If you Google 'modern load balancer', you will quickly find the awesome blog from Matt Klein — followed by some marketing fluff from AVI Networks and NGINX+.

It's really annoying when people believe — that something traditional (proven to work) is somehow worse, than something that is modern (looks like a cool idea). And come to think about it — is 'modern' just a marketing term to sell a new and un-tested product into a mature market?

Remider to myself, but I may have to delete this blog when I get flamed by the hordes of DevOps Evangelists (seriously, that is now a common job title! ).

Also just to be clear, A 'DevOps load balancer' has nothing to do with Kemps so called application delivery fabric — which is just common sense if you've ever had to deal with F5 Jenga hell.

Let's start with some arguable definitions:

What is a TRADITIONAL load balancer aka application delivery controller (ADC)?

  • Generally packaged as an appliance solution (i.e. everything in one place)
  • Flexible deployment options hardware, software, virtual or cloud
  • Most vendors support 98% of the functionality you would ever need i.e. Reverse Proxy, Transparent Proxy, Layer 4-7, Firewall & WAF, GSLB, etc.
  • Tight integration and testing of modules to give security, reliability and performance guarantees.
  • All functionality available through an easy to use web based interface or API.
  • Solid reporting, monitoring & alerting directly on the appliance or remote.
  • Rock solid documentation for hundreds of popular applications.
  • Used by practically every company on the planet.

Who are the TRADITIONAL load balancer vendors?

  1. F5 Networks
  2. Citrix
  3. A10 Networks
  4. Radware
  5. Kemp Technologies
  6. Barracuda Networks
  7. HAProxy Enterprise
  8. Loadbalancer.org

These vendors all have broadly similar mature technology, the products are incredibly boring because they just work. Which of course is just not cool enough for DevOps Evangelists.

What is a MODERN DevOps load balancer?

  • New and shiny replacement for your old clunky ADC...
  • Linux based binary
  • Layer 7 reverse-proxy
  • Protocol aware i.e. HTTP and maybe even HTTP/2 or SSL
  • Simple and fast to deploy in Docker (i.e. no kernel dependencies/integration)
  • Probably plays nicely with Kubernetes Ingress Controller
  • API driven
  • External logging, monitoring & alerting
  • Basic web interface (because you're supposed to use the API remember?)
  • Used by cool companies with massive development budgets like NetFlix...

Who are the MODERN load balancer vendors?

  1. AVI Networks ($$$)
  2. NGINX+ ($$$)
  3. HAProxy (free)
  4. Envoy (free)
  5. Træfik (free)

You are probably going to want to fire up hundreds of these small instances...so obviously open source is the way to go...

So why would you ever use a commercial modern load balancer?

Well actually, for enterprise deployments — it's not the quality of the product that matters. It's the quality of the support, you need a vendor who goes above and beyond, to support your whole application - not just their own software.

Have you seen the price of enterprise support for NGINX+ and AVI? It's not cheap - but actually for a large enterpise it is potentially much better value than hiring 10 new DevOps engineers...

Will F5 ever make a silly little DevOps binary?

It would be rubbish compared to a traditional F5, and do they really need to bother with a tiny specialist corner of the $4 billion ADC market?

I doubt it.

Of course as I write this, I do realise that I'm a total hypocrite!

For years I have banged on about for true high-availability, application design is the most important thing; and that using whizzy layer 7 ADC functionality is a bit like using double sided sticky tape to fix a leak... Along with my other potential delusions; that layer 4 load balancing is awesome, GSLB sucks and WAFs are pointless.

I actually think DevOps IS currently the best way to design a scalable application...

However, I've come to realise that in the real world — many applications are badly designed, or simply too hard and expensive to change. So traditional ADCs have become the 'Swiss Army Knife' of choice for many network managers.

Hang on though — what if you could have the best of both worlds?

OK, so as long as you don't mind running your TRADITIONAL monolithic load balancer outside of your Docker/Kubernetes stack. Why not go ahead and do it for now? That should save you both time and grief.

You can get up and running quickly, then when you find individual bottle necks in your application layer — you can convert just that part to a DevOps environment.

HAProxy Enterprise have an excellent blog explaining how to use their traditional load balancers as an ingress controller for Kubernetes.

Then if you eventually decide to go full-on DevOps, just take the existing HAProxy config from your load balancer and move to the open source HAProxy binary!

Kurbernetes-Cluster

Interestingly, A10 Networks have also just announced Kubernetes support. Maybe they are feeling the pressure to look modern?

Why not try a Hybrid modern(ish) load balancer?

A commercial application delivery controller that uses the industry standard HAProxy for layer 7 reverse proxy mode. So you get a proven product, from a commercial vendor with great support.

BUT critically — one that allows you to copy the configuration straight over to HAProxy, should you choose to go fully open source.

Commercial examples of HAProxy based Hybrid load balancers:

  1. HAProxy Enterprise
  2. Loadbalancer.org
  3. SNAPT
  4. Zevenet (see comment)
  5. Barracuda Networks

OK, so I'm joking with the last one — But they do use HAProxy :-)