Skip to main content

Load Balancer Routing Algorithms - Draft version

The main purpose of the load balancer is to distribute the traffic evenly across multiple servers. The Load Balancer promises the efficient usage of the back-end servers without overloading and not keeping the server in busy times. Avoiding the server overload will reduce the downtime.


Table of Content:

  1. Different types of LB
  2. Algorithms used by ALB
  3. ALB Features 
  4. Questions
  5. Configuring ALB in AWS 
  6. Creating K8S config files
  7. Factors to consider to ALB design


There are different types of load balancers:

  1. Application Load Balancer (Layer 7)
  2. Network Load Balancer
  3. Global Server Load Balancer
Let's narrow our discussion to Application Load Balancer(ALB). The ALB operates on layer 7 of OSI model.  

Algorithms used by ALB are:

  1. Round Robin  
  2. Least connections
  3. Weighted Round Robin
  4. IP hash
  5. Least Connections Response time

The ALB evaluates incoming requests to ensure efficient and reliable traffic distribution. LB has to ensure.

  1. High availability
  2. Scalability
  3. Performance optimization
The features provided the LB
  1. Health checks: The LB check the status of back servers and not responding servers are removed from pool and input requests are not shared to the failed server. This will provide the continuous availability of the application to the customer.
  2. Traffic distribution: Traffic routing to back servers is done using various algorithms.
  3. Content-based routing: The routing is done based on 
  4. SSL certificate management:
  5. Session persistence/Sticky session: 

Load Balancers are used in various places in the application

  1. Client - Web server
  2. Web server - Application server
  3. Application server - Database

Question: Is the data transfer inside the VPC secured despite the SSL termination at the load balancer?

data transfer within a VPC (Virtual Private Cloud) is generally considered secure even with SSL termination at the load balancer. Here's why:

  1. Isolation: VPCs provide network isolation from other users in the cloud, meaning your traffic is not exposed to external networks.

  2. Security Groups: You can control traffic between resources within your VPC using security groups, which act as virtual firewalls. This allows you to restrict communication to only necessary ports and protocols.

  3. Network ACLs: Network Access Control Lists (ACLs) provide an additional layer of security by filtering traffic at the subnet level.

  4. Private Subnets: You can place backend servers in private subnets, making them inaccessible directly from the internet. Only the load balancer, situated in a public subnet, would have a public IP address.

  5. Sensitive Data & Encryption in Transit: While the traffic within the VPC is isolated, it might still be unencrypted after SSL termination. If you have strict compliance requirements or are dealing with highly sensitive data, you might consider end-to-end encryption (i.e., having SSL/TLS on both the load balancer and backend servers).

  6. Sometimes to follow the same standard across the organization and follow the encryption in all endpoints, do not do SSL termination in load balancer and allow the SSL encryption to continue/pass through. The extra burden is managing the SSL certificates and rotation.


Question: What will happen if ALB itself fails?

Several strategies provide redundancy and automatic failover mechanisms. 

  1. Load Balancer Redundancy
    1. Active-Active configuration
    2. Active-Passive configuration
  2. Health checks and Monitoring
    1. Frequency health check 
  3. Failover mechanism
  4. Use managed Load Balancer service of cloud providers.

Factors to consider to design a load balancing solution to meet the requirements of the application characteristics such as performance, scalability, security and reliability

  1. Do you need L4 or L7 load balancing
  2. What are the out of box features required for your use case (e.g., health checks, stick sessions, SSL termination)
  3. How much traffic need to handle ?
  4. Do you need LB to be scalable based on custom parameters?
  5. High availability and scalability
  6. Performance optimization
  7. Monitoring and logging
  8. Are you using Websockets and gRPC ?
  9. Cost of using on-premises vs managed load balancer & choosing the computation.

Configuring ALB on AWS & The K8S config files https://www.github.com/bonu/

References:




Labels:

Comments

Post a Comment

Popular posts from this blog

OWASP API Security Top 10 vulnerabilities 2023

API Security Do's and Don'ts Don't trust input data for an API and do validate all inputs. Ensure you understand security and keep sensitive data out of code. Don't hardcode keys/tokens Don't reveal useful info in error messages. Don't have hidden/unadvertised features. Don't filter data in UI - control at app level Don't confuse authentication and authorization Always use API gateways to control access and traffic Do require API documentation. Do expect users/hackers to find and use undocumented endpoints Do continuous testing - attack simulation, test configs, fuzzing, injections OWASP API Security Top 10 Vulnerabilities 2023 API-1:2023 - Broken Object Level Authorization: BOLA is still the leading vulnerability that plagues APIs. When data objects do not have sufficient access controls in place, resources can be accessed by unauthorized users. API-2:2023 - Broken Authentication  Broken Authentication contains all vulnerabilities associated with auth...
Post a Comment
Read more

React JS Basics

  What are side effects in React? In React, side effects are operations that interact with external systems or cause changes outside the component's rendering process. These can include: Data fetching: Retrieving data from APIs or other sources. Subscriptions: Setting up listeners for events or data changes. Timers: Creating timers for delayed actions or animations. DOM manipulation: Directly modifying the DOM (rarely used in modern React with declarative approach). Why use useEffect ? In class-based components, you would typically use lifecycle methods like componentDidMount , componentDidUpdate , and componentWillUnmount to handle side effects. Functional components don't have these methods directly. The useEffect Hook provides a way to manage side effects in functional components. It allows you to run a function after a component renders (or re-renders) and optionally clean up any resources created by that function before the component unmounts. How does useEffect wor...
Post a Comment
Read more