-1

Assume there are two servers A, B that are behind a load balancer, for example, they could be two docker containers. If server A makes an HTTP GET request to some-site.com, it is possible that the response gets delivered to server B by the load balancer. According to my understanding, externally there is just one IP address visible, and the load balancer is a Network Layer device which will just randomly send IP packets it gets to one of the servers it is balancing. I think I am missing something basic here like perhaps the load balancer works like a NAT router?

Legolas
  • 1
  • 1

2 Answers2

0

This is theoretically sort of possible for some (generally older) load balancers but would represent a broken configuration and would not work.

For IP, every packet has a source IP. Rest IP, source port, and dest port. The source port may be the missing link. It is NOT the same as the destination port, which means it's possible to tell the direction of the request. Ie for an http request if the packet has a foreign source address and source port > 1024 then it's an incoming request, but if the source IP is foreign and the source port is 80 then it's an outgoing request.

It's worth knowing that for http(s) most load balancers actually terminate the connection and then set up a second connection to the ultimate server. (For https this model can also reduce the load by handling https encryption). The applications behind the load balancer see the connection as coming from the load balancer, and know the IP address of the original sender because the load balancer adds an X-Forwarded-For header including the original IP address. This solution is much more scalable than manipulating packets at the IP level as the servers behind the load balancer don't need to be attached directly to it.

I also comment that while it's possible for connections to be distributed randomly it is more common to distribute requests based on some other metric (like previous request, resource requested), and the connection are often tracked so unless a server fails requests from a client all go to the same backend server.

Community
  • 1
davidgo
  • 6,222
  • 3
  • 23
  • 41
  • My question was regarding the response to requests made by one of the servers, how does the load balancer know which is the correct node to send the response to? – Legolas May 30 '20 at 18:43
  • 1
    Same way it would if a load balancer was not configured - typically NAT. The load balancer would not be invoked, because it knows its an outbound request based on the content of the source and dest ports – davidgo May 30 '20 at 19:54
0

Typically when discussing the load balancing of a service on A and B, that's the incoming connections through a reverse proxy. Very simplified, the result is an IP flow so a server can respond to the request.

Also is possible to configure outgoing connections, from A to whatever.example.com, to go through a consistent service address. Usually a "forward" (not reverse) proxy, like the HTTP proxy for a web browser, but for server applications. This is in addition to the load balancer for incoming requests.

According to my understanding, externally there is just one IP address visible

This is partially a legacy IPv4 assumption. With IPv6, it is reasonable to have a load balancer service address, say 2001:db8::443 proxying to backends 2001:db8::a and 2001:db8::b. Each can access the Internet, if allowed by routing and firewall policy. In this case with v6, directly without NAT.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34