Access Control List (ACL)
In relation to load balancing, ACLs are used to test some condition and perform an action (e.g. select a server, or block a request) based on the test result.
## Backend ##
acl url_blog path_beg /blog
a backend can be defined by:
- which load balance algorithm to use
- a list of servers and ports
backend web-backend balance roundrobin server web1 web1.yourdomain.com:80 check server web2 web2.yourdomain.com:80 check backend blog-backend balance roundrobin mode http server blog1 blog1.yourdomain.com:80 check server blog1 blog1.yourdomain.com:80 check
Their definitions are composed of the following components:
- a set of IP addresses and a port (e.g. 10.1.1.7:80, *:443, etc.)
use_backendrules, which define which backends to use depending on which ACL conditions are matched, and/or a
default_backendrule that handles every other case
frontend http bind *:80 mode http acl url_blog path_beg /blog use_backend blog-backend if url_blog default_backend web-backend
Types of Load Balancing
No Load Balancing
Layer 4 Load Balancing
Load balancing this way will forward user traffic based on IP range and port.
Layer 7 Load Balancing
Using layer 7 allows the load balancer to forward requests to different backend servers based on the content of the user's request.
Load Balancing Algorithms
Round Robin selects servers in turns. This is the default algorithm.
Selects the server with the least number of connections–it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.
This selects which server to use based on a hash of the source IP i.e. your user's IP address. This is one method to ensure that a user will connect to the same server.
Some applications require that a user continues to connect to the same backend server. This persistence is achieved through sticky sessions, using the
appsession parameter in the backend that requires it.
The default health check is to try to establish a TCP connection to the server i.e. it checks if the backend server is listening on the configured IP address and port.
For certain types of backends, like database servers in certain situations, the default health check is insufficient to determine whether a server is still healthy.