Net330:Server‐Load‐Balancing - ConnorEast/Tech-Journal GitHub Wiki

Definitions

  • RAID [Redundant Array of Independent Devices]:
  • SLB [Server Load Balancing]:
  • VIP [Virtual Server / Front End]: A term created to specify a website
  • Zoning: Network segmentation to reduce backend exposed attack surfaces
  • F5/NetScaler: The two most popular vendors for SLB Software and Devices.
  • NGINX/HAProxy: Open-source software based Load Balancer's

Load-Balancing Concepts

Load balancing is the distribution of workload across multiple computing resources to increase Efficiency, Performance, Availability [Redundancy], Elasticity [Growth], and Security [Zoning]. Load balancing can include network links, computer/servers, cpu's, and disk drives.

Network VS Server/Service Load Balancing

Load-Balancers are pieces of hardware focused on communication distribution Many Load-Balancers provide ssl/tls "offload" while handling cryptographic functions and communication to the back end servers.

Network Load Balancing Server Load Balancing
  • Balance Traffic across network links
  • Handled with routing and other protocols
  • provides redundancy
  • Provides link selection based on criteria (Bandwidth, Load, Cost $)
  • Provides a single service using multiple servers on the back end
  • Highly customizable and widely-used in modern enterprises
  • Performance, Security, Elasticity, Redundancy all popular reasons

Layer 3 SLB

Layer 3 SLB's work with IP addresses. They only use the IP addresses of different servers

DNS RoundRobin is an example of Layer 3 SLB

  • Multiple A records for same hostname
  • Queries yield different answers so different servers are contacted
  • Do an nslookup on google.com. You should get different IP's then your neighbor.

Layer 4 SLB

  • TCP/UDP ports operate at layer 4
  • Layer 4 SLB's use dedicated load balancers
  • Load balancers host "virtual IPs"(aka front-end) with the ip and port that end user uses to access a server
  • The load-Balancer than broker the connection with a server in the "backend"

Layer 7 SLB

  • Does a full-packet inspection to parse URL's and or Headers/Content-Metadata
  • Can be used to create a sacrificial lamb server [Specifically against DoS] to improve the reliability and security of internal systems.

SLB Service Monitoring

Load-Balancers can also monitor servers/services to make sure they are running. If a server/service has been found to have gone done it will be removed from the pool.

This monitoring (aka health checks) can include:

  • Simple IP, TCP, or UDP connectivity
  • Particular Protocol Response (SMTP, HTTP, FTP...)
  • Presence of a certain resource (web page) or successful completion of a transaction

Load Balancing Issues

Issue 1: The backend server will not be able to gain information to that of the IP address of the source of a packet due to the fact that the source IP is changed to that of the load balancer. This causes issues for troubleshooting & incident response

Fix:

  • For HTTP: -create the X-Forwarded-For header that adds the original source IP to the request.
  • For other protocols: - need extensive logging on the Load Balancer that correlates with the backend server logs. [Use Splunk]

Issue 2: Some applications require servers to store information for the user. If user is directed to other servers that information may be lost.

Fix:

  • Session Persistence directing a client's requests to the same backend server for the duration of a session
  • Types of persistence: Simple [Based on IP], Cookies [http cookie set by LB], SSL [the use of SSL session IP]
⚠️ **GitHub.com Fallback** ⚠️