Sunday, April 11, 2021
Saturday, April 3, 2021
Load Balancing is Important
Load balancing is an important aspect of network mobility.
How is a network useful if you can't move around within it?
- Cellular networks lose their appeal if you drop connectivity every time you roam between towers
- Wi-Fi networks are designed to facilitate smaller-scale movements. Imagine if you had to sit still for your Wi-Fi to work
- Infrastructure upgrades: Firewalls, routers, switches constantly need to be bumped up to higher speeds, and feeds
- Preventing outages: Network "Maintenance Mode"
As computer networks get more complex - SDN is important for the orchestration of these changes or "movements". A distributed, off-box, dedicated management and control plane is essential to tracking "customers" in a scalable fashion - but load balancing is special here.
Most of our consumed services today leverage load balancers to "symmetrify" network traffic to accommodate nodes that do not support them. This can solve a lot of problems large enterprises have:
- Need to scale firewalls past 2?
- Need to scale firewalls in any public cloud?
- Imperfect link balancing with ECMP hashing?
- Want to prefer an ISP over another, but use both?
- HTTP Transforms
- TLS Quality Enforcement / Consolidated Stack
- "Diet" Acceleration, e.g. HTTP Compression
Stateless apps work perfectly without some form of load balancer/ingress controller but still benefit greatly from a discrete point to ingest data as well.
NSX Advanced Load Balancer Differentiating Points
- Enterprise (Web) Oriented - Some load balancing platforms, like Kemp Technologies and Loadbalancer.org focus on clear, common enterprise needs and executing as effectively as possible; instead of "boiling the ocean" with a more feature-complete platform. If this is you as a customer, you can expect significant cost and quality improvements due to this more narrow focus - but Service Providers and specialty customers may be turned off by this.
- This product is designed for self-service, with robust management plane multi-tenancy
- This is a VMware product, so Avi is diving head-first into providing high-quality Kubernetes support
- Offloaded Control Plane: So far, this is a big one for me personally. I'm continually amazed as to how much rich data can be extracted simply by offloading telemetry processing to a controller. Logging and Analytics do not impact data plane performance and have minimal impact on sizing/costs due to per Service Engine licensing
- Software-only Kitchen Sink: Few load balancing platforms can support all clouds, KVM, K8s, Cisco ACI, Mesosphere, Acropolis, and OpenStack with direct support. Usually, the best we can hope for with a KVM install is an ISO and a prayer. This is refreshing.
- Support for dynamic routing: The vast majority of load balancers on the market don't natively support this, and specific implementations like anycast or multi-site load balancing stand to benefit from this particular feature.
- Global Server Load Balancing (GSLB) allows an engineer to control which site traffic may route to with anycast DNS. This provides them the ability to perform application-level capacity management with multiple sites in one solution.
- Central Configuration Management, all locations, all the time.
- Configure BGP once
- Configure routes once
- Configure vIPs once
- Configure hardening (logging, TLS settings, passwords) once
- Monitoring of vIPs, if a service is down relocate it
- Software Lifecycle Management
- IP Address Management
- Periodic monitoring for common issues
- Per Virtual Service extensive Analytics (Avi Enterprise only). They are running ElasticSearch on-box to achieve this, it's pretty neat.
- Report in to the AVI controller
- Perform actual load balancing functions
- AVI Controller UI and vCenter/NSX-T Interaction have hard-coded IPv4 Constructs, 20.1.5 introduces preliminary support for IPv6, but VMware's NSBU is usually ahead of everyone else here. I'll be testing vCenter + IPv6 in a later post.
- AVI Controllers appear to pick up an IPv6 address via SLAAC
- This platform appears to have full data-plane support.
- Layer 2 Cloud (Typical A/P Load Balancer Deployment)
- Layer 3 Cloud (MP-BGP Load Balancer Deployment)
- NSX-T Cloud (NSX-T Integrated Deployment)
Data Plane Topologies
Have you ever seen this error before? This is a really important issue in enterprise infrastructure because unauthenticated TLS connections...
After all that meatspace talk, let's look at a few technical solutions and why they might not meet business needs in a specific setting....
Note: I created a common baseline for pre-requisites in this previous post . We'll be following VMware's Avi + NSX-T Design guide . ...