Skip to main content

Load Balancer Routing Algorithms - Draft version

The main purpose of the load balancer is to distribute the traffic evenly across multiple servers. The Load Balancer promises the efficient usage of the back-end servers without overloading and not keeping the server in busy times. Avoiding the server overload will reduce the downtime.


Table of Content:

  1. Different types of LB
  2. Algorithms used by ALB
  3. ALB Features 
  4. Questions
  5. Configuring ALB in AWS 
  6. Creating K8S config files
  7. Factors to consider to ALB design


There are different types of load balancers:

  1. Application Load Balancer (Layer 7)
  2. Network Load Balancer
  3. Global Server Load Balancer
Let's narrow our discussion to Application Load Balancer(ALB). The ALB operates on layer 7 of OSI model.  

Algorithms used by ALB are:

  1. Round Robin  
  2. Least connections
  3. Weighted Round Robin
  4. IP hash
  5. Least Connections Response time

The ALB evaluates incoming requests to ensure efficient and reliable traffic distribution. LB has to ensure.

  1. High availability
  2. Scalability
  3. Performance optimization
The features provided the LB
  1. Health checks: The LB check the status of back servers and not responding servers are removed from pool and input requests are not shared to the failed server. This will provide the continuous availability of the application to the customer.
  2. Traffic distribution: Traffic routing to back servers is done using various algorithms.
  3. Content-based routing: The routing is done based on 
  4. SSL certificate management:
  5. Session persistence/Sticky session: 

Load Balancers are used in various places in the application

  1. Client - Web server
  2. Web server - Application server
  3. Application server - Database

Question: Is the data transfer inside the VPC secured despite the SSL termination at the load balancer?

data transfer within a VPC (Virtual Private Cloud) is generally considered secure even with SSL termination at the load balancer. Here's why:

  1. Isolation: VPCs provide network isolation from other users in the cloud, meaning your traffic is not exposed to external networks.

  2. Security Groups: You can control traffic between resources within your VPC using security groups, which act as virtual firewalls. This allows you to restrict communication to only necessary ports and protocols.

  3. Network ACLs: Network Access Control Lists (ACLs) provide an additional layer of security by filtering traffic at the subnet level.

  4. Private Subnets: You can place backend servers in private subnets, making them inaccessible directly from the internet. Only the load balancer, situated in a public subnet, would have a public IP address.

  5. Sensitive Data & Encryption in Transit: While the traffic within the VPC is isolated, it might still be unencrypted after SSL termination. If you have strict compliance requirements or are dealing with highly sensitive data, you might consider end-to-end encryption (i.e., having SSL/TLS on both the load balancer and backend servers).

  6. Sometimes to follow the same standard across the organization and follow the encryption in all endpoints, do not do SSL termination in load balancer and allow the SSL encryption to continue/pass through. The extra burden is managing the SSL certificates and rotation.


Question: What will happen if ALB itself fails?

Several strategies provide redundancy and automatic failover mechanisms. 

  1. Load Balancer Redundancy
    1. Active-Active configuration
    2. Active-Passive configuration
  2. Health checks and Monitoring
    1. Frequency health check 
  3. Failover mechanism
  4. Use managed Load Balancer service of cloud providers.

Factors to consider to design a load balancing solution to meet the requirements of the application characteristics such as performance, scalability, security and reliability

  1. Do you need L4 or L7 load balancing
  2. What are the out of box features required for your use case (e.g., health checks, stick sessions, SSL termination)
  3. How much traffic need to handle ?
  4. Do you need LB to be scalable based on custom parameters?
  5. High availability and scalability
  6. Performance optimization
  7. Monitoring and logging
  8. Are you using Websockets and gRPC ?
  9. Cost of using on-premises vs managed load balancer & choosing the computation.

Configuring ALB on AWS & The K8S config files https://www.github.com/bonu/

References:




Labels:

Comments

Post a Comment

Popular posts from this blog

Safety property that a deadlock can never occur

Identified four necessary conditions for a deadlock to occur 1. Mutual Exclusion. The nodes claim exclusive control of the resources they require. 2. Wait for. Tasks hold resources already allocated to them while waiting for additional resources. 3. No preemption. Resources cannot be forcibly removed from the tasks holding them until the resources are used to completion. 4. Cyclic Wait. A cyclic chain of tasks exists, such that each task holds one or more resources that are being requested by the next task in the chain. References: For information about system deadlocks please refer: E. G. Coffman, M. Elphick, and A. Shoshani. System Deadlocks
Post a Comment
Read more

OWASP API Security Top 10 vulnerabilities 2023

API Security Do's and Don'ts Don't trust input data for an API and do validate all inputs. Ensure you understand security and keep sensitive data out of code. Don't hardcode keys/tokens Don't reveal useful info in error messages. Don't have hidden/unadvertised features. Don't filter data in UI - control at app level Don't confuse authentication and authorization Always use API gateways to control access and traffic Do require API documentation. Do expect users/hackers to find and use undocumented endpoints Do continuous testing - attack simulation, test configs, fuzzing, injections OWASP API Security Top 10 Vulnerabilities 2023 API-1:2023 - Broken Object Level Authorization: BOLA is still the leading vulnerability that plagues APIs. When data objects do not have sufficient access controls in place, resources can be accessed by unauthorized users. API-2:2023 - Broken Authentication  Broken Authentication contains all vulnerabilities associated with auth...
Post a Comment
Read more
Program to print items in single linkedlist in Pendulum order  Single linked list pendulum in java There are sequence of numbers in a single linked list and display the result in pendulum format Input : 1 2 3 4 5 6 7 8 Output : 1 8 2 7 3 6 5 4 Solution :  https://github.com/Bonu/datastructures/blob/main/SingleLinkedListPendulum.java Below is the manual approach: Input: 1 2 3 4 5 6 7 Iteration 1: 1 2 3 4 5 6 7 Iteration 2: 1 7 2 3 4 5 6 Iteration 3: 1 7 2 6 3 4 5 Iteration 4: 1 7 2 6 3 5 4
Post a Comment
Read more