What is layer 4 network load balancing and layer 7 application load balancing and which one is preferred one for SapphireIMS server

Before sharing SapphireIMS recommendations, it is important to understand the underlying concept of Layer 4 and 7 load balancing and I have briefly explained it below.

Layer 4 load balancer: Layer 4 load balancers operate at the Transport layer e.g. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Typically, the routing decisions at Layer 4 are based on source/ destination IP / Port without further packet inspection. A Layer 4 load balancer is not inspecting the message contents and unable to provide smarter application layer routing decisions and to apply optimizations and change the message content. They can make limited routing decisions by inspecting the first few packets in the TCP stream. The NATing will take place to change the destination IP/Port of LB to application IPPort. This type of configuration available in Microsoft Network load balancer(NLB), HA Proxy, Citrix Netscaler, etc.

Pros:

  1. Great for simple packet-level load balancing
  2. Fast and efficient doesn’t look at the data
  3. More secure as it can’t really look at your packets. So if it was compromised no one can look at the data.
  4. Doesn’t need to decrypt the content it merely forwards whatever content in it.
    Uses NAT
  5. One connection between client and server NATed so your load balancer can serve a maximum number of tcp connections = to (number of servers * max connections per server)

Cons:

  1. Can’t do smart load balancing based on the content, such as switch request based on the requested media type
  2. Has to be sticky as it is a stateful protocol (all segments) once a connection is established it goes to one server at the back-end. All packets flowing to this connection goes to one server. The next connection will pick another server based on the algorithm. It uses client source IP as affinity and doesn’t use load balancer or application cookies so if source IP changes in between user sessions, session will be lost.

Layer 7 load balancer: Layer 7 load balancing operates at the high‑level application layer, which deals with the actual content of each message. HTTP is the predominant Layer 7 protocol for website traffic on the Internet. Layer 7 load balancers route network traffic in a much more sophisticated way than Layer 4 load balancers, particularly applicable to TCP‑based traffic such as HTTP. A Layer 7 load balancer terminates the network traffic and reads the message within. It can make a load‑balancing decision based on the content of the message (the URL or cookie, for example). It then makes a new TCP connection to the selected upstream server such as SapphireIMS application server. Mostly all reverse proxies along with application load balancers operates at this layer. This type of configuration available in Nginx, HAProxy,Citrix Netscaler,etc.

Pros:

  1. Layer 7 load balancers route network traffic in a much more sophisticated way than Layer 4 load balancers, particularly applicable to TCP-based traffic such as HTTP.
  2. Application layer load balancer analyses the actual content of each messages.
    Which means it analyses the incoming header and take decisions based on content of header.
  3. Layer 7 load balancing enables the load balancer to make smarter load-balancing decisions, and to apply optimizations and changes to the content (such as compression and encryption).
  4. It uses buffering to offload slow connections from the upstream servers, which improves performance
  5. It ca n use load balancer or application cookies

Cons:

  1. Expensive as traffic decryption is involved and CPU usage will be high on layer 7 load balancer
  2. Slow performance compared to layer-4 LB
  3. in terms of security, you have to share your certificate with the load balancers. If an attacker gets access to the load balancer, they automatically have access to all your data.
  4. Its proxy creates multiple connections—client to proxy/proxy to server—so you are bounded by the max TCP connection on your load balancer.

Which one is preferable to use with SapphireIMS server: Considering pros and cons of both layer-4 LB(network load baalncer) and layer-7 LB(application load balancer), we need to wieght it depending on back-end server needs and with this in mind, SapphireIMS suggest to use Layer-7 load balancing considering the application cookie it uses for session management. However, you can still use layer-4 load balancer with source affinity but it has limitation when source IP gets changed in the middle of session.

1 Like