How can you survive without a load balancer in every home?

How can you survive without a load balancer in every home?

Comparisons
Updated on 4 mins

WHERE - Blog Sector

I did laugh when I saw this great spoof video from NetworkChuck sponsored by Kemp Technologies.

Chuck is a genius at turning a crazy idea into a great product pitch - I honestly couldn't tell if he was being serious or not for the first 10 minutes :-).

Kemp is one of our best competitors and has a great product supported by a great team. The video is clearly pitched at tech enthusiasts who like to play with so-called ‘FREE’ stuff. The real pitch however is at the end of the video where Kemp is suggesting that you can use their product to make secure pin-holes to specific applications inside the corporate firewall.

So it’s great PR and well worth watching, but two things really bug me about it:

  1. So-called FREE proprietary software sucks, because vendor lock-in sucks.
  2. Open source software guarantees your FREEDOM - which I personally find important.

So if you were enough of a GEEK to put a load balancer in your home, how should you really do it?

Chuck raises some brilliant points and solves a problem that could be common with home networks. BUT, It's also crazy (which is why it's funny).

Netflix needs load balancers, But it’s highly unlikely that your family and pets will require scaling out servers for your private song/video/photo collections!

In Chuck's example, you could have a Website, NAS and plex server on your home network and only have one public IP available to access them all. You could put these behind a virtual service with your public IP as the virtual service address all on port 443 and have your Website, NAS and plex server as your backend real servers and use funky ACL rules for your ‘content switching’ and DNS settings to access the correct server you want when you access the VIP.

Now, that’s reasonable, right? Well, not really...

That's extreme overkill. Why would you want to use proprietary enterprise software to do something in your home network?

So how could we improve our skills by doing this with open source software?

Let’s use a free open source alternative with a huge community and extensive help forums with decades of data already in them.

The same tasks can be achieved by running a reverse proxy on our favourite open source software, HAProxy, which is built into pfsense which you could already be running. This offers a free open source load balancing solution, and uses it exactly the same way as I described above. The HAProxy configuration would be used to create the Virtual service and the ACL rules to then create a cloudflare account for the DNS settings for the nameservers that would be required.

If you are looking to do this, you could….

  1. Create a Virtual service on HAProxy, on port 443, using a free address in your home network that you wish to access the servers.
  2. Add your real servers as the back end and this is where the traffic will be redirected to.
  3. Set up a domain (you can get a free one at freenom.com) and a nameserver on a service such as cloudflare, as this helps enhance security using SSL. On cloudflare, change your DNS records to point your new nameserver to the IP address of your house.
  4. Ping the new nameserver to ensure that it has been set up correctly.
  5. Next, you can optionally add an SSL certificate to the URL (this can be a SAN certificate or a wildcard certificate).
  6. Port forward port 443
  7. Set up content redirection on your HAProxy configuration.  

Your HAProxy configuration may look something like this...

listen Home_VIP
	bind 192.168.90.10:443 transparent
    id 37014876
    mode http
    balance leastconn
    stick on src
    stick-table type ip size 10240K expire 30m peers loadbalancer_replication
    server backup 127.0.0.1:9081 backup  non-stick
    option http-keep-alive
    timeout http-request 5s
    timeout tunnel 1h
    option redispatch
    option abortonclose
    maxconn 40000
    server Plex_Server 192.168.90.6:8006 id 623843618	weight 100	check	inter 4000	rise 2	fall 2	slowstart 8000	minconn 0	maxconn 0	on-marked-down	shutdown sessions
    server Web_Server 192.168.90.7:80 id 459236736	weight 10	check	inter 4000	rise 2	fall 2	slowstart 8000	minconn 0	maxconn 0	on-marked-down shutdown sessions
    server NAS_Server 192.168.94.13:5001 id 267373704	weight 100	check	inter 4000	rise 2	fall 2	slowstart 8000 minconn 0	maxconn 0	on-marked-down shutdown sessions
    acl rule_1 path_beg,url_dec  -m beg  -i /plex
    use-server Plex_server  if rule_1 
    acl rule_2 path_beg,url_dec  -m beg  -i /NAS
    use-server NAS_server  if rule_2
    acl rule_3 path_beg,url_dec  -m beg  -i /web
    use-server Web_server  if rule_3

I have my home VIP on port 443, my backend servers on the port they are being load balanced on and I have configured some content redirection rules to send traffic to the correct server based on the start of the path (this can be done in different ways, such as to send it to the relevant IP address of each server).

It is important to bear in mind a lot of households don’t have a static public IP so you would need to watch out for these  changes. There is also another way to resolve this issue by simply using different ports, but if you are stuck to only port 443 then this would be the best option.

Learn more about HAProxy ACL rules with this handy introduction.

What you DON’T want to do, is this….

Spend lots of time learning a proprietary product , when you could be improving your open source skills which are transferable at no cost - and will help your career in the long term.

You don’t need a sledgehammer to crack a nut

So, can you use an enterprise load balancer to solve this problem? Yes, yes you can. Would it be extreme overkill? Absolutely.

I think the moral of the story is that if you are building a home network, you should stick to home network, and not enterprise, solutions.

AND I loved the video :-).

If you have any questions on how to achieve this please contact one of the team!

Want to talk tech?

We tell it how it is...