What is a Load Balancer?
A Load balancer is a piece of hardware (or virtual hardware) that acts like a reverse proxy to distribute network and/or application traffic across different servers. A load balancer is used to improve the concurrent user capacity and overall reliability of applications. A load balancer helps to improve these by distributing the workload across multiple servers, decreasing the overall burden placed on each server.
Load Balancing
Load balancing is the process of distributing network traffic across multiple servers. This ensures no single server bears too much demand. By spreading the work evenly, load balancing improves application responsiveness. It also increases availability of applications and websites for users. Modern applications cannot run without load balancers.
In the Beginning, There Was DNS
Before there were any commercially available, purpose-built load balancing devices, there were many attempts to utilize existing technology to achieve the goals of scalability and HA. The most prevalent, and still used, technology was DNS round-robin. Domain name system (DNS) is the service that translates human-readable names (www.nettech.local) into machine recognized IP addresses. DNS also provided a way in which each request for name resolution could be answered with multiple IP addresses in different order.
Example: In this example DNS has two Host Records (A) with same name but different IPs and in order to provide load balancing Round Robin is enabled.
The first time a user requested resolution for www.nettech.local, the DNS server would hand back multiple addresses (one for each server that hosted the application) in order, say 192.168.1.1 and 192.168.1.2. The next time, the DNS server would give back the same addresses, but this time as 192.168.2.1 and 192.168.1.1
Usually, clients attempt connections with the first address returned from a DNS query, so client1 connects to webserver1 192.168.1.1 and client2 connects to webserver2 192.168.1.2
This solution did little to improve HA. First off, DNS has no capability of knowing if the servers listed are actually working or not, so if a server became unavailable and a user tried to access it before the DNS administrators knew of the failure and removed it from the DNS list, they might get an IP address for a server that didn’t work.
LTM – Local Traffic Manager Overview
The Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. LTM helps in delivering applications to users in a reliable, secure, and optimized way.
Key Benefits:
- Intelligent Traffic Management- LTM supports both Static and dynamic Load balancing Methods. In static Load Balancing methods such as ratio and round robin server performance is not taken into account while making load balancing decision but in dynamic Load balancing methods such as least connections, fastest etc. Server performance is also taken into account while making load balancing decision.
- Ensures Availability of Applications- Application health check monitors are used to ensure availability of applications.
- Application Delivery optimization– BIG-IP LTM dramatically improves page load times and the user experience with HTTP/2, intelligent caching, extensive connection optimization and management, compression, and F5 One Connect
- Application Visibility and Monitoring- Monitor exactly how your application is performing for real users based on application response times, network conditions, and user context. F5 Analytics captures application-specific statistics, such as URL, throughput, and server latency, reported at different levels of the service.
- SSL off-loading- Backend servers are off loaded from encryption and decryption with SSL termination. Clients negotiates SSL tunnel with BIGIP device.
- Full Proxy (Reverse) Architecture- There are two independent and separate connections, one on the client side and one on the server side.
Now let’s understand Proxy Concept in detail.
Proxies- Proxies are hardware or software solutions that sit between the client and the server and do something to requests and sometimes responses. Proxies are not all the same. Some are half proxies, some are full proxies; some are forward and some are reverse.
Forward Proxies – Forward proxies are those proxies that sit between two networks, usually a private internal network and the public Internet. Large service providers have also traditionally employed forward proxies as a bridge between their isolated network of subscribers and the public Internet,
Forward proxies are generally HTTP (Web) proxies that provide a number of services but primarily focus on web content filtering and caching services. These forward proxies often include authentication and authorization as a part of their product to provide more control over access to public content. If you’ve ever gotten a web page that says “Your request has been denied by blah blah. If you think this is an error please contact the help desk/your administrator” then you’ve probably used a forward proxy.
Reverse Proxies- Reverse proxies sit in front of web and application servers and process requests for applications and content coming in from the public Internet to the internal, private network. This is the primary reason for the name “reverse” proxy to differentiate it from a proxy that handles outbound requests.Reverse proxies are also generally focused on HTTP but in recent years have expanded to include a number of other protocols commonly used on the web such as streaming audio (RTSP), file transfers (FTP), and generally any application protocol capable of being delivered via UDP or TCP.
Half Proxies
Requests are proxied by the device, but the responses do not return through the device, but rather are sent directly to the client. For some types of data, particularly streaming protocols, this configuration results in improved performance. This configuration is known as a half-proxy, because only half the connection (incoming) is proxied while the other half, the response, is not.
Half proxies can look at incoming requests in order to determine where the connection should be sent and can even use techniques to perform layer 7 inspections, but they are rarely capable of examining the responses.
Full Proxies
Full proxy is also a description of the way in which a proxy, reverse or forward, handles connections. A full proxy maintains two separate connections – one between itself and the client and one between itself and the destination server. A full proxy completely understands the protocols, and is itself an endpoint and an originator for the protocols. Full proxies are named because they completely proxy connections – incoming and outgoing. Full proxy can have its own TCP connection behaviour, such as buffering, retransmits, and TCP options. With a full proxy, each connection is unique; each can have its own TCP connection behaviour. This means that a client connecting to the full proxy device would likely have different connection behaviour than the full proxy might use for communicating with servers. Full proxies can look at incoming requests and outbound responses and can manipulate both if the solution allows it.
Many reverse and forward proxies use a full proxy model today.
Packet based Vs. Full Proxy Architecture
Packet based design:
A Network device with a packet based ( or packet-by-packet) design is located in the middle of communication streams, but is not an endpoint for those communications. For example, routers change layer 2 information, but then just pass traffic along, as shown below
Full proxy Architecture:
A full proxy maintains two separate layer 4 connections – one on the client side, one on the server-side
Full proxy completely understands the protocols, and is itself an endpoint and an originator for the protocols.
The system is placed in the network between the clients and the servers. Incoming requests are handled by the BIG-IP, which interacts on behalf of the client with the desired server or service on the server. This allows the BIG-IP system to provide scalability, availability, server offload, and much more, all completely transparent to the client.
Because the BIG-IP proxy is an actual protocol endpoint, it fully implements protocols as both a client and as a server. This means the BIG-IP system can have its own TCP connection behavior, such as buffering, retransmitting, and TCP options. A client connecting to the BIG-IP system would likely have different connection behavior than the BIG-IP system might use for communicating with the back-end servers. Therefore, the BIG-IP system allows for the optimization of every connection uniquely, regardless of the original source or the final destination.
Deny-by-Default
BIG-IP system is a “default-deny”. When you first insert a BIG-IP system into your network, no traffic is passed. This configuration is more secure because you must then configure objects to pass traffic and implement the traffic processing capabilities of BIG-IP.
