A hardware load-balancing device (HLD), also known as a layer 4-7 router, is a physical unit that directs computers to individual servers in a network, based on factors such as server processor utilization, the number of connections to a server, or the overall server performance
In networking, load balancing is a technique to distribute workload evenly across two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload. Using multiple components with load balancing, instead of a single component, may increase reliability through redundancy. The load balancing service is usually provided by a dedicated program or hardware device.
Load balancer features
Hardware and software load balancers can come with a variety of special features.
- Asymmetric load: A ratio can be manually assigned to cause some backend servers to get a greater share of the workload than others. This is sometimes used as a crude way to account for some servers being faster than others.
- Priority activation: When the number of available servers drops below a certain number, or load gets too high, standby servers can be brought online
- SSL Offload and Acceleration: SSL applications can be a heavy burden on the resources of a Web Server, especially on the CPU and the end users may see a slow response (or at the very least the servers are spending a lot of cycles doing things they weren’t designed to do). To resolve these kinds of issues, a Load Balancer capable of handling SSL Offloading in specialized hardware may be used. When Load Balancers are taking the SSL connections, the burden on the Web Servers is reduced and performance will not degrade for the end users.
- Distributed Denial of Service (DDoS) attack protection: load balancers can provide features such asÂ SYN cookies and delayed-binding (the back-end servers don’t see the client until it finishes its TCP handshake) to mitigateÂ SYN flood attacks and generally offload work from the servers to a more efficient platform.
- HTTP compression: reduces amount of data to be transferred for HTTP objects by utilizing gzip compression available in all modern web browsers
- TCP offload: different vendors use different terms for this, but the idea is that normally each HTTP request from each client is a different TCP connection. This feature utilizes HTTP/1.1 to consolidate multiple HTTP requests from multiple clients into a single TCP socket to the back-end servers.
- TCP buffering: the load balancer can buffer responses from the server and spoon-feed the data out to slow clients, allowing the server to move on to other tasks.
- Direct Server Return: an option for asymmetrical load distribution, where request and reply have different network paths.
- Health checking: the balancer will poll servers for application layer health and remove failed servers from the pool.
- HTTP caching: the load balancer can store static content so that some requests can be handled without contacting the web servers.
- Content Filtering: some load balancers can arbitrarily modify traffic on the way through.
- HTTP security: some load balancers can hide HTTP error pages, remove server identification headers from HTTP responses, and encrypt cookies so end users can’t manipulate them.
- Priority queuing: also known asÂ rate shaping, the ability to give different priority to different traffic.
- Content aware switching: most load balancers can send requests to different servers based on the URL being requested.
- Client authentication: authenticate users against a variety of authentication sources before allowing them access to a website.
- Programmatic traffic manipulation: at least one load balancer allows the use of a scripting language to allow custom load balancing methods, arbitrary traffic manipulations, and more.
- Firewall: direct connections to backend servers are prevented, for network security reasons
- Intrusion Prevention System: offer application layer security in addition to network/transport layer offered by firewall security.