Bringing Layer 7 Load Balancing into the Cloud

If you’ve been following our progress, you know that over the last several months we’ve deployed numerous updates, providing our customers with new functionalities while also improving on some of the existing Incapsula features. All of these updates, from the more security-oriented Backdoor Protect and Login Protect to the recently introduced CDN settings overhaul, are a part of a larger development plan whose ultimate goal is to provide our clients with a complete, cloud-based, content delivery solution.

With this in mind, today we are rolling out another major upgrade to our existing Load Balancing features by providing Incapsula clients with a Layer 7 Load Balancing capabilities.

About Load Balancing

At its core, Load Balancing is a straightforward process which requires you to:

  • Distribute HTTP requests between multiple IPs.
  • Stop sending traffic to IPs that are down.
  • Resume sending traffic to downed IPs, as soon as they come back up.

Load Balancing can only be done by a proxy, which can either be an on-premise appliance (such as a Citrix, or an F5 box) or a cloud service – like Incapsula. Either way, the basic idea is to distribute the processing tasks in a way that utilizes all available resources.

Prior to this update, Incapsula’s default load balancing algorithm was Source IP hash, with added layer 7 Session Persistence (also referred to as “Session Stickiness”). This method was both simple and reliable, but in terms of efficiency, the algorithm was only a marginal improvement to the very basic concept of Round Robin, which isn’t able to:

  • Intelligently distribute the load in accordance with the machines’ capacities.
  • React quickly to lags, allowing “natural recovery” even before the server becomes unresponsive.

Not satisfied with what we had, we’ve been working to extend our load balancing capability to provide a more responsive and smarter Layer 7 solution. After experimenting with various methods, we chose the one that clearly demonstrated the best results – Least Pending Requests.

How Does ‘Least Pending Requests’ Work?

The Least Pending Requests (LPR) algorithm relies on Incapsula’s ability to track HTTP requests, as they are being processed by the origin servers. Combined with Layer 7 Sessions Persistence, LPR helps assure effective load distribution.

As with most good ideas, the core premise of LPR is pretty simple. We know that the more loaded a server currently is, the more time it`ll take for it to serve the requests – the more pending requests will be measured. Thus, by monitoring the “request queues,” the LPR algorithm is able to identify the most available server and make it a target for the next incoming request – repeating the process again and again, while always routing to the least crowded machine.

The algorithm’s ability to re-adjust in real-time makes it flexible enough to deal with server lags and timeouts, which are usually caused by abnormally large requests or any other erratic server behavior. Any such instances – which will naturally result in prolonged request queues – are quickly recognized by the LPR algorithm, causing it to route all new request to a less overloaded machine.

Moreover, the algorithm can also deal with failover scenarios. In fact, while testing it, our network engineers discovered LPR to be an extremely responsive failover detection system, as the ‘queue is full’ indicator usually prompted them much faster than the regular health-monitoring.

Least Pending Requests Layer 7 Load Balancing

Setting a New Default

LPR Load Balancing has been deployed in production for the last several months with extremely impressive results. During the testing phase the algorithm consistently met all of our requirements, providing a means to intelligently manage load balancing tasks while also helping to avoid various bottlenecks.

Today, we are turning on LPR as our new default load balancing method. To avoid confusion, all existing accounts that already use Load Balancing will retain their original setting. To switch to the new setting, please contact our support team.

Our load balancing integration options include:

  • Multiple IPs
  • Amazon ELB alias
  • Other Custom CNAMEs

Keep your finger on the pulse

Sign up for updates from Imperva, our affiliated entities and industry news.