Tag: ADC

Load Balancing

 

 

 

 

 

 

ROUND ROBIN GIF

The above GIF shows a simplified Round-Robin load balancing method. In this load balancing method, the load balancer doesn’t care about the number of connections that are being handled by the server. The 1st connection is sent to the 1st server, 2nd connection to 2nd server and 3rd connection to 3rd server without any regard to the pre-existing connections.

Least Connections:

Least Connection GIF

The above GIF shows a simplified Least-Connections load balancing method. As the name suggests, the Load Balancer will send the connections to the server with the least number of connections.

In the initial state of the GIF, the servers, have 5,4,3 connections as noted. The 1st connection is sent to the server with the least number of connections – S3. The 2nd connection is sent to S2 as S1 has 5 and S2 & S3 are tied for number of connections at 4. The 3rd connection is sent to S3 as S1 & S2 have more number of connections (5) than S2 (4). In the last image, all the servers have equal number of connections at 5.

Questions to consider – Buying an ADC

These are some of the questions that you would want to analyze and answer before thinking about buying an ADC:

What is the load requirement ?

This is defined in terms of maximum number of concurrent or simultaneous connections/requests that an ADC can handle.

Another factor to consider is the rate of connections/requests. If your application requires short bursts of traffic, the ADC should be able to handle it.

What kind of protocol do you intend to load balance ? 

Most customers tend to load balance HTTP traffic. If you intend to perform load balancing of specific applications like Citrix/Xen related apps, it will be better to buy a Citrix ADC like NetScaler.

Does your application require “persistence” and if so, what kind of “persistence” do you require ?

Persistence is the ability of the load balancer to send a client connection request to the same server that handled the previous request based on information presented by the client connection. This information can be Source IP address or Cookie or any information available in the incoming packet like JSession ID.

Persistence information is generally required for applications like a checkout cart. For example, after a client adds merchandise to the checkout cart, subsequent HTTP request/TCP connection should be sent to the server with the checkout cart information in order to complete the transaction. If the connection/request is sent to a different server, the checkout cart may not have the relevant information.

Do you require Layer7 load balancing like redirect or load balancing based on HTTP header/content ?

One of the differentiating factor between the newer generation ADC and the older Load Balancer is the difference in their ability to handle L7 function. Load Balancers don’t provide as much L7 functionality as the ADC.

Certain functions like redirects can be implemented on the ADC instead of the servers. This will reduce the round trip time and the latency involved in serving the application and at the same time make it easier from an administrative perspective as the redirect configuration is implemented at one point instead of multiple servers.

Are you planning to terminate the SSL certificate/key on the ADC and send the unencrypted traffic to the servers ?

Implementing SSL termination on the load balancer will reduce the load on the servers as SSL processing can be resource intensive. From a management perspective, it is easier to replace the certificate/key on a single device (ADC) than a multitude of servers. With a flood of SSL vulnerabilities, any changes required to the SSL ciphers or versions can be done at one location.

If load balancing requires L7 functionality, the SSL cert/key has to be terminated on the ADC as the SSL encrypted traffic has to be decrypted at the ADC before any L7 functionality can be implemented by the ADC.

Does your business require specific SSL ciphers/versions for regulatory or security reasons ?

SSL processing is done on hardware or software. For any ADC, some ciphers are handled at the hardware level and some ciphers are handled at the software level. Hardware SSL generally tends to be efficient than software SSL processing.

SSL Keys – Newer ADCs are optimized for the 2K keys and the older ones can only handle 1K key efficiently. Newer F5 platforms are better optimized for SSL 2K keys than the older F5 LTM 1600 & 3600

Do you require High Availability ?

ADC can be a single point of failure. Using ADC in high availability setting would provide the redundancy.

Do you require any specific performance features ?

These performance features can be like caching, compression or newer protocols like SPDY.

Do you require any other functionality ?

There are functions like application acceleration, application firewall, IPv6 Gateway that can be implemented on the ADC in addition to the normal load balancing.

Major ADC Vendors:

Top 3 based on Gartner 2013:

BigIP F5

Citrix NetScaler

Radware

Others:

Riverbed, A10, Brocade, Barracuda etc.

ADC Functions:

Scalability:

This provides the ability to add/remove servers with minimal disruption to ongoing traffic processing.

High Availability:

Do you require 2 (or more) Load Balancers that can be set up such that one of the “standby” load balancers take over the active load balancers function, if one of them fails ?

Performance:

This is not just about the values like connections/s or throughput. You would have to consider the feature set that is available to you to maximize the application delivery. These features can be caching, compression, newer protocol support like SPDY.

Security:

The newer load balancers provide greater support against certain Denial of Service (DoS) and security like a single authentication portal, web application firewall (WAF)

Load Balancers & ADC

An ADC is placed in the Data Center, closer to the Servers. ADC provides a single point of access for the clients that request information.

Application Delivery Controller (ADC) is the newer, fancier and more relevant term for Load Balancers. Although people refer to ADC as just a “Marketing Term”, ADCs certainly provide enhanced functionality compared to the Load Balancers of previous generation.

load_balancer_traffic_flow (1)

 

Load Balancers:

  1. Layer 4 Devices
  2. Distribute Load across multiple servers. Load in the context of L4 devices point to TCP Connections (Socket – IP+Port Combination)
  3. Normally, full TCP stack is client facing and the server facing TCP stack can only handle up to L4
  4. Load Balancers don’t offer high performance functionality like caching, compression and newer protocols like SPDY
  5. Additional features like WAF, DoS prevention are not usually available.

Example: Cisco CSS

Application Delivery Controllers:

  1. Layer 7 Devices
  2. Distribute Load across multiple servers. Load in the context of L7 devices point to TCP Connections and L7 content like HTTP content.
  3. They tend to have 2 full TCP stack. One facing the client and another facing the servers. This provides them with the functionality of a full-proxy and enables them to balance application content and not just the L4 connections.
  4. Most ADC devices provide high performance functionality like caching, compression and newer protocols like SPDY
  5. Additional features like WAF, DoS prevention are usually available.

Example: F5 LTM, Citrix NetScaler

Reference:

Load Balancing 101 – The Evolution to Application Delivery Controllers

What is an Application Delivery Controller ?