Download (direct link):
If the active unit fails, the standby unit detects the failure and takes over immediately. Many load-balancer products can detect a failure in less than a second and act immediately. In the takeover process, the standby unit broadcasts ARP advertisements that it now owns the VIP and the associated MAC address (called gratuitous ARP). This causes the Layer 2 switch and the router in Figure 4.5 to immediately recognize that the VIP and the associated MAC address are now on a different interface port connecting to the standby unit. The servers will see no difference, since they are connected through the Layer 2 switch to the load balancers.
If the load balancer is also functioning as a router, the servers are pointing to the gateway IP address defined on the load balancer as the default gateway. When the standby unit takes over, it must also take over the gateway IP address to ensure servers are able to access the default gateway IP address. If the load balancer is functioning as a Layer 2 switch, not as a router, the servers point to the router on the top as the default gateway.
The configuration on the active and standby units must be exactly the same except for the management IP address and the configuration parameters that deal with active and standby specification, such as the port that’s connected to the standby unit. Some load-balancing products provide the ability to synchronize any configuration changes from active to standby automatically. This will help ensure that the VIP and the server bindings stay consistent between the active and the standby units.
When the standby unit takes over, it must have complete knowledge of server health conditions in order to quickly start distributing the load. Therefore, the standby unit may continue to perform health checks in the background and remain ready for takeover. When the standby takes over, it will have no knowledge of any existing sessions. This will break all existing connections. To avoid this, the load balancers must perform
stateful failover, covered later in the section “Stateful Failover” on page 96.
There can be a variety of conditions under which it makes sense for the standby load balancer to take over. The obvious case is one in which the active unit fails. If the link between the router and the active load ba lancer fails, the active load balancer can no longer service the VIP and therefore should fail over to the standby. Similarly, if the load balancer loses the connectivity to the Layer 2 switch in Figure 4.5, the load balancer cannot communicate with servers and should fail over to the standby unit. In summary, in order for the active unit to function successfully, it must be healthy and have connectivity to the router above and the servers below.
Because the servers are connected through a Layer 2 switch that, in turn, connects to the active and standby load-balancing units, the servers can be accessed by the active or the standby unit. While we addressed high availability for the load balancer, we still have a single point of failure with the router and the Layer 2 switch. If the router fails, we lose complete Internet connectivity. If the Layer 2 switch fails, the load balancers lose access to all the servers. We will address this issue later in this chapter. First, let’s discuss how active-active configuration works.
While we are able to get high availability with the active-standby configuration, the standby unit remains idle until the active unit fails. In active-active configuration, both the load balancers work simultaneously while backing up one another. This allows us to get much higher load-balancing performance because both the units work at the same time. If one load balancer fails, the other does double duty by doing the work of the failed load balancer as well.
Whether the load balancer supports active-active mode and how exactly it works varies from one product to another. There are two different flavors of active-active mode. One approach involves using multiple VIPs. The example in Figure 4.6 shows two VIPs: VIP1 and VIP2. VIP1 is active, while VIP2 is in standby on load balancer 1. VIP2 is active and VIP1 is in standby on load balancer 2. If load balancer 1 fails, load balancer 2 takes over VIP1, just as in the active-standby scenario, and services both VIP1 and VIP2. If load balancer 2 fails, load balancer 1 takes over VIP2 and services both VIPs. Now, we must find a way to have the client requests be distributed among the two VIPs and thus across both load balancers. We can use Domain Name System (DNS) that resolves the Web domain name to an IP address to perform a round-robin between VIP1 and VIP2 so that we receive traffic to both the VIPs. Another approach is to use different applications with each VIP. For example, we can use VIP1 for HTTP servers and VIP2 for FTP servers to divide the load between the load balancers.
Figure 4.6: How Active-Active works.