The difference between four-layer and seven-layer load balancing-turn

Reprint http://hi.baidu.com/aking_roc/item/3f62cb0f57b49736a3332a9e

Load balancer devices are also often referred to as "four to seven layer switches", so what is the difference between the four and seven tiers?

First, the technical principle of the difference.

The so-called four-layer load balancing , that is, mainly through the message of the destination address and port, coupled with the load Balancer device settings of the server selection method, determine the final choice of internal server.

In the case of common TCP, the load balancer device, when it receives the first SYN request from the client, chooses the best server in the above way and modifies the destination IP address in the message (instead of the backend server IP) and forwards it directly to the server. TCP connection is established, that is, the three-time handshake is established directly between the client and the server, the load balancer device is just a router-like forwarding action. In some deployment situations, in order to ensure that the server back-up can be correctly returned to the load balancer device, while forwarding the message may also be the original source address of the message to modify.

the Called seven-layer load balancing , also known as "content Exchange", that is, mainly through the message of the real meaningful application layer content, coupled with the load Balancer device settings of the server selection method, determine the final choice of internal server.

For example, in the case of TCP, the load balancing device can only accept the message of the real application layer content sent by the client after the server is selected by the actual application layer and then the client must establish a connection (three handshake), and then according to the specific fields in the message, Plus the server selection method of the Load Balancer device setting determines the final selected internal server. Load balancer device In this case, it is more like a proxy server. The load balancer and the front-end clients and the backend servers establish TCP connections separately. So from this point of view, the seven-layer load balancer is significantly more demanding for load balancing devices, and the ability to handle seven layers is bound to be lower than the four-tier mode deployment.

Second, the needs of the application scenario.

The benefit of seven-tier application load is to make the whole network more " intelligent ". For example, access to a Web site user traffic, you can pass the request of the picture class to a specific image server through seven layers, and can use the caching technology, the text class request can be forwarded to a specific word server and can use compression technology. Of course, this is only a small case of seven-tier application, from the technical principle, this way can be the client's request and the response of the server in any sense, greatly improved the application system in the network layer of flexibility. Many of the features deployed in the background, such as Nginx or Apache, can be moved forward to the load balancer device, such as header rewriting in customer requests, keyword filtering in server responses, or content insertion.

Another feature that is often referred to is security . The most common SYN flood attack in the network, that is, hackers control many source clients, using a false IP address to send SYN attacks to the same target, usually this kind of attack will send a large number of SYN packets, exhausted the relevant resources on the server to achieve denial of Service( DoS) The purpose. It can also be seen from the technical principle that these SYN attacks are forwarded to the backend server in the four-layer mode, whereas in the seven-tier mode these SYN attacks are naturally cut off on the load-balanced device without affecting the normal operation of the backend servers. In addition, the load Balancer device can set up various strategies at seven layers, filter specific messages, such as SQL injection and other application-level attack methods, and further improve the overall security of the system from the application level.

Now the 7-layer load balancing, mainly focus on the application of HTTP protocol , so its application is mainly a number of web sites or internal information platform, such as based on B/s development system. The 4-tier load balancer corresponds to other TCP applications, such as ERP systems based on C/s development.

Third, the seven-tier application needs to be considered.

1: Whether it is really necessary , seven-tier applications can indeed improve the flow of intelligence, but also must not avoid the complexity of equipment configuration, load balancing pressure, and troubleshooting problems. In the design of the system you need to consider the four-layer seven-layer simultaneous application of the mixed situation.

2: Is it really possible to improve security ? For example, a SYN flood attack, seven-tier mode does block these traffic from the server, but the load balancer device itself has a strong anti-DDoS capability, or even if the server is functioning as a central dispatch load Balancer device failure can cause the entire application to crash.

3: whether there is sufficient flexibility . The advantage of seven-tier applications is that the flow of the entire application can be intelligent, but the load balancing device needs to provide a complete seven-tier capability to meet the customer's application-based scheduling according to different situations. One of the simplest tests is the ability to replace the scheduler on a server such as a background nginx or Apache. A load balancing device capable of providing a seven-tier application development interface that allows the customer to arbitrarily set functions based on demand, is truly likely to provide great flexibility and intelligence.

The difference between four-layer and seven-layer load balancing-turn