Software Load Balancer - Forward or Redirect to the backend servers?

Question

I am a web developer, recently a need has been created to use Load Balancer. I am new in this area. I have chosen which LB to use, its not like it matters so much, HAProxy has all the features needed for as far as I've researched.

My concern is that, with software based load balancer, It does not "redirect" user to the backend server, the loadbalancer stays in the middle, so all the traffic bandwith and tcp connections, will stay in the middle. Did I get it right?

If yes for the question before, then how can I make a solution so the load balancer will not stay in the middle with Client - Backend server?

Also, I need a "source" lb type, because webapp uses session, and I need users to connect to the same servers they've been using.

Thank you in advance.

Why do you not want the proxy to stay part of the connection? — Drifter104, Jul 15 '16 at 08:41
yes a load balancer is a man in the middle, perhaps you could say what is the technical issue you are perceiving with this? - since you mentioned server sessions perhaps you are interested in sticky sessions? (http://serverfault.com/questions/611578/haproxy-with-ssl-and-sticky-sessions ). a load balancer is a network device and there are many different platforms and features, so they are not 'all the same' — Sum1sAdmin, Jul 15 '16 at 08:44
@Drifter104, the problem is I actually transfer data with average size, maybe going in megabytes per user, and while having 10 backend servers, I dont want my bottle-neck to be load balancer, as it happened before, thats why im preparing this time. — Festim Cahani, Jul 15 '16 at 08:55
@Sum1sAdmin, I am using sticky sessions with HAProxy, I configured it to store cookie with (expire time:session), so that made me happy and is working perfectly, Only concern ATM is the man-in-the-middle problem and tcp/mb-transfer rate bottle neck in LB — Festim Cahani, Jul 15 '16 at 08:56
and here in lies the difference between a hardware load balancer and HAproxy, to really emulate a good load balancer you should have bonded nic's on the box running HAproxy, you prolly need to scale up the physical network if you suspect the LB will actually become a bottle neck — Sum1sAdmin, Jul 15 '16 at 09:01
@Sum1sAdmin so, are you saying that there is no possible way using a load balancer and not having to make him stay In The Middle? (instead of forwarding, just redirecting?) — Festim Cahani, Jul 15 '16 at 09:37
@FestimCahani - yes, in it's current configuration you are reducing physical bandwidth - you could look into DSR mode but there are trade offs with this too (no layer 7 functionality) — Sum1sAdmin, Jul 15 '16 at 09:54
--also without clustering the load balancer you are introducing a single point of failure — Sum1sAdmin, Jul 15 '16 at 09:56
here's a good run thru http://www.serverphorums.com/read.php?10,179563 — Sum1sAdmin, Jul 15 '16 at 10:04
@Sum1sAdmin Thank you for your informations sir, appreciate it. I have come to the point where I sort of know all what I can do, now I just have to chose which way I'm choosing. — Festim Cahani, Jul 15 '16 at 15:30

score 3 · Accepted Answer · answered Jul 15 '16 at 10:23

Not sure which way most of your traffic flows, if it's client -> server, or server -> client, but if it's the later, you might be interested in using (or checking out, at least) the Linux Virtual Server (LVS) which is

an advanced load balancing solution that can be used to build highly scalable and highly available network services, such as scalable web, cache, mail, ftp, media and VoIP services.

(Excerpt from the website).

To get the traffic of your backend servers directly, without "something in between" to the / your clients, use Direct Routing. You'll find more information in this link, but, to get an idea how this does look like:

Now you could say...well, this sounds nice and fancy in theory, but come on, the website reads "Latest Press News... Wednesday, August 8, 2012"...we're in 2016 now. Yes, you would be completely right then, besides that LVS is proven and rock solid...did I recommend to have a look at least?

The Wikimedia Foundation does use it, as many others do, and here is one last image showing the setup in 2010.

Yarik Dot · Answer 2 · 2016-07-15T09:50:43.657

In terms of software - haproxy is good, proven solution.

You have several ways how to achieve correct load balancing.

IP Hash balancing

Depending on your source IP, destination server will be calculated using hash of source ip. Therefore all requests from one IP will always reach the same server (unless it is down).

I use this option on projects, which can't use JWT.

Cookie markup

Webserver or load balancer returns one addional cookie that marks the server, which is supposed to process other requests comming from this user.

Share cookies across servers

I would personaly avoid this option as it gives you complexity to your infrastructure and you have to care about session storage.

JSON Web Tokens (session in cookies)

You don't care about sessions at all as it is stored in cookies. Therefore your servers don't can process every request no matter wheras it is server A or B. As for me - this is the best solution for big part of the web applications, but! There is a huge warning here as you have to understand what you do.

If yes for the question before, then how can I make a solution so the load balancer will not stay in the middle with Client - Backend server?

This is also possible, you can just simply use subdomains. If your user reaches www, it decides wheras user is redirected to s1.domain.tld or s2.domain.tld, ...

I have seen this solution several times in the past, but modern applications don't use this. It e.g. creates duplicate pages for indexing bots.

You can also get rid of your balancer and use ECMP on network level, but it is quite a bit more complex to configure. I would personaly stay with the load balancer.

Thank you for your response. I have already solved the Session, and users go to the same Session as they were before, unless session has expired. Now the problem is, the Man-In-The-Middle load balancer, I don't need it to stay in the middle, I want it to "REDIRECT" instead of "FORWARDING". Any tips for this solution? — Festim Cahani, Jul 15 '16 at 09:42
Updated the answer. As for me, it is bad solution unless you have tens of Gbps of traffic. — Yarik Dot, Jul 15 '16 at 09:43
If im understanding you correctly, if I dont do "redirect" then I will need tons of Gbps of traffic in my load balancer instead of my servers in backend? Right? — Festim Cahani, Jul 15 '16 at 09:48
Sorry to confuse you. Load balancer is ok. But if you have high traffic storage (such we have a server pushing 17Gbps), it is better to do a redirect and let user download file from it instead of adding one more layer of balancer. — Yarik Dot, Jul 15 '16 at 09:52

Software Load Balancer - Forward or Redirect to the backend servers?

2 Answers2

Linked