> How to choose between hardware and software load balancer (cont'd)
That said, it is very hard to process layer-7 at the packet
level. Sometimes, contents will be mis-identified, and requests
will be sent to a wrong server, and sometimes a response will
not be processed before being returned to the user. In fact, the
full-featured load balancers often involve local proxies to
perform the most complicated actions. Some switch-based load
balancers transfer part the layer-7 processing to the management
processor which is often very small, and others have dedicated
processors for this, but generally they are not as powerful as
what can be found in latest server hardware. Also, as a side
effect, they are hit by the memory consumption caused by
buffering.
Generally, they don't announce how many simultaneous sessions
they can process in layer-7, or they tend to claim that this has
no impact, which is obviously wrong : for a load balancer to be
compatible with the Apache web server, it would have to support
8 kB per request, which means keeping up to 8 kB of data per
established session at one moment. Supporting 4 millions of
simultaneous sessions at 8 kB each would required 32 GB of RAM
which they generally don't have. Tests must then be performed by
the customer to detect the load balancer's behaviour in corner
cases, because easy denials of services are commonly found.
Conversely, the proxy-based load balancer sees nearly no
overhead in layer-7 processing, because all problems listed
above are naturally solved by the underlying operating
system. The load balancer only has to focus on content and
perform the right actions. Most often, they will also provide
very detailed logs at no extra cost, which will not only offload
the servers, but also provide vital data for capacity planning.
Last, layer-7 is something which evolves very fast, due to new
persistence methods or content analysis required by constantly
evolving application software. While software updates are very
easy to provide for an editor, and to install for the customer,
complete image updates for hardware load balancers require a
higher level of validation and it is very difficult for their
editors to offer the same level of reactivity.
4. The best combination, for those who can afford it
The best combination is to use a first level of network-based
load balancers (possibly hardware-accelerated) to perform
layer-4 balancing between both SSL reverse proxies and a second
level of proxy-based layer-7 load balancers. First, the checks
performed by the layer-4 load balancer on the layer-7 load
balancers will always be more reliable than the self-analysis
performed by proxies. Second, this provides the best overall
scalability because when the proxies will saturate, it will
always be possible to add more, till the layer-4 load balancer
saturates in turn. At this stage, we are talking about filling
multi-gigabit pipes. It will then be time to use DNS round robin
techniques described above to present multiple layer-4 load
balancers, preferably spread over multiple sites.
<<<
[ 9/10 ]
>>>
