Integrating load balancers into the network

When using the HAProxy driver, load balancers are implemented in one-arm mode. In one-arm mode, the load balancer is not in the path of normal traffic to the pool members. The load balancer has a single interface for ingress and egress traffic to and from clients and pool members.

A logical diagram of a load balancer in one-arm mode can be seen here:

In the preceding diagram a load balancer is configured in one-arm mode and resides in the same subnet as the servers it is balancing traffic to.

Because a load balancer in one-arm mode is not the gateway for pool members it is sending traffic to, it must rely on the use of source NAT to ensure return traffic from the members to the client is sent back through the load balancer. An example of the traffic flow can be seen in the following diagram:

In the preceding diagram, the load balancer receives a request from the client and forwards it to web1. The load balancer will modify the source IP of the request to its own address, 192.168.200.12, before forwarding the request to the pool member. This ensures that the member sends the response back to the load balancer, which will then rewrite the destination IP as the client address. If the server were to send the response directly to the client, the client would reject the packet.

Neutron configures HAProxy to send an HTTP X-Forwarded-For header to the pool member, which allows the member to see the original client address. Without this header, all traffic will be identified as coming from the load balancer, which may skew application reporting data and persistence efforts.

Alternatives to one-arm mode include routed mode and transparent mode. In routed mode, the load balancer acts as a gateway between the client and pool member. The source addresses of packets do not need to be manipulated in most cases, as the load balancer servers as the gateway for pool members.

In transparent mode, the load balancer acts as a network bridge between two VLANs configured with the same subnet(s). Using this mode allows users to introduce a load balancer to the network with minimal disruption, as pool members do not need to change their gateway.

There is currently no way to change the way an HAProxy-based load balancer is integrated into the network. Some third-party drivers, however, may not be limited to one-arm mode and may function in any mode.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset