Load Balancers

deanwebb · March 13, 2018, 07:46:56 AM

OK, folks... what are load balancers good for? What do load balancers break?

For example, providing a common IP for devices that send information to a cluster of servers that share information efficiently. That works.

If you want a persistent 1:1 communication between endpoints on either side of the load balancer, you want that traffic to bypass the load balancer, because not every server behind the VIP has an open SSH session with your client... $:-\$

What are some other examples or war stories involving load balancers?

SimonV · March 13, 2018, 10:19:14 AM

Quote from: deanwebb on March 13, 2018, 07:46:56 AMIf you want a persistent 1:1 communication between endpoints on either side of the load balancer, you want that traffic to bypass the load balancer, because not every server behind the VIP has an open SSH session with your client... $:-\$

Not if you enable persistence

War stories, don't get me started...

icecream-guy · March 13, 2018, 11:00:55 AM

Wha?

we need architecture,

are the load balancers in front of the firewalls?
or the load balancers behind the firewalls?
or is it a mix (ugh)

I agree with SimonV, don't get me started.

unluckily, I only had to work with Cisco ACE-20/30's

deanwebb · March 13, 2018, 11:27:29 AM

NO, I WILL GET YOU STARTED!

And to Ristau's point, the load balancers can be in front and can be behind the firewalls, this is where we can discuss the architecture and crazy stuff we've seen.

Otanx · March 13, 2018, 03:53:21 PM

I have worked with F5s, A10s, mod, and ha. I prefer either mod_proxy or ha_proxy as they seem to integrate into workflows better. F5 and A10 both have their API calls, and you can automate all the things, but you still have to build a bunch of processes around patching, management, etc. Where mod and ha both fall into the normal patching/management processes the Linux guys are already doing.

-Otanx

deanwebb · March 13, 2018, 05:31:09 PM

So what's mod and ha? Not having spent much time near Linux guys, I have to ask...

Otanx · March 14, 2018, 10:08:33 AM

mod_proxy is just the Apache web service doing proxy duties. Because it is built on Apache it can do a ton of http/https tricks, and is pretty powerful for web load balancing. I understand it isn't as great at non-web stuff, but I have only ever used it for 80/443. The biggest benefit is it is just Apahce, and if you are using Apache for web hosting you are not learning a new product. The HAProxy solution is it's own service that just does load balancing. It is arguably faster and better than mod, but it is another service you need to learn. HAProxy is what the big web guys use. Reddit, github, stackoverflow, etc.

The benefit to either is if you already have a large linux install base then you probably already have management tools in place. Stuff like Ansible, Chef, Puppet, whatever to manage the systems, and configurations. I am not saying A10/F5 or whoever can't be integrated, but there is a longer learning curve there.

-Otanx

deanwebb · March 14, 2018, 02:29:36 PM

So would ha be usable for application load balancing, such as email or SAP?

Otanx · March 15, 2018, 02:50:27 PM

Yep, it can load balance a lot of stuff. There are of course caveats depending on the underlying protocol, but at minimum it can do a double NAT at the IP level. You can find a lot of good write ups on the haproxy website - http://www.haproxy.org/they-use-it.html

I can't verify at work, but I think it was the last entry on that page that had a good writeup on a three tier app with ha between each tier.

-Otanx

icecream-guy · March 16, 2018, 06:35:20 AM

Good news,

I think I've lost my Cisco Load Balancer knowledge, I can't think of 1 good horror story, other then them being Cisco ACE-20/ACE-30 load balancers and their fully featured (sic) capabilities.