Skip to content

Server Load Balancing vs. Global Load Balancing

Load balancing, or Application Delivery, has grown over the last ten years to have a critical role within the enterprise.  Load balancing provides high availability and possibly better performance by directing traffic flows to servers.  Modern load balancers, such as Netscaler and BigIP, have much flexibility in the decision process to forward packets to servers.  There are two types of load balancing on ADCs that are used in typical large enterprises – Server and Global.  This post will discuss both.

.

.

Server Load Balancing

.

.

Server load balancing refers to load balancing done locally.  A SLB inspects a traffic flow, selects a destination based on a defined selection mechanism, and forwards the traffic on.  This is accomplished by configuring a Virtual-IP(VIP) and pool of servers on the load balancer.  A client connects to the VIP and the load balancer then forwards the traffic to one of the servers in the associated pool.  The load balancer is always the intermediate device between the server and the client  – meaning that traffic to and from the client must enter and exit the load balancer to prevent asymmetric routing.

An SLB appliance sits in the same data center as the servers and can be configured in one of three ways.

. Routed

 

.

Routed
In routed mode the load balancer has two routed interfaces – one facing the servers and one facing the upstream router.
The load balancer’s default gateway is the upstream router.
The server’s default gateway is the load balancer.
All traffic into the server subnet will traverse the load balancer – even traffic that does not need to be balanced.
No NAT is required.  The servers will see the client IP address in their logs/traces.  This is important for IA.
Use routed mode when the system engineer requires to see the client IP address in in the application or server logs

.

.Transparent

 

.

Transparent
In transparent mode the load balancer has two bridged interfaces – one facing the servers and one facing the upstream router.
The load balancer’s default gateway is the upstream router.
The  server’s default gateway is  the upstream router via the bridged interfaces.
All traffic into the server subnet will traverse the load balancer – even traffic that does not need to be balanced.
No NAT is required.  The servers will see the client IP address in their logs/traces.  This is important for IA.
Use transparent mode when the system engineer requires to see the client IP address in in the application or server logs
Transparent mode is typically used when you need to add load balancing to an already defined network that cannot be modified

.

.One-ARM (most popular)

.

One-ARM (most popular)
In One-ARM mode the load balancer has one routed interface.
The load balancer’s default gateway is the upstream router
The server’s default gateway is the upstream router.
The load balancer uses Source-NAT – it changes the source IP of the client to an address belonging to the ACE.
Source-NAT fixes asymmetric routing
One-ARM allows the load balancer to be installed anywhere in the data center
One-ARM conserves bandwidth through the appliance because only load balanced traffic will traverse the load balancer
Use One-ARM mode when it is ok to use SourceNAT (work-arounds for HTTP traffic with X-Forward field are available)

.

.

Global Load Balancing

.

.

Global load balancing refers to a specially designed DNS server that load balances DNS requests.  Unlike Windows Server DNS or BIND a GLB appliance performs health checking on its server pool to ensure that only alive and well servers are given out on DNS requests.  A GLB does not replace the functionality of a Server Load Balancer as they each serve different purposes.  A GLB, simply stated, is just a DNS load balancer with health checking.  It cannot peform many of the features of an SLB such as L4-7 security, SSL offload, compression, caching, and many others.

GLB’s health checking is not as precise as an SLB.  Whereas connectivity via SLB relies on IP routing, connectivity via GLB relies on underling DNS infrastructure.  DNS timeouts can only be set so low and are not always trusted by external parties.  For this reason many choose to elect using both GLB and SLB for instances where traffic needs to be directed to multiple sites for high availability.

.

.Global Load Balancing

.

1. The client uses DNS to look up http://www.google.com by contacting his DNS server
His DNS server responds that the GLB appliance is authorative for http://www.google.com

2. The client uses DNS to look up http://www.google.com by contacting the enterprise GLB.
The GLB responds with the VIP address in one of two data centers.

3.  The user connects to http://www.google.com on HTTP via the VIP on the load balancer.

.

.

The GLB can round robin his response to DNS queries with each of the VIPs at both sites.  GLB can also perform location based responses – ie anyone from an IP range of 10.0.0.0 will always get Data Center 1 unless it is down.  GLB can perform peformance based responses – ie it will run a connectivity test to the client or client’s DNS server and respond with the ‘closest’ data center (I do not know how well this works in practice).

The GLB health checks the SLB by configured tests, such as ICMP, TCP, or script based tests.  If it detects the VIP on one SLB is down then it will only respond to internet clients with the other active VIP.  The SLB in turn performs health checking on the servers it is responsible for and only directs traffic to the healthy systems.

These two features combined, SLB and GLB, are what provide automated site high availability within an enterprise.

.

.

What if you want to load balance to sites globally, and you also want to load balance your internet POPs, and your DMZ is not located at your POP?  This is when the power of the Citrix Netscaler device shows its wings.  A Netscaler appliance can act as a GLB, a SLB, and a reverse proxy.  I’ve just recently started using Netscaler and I have the above requirements.  My notional design is below and I’m really looking forward to making this work.

.

.Multi-Internet POP GLB

.

.

1.  The client perform DNS lookup against GLB for website.
The GLB responds with an IP address assigned to one of the reverse proxy server.

2.  The client connects to website via reverse proxy server.

3.  The reverse proxy server perform internal DNS lookup for website using internal GLB.
Internal GLB responds with VIP address of appropriate SLB

4.  The reverse proxy server proxies traffic to internal webserver via SLB VIP and client connects to web page.

.

.

Follow

Get every new post delivered to your Inbox.