Got it
Huawei Enterprise Support Community
Community Forums Security
Server load balancing - 2

Server load balancing - 2

Latest reply: Nov 17, 2021 13:59:37 383 4 3 0 0
View the author 1#

Overview

Principle of operation

Balancing algorithms

Configuration

Client traffic with the server load balancer is processed as follows:

  1. The client connects to the virtual server address. This address belongs to the firewall.

  2. The firewall accepts the connection from the client and realizes that this connection is not addressed to itself, but to a group of servers.

  3. The firewall selects one of the real servers to transfer traffic from the client.

  4. Client traffic is sent to the real server.

 

Important notes:

  1. Traffic is processed by flows (sessions) - related portions of transmitted information. If the client sent information for the first time, a new session record is created for the selected traffic route. Subsequently, traffic from this client to this virtual server will be sent along the same route until its session expires (if it does not transmit anything for a long time). Expired sessions are deleted.

  2. For HTTP(S) and FTP servers there are additional functions associated with deep analysis of the content of these protocols.

  3. The address of the virtual server must refer specifically to the virtual server. It should not be the address of a real server or other device, and should not be used for static address translation (NAT).

  4. The addresses of real servers must be different from the virtual server address, gateway address and firewall interface address.


SLB routing

 

Consider an example. The client with the address 192.168.0.10 connects to the server with the address 192.168.200.1. The firewall that this traffic came to chooses a real server with the address 192.168.100.2 to work with this client. It changes the destination address in the packet from the user from 192.168.200.1 to 192.168.100.2 and sends the packet to the real server. When a response is received from the server, the firewall will change the sender's address in it from 192.168.100.2 to 192.168.200.1.


Additional features for HTTP and FTP protocols

When working with an FTP server, several connections are created - to control the transfer and the file transfer itself. It is important that these connections end up on the same server, otherwise errors are possible. To handle such situations, the firewall creates dynamic bindings for FTP servers after passing the first packet from the client. That is, after the client has created the first connection, the firewall can understand that subsequent connections to the same virtual server via FTP (with different port numbers) need to be redirected to the same real server as the first one. The Application Specific Packet Filtering (ASPF) module is used for this in-depth packet analysis. It can influence the choice of routes from clients to the Internet and to balanced servers.

From the HTTP protocol, we can use additional information to select a group of real servers - URL, Referrer, Host and Cookie. These are the HTTP header fields. Moreover, we can do an even more grandiose thing - force the firewall to decrypt HTTPS traffic between the client and the virtual web server, and send HTTP requests to real servers, which will reduce the load on them and allow the firewall to parse HTTP headers.

Hcip SecuritySLBServer Load Balancing

Like (3) Dislike (0) Favorite(0) Share Report
Previous: Server load balancing - 1
Next: Server load balancing - 3
(1) (0)
2#
IndianKid
Moderator Author Created Jan 9, 2021 17:55:56

nice
View more
  • x
  • convention:

IndianKid
IndianKid Created Jan 9, 2021 17:56:06 (0) (0)
good info  
(0) (0)
3#
albertsilva
Created Jan 10, 2021 20:09:20

thanks for sharing
View more
  • x
  • convention:
(0) (0)
4#
adrian_alucard
Moderator Created Nov 17, 2021 13:59:37

Great post. Thank you for sharing
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.