Load balancing Change Healthcare Radiology

How to load balance Change Healthcare Cardiology

For Change Healthcare Radiology, Layer 4 NAT mode and Layer 7 SNAT mode are used.

Layer 4 NAT mode

Layer 4 NAT mode is a high performance solution, although not as fast as layer 4 DR mode. This is because real server responses must flow back to the client via the load balancer rather than directly as with DR mode.

The load balancer translates all requests from the Virtual Service to the Real Servers. A Two-arm configuration is used where the load balancer has 2 network interfaces, one in each subnet. The VIP is brought up in one subnet and the load balanced Real Servers are located in the other.

Normally eth0 is used for the internal network and eth1 is used for the external network although this is optional. Any interface can be used for any purpose. If the Real Servers require Internet access, Autonat should be enabled using the WebUI menu option: Cluster Configuration > Layer 4 – Advanced Configuration, the external interface should be selected. The default gateway on the Real Servers must be set to be an IP address on the load balancer.

Clients can be located in the same subnet as the VIP or any remote subnet provided they can route to the VIP. If you want Real Servers to be accessible on their own IP address for non-load balanced services, e.g. RDP, you will need to setup individual SNAT and DNAT firewall script rules for each Real Server or add additional VIPs for this. 

Port translation is possible with Layer 4 NAT mode, e.g. VIP:80 → RIP:8080 is supported. NAT mode is transparent, i.e. the Real Servers will see the source IP address of the client.

Layer 7 SNAT mode

Layer 7 SNAT mode uses a proxy (HAProxy) at the application Layer. Inbound requests are terminated on the load balancer and HAProxy generates a new corresponding request to the chosen Real Server. As a result, Layer 7 is typically not as fast as the Layer 4 methods. 

Layer 7 is typically chosen when either enhanced options such as SSL termination, cookie based persistence, URL rewriting, header insertion/deletion etc are required, or when the network topology prohibits the use of the Layer 4 methods.     

Because Layer 7 SNAT mode is a full proxy, any server in the cluster can be on any accessible subnet including across the Internet or WAN. 

Layer 7 SNAT mode is not transparent by default i.e. the Real Servers will not see the source IP address of the client, they will see the load balancer’s own IP address by default, or any other local appliance IP address if preferred (e.g. the VIP address). This can be configured per Layer 7 VIP. If required, the load balancer can be configured to provide the actual client IP address to the Real Servers in two ways:

1. Either by inserting a header that contains the client’s source IP address, or 
2. By modifying the Source Address field of the IP packets and replacing the IP address of the load balancer with the IP address of the client. 

Layer 7 SNAT mode can be deployed using either a one-arm or two-arm configuration. For two-arm deployments, eth0 is normally used for the internal network and eth1 is used for the external network, although this is not mandatory. It does not require any mode-specific configuration changes to the load balanced Real Servers. 

Port translation is possible with Layer 7 SNAT mode e.g. VIP:80 → RIP:8080 is supported. You should not use the same RIP:PORT combination for Layer 7 SNAT mode VIPs and Layer 4 SNAT mode VIPs because the required firewall rules conflict.