Deep dive into the Load Balancers
Every Load-Balancer is a Reverse-Proxy but every reverse-proxy needs not to be necessarily a load-balancer.
Question :- How does the OSI Model looks like ?
Question :- What is the need of Load-Balancer ?
Answer → In order to make a system which is fault-tolerant, such that when my client makes a request to the LB, then it can talk to one Backend or several Backends.
Question :- Explain how does the L4 Load-Balancers works ?
Answer → Here is how the L4 Load-Balancers works :-
1.) HandShake → The L4 Load-Balancer first establishes the TCP Connection with the Backend-Servers.
2.) Warming-Up → There could be multiple number of TCP-based connections that the LB can open with the Backend & then just keeps them warm. This is to make sure that, whenever client connects to the LB. it doesn’t have to go through the process of connection warm-up every time.
3.) Client-Connection → When the client connects to the L4 LB, that connection would have a state at LB level & that connection would be mapped to one of the connections at anyone of the Backend-Server. Therefore Layer-4 LB is a stateful LB.
- L4 LB just deals with Ports and IP-Addresses.
- Data is segmented but It can’t simply touch the data OR parse the data.
- All the segments of the data (that client sends to L4 LB), all of those segments would end-up going to only one exclusive connection on some server.
- If client sends some data to the L4 LB, then it can’t just send one segment to one server and other segment to the other server because the data would be corrupted & everything would be bad.
Question :- Does the L4 Load-Balancers also acts as NAT Layer ?
Answer → Yes, the Layer4 LB acts as the NAT-layer/gateway/router for the client.
- Request → LB changes the destination IP-Address while establishing a brand-new TCP-connection to the Backend. Client is completely unaware of this concept.
- Response → Layer4 LB knows that, anything that I receive back from this application-connection , I have to send it back to this connection with original-Client. There is a Table of mapping that L4 LB keeps with it.
Question :- Demonstrate the example of Http based call(Restful API call) from the client to the Backend ?
Answer → Imagine that Client is sending a Http based call to the LB. Also imagine that, this particular request is being divided into the 2 segments.
Step #1.) The request lands at the LB and then the LB chooses to send all of the segments of this request to some of the Backend-Server.
Step #2.) Now, say that there is yet another segment (segment #3) sent by the client, then it writes back that segment to the same connection.
- There is no buffering at this L4 LB. It just reads & forwards the data-segments.
- L4 LB doesn’t knows about HTTP. It just knows & understands the TCP. Whatever data is coming to this L4 LB (be it gRPC based request OR socket based connection), it just considers all of this data as the data-segments.
- However, the LB might perform some sort of Optimisation depending upon the MTU at client-end and MTU at backend-server-end. It might just receive the segment & breaks that segment into multiple segments further very well & vice-versa. TCP would always try to squeeze as much performance as it is possible.
Step #3.) Now, say that there is yet another request initiated by the same client on the same connection, then that shall also be read first & written back to the backend-server.
Step #4.) Now, say that there is some another request initiated by some different client, then based upon the load-balancing algorithm, that might be forwarded to some of the other backend server.
Question :- What are the companies which offers L4 LB ?
Answer → Companies like Radware and F5-BigIp provides the L4 LBs.
Question :- What are the Pros & Cons of the Layer4 Load-Balancer ?
1.) Here are the Pros of L4 LB :-
- It’s a simple strategy of load-balancing. It just doesn’t reads the contents of the Layer7.
- It’s more secure because it doesn’t reads the data from L7.
- It works with any protocol. It’s agnostic to the protocol.
2.) Here are the Cons of L4 LB :-
- It’s not smart & it can’t work with the Micro-services. It’s sticky connection. There is no load-balancing per connection. Although, we can configure the IP & Port combination, but that’s not advisable in production based systems.
- If client sends POST request OR it sends GET request OR it sends PATCH request, the L4 LB doesn’t knows anything about it. It just sees these requests as data-segments coming in.
- It can’t support Caching, because it doesn’t knows what to cache because it can’t read the data which is present in L7 layer.
- At L4 LB, we can’t do any of the actions like : “Blocking certain Users”, “Blocking certain Headers”, “Blocking certain Authentication methods”.
Question :- Explain how does the L7 Load-Balancers works ?
Answer → Here is how the L7 Load-Balancers works :-
1.) HandShake → The L7 Load-Balancer also establishes the TCP Connection with the Backend-Servers.
2.) Warming-Up → There could be multiple number of TCP-based connections that the LB can open with the Backend & then just keeps them warm. This is to make sure that, whenever client connects to the LB. it doesn’t have to go through the process of connection warm-up every time.
3.) Client-Connection → When the client connects to the L7 LB, that connection becomes the protocol specific.
- L7 LB needs to understand whatever is being sent to it.
- Any logical request would first be buffered at the L7-LB level, understands it (i.e. decrypts the data), parses it and then it makes the decision to forward the request to one of the backend-server.
Notes :- In case you would like to have the L7 LB external facing for your clients, then :-
- Your L7 LB would have to have the Certificate living on it, because this L7 LB would have to prove it’s identity first.
- The L7 LB would also have to decrypt the data.
Question :- How does L7 Load-Balancer handles the HTTP based request ?
Step #1.) First, it receives the request and sends it to say backend Server 1.
Step #2.) Next, say the same client sends the another request, then L7 LB can actually forward it to other backend server as well because L7 LB is Stateless.
Question :- What are the Pros & Cons of the Layer7 Load-Balancer ?
1.) Here are the Pros of L4 LB :-
- It offers smart strategy of load-balancing. For example, if the request is for the endpoint “/pictures”, it can forward the request to a particular hostgroup probably to Pictures microservice.
- Another example, if the request is for the endpoint GET “/comments”, it can forward the request to a particular hostgroup, probably to comment microservice.
- Another example, if the request is for the endpoint POST “/comments”, it is write-heavy workload then go to some other hostgroup because it has a specific database designed for this particular write heavy workload.
- Therefore, the L7 LB is great for micro-services.
- We can also perform the AuthN and AuthZ at this L7 Load balancer.
- We can also cache the results as well.
2.) Here are the Cons/Disadvanatages of L4 LB :-
- It’s expensive because it’s doing more work like it is buffering the data, reading the data, decrypting the data, terminates the TLS connection.
- It must share the TLS certificate.
- It might not be highly efficient and can actually become a bottleneck because it is buffering a lot of data and parsing it. It can actually slow down.
- It needs to understand the protocol.
That’s all in this blog. We would see you in next blog.