This lab walks you with a demo of the HTTP Load Balancer.
In this lab, we will discuss different types of Load Balancer.
Duration: 60 minutes
Before understanding details about HTTP(S) load balancing, let us try to understand the architecture behind networking, which is based on the OSI model. You might have heard it before also but today we will discuss the OSI model at a high level. It'll help you understand things easily.
We have 7 layers in the OSI model, which goes from bottom to top from the sender's end and top to bottom at the receiver's end.
Layer 1 - Physical Layer, which is your actual cables
Layer 2 - Data Link Layer, which will provide you a physical non-changing address called MAC Address, The data link layer translates the physical's raw bit stream into Frames. Basically, Frames are a serial collection of bits. Header and trailer to the frame at this layer. The header which is added to the frame contains the hardware destination and source address called MAC Address.
Layer 3 - Network Layer, A Network layer adds the source and destination address to the header of the frame. Addressing is used to identify the device on the internet which is called IP Address.
Layer 4 - Transport, This layer can be termed as an end-to-end layer as it provides a point-to-point connection between source and destination to deliver the data reliably. It adds Port to the packets. To understand in a better way, Suppose you have a lot of processes running on your system like Google, Amazon, Yahoo, etc. Actually, your system as a client is trying to communicate with these servers to take your segment to the correct process on that server and bring that back response to the correct process on your computer, it happens using Port Numbers which help you determine which request belongs to which process. Think IP address as your Society and Port number as your House number.
Layer 5 - Session layer which is used to establish, manage, and terminate the session
Layer 6 - Presentation layer which is used to translate, encrypt and compress data.
Layer 7 - Application layer which is used to allow access to network resources.
Load Balancing can be done using different methods, i.e. Layer 4 — TCP, UDP, and Layer 7 — HTTP, HTTPS
We are discussing common facts about all Layer 7 Load Balancers(LBs) and Layer 4 Load Balancers(LBs). In the demo, we will create a simple HTTP Load Balancer. You can create HTTPS Load Balancer in case you own a domain, we have attached a document on how to do that as well.
Layer 4-LBs act almost as transport layer aware routers that do no packet manipulation and are faster than Layer 7-LBs that perform a number of manipulation to packets and also have session affinity feature ensuring connections that result from the same source are always served from the same backend. Layer 7-LBs are more common and are often always software whereas Layer 4 - Load Balancers are less common, and tend to be implemented in dedicated hardware.
One important note about Layer 7-LBs is their ability to terminate the SSL traffic. This is a limitation for most Layer 4-LBs as they cannot determine if incoming packets are wrapped in SSL and therefore fail to terminate SSL traffic. L7 Load Balancers can have CA certificates installed within them that can verify the authenticity of the service instead of storing and handling them backends. The processing strain from having to encrypt and decrypt such requests is pushed onto Layer 7 - Load Balancers to decrypt such data and re-encrypt the packet for transmission to the backend server. This often results in high latency and can be problematic at times.
Within Layer 7 - Load Balancers, the packet is inspected, although this can be a costly process in terms of latency, it has additional features like balance traffic based on content. For example, your company has a pool of backends that have been fitted with some high-end instances optimized for video processing. Another pool may contain low-power CPUs that are optimized for static websites. Layer 7 - Load Balancers can use the URL path e.g. whizlabs.com/courses to serve the most appropriate backend to send incoming traffic to the ones with high-end instances, whereas requests to a different URL such as whizlabs.com/blogs can be transferred to the low-power instances, all thanks to the Layer 7 - Load Balancers ability to intelligently split traffic.
Another interesting feature of Layer 7 - Load Balancers is the fact of session affinity or connection stickiness. It is the tendency for a connection where the traffic from the same source continues to be served from the same backend. So if your IP is 184.108.40.206 and you connect to Youtube servers, that are configured with Layer 7-LBs, there is a high chance your tutorial on 'How to get GCP Certified Profession', is being served by the exact same server even if you switch to any other video. This way you receive an uninterrupted consistent connection, which improves the quality of service. Session affinity provides a best-effort attempt to send requests from a particular client to the same backend for as long as the backend is healthy.
The flow of the above diagram explained below:
An IPv4 user sends a request to the Public IP provided in the forwarding rule.
The forwarding rule then directs the request to the target HTTP proxy.
As we are using a Simple host and path rule, the target proxy determines that the single backend service receives all requests.
The load balancer then determines the instance group and directs the incoming request to the VM instance in the group.
Finally, the VM instance responds to the request by the user.
Login into GCP Console.
Creating an Instance Template.
Creating an Instance Group.
Creating a Firewall Rule.
Reserving an External IP address.
Creating Target pools.
Creating forwarding rules.
Creating a health check.
Launch the lab environment by clicking on . This will create a GCP environment with the resources and roles required for this lab.
Once the lab environment is ready, will be active. Click on , this will open Google Sign-In page. (Make sure you are using an Incognito mode).
On your previous tab, Click on and copy your credentials to Sign-in to the console.
Once logged in, you will be redirected to the GCP Console.
Click on the hamburger icon on the top left corner
Select Compute Engine under Compute Section
Select Instance templates
Click on Create instance template.
Enter the name of your instance template like whizlabs-instance-template
Select the N1 series from the Series dropdown.
Select machine type as n1-standard-1. Do not choose any other machine type, doing so might get your access to labs blocked.
Under this mentioned tab, Go to the Startup script
Enter the given bash script to get these packages installed on the startup of the instance.
Click on create to finally create your instance template.
You can now see the instance template created.
Select Instance groups from the left sidebar
Click on Create instance group.
Enter the name of your instance group like whizlabs-instance-group
Select single zone for practice purpose
Choose region as us-central1 and zone as us-central1-a
Choose your instance template which you created in the previous steps.
Select autoscaling mode as Autoscale
Choose metric type as CPU utilization and enter Target as 80 which means once your CPU utilization goes above 80%, new instances should add up.
Enter minimum instances as 1 and Maximum as 5.
Click on Create to finally create your instance group.
You can now see your instance group listed.
Click on the hamburger icon on the top left corner
Select VPC network under Networking section
In the left sidebar, click on Firewall
Click on Create firewall rule
Enter the firewall rule name like http-allow
Choose the network as default
Enter priority number as 1000
Choose direction as Ingress as we are allowing all incoming HTTP traffic
Choose Allow as we want to allow the incoming traffic
Choose target as All Instances in the network which means the same rule will apply for all the instances in the network
Enter the Source IP range as 0.0.0.0/0 which means all traffic
Enter the port as 80 and check TCP as we are allowing HTTP traffic, HTTP port is 80
Click on create to create the firewall rule
Now, choose External IP addresses from the left sidebar.
Click on Reserve static address
Enter the name like whizlabs-ip
Choose the tier as Premium because we are creating Global Forwarding Rules.
Choose IPv4 as IP version
Select type as Global. At this point we are just reserving the IP address and not attaching it to our load balancer, once we configure the load balancer, then we will attach IP.
Click on Reserve to reserve your Static IP address
Select Network services under the Networking tab
Click on Create load balancer.
Choose HTTP(s) Load Balancing and click on Start configuration.
Choose the Internet-facing option and click on continue.
Enter the load balancer name like whizlabs-lb
Click on Backend Configuration.
In backend configuration, click on the shown drop-down menu.
Click on Create a backend service
Enter any name like whizlabs-backend.
Choose the instance group which you created earlier
Enter the port number as 80 and 8080
Click on the health check drop-down menu
Click on Create a health check
Enter any name like whizlabs-health. Keep the other option as is and click on Save.
Click on Create.
Leave host and path rules as is.
Choose frontend configuration
Enter any name like whizlabs-frontend.
Choose the protocol as HTTP and choose network tier as Premium.
Click on IP Address field
Choose your reserved IP address. This forwarding rule will redirect you to your instances in the Instance group
Click on Done.
Click on Create to finally create your load balancer
You can see your load balancer listed
Copy the Static IP which you selected in the Forwarding Rule
Enter the IP into the URL to get the output
In case you want to create HTTPS Load Balancer, you can follow the Setup HTTPS Load Balancer in Supporting Document.
In this lab, you have created an HTTP Load Balancer.
You have successfully completed the lab.
Once you have completed the steps click on from your whizlabs dashboard.