Multi-Stage Transparent Server Load BalancingWIDE ProjectJapannaoki.matsuhira@gmail.comThis document specifies Multi-Stage Transparent Server Load Balancing
(MSLB) specification. MSLB make server load balancing over Layer3
network without packet header change at client and server. MSLB make
server load balancing with any protocol and protocol with encription
such as IPsec ESP, SSL/TLS.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.This document specifies Multi-Stage Transparent Server Load Balancing
(MSLB) specification.MSLB provide server load balancing function over Layer3 network
without packet header change at client and server. MSLB work with any
protocol and protocol with payload encription such as IPsec ESP,
SSL/TLS.There are several load balancing technique, such as round robin DNS,
IP Anycasting and destination address
translation. shows load balancing system with
typical server load balancer with destination address translation
technique.It is well-known that Network address translator break internet transparency and have a application dependency characteristic.Some server load balancer use application data, so with IPsec ESP,
SSL/TLS, this mechanisms may not work well.Load balancing is the tecnique that distribute packet to multiple
server. For packet distribution, destination addresss translation
technique is useful, however this technique itself break internet
transparency.After distribution, if write back to the original destination address
may possoble, it is possible to recover transparency. This is the basic
idea and architecture of MSLB. shows
architecture of MSLB.This method process only destination address of IP header. This
method can be applied to both IPv4 and IPv6. shows basic server load balancing
system with MSLB. This case two-stage configuration with one MSLB-F
and one-stage many MSLB-Bs.MSLB-F is front function of MSLB and translate destination address
to one of the address of MSLB-B. BSLB-B s backend function of MSLB and
translate destination address to the original server address, i.e.
address of MSLB-F. The IP address of MSLB-F and all server is the same
value.MSLB-F may multi-stage configuration. shows three stage configuration with
two-stage MSLB-F and one-stage many MSLB-Bs.shows one arm configuration of server
load balancing system with MSLB.MSLB-F is front function of MSLB and translate destination address
to one of the address of MSLB-B. BSLB-B s backend function of MSLB and
translate destination address to the original server address, i.e.
address of MSLB-F. The IP address of MSLB-F and all server is the same
value.This configuration, MSLB-F is connecting to the network with single
link, that is one arm configuration. This case, retuen packet, i.e.
packet from server to client does not pass through the MSLB-F.MSLB have two mode, one is address translation mode, and the other is
encapsulation mode.This mode using address translation technique.Figure shows packet processing
with address translation mode.In this figure, to the Client, IP address is allocated IP_C1,
IP_C2, and server IP address is IP_S. This case, IP_S is also allocate
to all servers and MSLB-F. And to the MSLB-B, IP_B1, IP_B2, IP_B3 is
allocated. These allocation is shown in upper part of .Lower part of shows packet transfered
between client and server. From Client to the Server, only destination
address is translate, MSLB-F translate from IP_S to IP_B1, and MSLB-B
translate from IP_B1 to IP_S. Then the destination address of packet
which send client and the destination address of packet which recieve
server is same address. That mean, transparency is remained.Return packet, i.e., from server to the client is not translate,
just forwarded.In the Internet, Client IP address and server IP address must
Global IP address, however, IP address of MSLB-B may private IP
address. shows MSLB table. MSLB have this
table and translate the destination address using this table value.
MSLB-F check source IP address, and translate destination address with
this table.Using IPv4-IPv6 translation may possible, i.e., IPv4 packet
translated to IPv6, then translate to IPv4 or IPv6 packet translate to
IPv4, then translate IPv6 may possible shows possible combination of IPv4 and
IPv6. These IPv4-IPv6 translation case will be defined in future.This mode using encapsulation technique.Figure shows packet processing with
encapsulation mode.In this figure, to the Client, IP address is allocated IP_C1,
IP_C2, and server IP address is IP_S. This case, IP_S is also allocate
to all servers and MSLB-F. And to the MSLB-B, IP_B1, IP_B2, IP_B3 is
allocated. These allocation is shown in upper part of .Lower part of shows packet transfered
between client and server. From Client to the Server, MSLB-F
encapsulate original IP packet and send to MSLB-B. MSLB-B decapsulate
outer IP header, and forwarad to the server. Inner IP packet does not
change, that mean, transparency is remained.With encapsulation mode, packet size is increase, so fragmentation
is needed if encapsulated packet size exceed MTU or Path MTU. MSLB-F
MUST support tunnel MTU discovery.
Fragmentation and Path MTU discovery
issue will describe in future.Return packet, i.e., from server to the client is not encapsulate,
just forwarded.In the Internet, Client IP address and server IP address must
Global IP address, however, IP address of MSLB-B may private IP
address. shows MSLB table. MSLB have this
table and encapsulate and generate outer header with destination
address using this table value. MSLB-F check source IP address, and
generate destination address of outer header with this table.Using IPv4 over IPv6 encapsulation or IPv6 over IPv4 encapsulation
may possible, i.e., IPv4 packet encapsulated to IPv6, then decapsulate
to IPv4 or IPv6 packet encapsulated to IPv4, then deencapsulated IPv6
may possible shows possible
combination of IPv4 and IPv6. These IPv4-IPv6 encapsulation case will
be defined in future. describe ingress filtering for defending DoS
attack which employ IP source address spoofing.Depend on the location of the MSLB-F and MSLB-B, it is possible that
packet from server to client is discarded by ingress filtering. In such
case, encapsulating the packet from server to client might resolve.
shows such solution.MSLB has following characteristics.Layer 3 Load balancerSupport NAT unfriendly application such as FTPwork with any application layer protocol (maybe)work with encription (IPsec ESP, SSL/TLS)work over Layer 3 networkmay enforce policy with static configurationThis document makes no request of IANA.Note to RFC Editor: this section may be removed on publication as an
RFC.Security consideration does not discussed in this memo.