Home » Network Load Balancing: L4/L7, Health Check, Persistence, SSL Offload, GSLB และ ADC Architecture
Network Load Balancing: L4/L7, Health Check, Persistence, SSL Offload, GSLB และ ADC Architecture
Network Load Balancing: L4/L7, Health Check, Persistence, SSL Offload, GSLB และ ADC Architecture
Network Load Balancing กระจายการทำงานไปยัง servers หลายตัวเพื่อเพิ่ม performance และ availability L4 Load Balancing ทำงานที่ transport layer, L7 ทำงานที่ application layer, Health Check ตรวจสอบสถานะ server, Persistence รักษา session ไว้กับ server เดิม, SSL Offload ย้ายภาระ encryption ไปที่ load balancer, GSLB กระจาย load ข้ามภูมิภาค และ ADC เป็น advanced delivery controller
Load balancing เป็น พื้นฐานของทุก high-traffic application: Netflix, Google, Facebook ทุกแห่งใช้ load balancers หลายชั้น ถ้าไม่มี load balancer: server 1 ตัว = single point of failure + จำกัด capacity ด้วย load balancer: scale horizontally (เพิ่ม servers), zero downtime deployment (rolling update), fault tolerance (server ล่ม 1 ตัว ไม่กระทบ) Modern load balancers ทำได้มากกว่าแค่กระจาย load: WAF, rate limiting, caching, compression, SSL termination
L4 vs L7 Load Balancing
| Feature |
L4 (Transport) |
L7 (Application) |
| Layer |
TCP/UDP — ดู IP, port เท่านั้น |
HTTP/HTTPS — ดู URL, headers, cookies, content |
| Speed |
เร็วมาก — ไม่ต้อง inspect content |
ช้ากว่า L4 — ต้อง parse HTTP/application data |
| Routing Decision |
Based on: source IP, dest IP, port, protocol |
Based on: URL path, hostname, headers, cookies, content type |
| SSL |
Pass-through (ไม่ decrypt) |
Terminate/offload SSL → inspect content → re-encrypt if needed |
| Use Case |
TCP services (DB, mail, gaming), high throughput |
Web apps, API gateway, content-based routing, microservices |
| Example |
All traffic port 80 → round-robin to servers |
/api/* → API servers, /images/* → CDN, /app/* → app servers |
Load Balancing Algorithms
| Algorithm |
How |
Best For |
| Round Robin |
Sequential: server 1, 2, 3, 1, 2, 3… |
Equal-capacity servers, stateless applications |
| Weighted Round Robin |
Proportional: server 1 (weight 3), server 2 (weight 1) = 75%/25% |
Mixed-capacity servers (big server gets more traffic) |
| Least Connections |
Send to server with fewest active connections |
Varying request duration (long/short requests mixed) |
| IP Hash |
Hash source IP → always same server |
Simple persistence without cookies/sessions |
| Least Response Time |
Send to server with fastest response + fewest connections |
Performance-sensitive apps — best user experience |
| Random |
Random server selection |
Large server pools — statistically even distribution |
Health Checks
| Level |
Check |
Detects |
| L3 (ICMP) |
Ping server |
Server down/unreachable — but app might be broken while server responds to ping |
| L4 (TCP) |
TCP connect to port |
Service port not listening — better than ICMP, but app might return errors |
| L7 (HTTP) |
HTTP GET /health → expect 200 OK |
Application-level health — DB connected, dependencies healthy |
| Custom Script |
Run custom health check logic |
Complex checks: queue depth, memory, disk, external dependency |
| Passive |
Monitor real traffic responses (5xx errors) |
Detect degradation without extra probe traffic |
Session Persistence
| Method |
How |
Tradeoff |
| Source IP |
Hash client IP → always same server |
Simple but NAT/proxy makes many users share IP → uneven distribution |
| Cookie (Insert) |
LB inserts cookie with server ID → client sends cookie back |
Most reliable — works with NAT, proxy, mobile IP changes |
| Cookie (Rewrite) |
LB rewrites existing app cookie to encode server info |
No extra cookie — but modifies application cookie |
| SSL Session ID |
Same SSL session → same server |
Only works for HTTPS, session ID can change |
| URL Rewrite |
Encode server ID in URL parameter |
Works without cookies — but pollutes URLs |
GSLB (Global Server Load Balancing)
| Feature |
Detail |
| What |
DNS-based load balancing across multiple data centers/regions |
| How |
Client queries DNS → GSLB returns IP of best/closest data center based on health, proximity, load |
| Health |
Monitor each DC’s health → remove failed DC from DNS responses automatically |
| Proximity |
GeoIP: return closest DC to client → reduce latency |
| Active-Active |
Both DCs serve traffic simultaneously → distribute globally |
| Active-Passive |
Primary DC handles all traffic → failover to secondary DC if primary fails |
| Providers |
F5 BIG-IP DNS, Citrix ADC, AWS Route 53, Cloudflare, NS1 |
ทิ้งท้าย: Load Balancing = Foundation of Scalable Architecture
Network Load Balancing L4 vs L7: L4 = fast (IP/port), L7 = smart (URL/headers/cookies) — most web apps need L7 Algorithms: round robin (simple), least connections (varying load), least response time (best UX), IP hash (persistence) Health Checks: ICMP (basic) → TCP (service) → HTTP /health (app-level) → passive (real traffic) — always use L7 checks Persistence: cookie insert (best), source IP (simple), SSL session ID — needed for stateful apps GSLB: DNS-based cross-DC balancing — health monitoring, GeoIP proximity, active-active/passive failover SSL Offload: terminate SSL at LB → inspect/route → re-encrypt to backend — reduces server CPU, centralizes certs Key: load balancing enables horizontal scaling, zero-downtime deployments, and fault tolerance — essential for any production app
อ่านเพิ่มเติมเกี่ยวกับ Network High Availability HSRP VRRP GLBP Redundancy และ DDoS Protection Mitigation Scrubbing Center CDN ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
