Download (direct link):
The Load Balancer as a Layer 2 Switch versus a Router
The fundamental operation of a switch is to receive packets on an ingress port, determine the output interface, and send the packet out on the egress port. How a switch determines the output interface for a packet depends on the switch type.
A Layer 2 Ethernet switch uses the MAC address available in the data link layer of a packet (Layer 2 is shown in the OSI model in Figure 1.1) to determine the output interface port for a packet. A Layer 3 switch, also known as a router, uses the network layer information (Layer 3 is shown in the OSI model in Figure 1.1) to determine the output interface port of a packet. When using Internet Protocol (IP), a Layer 3 switch uses the IP address information in the packet to determine the output interface for the packet.
Clients and servers, commonly referred to as hosts, point to a router as a default gateway, whose IP address is provided by the network administrator. When a host needs to send a packet to an IP address that’s not in the same subnet as itself, the host sends the packet to its default gateway. The default gateway router uses a routing protocol to determine where to send the packet based on the IP address information.
The load balancer operates at Layer 4 or above, depending on the features we utilize, as discussed in Chapter
3. When the load balancer receives a packet, the packet has the VIP as the destination IP address and the load balancer’s MAC address as the destination MAC address. The load balancer looks at information at Layer 4 and above in the packet to determine the type of load-balancing function to perform. By using the information in the packets along with server health checks and server load conditions, the load balancer determines a destination real server for this request. The load balancer modifies the necessary fields in the packet, such as the destination IP address and TCP or UDP port numbers. Once the packet is modified, the load balancer must determine the output interface and forward the packet. The load balancer may forward the packet as if it is a Layer 2 switch or a router, depending on how it’s configured.
The load balancer provides switching at Layer 4 and above to only those packets with VIP as the destination IP address and associated server reply traffic. All the other packets are switched at Layer 2 or Layer 3, depending on whether the load balancer is acting as a Layer 2 switch or a router.
Figure 4.1 shows the packet flow and the IP addressing for a load balancer that does not perform Layer 3 routing. The default gateway for the servers and the load balancer is set to the router on the top. The servers are in the same subnet, and therefore can communicate with each other through the load balancer without having to involve the router. It’s important to notice in the packet flow that the client reply packets from
Chapter 4: Network Design with Load Balancers
servers have the destination MAC address set to M1, the MAC address of the router. But the servers have public IP addresses, which is not generally desirable because we are not conserving IP address space. This also does not prevent someone from accessing servers directly, unless there are appropriate access-control policies enforced on the load balancer or the router. We can use private IP addresses for servers, but we now have two different subnets connected to the same router interface. The load balancer with the public VIP is in one subnet and the servers with private IP addresses are in another subnet. We need to define two IP addresses on the router interface connected to the load balancer: one IP address in the subnet of the VIP and another in the subnet of the servers. Some load-balancing products can provide features that avoid the need to define multiple IP addresses on the router interface.
Figure 4.1: Load balancer without routing.
Figure 4.2 shows the packet flow and the IP addressing for the same configuration as shown in Figure 4.1, but the default gateway for servers is set to an IP address on the load balancer. The load balancer acts as a router to forward the packets appropriately. The default gateway IP address is set to 10.10.10.1, referred to as gateway IP, as defined on the load-balancer interface ports that connect to the servers. The exact terminology varies from one vendor to another, but this text uses the term gateway IP to clearly indicate that this IP address is used as the default gateway for the servers.
VIP 141.149 65.3 MAC = M2 Gateway IP —10.10.10.1
Source IP DestIP Source MAC Dest MAC
1 188 1 1 100 141 149 651 i Ml M2
2 188 1 1 100 10 10 10 20 M2 M4
3 10 101020 188 1,1,100 M4 M2
4 141.149.65.: 220.127.116.11 M2 Ml
Detaull gateway tor servers is set to the load balancer's IP address— 10 10 10.1.
RS1 10 10 10 10 MAC-M3
RS2 10 10 1020 MAC-M4
Figure 4.2: Load balancer acting as a router.