Load Balancing¶

Overview¶

Load Balancing Overview

Layer 4 vs Layer 7 Load Balancing¶

L4 vs L7 Load Balancing

Load Balancing Algorithms¶

Load Balancing Algorithms

Health Checks¶

Health Checks

Session Persistence (Sticky Sessions)¶

Problem¶

User state stored in server memory requires routing same user to same server.

Methods¶

Cookie-Based: Load balancer sets cookie with server ID
IP-Based: Hash client IP (problem: NAT, shared IPs)
URL/Header Based: Use session ID in URL or header

Drawbacks of Sticky Sessions¶

Server failure loses session data
Uneven load distribution
Scaling complications

Better Alternative¶

Externalize session to Redis/Memcached so any server can handle any request.

SSL/TLS Termination¶

SSL/TLS Termination Options

Global Load Balancing (GSLB)¶

Global Server Load Balancing

Load Balancer Architectures¶

Load Balancer Architectures

Popular Load Balancers¶

Software¶

NGINX: L7 load balancer and reverse proxy, high performance
HAProxy: L4/L7 load balancer, very high performance
Envoy: Modern L7 proxy, service mesh data plane (Istio)
Traefik: Cloud-native, Kubernetes-friendly

Cloud Services¶

AWS: ALB (L7), NLB (L4), CLB (legacy)
GCP: Global HTTP(S) Load Balancer, Network Load Balancer
Azure: Application Gateway (L7), Load Balancer (L4)

NGINX Configuration Example¶

# Layer 7 load balancing configuration
upstream backend {
    # Load balancing algorithm
    least_conn;  # or: round_robin, ip_hash, random

    # Backend servers with weights
    server 10.0.0.1:8080 weight=5;
    server 10.0.0.2:8080 weight=3;
    server 10.0.0.3:8080 weight=2 backup;

    # Keep alive connections to backend
    keepalive 32;

    # Health check (NGINX Plus only)
    # health_check interval=5s fails=3 passes=2;
}

server {
    listen 443 ssl http2;
    server_name api.example.com;

    # SSL termination
    ssl_certificate /etc/ssl/certs/cert.pem;
    ssl_certificate_key /etc/ssl/private/key.pem;

    location / {
        proxy_pass http://backend;

        # Headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Timeouts
        proxy_connect_timeout 5s;
        proxy_read_timeout 60s;

        # Keep alive
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }

    # Health check endpoint (bypass backend)
    location /health {
        access_log off;
        return 200 "healthy\n";
    }
}

Interview Questions¶

L4 vs L7 load balancing?
L4: TCP level, faster, no content inspection
L7: HTTP level, content routing, SSL termination
How do you handle sticky sessions?
Cookie-based affinity
Better: Externalize session to Redis
What happens when a server goes down?
Health check detects failure
Traffic routed to healthy servers
Optional: Connection draining
How do you handle SSL certificates?
Terminate at LB (simpler, offloads CPU)
Or passthrough (end-to-end encryption)
Or re-encrypt (both L7 features and internal encryption)
How do you ensure LB high availability?
Active-passive with heartbeat/VRRP
Active-active with DNS
Cloud managed (auto-scaling, multi-AZ)
How do you handle global traffic?
GSLB with DNS-based routing
Anycast for same IP across regions
GeoDNS for regional routing

*