Load balancing is the method of distributing network traffic equally across a pool of resources that

support an application. helps improve the performance, reliability, and availability of applications

Load balancing is about evenly distributing incoming network traffic across a group of backend servers or
resources to optimize system performance, reliability, and uptime.

Load balancing is the process of distributing traffic among multiple servers to improve a service or
application's performance and reliability.

Load balance is feature that allows you to distribute network Traffic across a multiple internet
service providers or links its helps optimize network performance increase bandwidth
availability and improve over all reliability

FortiGate load balancing:

Features

1. Virtual Server Load Balancing: Distributes traffic across multiple servers.

2. Link Load Balancing: Balances traffic across multiple WAN links.

3. High Availability: Ensures continuous service with failover capabilities.

load balancing method

Round Robin load balancing method

Round-robin load balancing is the simplest and most commonly-used load balancing algorithm. Client
requests are distributed to application servers in simple rotation. For example, if you have three application
servers: the first client request is sent to the first application server in the list, the second client request to the
second application server, the third client request to the third application server, the fourth to the first
application server, and so on.

Round robin load balancing is most appropriate for predictable client request streams that are being spread
across a server farm whose members have relatively equal processing capabilities and available resources
(such as network bandwidth and storage).

Weighted Round Robin load balancing method

Weighted round robin is similar to the round-robin load balancing algorithm, adding the ability to spread the
incoming client requests across the server farm according to the relative capacity of each server.

This load balancing algorithm is most appropriate for spreading incoming client requests across a set of
servers that have varying capabilities or available resources. The administrator assigns a weight to each
application server based on criteria of their choosing that indicates the relative traffic-handling capability of
each server in the farm.

So, for example: if application server #1 is twice as powerful as application server #2 (and application server
#3), application server #1 is provisioned with a higher weight and application server #2 and #3 get the
same, lower, weight. If there are five (5) sequential client requests, the first two (2) go to application server
#1, the third (3) goes to application server #2, the fourth (4) to application server #3. The fifth (5) request
would then go to application server #1, and so on.

Least Connection load balancing method

Least connection load balancing is a dynamic load balancing algorithm where client requests are distributed
to the application server with the least number of active connections at the time the client request is
received.

In cases where application servers have similar specifications, one server may be overloaded due to longer
lived connections; this load balancing algorithm takes the active connection load into consideration.

This load balancing technique is most appropriate for incoming requests that have varying connection times
and a set of servers that are relatively similar in terms of processing power and available resources.

Weighted Least Connection load balancing method

Weighted least connection builds on the least connection load balancing algorithm to account for differing
application server characteristics. The administrator assigns a weight to each application server based on the
relative processing power and available resources of each server in the farm.

LoadMaster makes load balancing decisions based on active connections and the assigned server weights
(e.g., if there are two servers with the lowest number of connections, the server with the highest weight is
chosen).

Resource Based (Adaptive) load balancing method

Resource based (or adaptive) load balancing makes decisions based on status indicators retrieved by
LoadMaster from the back-end servers. The status indicator is determined by a custom program (an “agent”)
running on each server. LoadMaster queries each server regularly for this status information and then sets
the dynamic weight of the real server appropriately.

In this fashion, the load balancing method is essentially performing a detailed “health check” on the real
server. This method is appropriate in any situation where detailed health check information from each server
is required to make load balancing decisions.

For example: this load balancing algorithm would be useful for any application where the workload is varied
and detailed application performance and status is required to assess server health.

This load balancing method can also be used to provide application-aware health checking for Layer 4 (UDP)
services via the load balancing method.

Resource Based (SDN Adaptive) load balancing method

SDN (Software Defined Network) adaptive is a load balancing algorithm that combines knowledge from
Layers 2, 3, 4 and 7 and input from an SDN (Software Defined Network) controller to make more optimized
traffic distribution decisions.

This allows information about the status of the servers, the status of the applications running on them, the
health of the network infrastructure, and the level of congestion on the network to all play a part in the load
balancing decision making.
This load balancing method is appropriate for deployments that include an SDN (Software Defined Network)
controller.

Fixed Weighting load balancing method

Fixed weighting is a load balancing algorithm where the administrator assigns a weight to each application
server based on criteria of their choosing to represent the relative traffic-handling capability of each server in
the server farm. The application server with the highest weight will receive all of the traffic. If the application
server with the highest weight fails, all traffic will be directed to the next highest weight application server.

This load balancing technique is appropriate for workloads where a single server is capable of handling all
expected incoming requests, with one or more “hot spare” servers available to pick up the load should the
currently active server fail.

Source IP Hash load balancing method

The source IP hash load balancing algorithm uses the source and destination IP addresses of the client
request to generate a unique hash key which is used to allocate the client to a particular server.

As the key can be regenerated if the session is broken, the client request is directed to the same server it was
using previously.

This load balancing method is most appropriate when it’s vital that a client always return to the same server
for each successive connection.

URL Hash load balancing method

The URL hash load balancing algorithm is similar to source IP hashing, except that the hash created is based
on the URL in the client request. This ensures that client requests to a particular URL are always sent to the
same back-end server.

How does a load balancer distribute network traffic?

A load balancer uses different algorithms such as round robin, weighted, dynamic, and least connections to
evenly distribute the traffic among all the servers.

Key characteristics of Load Balancers

Below are some of the Key characteristics of Load Balancers:

• Traffic Distribution: To keep any one server from becoming overburdened, load balancers divide
incoming requests evenly among several servers.

• High Availability: Applications' reliability and availability are improved by load balancers, which
divide traffic among several servers. The load balancer reroutes traffic to servers that are in good
condition in the event that one fails.

• Scalability: By making it simple to add servers or resources to meet growing traffic demands, load
balancers enable horizontal scaling.

• Optimization: Load balancers optimize resource utilization, ensuring efficient use of server capacity
and preventing bottlenecks.
 • Health Monitoring: Load balancers often monitor the health of servers, directing traffic away from
servers experiencing issues or downtime.

• SSL Termination: Some load balancers can handle SSL/TLS encryption and decryption, offloading
this resource-intensive task from servers. s.

Key Features of Layer-4(L4) Load Balancer:

• Transport Layer: Operates at the transport layer (TCP/UDP).

• Basic Load Balancing: Distributes traffic based on IP addresses and port numbers.

• Efficiency: Faster processing as it doesn’t inspect the content of the data packets.

• Network Address Translation (NAT): Can perform basic NAT to hide server addresses.

2.2. Layer 7 (L7) Load Balancer/Application Load Balancer

Layer-7 load balancers operate at the application layer of the OSI model. They can make load balancing
decisions based on content, including information such as URLs, HTTP headers, or cookies.

Key Features of Layer-7(L7) Load Balancer

• Application Layer: Operates at the application layer (HTTP, HTTPS).

• Content-Based Routing: Distributes traffic based on content-specific information.

• Advanced Routing: Can make intelligent routing decisions based on application-specific data.

• SSL Termination: Capable of terminating SSL connections.

Benefits of using a Load Balancer

1. Increases performance: Any web server when given huge traffic may not perform well and can give
down time to user and thereby degrading the performance. However, Load Balancer makes sure user
experience no down time and gets better performance.

2. Increase Scalability: Load balancer along with auto scaling will make sure that if your minimum
number of servers are getting high traffic then more servers will be provisioned and load balancer will
automatically accommodate in the server cluster.

3. Efficiently manages failure: Load balancer makes sure that any server that is experiencing issue or
is not healthy to serve user request are been kept away from the distribution.

4. Prevent Traffic Bottleneck: A software load balancer anticipates when there will be a significant
surge in traffic to the servers and alerts us to take the necessary precautions.

5. Efficient Resource Utilization: Load balancers distribute incoming requests or tasks across
multiple servers, ensuring that each server handles an appropriate share of the workload.

6. Maintaining User Sessions: Load balancers can be configured for session persistence, ensuring
that user sessions are maintained even when requests are directed to different servers. This is
essential for applications that require stateful communication.

What are Load Balancing Algorithms?

Algorithms for load balancing are strategies for effectively allocating workloads among several servers or
resources. Consider that you have a group of employees and numerous jobs to finish. To keep everyone
active and complete the work efficiently, you should split the tasks evenly rather than assigning one person
to perform all the work while others sit around doing nothing. In computing, load balancing accomplishes
exactly that.

Load balancing algorithms can be broadly categorized into two types: Dynamic load balancing and Static
load balancing.

Static Load Balancing Algorithms

Static load balancing involves predetermined assignment of tasks or resources without considering real-time
variations in the system. This approach relies on a fixed allocation of workloads to servers or resources, and
it doesn’t adapt to changes during runtime.

Types of Static Load Balancing Algorithms are:

1. Round Robin Load Balancing Algorithm

The Round Robin algorithm is a simple static load balancing approach in which requests are distributed
across the servers in a sequential or rotational manner. It is easy to implement but it doesn’t consider the
load already on a server so there is a risk that one of the servers receives a lot of requests and becomes
overloaded.

For example:

Lets say you have a group of friends, and you want to share a bag of candies equally with all of them. You
give one candy to each friend in a circle, and then you start over. This is like Round Robin – making sure
everyone gets a fair share.

We need to implement a basic Round Robin load balancing algorithm. The goal is to distribute incoming
requests evenly among a list of servers. The first request goes to the first server, the second one goes to the
second server, the third request goes to the third server and it continues further for all the requests.

2. Weighted Round Robin Load Balancing Algorithm

The Weighted Round Robin algorithm is also a static load balancing approach which is much similar to the
round-robin technique. The only difference is, that each of the resources in a list is provided a weighted
score. Depending on the weighted score the request is distributed to these servers.

• Servers with higher weights are given a larger proportion of the requests.

• The distribution is cyclic, similar to the round-robin technique, but with each server receiving a
number of requests proportional to its weight.

• If a server reaches its processing capacity, it may start rejecting or queuing additional requests,
depending on the server's specific behavior.

For example:
let's say your friends have different levels of candy cravings. You want to be fair, so you give more candies to
the friend who loves them the most. Weighted Round Robin does something similar – it gives more tasks to
the friends who can handle them better.

Let's say you have three servers with weights: Server1 (weight 0.3), Server2 (weight 0.2), and Server3
(weight 0.1). The total weight is 0.3 + 0.2 + 0.1 = 0.6. During each cycle, Server1 would receive 0.3/0.6
(50%) of the requests, Server2 would receive 0.2/0.6 (33.33%), and Server3 would receive 0.1/0.6
(16.67%).

3. Source IP Hash Load Balancing Algorithm

The Source IP Hash Load Balancing Algorithm is a method used in network load balancing to distribute
incoming requests among a set of servers based on the hash value of the source IP address. This algorithm
aims to ensure that requests originating from the same source IP address are consistently directed to the
same server.

If the load balancer is configured for session persistence, it ensures that subsequent requests from the same
source IP address are consistently directed to the same server. This is beneficial for applications that require
maintaining session information or state.

For example:

Think of your friends coming to your house, and you want to remember who gets which toy every time they
visit. IP Hash is like remembering which friend played with which toy last time, so you always give them the
same one.

1. Least Connection Method Load Balancing Algorithm

The Least Connections algorithm is a dynamic load balancing approach that assigns new requests to the
server with the fewest active connections. The idea is to distribute incoming workloads in a way that
minimizes the current load on each server, aiming for a balanced distribution of connections across all
available resources.

• To do this load balancer needs to do some additional computing to identify the server with the least
number of connections.

• This may be a little bit costlier compared to the round-robin method but the evaluation is based on
the current load on the server.

For example:

Lets say you're at a playground, and some kids are playing on different swings. You want to join the swing
with the fewest kids so that it's not too crowded. Least Connection is like choosing the swing with the least
number of kids already on it.

2. Least Response Time Method Load Balancing Algorithm

The Least Response method is a dynamic load balancing approach that aims to minimize response times by
directing new requests to the server with the quickest response time.
 • It considers the historical performance of servers to make decisions about where to route incoming
requests, optimizing for faster processing.

• The dynamic aspect comes from the continuous monitoring of server response times and the
adaptive nature of the algorithm to route incoming requests to the server with the historically lowest
response time.

For example:

Picture yourself at a snack bar where you can order food from different servers. You notice that some
servers are faster than others. You choose the server that seems to serve food the quickest each time you go.
Least Response Time is like picking the server with the shortest line.

You can balance traffic across multiple backend servers based on multiple load balancing schedules
including:

• Static (failover)

• Round robin

• Weighted (to account for different sized servers or based on the health and performance of the server
including round trip time and number of connections)

The load balancer supports HTTP, HTTPS, IMAPS, POP3S, SMTPS, SSL/TLS, and generic TCP/UDP and
IP protocols. Session persistence is supported based on the SSL session ID based on an injected HTTP
cookie, or based on the HTTP or HTTPS host. SSL/TLS load balancing includes protection from protocol
downgrade attacks.

Country blocking, also known as geo-blocking, is a technique where access to a website, service, or content
is restricted based on a user's location, typically determined by their IP address. This method is often use to
mitigate cyber threats..
How Country Blocking Works:

• Geographic Identification:

Websites or services utilize IP address databases (like IP2Location) or services to determine the
geographical location of a user's IP address.

Access Control:

Based on the identified location, access to the website or service is granted or denied.

Firewall Rules:

Firewalls can be configured to block or allow traffic based on the country of origin.

Content Delivery Networks (CDNs):

Hostinger CDN and other CDNs can implement country blocking rules.

Examples of Where Country Blocking is Used:

• Content Licensing:

Netflix, for example, uses geo-blocking to restrict access to certain shows and movies in specific regions due
to licensing agreements.

Cyber Security:

Websites and services may block access from countries known for cyberattacks.

Marketing:

Organizations might use geo-blocking to target specific regions with localized marketing campaigns.

National Firewalls:

Some countries, like China, have implemented national firewalls to regulate internet access and content
within their borders.

Limitations of Country Blocking:

• Circumvention:

VPNs and proxies can mask a user's IP address, allowing them to bypass geo-blocking restrictions.

Firewall rules can use geographic coordinates, specifically for geolocation-based rules, to control network
traffic based on location. This allows you to allow or deny traffic based on the source or destination IP's
geographic location, such as a country or region.
How Coordinates Work in Firewall Rules:

• Geolocation Databases:

Firewalls often use geolocation databases that map IP addresses to geographic locations.

Rule Configuration:

You can define firewall rules that specify allowed or denied locations using these databases.

Examples:

You might create a rule to allow traffic only from specific countries, block traffic from certain regions, or
allow access to a service based on the user's location.

IP Address Resolution:

The firewall analyzes the source or destination IP address of a packet and uses its geolocation database to
determine the packet's origin or destination.

Rule Application:

If the packet's location matches the criteria in the rule, the firewall allows or denies the traffic accordingly.

Benefits of Geolocation-Based Rules:

• Enhanced Security:

You can protect your network from malicious actors by blocking traffic from known threat sources or high-
risk locations.

• Improved Network Control:

You can fine-tune access based on user location, providing better control over network resources.

• Compliance:

Geolocation-based rules can help you comply with regulations that require you to restrict access to certain
geographical regions.

• Performance Optimization:

You can route traffic based on location, potentially optimizing performance by directing traffic to the nearest
server.

Examples of Firewall Rules Using Geolocation:

• Allowing web access from specific countries.

• Blocking traffic from high-risk regions.

• Allowing access to a specific service only from certain geographic locations.

 • Routing traffic based on the user's location to the nearest data center.

How to create firewall policy

To create a firewall policy, navigate to your firewall's configuration interface, typically accessed through a
web-based interface or a command-line interface. You'll then need to define the rules that will govern
network traffic, specifying which traffic to allow or block based on criteria like source/destination IP
addresses, ports, protocols, and potentially other factors like user groups or applications

Cisco Application Centric Infrastructure (ACI) is a software-defined networking (SDN) solution

designed for data centers. Cisco ACI allows network infrastructure to be defined based upon network
policies – simplifying, optimizing, and accelerating the application deployment lifecycle.