Delivering applications to people when they need them is the foundation of the modern digital workplace. Whether they are web, mobile, or legacy business applications, they must be available to use when required. Cloud, networking, and server infrastructure needs to be resilient and responsive to deliver this requirement. The strategic use and placement of load balancers plays a central role in providing round the clock access to applications.
What is Load Balancing?
Simply stated, load balancing is an application delivery technique that shares client access requests across a pool (or farm) of backend application servers. This ensures that no single application server gets overwhelmed by requests, while another server sits idle. Load balancing also ensures that any servers that are offline, either for planned or unplanned reasons, are not included in the pool and don’t get sent requests that users think have disappeared into the void!
Load balancing implementations take this simple premise and use a combination of network monitoring combined with advanced algorithms to make intelligent decisions on how to route client access requests to servers in a server pool. They monitor the health of servers (physical or virtual) plus the status of the applications and services that are running on them. If any server or service is not available, then the load balancers will stop directing requests to it until it reports that it can accept requests again.
We have used the supermarket checkouts analogy before to describe what load balancers do at this foundational level: during the day when the number of shoppers getting to the checkouts is small, having a few checkouts open is okay. However, as people are getting out of work, the number of shoppers goes up. Then only having a few checkouts open results in long queues as everyone tries to pay at the same checkout. Opening more checkouts at these busy times increases throughput. This gets customers through the checkouts more rapidly, increases customer satisfaction, and allows the supermarket to serve more customers in a given time.
A win all round. The same ideas can be applied to servers delivering network services and applications. Dynamically allocate access requests over more resources when the demand goes up, and reduce them again when demand falls. This ensures that response times are optimal throughout periods with fluctuating requirements.
The checkout analogy can be extended to highlight how a load balancer also deals with a server problem. Imagine a supermarket customer unloading their shopping at a checkout and then dropping a bottle of tomato ketchup. The checkout will need to be closed, and shoppers will be routed to the remaining ones until the spillage is cleaned up, and the checkout brought back online. Similarly, if a server or service is not available, the load balancers will redirect client traffic to other available resources. Also, any new servers that are added to the server pool will be available immediately to serve client requests via the load balancers. Just like adding additional checkouts.
This is the primary function of load balancers in helping to deliver an excellent application experience to end-users. However, modern load balancers provide additional functionality and configuration options beyond this.
Load Balancing the Modern Application Experience
Applications are very diverse in their nature and their functions. So it makes sense to load balance them using different methods that suit them better. Load balancers can make application routing decisions at various levels of the OSI stack based on the traffic type. For example, at layer 3/4 of the network stack load balancing is performed based on network protocols such as IP, TCP, UDP, and FTP. For many situations, this is fine, and the load balancing algorithms function perfectly.
Some applications are more complex and need the traffic to be routed to dedicated servers to handle their needs. For example, playing high-quality video streams is best handled by servers that are optimized for this task. The load balancer supports this type of specific load balancing by enabling packet inspection and traffic analysis at the application layer 7 of the OSI stack. Decisions on request and network packet routing can be made based on the type of application traffic flowing over the network.
All traffic traversing the internet, and indeed private networks, should be encrypted. Preferably using the latest TLS 1.3 or later specification. The load balancer should fully support TLS 1.3 (and earlier versions but you should try to migrate to the newest specification ASAP) and also support TLS offloading (also known as SSL offloading for historical reasons). This offloading allows the load balancer to decrypt network packets so that their contents can be inspected. This has two benefits: firstly, it will enable the layer 7 load balancing outlined above to be performed even when the traffic is securely encrypted. Secondly, it allows for any malicious or suspicious payloads in encrypted network packets to be blocked before they reach the application servers. This protection works in conjunction with Kemp’s Edge Security Pack (ESP) authentication solution and Web Application Firewall (WAF) to provide another layer of security on the network. This extra security enhances rather than replaces other security infrastructure such as border firewalls and intrusion detection systems.
Unfortunately, many organizations find themselves the target of DDoS attacks against their websites and web applications. These are not just targeted at the big well-known brands and their sites, but increasingly at medium and small businesses that would not imagine they would be a target for attack by cybercriminals. Modern IT infrastructure strategies need to include protection against downtime caused by DDoS attacks in their planning. Load balancing is crucial for this. Especially when the applications can be deployed over multiple cloud and private sites to provide resilience. If a DDoS attack targets a particular sites IP address, then the load balancers can redirect all access requests to other servers that are not overwhelmed by the attack. Allowing service delivery to continue as the DDoS is countered.
Hybrid Load Balancing
Modern applications are often conceived and deployed entirely in the cloud. But many applications have been in use for years that are delivered from private data centers. Many of these applications have evolved to have components both in the cloud and on-premise. Indeed some newly developed applications use this hybrid deployment model by design. For example, to have sensitive data stored on private servers, but have data that can be stored in the public cloud located there. Many organizations use this approach for their email. With some mailboxes in Microsoft 365 and others in-house on Exchange servers. With the email domain spanning across both.
Load balancers are ideal for delivering this hybrid-cloud model. They provide a unified point of entry and can route the requests to the appropriate locations. These locations can be spread across multiple public and private providers, and can also be spread across various geographic locations. Global server load balancing (GSLB) is a technology that can be used to load balance across the globe.
Load balancing is key to delivering the modern application experience we have come to rely on. A full featured advanced load balancing solution is essential for organizations of all sizes in order to provide the availability, scalability, resiliency, and security that the IT infrastructure needs.