A server Load balancer device is also called a "layer-4 to layer-7 switch". What is the difference between layer-4 and layer-7?
First, differences in technical principles.
Layer-4 Server Load balancer determines the final internal server through the destination address and port in the message, and the server selection method set by the Server Load balancer device.
Take the common TCP as an example. When the Server Load balancer device receives the first SYN request from the client, it selects an optimal server using the preceding method, modify the target IP address (changed to the backend server IP address) in the message and forward the IP address to the server.
The TCP connection is established, that is, the three-way handshake is directly established between the client and the server. The Server Load balancer device only acts as a forwarding action similar to the router. In some deployment scenarios, to ensure that the server return packet can be correctly returned to the Server Load balancer device, the original source address of the packet may be modified while forwarding packets.
The so-called layer-7 load balancing, also known as "content exchange", is mainly through the truly meaningful application layer content in the message, coupled with the server selection method set by the Server Load balancer device, decide the final internal server.
Take the common TCP as an example. If the Server Load balancer device needs to select a server based on the actual application layer content, it can only establish a connection (three-way handshake) between the final server and the client, it is possible to receive the messages sent from the client to the real application layer, and then decide the final internal server based on the specific fields in the message and the server selection method set by the Server Load balancer device. In this case, the Server Load balancer device is more similar to a proxy server.
Server Load balancer and front-end clients and backend servers establish TCP connections respectively. Therefore, from the perspective of this technical principle, layer-7 Server Load balancer obviously has higher requirements on Server Load balancer equipment, and its processing capability will inevitably be lower than the layer-4 deployment mode. So why is layer-7 Server Load balancer still required?
2. Application Scenario requirements.
The benefit of layer-7 Application load is to make the entire network more "intelligent". Refer to our previous article dedicated to HTTP application optimization, you can basically understand the advantages of this method. For example, the user traffic accessing a website can be forwarded to a specific image server in a layer-7 manner and the cache technology can be used;
You can forward text requests to a specific text server and use the compression technology. Of course, this is only a small case of a layer-7 application. In terms of technical principle, this method can be used to modify client requests and server responses in any sense, this greatly improves the flexibility of the application system at the network layer. Many functions deployed on the backend (such as Nginx or Apache) can be moved to the Server Load balancer device, such as Header rewriting in customer requests, keyword filtering in server responses, and content insertion.
Another feature that is often mentioned is security. The most common SYN Flood attack in the network, that is, hackers control many source clients and use fake IP addresses to send SYN attacks to the same target. Generally, such attacks send a large number of SYN packets, use up relevant resources on the server to achieve the purpose of Denial of Service (DoS.
From the technical principle, we can also see that in layer-4 mode, these SYN attacks will be forwarded to the backend servers. In layer-7 mode, these SYN attacks will naturally end on the server Load balancer device, it does not affect the normal operation of backend servers.
In addition, the Server Load balancer device can set multiple policies at the Layer 7 to filter specific packets, such as SQL Injection and other specific attack methods at the application layer, to further improve the overall system security at the application level.
Currently, layer-7 Server Load balancer mainly focuses on a wide range of HTTP protocols. Therefore, it is mainly applied to a large number of websites, internal information platforms, and other systems developed based on B/S. Layer-4 Server Load balancer corresponds to other TCP applications, such as C/S-based ERP and other systems.
Third, problems to be considered for layer-7 applications.
1: whether it is really necessary. layer-7 applications can indeed improve traffic intelligence. At the same time, they will inevitably lead to problems such as complicated device configurations, increased load balancing pressure, and complexity in troubleshooting. When designing a system, you must consider the hybrid situation of layer-4 and layer-7 applications.
2: whether it can improve security.
For example, for SYN Flood attacks, the layer-7 mode does block these traffic from the server, but the Server Load balancer device must have powerful anti-DDoS capabilities, otherwise, even if the server is normal and the Server Load balancer device as the central scheduling fails, the entire application will crash.
3: Is there sufficient flexibility.
The advantage of a layer-7 application is that it can make the traffic of the entire application intelligent, but the Server Load balancer device must provide a comprehensive layer-7 function to meet the customer's application-based scheduling requirements based on different situations.
The simplest assessment is to replace the scheduling functions on backend servers such as Nginx or Apache. The server Load balancer device provides a layer-7 Application development interface that allows you to set features as needed. This makes it possible to provide powerful flexibility and intelligence.