Load Balancing
Chapter 69: Load Balancing
Section titled βChapter 69: Load BalancingβComprehensive Guide to Load Balancing
Section titled βComprehensive Guide to Load BalancingβWhy This Matters in DevOps/SRE
Section titled βWhy This Matters in DevOps/SREβLoad balancing is the foundation of scalable, available systems. As traffic increases, load balancers distribute requests across multiple servers, ensuring no single server becomes a bottleneck. Understanding load balancing algorithms, health checks, and session persistence is critical for building resilient infrastructure.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ LOAD BALANCING IN SCALABLE SYSTEMS ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β TRAFFIC DISTRIBUTION β ββ β β ββ β ββββββββββββββββ β ββ β β Load Balancer β β ββ β βββββββββ¬ββββββββ β ββ β β β ββ β ββββββββββββββΌβββββββββββββ β ββ β βΌ βΌ βΌ β ββ β ββββββ ββββββ ββββββ β ββ β βSrv1β βSrv2β βSrv3β (horizontal scaling) β ββ β ββββββ ββββββ ββββββ β ββ β β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β DEVOPS SCENARIOS β ββ β β ββ β β’ Traffic spikes: Auto-scale based on load β ββ β β’ Deployments: Zero-downtime with health checks β ββ β β’ Failover: Remove failed nodes automatically β ββ β β’ Geographic routing: Route to nearest datacenter β ββ β β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β AWS USE CASES β ββ β β ββ β ALB: HTTP/HTTPS β NLB: TCP/UDP β CLB: Legacy β ββ β Path-based routing β High throughputβ HTTP fallback β ββ β β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββReal-world DevOps scenarios:
- Kubernetes: Service load balancing with kube-proxy or ingress controllers
- Blue-green deployments: Route traffic between old and new versions
- A/B testing: Route percentage of traffic to different versions
- Geographic routing: Latency-based routing with Route53
69.1 Load Balancing Algorithms
Section titled β69.1 Load Balancing AlgorithmsβAlgorithm Comparison
Section titled βAlgorithm Comparisonβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ALGORITHM COMPARISON ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€β ββ Round Robin: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Sequential distribution to each server in rotation β ββ β β’ Good for servers with similar capacity β ββ β β’ Simple, no state needed β ββ β β’ Default in most load balancers β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ Least Connections: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Routes to server with fewest active connections β ββ β β’ Better for varying workloads β ββ β β’ More intelligent than round robin β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ IP Hash: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Same client IP always goes to same server β ββ β β’ Enables session persistence β ββ β β’ Good for stateful applications β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ Weighted: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Assign weight to each server β ββ β β’ More requests to powerful servers β ββ β β’ Useful for heterogeneous server pools β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ Least Time: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Considers response time (weighted) β ββ β β’ Routes to fastest responding servers β ββ β β’ Best for variable latency environments β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ Random: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Random server selection β ββ β β’ Good when used with multiple load balancers β ββ β β’ Prevents thundering herd β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ69.2 HAProxy Configuration
Section titled β69.2 HAProxy ConfigurationβBasic Configuration
Section titled βBasic Configurationβglobal log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon maxconn 4000
defaults log global mode http option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http
frontend http_front bind *:80 bind *:443 ssl crt /etc/ssl/certs/server.pem
# Redirect HTTP to HTTPS http-request redirect scheme https unless { ssl_fc }
default_backend web_servers
backend web_servers mode http balance roundrobin
option httpchk GET /health
server web1 10.0.0.1:80 check inter 2000 rise 2 fall 3 server web2 10.0.0.2:80 check inter 2000 rise 2 fall 3 server web3 10.0.0.3:80 check inter 2000 rise 2 fall 3 backupACL Examples
Section titled βACL Examplesβ# Path-based routingfrontend http_front bind *:80
acl is_api path_beg /api acl is_admin path_beg /admin acl is_static path_beg /static /images /js
use_backend api_servers if is_api use_backend admin_servers if is_admin use_backend static_servers if is_static default_backend web_servers
# Header-based routingfrontend http_front bind *:80
acl is_mobile hdr_val(User-Agent) -i mobile acl is_api_header hdr(X-API-Key) -m found
use_backend mobile_servers if is_mobile use_backend api_servers if is_api_header default_backend web_serversSSL Termination
Section titled βSSL Terminationβfrontend https_front bind *:443 ssl crt /etc/ssl/certs/server.pem crt /etc/ssl/certs/additional.pem
# SSL options ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384
default_backend web_servers69.3 Health Checks
Section titled β69.3 Health ChecksβHealth Check Types
Section titled βHealth Check Typesβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ HEALTH CHECK TYPES ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€β ββ TCP Connect (Basic): ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Opens TCP connection to port β ββ β β’ Success if connection established β ββ β β’ server web1 10.0.0.1:80 check β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ HTTP Check: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Sends HTTP request β ββ β β’ Checks response code (2xx, 3xx = healthy) β ββ β β’ Can check response body β ββ β β’ option httpchk β ββ β β’ option httpchk GET /health β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ HTTPS Check: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ Same as HTTP but over SSL β ββ β β’ Can verify certificate β ββ β β’ option httpchk GET /health ssl verify none β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββ Check Parameters: ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ β β’ inter 2000: Check every 2 seconds β ββ β β’ rise 2: 2 successful checks = healthy β ββ β β’ fall 3: 3 failed checks = unhealthy β ββ β β’ slowstart 30s: Gradual traffic increase β ββ β β’ port 8080: Check different port than backend β ββ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ββ ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββAdvanced Health Checks
Section titled βAdvanced Health Checksβ# Custom HTTP check with expected responsebackend api_servers option httpchk http-check expect status 200 http-check expect string "OK" server api1 10.0.0.1:8000 check inter 3000 fall 3 rise 2 server api2 10.0.0.2:8000 check inter 3000 fall 3 rise 2
# Check on different portbackend web_servers option httpchk http-check send uri /healthcheck port 8080 server web1 10.0.0.1:80 check inter 2000 server web2 10.0.0.2:80 check inter 2000
# Agent-based health checkbackend app_servers option external-check external-check path "/usr/bin:/bin" external-check command /usr/local/bin/check_app.sh server app1 10.0.0.1:8080 check69.4 Session Persistence
Section titled β69.4 Session PersistenceβSticky Sessions
Section titled βSticky Sessionsβ# Source IP persistencebackend web_servers balance source hash-type consistent server web1 10.0.0.1:80 check server web2 10.0.0.2:80 check
# Cookie-based persistencebackend api_servers balance roundrobin cookie SERVERID insert indirect nocache server api1 10.0.0.1:80 check cookie api1 server api2 10.0.0.2:80 check cookie api269.5 Interview Questions
Section titled β69.5 Interview Questionsβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ LOAD BALANCING INTERVIEW QUESTIONS ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ1: What is load balancing? β βA1: Distributing traffic across multiple servers to improve performance, β reliability, and scalability β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ2: What is the difference between L4 and L7 load balancing? β βA2: L4 (Transport layer): TCP/UDP, no content awareness β L7 (Application layer): HTTP/HTTPS, can inspect content, routes β based on URL, headers, cookies β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ3: What is sticky sessions and why would you use them? β βA3: Same client always routed to same server β - Session state stored on server β - Enables stateful applications β - Can use IP hash or cookies β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ4: What health check types are available? β βA4: TCP connect (basic), HTTP (GET request), HTTPS (SSL), β Custom (agent-based), UDP (for non-HTTP) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ5: What is the difference between round robin and least connections? β βA5: Round robin: Sequential distribution β Least connections: Routes to server with fewest active connectionsβ βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ6: How do you handle SSL termination? β βA6: Load balancer decrypts SSL, forwards plain HTTP to backend β - Reduces backend server CPU load β - Centralized certificate management β - HAProxy: bind *:443 ssl crt <cert> β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ7: What is a failover in load balancing? β βA7: Automatic switch to backup server when primary fails β - Health checks detect failure β - Backup servers take over β - "backup" keyword in HAProxy β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ βQ8: How do you prevent a single point of failure? β βA8: Multiple load balancers (active-active or active-passive) β - Multiple backend servers β - Health checks for automatic removal β - Redundant network paths β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββQuick Reference
Section titled βQuick Referenceβ# HAProxybalance roundrobin|leastconn|source|urioption httpchkcheck inter 2000 rise 2 fall 3
# Algorithmsroundrobin # Sequentialleastconn # Fewest connectionssource # IP hashuri # URL hashCommon Mistakes & Anti-Patterns
Section titled βCommon Mistakes & Anti-Patternsβ1. No Health Checks
Section titled β1. No Health Checksββ WRONG: Traffic goes to failed servers
upstream backend { server 10.0.0.1:8080; server 10.0.0.2:8080; # No health checks!}β CORRECT: Add health checks
upstream backend { server 10.0.0.1:8080 max_fails=3 fail_timeout=30s; server 10.0.0.2:8080 max_fails=3 fail_timeout=30s;}2. Wrong Algorithm for Workload
Section titled β2. Wrong Algorithm for Workloadββ WRONG: Using round robin for long-running connections
# Bad for WebSocket or long-pollingupstream backend { server 10.0.0.1:8080; server 10.0.0.2:8080;}β CORRECT: Use least connections for variable workloads
upstream backend { least_conn; server 10.0.0.1:8080; server 10.0.0.2:8080;}3. Not Using Sticky Sessions When Needed
Section titled β3. Not Using Sticky Sessions When Neededββ WRONG: Sessions distributed across servers
# Users get different servers each requestupstream backend { server 10.0.0.1:8080; server 10.0.0.2:8080;}β CORRECT: Enable sticky sessions for stateful apps
upstream backend { ip_hash; # or use $cookie_jsessionid server 10.0.0.1:8080; server 10.0.0.2:8080;}4. Single Point of Failure
Section titled β4. Single Point of Failureββ WRONG: Single load balancer
Internet βββΊ LB1 βββΊ App Servers (if LB1 fails, everything fails)β CORRECT: Redundant load balancers
Internet βββΊ LB1 βββ¬βββΊ App Servers βββΊ LB2 βββ (Active-passive or active-active)5. Not Monitoring Load Balancer Metrics
Section titled β5. Not Monitoring Load Balancer Metricsββ WRONG: No visibility into LB performance
β CORRECT: Monitor key metrics
# Nginx stub status modulelocation /nginx_status { stub_status on; allow 127.0.0.1; deny all;}
# Key metrics to monitor:# - Requests per second# - Active connections# - Backend response times# - Health check failuresSummary
Section titled βSummaryβ- Algorithms: Round robin, least connections, IP hash, weighted
- HAProxy: Popular L4/L7 load balancer
- Health checks: TCP, HTTP, HTTPS, custom
- Persistence: Source IP, cookies
Next Chapter
Section titled βNext ChapterβChapter 70: Application Servers
Last Updated: February 2026