Comparing Different Load Balancers? Get our free guide
  • Support
  • Blog
  • +1 866 998 0508
The latest insights from the load balancing experts | Loadbalancer.org
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Buy Now
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • call
  • contact

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • High Availability
  • HAProxy
  • Just for Fun
  • Security
  • Amazon AWS
  • News
  • Events
  • Linux
  • Healthcare
  • Top 10 Blogs
  • Reviews and Comparisons
  • SSL
  • Microsoft Azure
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Exchange
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Google Cloud Platform (GCP)
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Web Filters / Proxy
  • Guest Blogs
  • Object Storage
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • VMware
  • Nutanix
  • open source
See more tags

Load balancing your load balancers for endless scalability

3 July 2018 / 3 min read / How-To's

As the title suggests, I'm going to take a look at the concept of load balancing a cluster of inexpensive load balancers to scale out SSL capabilities (or even Layer 7 operations), rather than the typical idea of scaling up SSL offload capabilities by buying ever-larger appliances with ever more expensive hardware and license requirements.

Light bulb moment

The idea itself came out of a conversation, as so many good ideas do. We were discussing an SSL offload requirement that could potentially grow to the point of needing 100,000 TPS or more - ouch!

Somebody shared that to achieve that sort of TPS, they'd been quoted $500,000+ for a highly available pair of capable appliances, including the associated licenses to unlock the hardware - even bigger ouch!!

I wondered: couldn't you just use a large cluster of cheaper load balancers, all being load balanced by a pair of fast Layer 4 load balancers, keeping it transparent? Managing such a beast wouldn't be easy. But what if we used an API or central control node?

So the brainchild was born, for better or worse. As a picture speaks louder than words, I'm suggesting along the lines of this:

SSL-Offload-Cluster

Creating a monster

The plan is to use an inexpensive pair of load balancers - using Layer 4 DR mode for maximum throughput and transparency - to load balance some more mid to high-end load balancers. This enables us to handle the SSL offload at a much more affordable price than simply buying a big box.

The idea hinges on your ability to manage this effectively, because it could quickly become cumbersome without an API or some other way to perform maintenance tasks across the whole farm of load balancers. With an API and some scripting knowledge, however, this should be fairly easy to overcome. And guess what? We have an API already:

/blog/how-do-i-automate-load-balancer-deployments/

Time to get our DevOps on!

Here is an example simple bash script to leverage the API to perform actions on multiple load balancers at once.

#!/bin/bash

# Were we called with at least one arg?
if [ $# -eq 0 ]; then
   echo "Not enough paramters: Usage - '$0 command' "
   exit 42
fi

# Space separated list of IP addresses to push the command to
SERVERS="192.168.10.11 192.168.10.12 192.168.10.13 192.168.10.14"

# Pull in all args passed to this script as the required command
COMMAND=$*

for SERVER in ${SERVERS} ; do \
   echo ssh root@${SERVER} ${COMMAND}
done

exit 0

Does it work on price? I think it does!

2x Enterprise 10G with 1 yr 24/7 Support = $16,980.00 (USD) Excl. Tax
9x Enterprise Ultra with 1 yr 24/7 Support = $152,910.00 (USD) Excl. Tax

Total = $169,890 (USD) Excl. Tax

Which could potentially handle ~ 150,000 TPS!

Check it out yourself using our online quote form

When else might this work?

I think the other thing to mention is that scaling SSL isn't the only thing that can be a problem. Scaling L7 transformations can get tough, scaling WAFs can get even tougher and approaching either problem with this method would be just as applicable.

Why isn't everyone doing this?

Well, it does involve more work than an "off the shelf" solution. But I think you will find that when you look beyond the typical enterprise customer at some of the largest deployments around, this techique is actually used fairly often. Take Facebook for example:

facebook
https://www.bizety.com/2017/01/17/facebook-billion-user-load-balancing/

To try or not to try

Large load balancers with massive SSL offload capability are fine. They may suit some enterprises because they are simple to deploy and maintain.

However, when you have a service with requirements that are growing - or you just chucked out those 2048 bit certs and deployed 4096 only to realise that your big pair of boxes are no longer up to the task - it could be worth doing something different. You may value the extra investment of time at the beginning to have a system that only requires adding more Layer 7 load balancers as you grow.

So should you try it? I think it's fair to say "yes" - this is a great way to tackle the problem of scale.

While it does involve having the internal technical resources capable of implementing and maintaining such a solution, the benefits if you are a company with a technical abundance will be great. You'll be saving a truckload of money while justifying your tech team's salaries. And you get the added technical benefit of having an endlessly scalable load balancer designed from the outset to grow with your needs.

Found in

How-To's, High Availability, Just for Fun

About the author

Aaron West-profile-image
Aaron West

Coming from a background assisting companies large and small to get the most from open source solutions. Aaron found joining the support team at Loadbalancer.org a natural progression. Aaron’s interests include distro-hopping, B Movies and quality time spent with his family.

Read More

Related posts

How-To's
How-To's
25 Mar 2021
How to install and configure HAProxy on RHEL 7 Andrei Grigoras
Follow our clear instructions if you want to use HAProxy with Red Hat Enterprise Linux.

2 min read

Read more
High Availability
High Availability
22 Mar 2021
How to calculate the true cost of downtime to your organization Richard Halcrow
Outages result in more than just lost revenue for your organization – but how best to quantify the damage?

4 min read

Read more
Reviews and Comparisons
Reviews and Comparisons
5 Jul 2018
Loadbalancer.org: The IT Central Station community weighs in Danielle Felder
Over the last few months, the team at IT Central Station reached out to Loadbalancer.org customers with one goal: to find out what they really thought about their experiences with Loadbalancer.org.

3 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy