Sunday, August 4, 2019

Layer 4 vs Layer 7 Load Balancing Pros and Cons


Load balancing is the process of balancing incoming requests to multiple machines, processes or services. In this video, we will explain two types of load balancers, layer 4 and layer 7. You can watch the video or read the summary below.







Layer 4 Load balancer (HAProxyNLB)

Forwards packets based on basic rules, it only knows IP and PORT and perhaps latency of the target service. That is what is available at Layer 4/3. This load balancer doesn't look at the content so it doesn't know the protocol whether its HTTP or not, it doesn't know the URL or the path or the resource you are consuming or whether you are using GET or POST.


Pros
  • Great for simple packet-level load balancing
  • Fast and efficient doesn’t look at the data
  • More secure as it can't really look at your packets. So if it was compromised no one can look at the data.
  • Doesn't need to decrypt the content it merely forwards whatever content in it. 
  • Uses NAT 
  • One connection between client and server NATed so your load balancer can serve a maximum number of tcp connections = to (number of servers * max connections per server) 
Cons
  • Can't do smart load balancing based on the content, such as switch request based on the requested media type
  • Can't do real microservices with this type
  • Has to be sticky as it is a stateful protocol (all segments) once a connection is established it goes to one server at the backend. All packets flowing to this connection goes to one server. The next connection will pick another server based on the algorithm. 



Layer 7 (Nginx , HAProxy) 


This type of proxy actually looks at the content and have more context, it knows you are visiting the /users resource so it may forward it to a different server. Essential and great for microservices, it knows the content is video:image and it can do compression. It can add its own headers so other proxies or load balancers can see that this has passed through a proxy. It can also cache, we can't really do caching on layer 4 because we have no clue whats in the packets. 

But this is expensive because it has to decrypt and look and compute.

Pros
  • Smart routing based on the URL (microservices) flexible 
  • Provide caching
Cons
  • Expensive need to decrypt
  • Security, you have to share your certificate with the load balancers. if an attacker compromised the load balancer they have access to all your data.
  • Proxy creates multiple connections (client to proxy/proxy to server) So you are bounded by the max TCP connection on your load balancer. Example if your load balancer supports 200 max TCP connections and you have 5 backend servers the load balancer servers each with 200 max connection. Your load balancer can only serve (concurrently) (200 - 5) clients. 5 connections are from the load balancer to each backend server and 195 available for clients. Where if that was a layer 4 load balancer you can server 200*5 connections.

With all those cons we almost have to use Layer 7 load balancer because the benefits outway the cons, especially that we don't have resources constraints. 




No comments:

Post a Comment

Share your thoughts