 15, and 16 stored in an application, and the client terminal 10 and the application server. It consists of an ADC 12 that distributes the load.

The illustrated configuration is an example configuration in which one ADC 12 distributes load across three practical application servers 14, 15, and 16, but in practice multiple ADCs are associated with multiple Real Servers. It is common to set up and monitor the status of a plurality of virtual servers that are connected in various ways and logically configured within the corresponding physical server.

Therefore, if a failure occurs in a server load distributed management system equipped with such an ADC, the cause of the failure should be determined quickly and clearly, and action should be taken in advance if a failure is found through continuous monitoring.

However, until now, the monitoring target is based on the status of the equipment, so it is possible to monitor the performance or status of the ADC or the actual server, but in the case of failures in logically diverse and complex virtual servers, It is difficult to determine which of the configuration errors, load balancing configuration errors, ADC failures, virtual server errors, or one or more real server errors associated with the virtual server has occurred.

Therefore, in the event of a failure, the entire ADC is reset or replaced, or the inefficient management of the entire actual server is reset or replaced.

On the other hand, if the service is provided through multiple ADCs and multiple real servers, overall service management is performed on the virtual servers. Therefore, monitoring and response to failures are also preferably based on virtual servers. Since failures are monitored and managed on a per-unit basis, network management is complicated by the gap between logical management and actual failure, resulting in high management costs and slow response when failures occur, resulting in low service reliability.

Korea Patent Publication No. 10-2013-0069167 Korean Patent No. 1171657

An object of the present invention devised to solve the above problems is an application delivery controller failure to clearly diagnose load balancing failure and server response time delay failure without deterioration of service quality based on the virtual server as a criterion of determination. It is to provide a diagnostic apparatus and method.

Another object of the embodiment of the present invention is to collect the packets flowing into the application delivery controller to distinguish the operation of the virtual server and the actual operation of the server according to the user request based on the Transmission Control Protocol (TCP) flag on the transport layer It is an object of the present invention to provide an apparatus and method for diagnosing a failure of an application delivery controller that enables a user to easily determine whether or not a failure occurs by identifying a load balancing operation or processing time for a request.

Application delivery controller failure diagnosis apparatus for achieving the above object includes an ADC inflow packet collector for collecting a packet flowing into the application delivery controller (ADC); A user request analyzer configured to count the number of syn packets transmitted from the user terminal to the ADC among the packets collected by the ADC inflow packet collector as the number of user request packets; An actual server request analyzer configured to count the number of syn packets provided from the virtual server to the real server among the packets collected by the ADC inflow packet collection unit as the number of real server packets for each server; And a load distribution verification unit that determines an operation state of load balancing based on the number of request packets of the user request analyzer and the actual number of server packets of the server request analyzer.

The user request analyzer calculates a hashing value to check the number of user request packets allocated for each real server, and the load balancing verifier determines the actual server allocation number of the user request packets obtained by the user request analyzer and the actual server. The hash load balancing operation state can be determined by checking whether the actual number of server packets corresponds.

The user request analyzer may determine a round robin load balancing operation state by checking whether the number of real server packets for each real server is equally distributed.

The apparatus may further include a configuration information collection unit configured to collect a correspondence relationship between the virtual server and the real server, a load balancing scheme, and a server response time delay criterion through an administrator input or an ADC connection.

ADC request processing time between the user request packet and the real server request packet, the real server response time between the real server request packet and the response packet responded by the real server, and the response packet of the real server and correspondingly The apparatus may further include a delay check unit that compares the sum of the ADC response processing time between the provided response packets with a reference time.

The delay time checker finds a packet whose source address is the user's IP and the TCP flag is syn and checks the time among the packets collected by the ADC inflow packet collector, and the source address is the virtual server IP and the destination address is the real server IP. At this point, we can find the packet whose TCP flag is syn, check the time, and calculate the difference in time as the ADC request processing time.

The delay time checker finds a packet whose source address is a virtual server IP, a destination address is a real server IP, and a TCP flag is syn, and checks the time among the packets collected through the ADC inflow packet collector. We can find the packet whose address is the virtual server and whose TCP flag is synack, check the time, and calculate the difference between each time as the actual server response time.

The delay checker finds a packet whose source address is a real server, a destination address is a virtual server, and a TCP flag is synack among the packets collected by the ADC inflow packet collector, and checks the time, and the source address is a virtual server and a destination address is After checking the time by finding the packet with user IP and TCP flag synack, the time difference can be calculated as the ADC response processing time.

Application delivery controller failure diagnosis apparatus according to another embodiment of the present invention, the ADC incoming packet collection unit for collecting the packet flowing into the application delivery controller; Among the packets collected by the ADC inflow packet collection unit, the number of syn packets transmitted from the user terminal to the ADC is counted as the number of user request packets, the time is checked, and the hashing value is selectively calculated to calculate the number of packets actually allocated for each server. A user request analyzer for checking; A real server request analysis unit for counting the number of syn packets provided from the virtual server to the real server among the packets collected by the ADC inflow packet collection unit as the number of real server packets for each server and checking the time; Determine an operation state of load balancing based on the number of request packets of the user request analyzer and the number of actual server packets of the actual server request analyzer; and optionally determine whether the actual server allocation number of the user request packet is equal to the actual number of server packets per server, or A load balancing verifier determining whether the actual number of server packets is uniformly distributed for each server; ADC request processing time between the user request packet and the real server request packet, the real server response time between the real server request packet and the response packet responded by the real server, and the response packet of the real server and correspondingly And a delay time checker for comparing the total of the ADC response processing time between the provided response packets with a reference time.

An application delivery controller failure diagnosis method according to another embodiment of the present invention is a failure diagnosis method using a failure diagnosis apparatus for diagnosing a failure by interworking with an application delivery controller, wherein the failure diagnosis apparatus collects packets flowing into the ADC. ADC incoming packet collection step; A user request analysis step of counting the number of syn packets transmitted from the user terminal to the ADC among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collection step as the number of user request packets; An actual server request analysis step of counting the number of syn packets provided from the virtual server to the real server among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collection step by the actual number of server packets for each server; The failure diagnosis apparatus includes a load balancing verification step of determining an operation state of load balancing based on the number of request packets in the user request analysis step and the number of actual server packets in the actual server request analysis step.

The user request analyzing step includes calculating a hashing value and checking the number of user request packets allocated for each real server, and the load balancing verifying step includes a real server of the user request packet obtained through the user request analysis step. The method may include determining a hash load balancing operation state by checking whether an allocation number corresponds to an actual server packet number for each actual server.

The analyzing of the user request may include determining whether the actual number of actual server packets for each real server is equally distributed to determine a round robin load balancing operation state.

The method may further include a configuration information collection step of collecting a correspondence relationship, a load balancing method, a server response time delay criterion, etc. between the virtual server and the real server through an administrator input or an ADC connection.

The apparatus for diagnosing the error may include an ADC request processing time between the user request packet and an actual server request packet, an actual server response time between an actual server request packet and a response packet responded by the actual server, and a response packet of the actual server. In response thereto, the method may further include a delay time checking step of comparing the sum of the ADC response processing time between the response packets provided to the user with the reference time.

In the delay checking step, a packet having a source address of the user's IP and a TCP flag syn is identified from the packets collected through the ADC inflow packet collecting step, and checking the time, and the source address is the virtual server IP and the destination address is the actual address. After finding the packet with the server IP and the TCP flag syn, the time can be checked and the time difference can be calculated as the ADC request processing time.

In the delay checking step, a packet having a source address of virtual server IP, a destination address of real server IP, and a TCP flag syn, and checking the time are identified among the packets collected through the ADC inflow packet collection step, and the source address of the real server And you can find the packet whose destination address is the virtual server and whose TCP flag is synack, check the time, and calculate the difference of each time as the actual server response time.

In the delay checking step, a packet having a source address is a real server, a destination address is a virtual server, and a TCP flag is synack among the packets collected through the ADC inflow packet collection step is checked for the time, and the source address is a virtual server. After checking the time by looking for the packet whose address is user IP and whose TCP flag is synack, the time difference can be calculated as the ADC response processing time.

The application delivery controller failure diagnosis method according to another embodiment of the present invention is a failure diagnosis method using a failure diagnosis apparatus for diagnosing a failure by interworking with an application delivery controller, and the failure diagnosis apparatus collects packets flowing into the application delivery controller. ADC incoming packet collection step; The fault diagnosis apparatus counts the number of syn packets transmitted from the user terminal to the ADC among the packets collected through the ADC inflow packet collection step as the number of user request packets, checks the time, and optionally calculates a hashing value for each server. A user request analysis step of confirming the number of allocated packets; An actual server request analysis step of counting the number of syn packets provided from the virtual server to the real server among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collecting step by the number of real server packets for each server and checking the time; The failure diagnosis apparatus determines an operation state of load balancing based on the number of request packets in the user request analysis step and the number of actual server packets in the actual server request analysis step. A load balancing verification step of determining whether the actual number of server packets is the same or determining whether the actual number of server packets is uniformly distributed for each server; The apparatus for diagnosing the error may include an ADC request processing time between the user request packet and an actual server request packet, an actual server response time between an actual server request packet and a response packet responded by the actual server, and a response packet of the actual server. In response thereto, a delay checking step of comparing the sum of the ADC response processing time between the response packets provided to the user and the reference time may be included.

The apparatus and method for diagnosing an application delivery controller failure according to an embodiment of the present invention configured as described above can clearly diagnose a load balancing failure and a server response time delay failure without degrading the service quality by using a virtual server as a criterion of determination. It works.

The apparatus and method for diagnosing a failure of an application delivery controller according to an exemplary embodiment of the present invention collects packets flowing into the application delivery controller to perform an operation of a virtual server for a user request based on a TCP flag on a transport layer and an operation of an actual server accordingly. By identifying and identifying the load balancing operation or processing time for explicit requests, it is possible to easily determine whether or not a failure occurs.

1 shows schematically a general embodiment in which an ADC is used;
2 is an exemplary diagram of a corresponding method of a virtual server and a real server.
3 is a configuration example of a server load distribution system to which the application delivery controller failure diagnosis apparatus according to an embodiment of the present invention is applied.
Figure 4 is a flow chart illustrating the flow of hash load balancing detection step in accordance with the present invention.
5 is a flow chart illustrating the flow of a round-robin load balancing detection step in accordance with the present invention.
6 is a flow chart showing the flow of the server response time delay detection method according to the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

FIG. 2 illustrates a correspondence relationship between a Virtual Server (VS) and a Real Server (RS) logically set by the ADC. As shown in FIG. One virtual server may correspond to a plurality of real servers in 1: n, and a plurality of virtual servers may correspond to one real server in n: 1, and a plurality of virtual servers and a plurality of real servers May correspond to n: n.

In practice, there are various correspondences between logical virtual servers and real servers depending on the number of ADCs, the number of real servers, and the types of services. These correspondences may change due to physical reasons such as replacement of real servers or replacement of ADCs. As it can be changed due to logical reasons such as expansion or contraction of services, virtual server configuration and network equipment configuration in the ADC are variable and it is not easy to continuously manage them.

On the other hand, the ADC has a different configuration method depending on the manufacturer, so a network containing ADCs from multiple manufacturers has a high risk of failure due to inadequate configuration. It is difficult to clearly identify the cause.

In particular, in case of existing network equipment, failure check on the equipment itself is possible through the health check function that verifies the function of the equipment, but when managing logical virtual servers of the same function to distribute the load such as ADC In addition to considering the relationship between the virtual server and the real server, the user's relationship with the integrated access using the virtual IP, and the load balancing relationship, the load balancing function for a given service is distributed to a plurality of ADCs. Also, it is difficult for ADC equipment to diagnose load balancing failures or server response time failures.

Therefore, there is a need for a method that can clearly determine the failure of the load balancing system having a complex and complex configuration in units of virtual servers. On the other hand, the load should not be increased for diagnosing such a failure in that the background of the introduction of the load balancing system is to reduce the increased load.

An embodiment of the present invention for solving the above problems will be described with reference to FIG. 3.

3 illustrates an example of a configuration of a server load distribution system to which an application delivery controller failure diagnosis apparatus according to an exemplary embodiment of the present invention is applied.

Although illustrated as one ADC 12 as an example, the fault diagnosis apparatus 100 according to an embodiment of the present invention does not increase the load of a service for the possibility or occurrence of failure based on a virtual server for a plurality of ADCs. Clear diagnosis can be made without

In particular, the failure diagnosis apparatus 100 according to the embodiment of the present invention may diagnose a failure universally regardless of the manufacturer of the ADC, if the virtual server configuration information of the ADC is known.

The illustrated failure diagnosis apparatus 100 diagnoses a failure by analyzing packet dump contents flowing into the ADC 12. To this end, a packet dump unit 50 for dumping a packet flowing into the ADC is required, and a function corresponding to the ADC may be built in the manufacturer or equipment characteristics of the ADC. In the case of the ADC having no packet dump function, a separate packet dump unit 50 may be additionally configured outside the equipment.

The failure diagnosis apparatus 100 may collect packets flowing into the ADC through the packet dump unit 50 and may target IPs of a specific virtual server set in the ADC equipment and a real server assigned to the virtual server.

The virtual server IP of the ADC equipment and the IP information of the actual server corresponding thereto and the corresponding information may be received from an administrator or a separate integrated management device, or may be obtained by accessing the ADC 12. The ADC has a different access method, protocol, and environment for each manufacturer. For this purpose, the fault diagnosis apparatus 100 determines the type of ADC and accesses the information with an appropriate protocol by accessing the ADC in an appropriate access method for the corresponding ADC type. You can request and receive.

For example, if the ADC 12 is from a specific manufacturer, it can be accessed using a secure sockets layer (SSL), a simple network management protocol (SNMP), or an application program interface (API) provided by the specific manufacturer. Desired information can be collected, and if the ADC 12 is of another specific manufacturer, the desired information can be collected through a CLI (Command Line Interface) after access using Telnet and SNMP protocols. When the setting is changed, the information collection may be performed again, which may be performed by an administrator who checks the setting change event or an update request of a separate ADC integrated management apparatus.

The illustrated failure diagnosis apparatus 100 includes an ADC inflow packet collector 110 for collecting packets flowing into the ADC through the packet dump unit 50. The failure diagnosis apparatus 100 extracts a Transmission Control Protocol (TCP) segment of a transport layer from the ADC inflow packets, and thus a source address, a destination address, and a TCP flag (TCP flag: Code bits). By checking, we can know who the packet provided to whom and for what purpose. URG (Urgent pointer is vaild), ACK (Acknowledgement is valid), Request for push (PSH), Reset the connection (RST), Synchronize sequence numbers (SYN), Terminate the connection) to see what the signal is for.

First, the fault diagnosis apparatus 100 analyzes the packet collected by the ADC inflow packet collecting unit 110 and the TCP flag is syn (synchronized state call) while the source address of the TCP segment is the IP of the user terminals 1 and 2. It is found that the number of corresponding packets is counted. In this case, the destination address may be a virtual IP of the ADC.

Since one segment may be divided into a plurality of packets, the number of segments may be counted, but the accuracy is increased when counting packets based on virtual small units.

Meanwhile, the TCP protocol performs three-way handshaking as known, and since the syn of the TCP requires a connection setup, the corresponding signal means a situation in which the user terminal requires a virtual IP connection to the ADC. Therefore, counting these signals tells you the total number of user terminals that require access to the ADC.

The ADC connects user terminals that require access to these ADCs with one of the virtual servers according to load balancing, so that in the event of a load balancing failure, these requests are not sent to the virtual server or to the real server corresponding to the virtual server. do.

To determine this, the failure diagnosis apparatus 100 finds that the source address is the virtual server IP, the destination address is the real server IP assigned to the virtual server, and the TCP flag is syn. It includes a real server request analysis unit 130 to count.

The failure diagnosis apparatus 100 compares the number of user request packets obtained by the user request analyzer 120 with the number of actual server request packets obtained by the actual server request analyzer 130, and thus, the user request is actually load balanced. According to the method, it is determined that the request is distributed to the real server and the possibility of load balancing failure or failure occurs.

It is possible to simply determine whether the number of user request packets is equal to the sum of the actual server request packets and determine whether the actual server request packets are properly distributed according to the load balancing method.

Typical load balancing methods include a hash method for distributing user requests to a selected server according to a hashing algorithm, and a round-robin method for distributing user requests sequentially to a server.

In order to confirm the normal operation of the load balancing method, a configuration for checking the characteristics of the load balancing method may be further included.

For example, in order to check a failure of a hash method, the user request analyzer 120 calculates a hashing value for the extracted user request packet, counts the number of packets for each hashed value, and calculates the number of packets allocated for each actual server. It may further comprise a configuration for identifying the number. Reference data for hashing can vary from device to device, such as using the end of a source address and information can be obtained from the administrator or ADC.

In addition, the load balancing verifying unit 140 classifies the server request packets by actual servers, counts the number of them, and compares them with the number of user request packets allocated to each server to determine whether the hash operation is normal. It can include a configuration.

As another example, a configuration for checking whether the number of real server request packets is distributed evenly or partially to some real servers is distributed to the load balancing verification unit 140 for each real server to check the failure of the round robin method. Can be.

On the other hand, the fault diagnosis apparatus 100 is the ADC request processing time for transmitting the connection request to the real server after the ADC receives the request of the user terminal to allocate the virtual server, which is the response time of the actual server for the request of the virtual server And a delay time checker 150 that obtains a server response delay time based on the sum of the ADC response processing time of the ADC responding to the user terminal according to the actual server response time and the actual server response and determines whether the reference time is exceeded.

The delay time checker 150 selects a user request packet from the packets collected by the ADC inflow packet collector 110, and the ADC allocates a virtual server according to the request time and the corresponding user request. After checking the request time of the actual server request packet requesting the connection, calculate the ADC request processing time. The real server response packet is selected for the real server request packet and the time is checked to calculate the real server response time from the difference with the request time of the real server request packet. Then, the response packet of the ADC sent to the user terminal is selected by the response of the real server, and the time is checked to calculate the ADC response processing time from the difference from the real server response time. Then, after calculating the total response time by summing the calculated ADC request processing time, actual server response time, and ADC response processing time, and determining whether the time falls within a preset reference time, it is determined whether or not a failure occurs.

Meanwhile, when calculating the ADC processing time, the user request packet screening may be utilized by the user request analyzer 120, and the actual server request packet screening may be utilized by the actual server request analyzer 130. And the actual server request analysis unit 130 may select the desired request packet and check the time of the corresponding packet, and provide it to the delay time checker 150.

As a result, the fault diagnosis apparatus 100 determines the number of syn packets transmitted to the ADC from the user terminal, the ADC inflow packet collector 110 collecting the packets flowing into the ADC, checks the time, and if necessary, a hashing value. The user request analysis unit 120 to check the number of packets allocated for each real server by calculating the number, and the actual server request analysis unit 130 for identifying the number of syn packets provided from the virtual server to the real server and checking the time. Compares the number of user request (syn) packets with actual server request (syn) packets, and if necessary, determines whether the actual server allocation number of the user request packet and the actual server packet number of the actual server request are the same, or Load balancing verification unit 140 for determining whether the number is uniformly distributed, and the time between the user request packet and the actual server request packet, the actual server request packet and the actual server The delay time checker 150 may compare the sum of the time between the response packets and the time between the actual server response packet and the user response packet with a reference time.

In addition, the failure diagnosis apparatus 100 further includes a configuration information collection unit (not shown) that collects a correspondence relationship, a load balancing method, a server response time delay criterion, etc. between the virtual server and the real server through an administrator input or an ADC connection. can do.

Hereinafter, an individual operation process of determining a load balancing failure and a server response time delay failure using the configuration according to the embodiment of the present invention will be described with reference to FIGS. 4 to 6.

4 is a flowchart illustrating a flow of a hash load balancing detection step using the fault diagnosis apparatus 100 according to an exemplary embodiment of the present invention. As shown in FIG. (S10).

The packet dump unit may use a packet dump function provided by the ADC device itself or implement a packet dump device outside the ADC device. The packet dump unit may include an IP of a specific virtual server configured in the ADC device and an actual server assigned to the virtual server. Proceed with packet dump.

Thereafter, the number of user request packets is analyzed (S20).

The analyzing of the number of user request packets may include finding the number of packets for which the source address is the user's IP (the destination address may be the virtual IP of the ADC) and the TCP flag is syn. Compute a hashing value for the target. The data referenced for hashing varies from device to device, for example using the end of the source address. The number of packets is calculated for each actual server by calculating the number of packets for each hashed value.

Next, the actual number of requests per server is analyzed (S30).

For the dumped packets, the number of packets whose source address is the virtual server IP and the destination address is the real server assigned to the virtual server and whose TCP flag is syn is calculated.

After that, the hash distribution function is verified whether or not a failure (S40).

The number of allocations calculated for each real server by the user request calculated in the user request count analysis step S20 and the number of request packets calculated for each real server calculated in the step S30 of analyzing the actual server requests Compare. If the number of packets collected for each real server is the same, it is determined that the hash distribution scheme is operating normally.

5 is a flowchart illustrating a flow of a round-robin load balancing detection step using the fault diagnosis apparatus 100 according to an exemplary embodiment of the present invention. Collect through wealth (S110). Details are similar to those mentioned in FIG. 4.

Thereafter, the number of user request packets is analyzed (S120).

In the analyzing of the number of user request packets, the number of packets whose source address is the user's IP and the TCP flag is syn is searched for the dumped packets. In this embodiment, the hash processing is not necessary.

Then, the actual number of requests per server is analyzed (S130).

For the dumped packets, the number of packets whose source address is the virtual server IP and the destination address is the real server assigned to the virtual server and whose TCP flag is syn is calculated. At this time, the number of packets is calculated for each server.

Thereafter, round robin load balancing verification is performed (S140).

If the number of user request packets calculated in the user request number analysis step S120 is the same as the number of requests calculated for each real server in the request number analysis step S130, the load balancing is normal. Is considered to be not. If the number of packets collected for each actual server is the same (or can be determined to be uniform), it is determined that the round robin distribution method is operating normally. However, it is considered abnormal if the number of packets to some real servers is too high.

In addition, the present invention, as a method for measuring the response time of the server, proposes a method for calculating the response time of the server by analyzing the network packets flowing into the ADC equipment.

6 is a flowchart illustrating a method for detecting a server response time delay using the apparatus 100 for diagnosing failure according to an exemplary embodiment of the present invention.

As shown, the packet flowing into the ADC is collected through the packet dump unit (S210).

Since the processing time of the ADC for the user request is calculated (S220).

To do this, first find the packet in the dumped packet with the source address of the user's IP and the TCP flag syn, and then find the packet dump time. This may be performed by the user request analysis unit of the failure diagnosis apparatus. In the packet, find the packet whose source address is the virtual server IP, the destination address is the real server IP, and whose TCP flag is syn.

The time difference between the two packets is used to obtain the processing time of the ADC according to the user request, that is, the processing time of the ADC request.

Next, the response time of the actual server for the ADC request is calculated (S230).

To do this, find the packet whose source address is the virtual server IP and the destination address is the real server IP, and whose TCP flag is syn. This is already done in step S220, so use it. In the packet, find the packet whose source address is the real server, the destination address is the virtual server, and whose TCP flag is synack. That is, when the virtual server transmits a packet for connection to the real server, the real server receiving the packet transmits a packet selected with both syn and ack bits to the virtual server for handshaking. More specifically, corresponding packet pairs may be identified through sequence numbers.

The response time of the actual server is obtained by calculating the time difference between the two packets.

Next, the processing time of the ADC for the response of the actual server is calculated (S240).

In the packet, the source address is a real server, the destination address is a virtual server, and a packet whose TCP flag is synack is found to check the time, which utilizes the information checked in step S230. In the packet, find the packet whose source address is the virtual server, the destination address is the user's IP, and whose TCP flag is synack.

The time difference between the two packets is calculated and regarded as the response processing time of the actual ADC. In other words, the ADC checks the processing time of the ADC that receives the response from the actual server and relays it to the user terminal.

Finally, the server response time is obtained by summing the ADC request time obtained in step S220, the response time of the actual server obtained in step S230, and the ADC response processing time obtained in step S240 (S250). Thereafter, the server response time may determine whether the server response time delay has failed or the possibility of failure by determining whether the server response time falls within a preset reference time range.

The foregoing embodiments and advantages are merely exemplary and are not to be construed as limiting the present invention. However, the present invention is not limited to the above-described embodiments, and various changes and modifications may be made by those skilled in the art without departing from the scope of the present invention. .

1: user terminal 12: ADC
50: packet dump unit 100: failure diagnosis device
110: ADC incoming packet collection unit 120: user request analysis unit
130: actual server request analysis unit 140: load balancing verification unit
150: delay time inspection unit

Claims (18)

An ADC inflow packet collector configured to collect packets flowing into the application delivery controller (ADC);
A user request analyzer configured to count the number of syn packets transmitted from the user terminal to the ADC among the packets collected by the ADC inflow packet collector as the number of user request packets;
An actual server request analyzer configured to count the number of syn packets provided from the virtual server to the real server among the packets collected by the ADC inflow packet collection unit as the number of real server packets for each server;
And a load distribution verifying unit configured to determine an operation state of load balancing based on the number of request packets of the user request analyzer and the number of actual server packets of the actual server request analyzer.
The method of claim 1,
The user request analysis unit calculates a hashing value to check the number of user request packets allocated for each actual server,
The load distribution verifying unit determines the hash load balancing operation state by checking whether the actual server allocation number of the user request packet and the actual server packet of the actual server obtained through the user request analysis unit correspond to each other. Fault diagnosis device.
The method of claim 1,
And the user request analyzer determines a round robin load balancing operation state by checking whether the number of actual server packets for each real server is equally distributed.
The method of claim 1,
And a configuration information collection unit configured to collect a correspondence relationship, a load balancing method, and a server response time delay criterion between the virtual server and the real server through an administrator input or an ADC connection.
The method of claim 1,
ADC request processing time between the user request packet and the real server request packet, the real server response time between the real server request packet and the response packet responded by the real server, and the response packet of the real server and correspondingly Application delay controller failure diagnosis apparatus further comprises a delay time checker for comparing the total of the ADC response processing time between the response packets provided with the reference time.
6. The method of claim 5,
The delay time checker finds a packet whose source address is the user's IP and the TCP flag is syn and checks the time among the packets collected by the ADC inflow packet collector, and the source address is the virtual server IP and the destination address is the real server IP. And the TCP flag is syn, finds the packet, checks the time, and calculates the difference in time as the ADC request processing time.
6. The method of claim 5,
The delay time checker finds a packet whose source address is a virtual server IP, a destination address is a real server IP, and a TCP flag is syn, and checks the time among the packets collected through the ADC inflow packet collector. Apparatus for diagnosing a failure of an application delivery controller characterized in that the address is found in the virtual server and the TCP flag is synack, the time is checked, and the time difference is calculated as the actual server response time.
6. The method of claim 5,
The delay checker finds a packet whose source address is a real server, a destination address is a virtual server, and a TCP flag is synack among the packets collected by the ADC inflow packet collector, and checks the time, and the source address is a virtual server and a destination address is Applied controller failure diagnosis apparatus, characterized in that the time to find the packet of the user IP and the TCP flag synack, check the time and calculate the difference of each time as the ADC response processing time.
An ADC inflow packet collector configured to collect packets flowing into the application delivery controller;
Among the packets collected by the ADC inflow packet collection unit, the number of syn packets transmitted from the user terminal to the ADC is counted as the number of user request packets, the time is checked, and the hashing value is selectively calculated to calculate the number of packets actually allocated for each server. A user request analyzer for checking;
A real server request analysis unit for counting the number of syn packets provided from the virtual server to the real server among the packets collected by the ADC inflow packet collection unit as the number of real server packets for each server and checking the time;
Determine an operation state of load balancing based on the number of request packets of the user request analyzer and the number of actual server packets of the actual server request analyzer; and optionally determine whether the actual server allocation number of the user request packet is equal to the actual number of server packets per server, or A load balancing verifier determining whether the actual number of server packets is uniformly distributed for each server;
ADC request processing time between the user request packet and the real server request packet, the real server response time between the real server request packet and the response packet responded by the real server, and the response packet of the real server and correspondingly Apparatus for diagnosing failure of an application delivery controller comprising a delay time checker for comparing the sum of the ADC response processing time between the provided response packets with a reference time.
A failure diagnosis method using a failure diagnosis apparatus that diagnoses a failure by interworking with an application delivery controller (ADC),
ADC inflow packet collection step of the fault diagnosis apparatus collects the packet flowing into the ADC;
A user request analysis step of counting the number of syn packets transmitted from the user terminal to the ADC among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collection step as the number of user request packets;
An actual server request analysis step of counting the number of syn packets provided from the virtual server to the real server among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collection step by the actual number of server packets for each server;
And a load balancing verification step in which the failure diagnosis apparatus determines an operation state of load balancing based on the number of request packets in the user request analysis step and the number of actual server packets in the actual server request analysis step. How to diagnose controller (ADC) faults.
The method of claim 10,
The analyzing of the user request includes calculating a hashing value and checking the number of user request packets allocated for each actual server.
The load balancing verifying step may include determining a hash load balancing operation state by checking whether the actual server allocation number of the user request packet and the actual server packet number for the actual server correspond to each other through the user request analysis step. Application delivery controller failure diagnosis method.
The method of claim 10,
And analyzing the user request comprises determining whether the number of real server packets for each real server is equally distributed to determine a round robin load balancing operation state.
The method of claim 10,
And collecting configuration information for collecting a correspondence relationship, a load balancing method, and a server response time delay criterion between the virtual server and the real server through an administrator input or an ADC connection.
The method of claim 10,
The apparatus for diagnosing the error may include an ADC request processing time between the user request packet and an actual server request packet, an actual server response time between an actual server request packet and a response packet responded by the actual server, and a response packet of the actual server. Correspondingly, a delay check step of comparing the total of the ADC response processing time between the response packets provided to the user and the reference time, characterized in that the application delivery controller failure diagnosis method.
The method of claim 14,
In the delay checking step, a packet having a source address of the user's IP and a TCP flag syn is identified from the packets collected through the ADC inflow packet collecting step, and checking the time, and the source address is the virtual server IP and the destination address is the actual address. A method for diagnosing a failure of an application delivery controller characterized in that it finds a packet having a server IP and a TCP flag syn, checks the time, and calculates a time difference as an ADC request processing time.
The method of claim 14,
In the delay checking step, a packet having a source address of virtual server IP, a destination address of real server IP, and a TCP flag syn, and checking the time are identified among the packets collected through the ADC inflow packet collection step, and the source address of the real server And the destination address is a virtual server and finds a packet whose TCP flag is synack, checks the time, and calculates the difference in time as an actual server response time.
The method of claim 14,
In the delay checking step, a packet having a source address is a real server, a destination address is a virtual server, and a TCP flag is synack among the packets collected through the ADC inflow packet collection step is checked for the time, and the source address is a virtual server. A method for diagnosing a failure of an application delivery controller characterized in that the time is determined by finding a packet whose address is a user IP and whose TCP flag is synack, and calculating the time difference as an ADC response processing time.
Fault diagnosis method using a fault diagnosis device that diagnoses a fault in conjunction with an application delivery controller,
ADC inflow packet collection step of collecting a packet flowing into the ADC by the fault diagnosis device;
The fault diagnosis apparatus counts the number of syn packets transmitted from the user terminal to the ADC among the packets collected through the ADC inflow packet collection step as the number of user request packets, checks the time, and optionally calculates a hashing value for each server. A user request analysis step of confirming the number of allocated packets;
An actual server request analysis step of counting the number of syn packets provided from the virtual server to the real server among the packets collected by the fault diagnosis apparatus through the ADC inflow packet collecting step by the number of real server packets for each server and checking the time;
The failure diagnosis apparatus determines an operation state of load balancing based on the number of request packets in the user request analysis step and the number of actual server packets in the actual server request analysis step. A load balancing verification step of determining whether the actual number of server packets is the same or determining whether the actual number of server packets is uniformly distributed for each server;
The apparatus for diagnosing the error may include an ADC request processing time between the user request packet and an actual server request packet, an actual server response time between an actual server request packet and a response packet responded by the actual server, and a response packet of the actual server. And a delay time checking step of comparing the sum of the ADC response processing time between the response packets provided to the user with the reference time.

Images