> How to choose between hardware and software load balancer (cont'd)
2. Layer 3/4 load balancing
Obviously, the best performance can be reached by adding the
lowest overhead, which means processing the packets at the
network level. For this reason, network-based load balancers can
reach very high bandwidths when it comes to layer-3 load
balancing (eg: direct routing with a hashing algorithm). As
layer-3 is almost always not enough, a network load balancer has
consider layer-4. Most of the cost lies in the session setup and
tear down, which can still be performed at very high rates
because they are a cheap operations. More complex operations
such as address translation require more processing power to
recompute checksums and look up tables. Everywhere we see
hardware acceleration providing performance boosts, and load
balancing is no exception. A dedicated ASIC can route network
packets at wire speed, set up and tear down sessions at very
high rates without the overhead imposed by a general purpose
operating system.
Conversely, using a software proxy for layer-4 processing leads
to very limited performance, because for simple tasks that could
be performed at the packet level, the system has to decode
packets, decapsulate layers to find the data, allocate buffer
memory to queue them, pass them to the process, establish
connections to remote servers, manage system ressources,
etc... For this reason, a proxy-based layer-4 load balancer will
be 5 to 10 times slower than its network-based counterpart on
the same hardware.
Memory is also a limited resource : the network-based load
balancer needs memory to store in-flight packets, and sessions
(which basically are addresses, protocols, ports and a few
parameters, which globally require a few hundreds of bytes per
session). The proxy-based load balancer needs buffers to
communicate with the system. Per-session system buffers are
measured in kilobytes, which implies practical limits around a
few tens of thousands of active sessions.
Network-based load balancers also permit a lot of useful
fantasies such as virtual MAC addresses, mapping to entire hosts
or networks, etc... which are not possible in standard proxies
relying on general purpose operating systems.
One note on reliability though. Network-based load balancers can
do nasty things such as forwarding invalid packets just as they
received them, or confuse sessions (especially when doing
NAT). We talked earlier about the ACK storms which sometimes
happen when doing NAT with too low session timeouts. They are
caused by too early re-use of recently terminated sessions, and
cause network saturation between one given user and a
server. This cannot happen on proxies because they rely on
standards-compliant TCP stacks offered by the OS, and they
completely cut the session between the client and the server.
Overall, a well tuned network-based load balancer generally
provides the best layer-3/4 solution in terms of performance and
features.
<<<
[ 7/10 ]
>>>
