Internet-Draft | MSLB | April 2024 |
Matsuhira | Expires 6 October 2024 | [Page] |
This document specifies Multi-Stage Transparent Server Load Balancing (MSLB) specification. MSLB makes server load balancing over Layer3 network without packet header change at client and server. MSLB makes server load balancing with any protocol and protocol with encryption such as IPsec ESP, SSL/TLS.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 6 October 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document specifies Multi-Stage Transparent Server Load Balancing (MSLB) specification.¶
MSLB provides server load balancing function over Layer3 network without packet header change at client and server. MSLB works with any protocol and protocol with payload encryption such as IPsec ESP, SSL/TLS.¶
There are several load-balancing techniques, such as round-robin DNS, IP Anycasting [RFC1546] and destination address translation. Figure 1 shows a load-balancing system with a typical server load balancer with destination address translation technique.¶
It is well-known that Network address translators break the internet transparency [RFC2775] and have an application dependency [RFC2993] characteristic.¶
Some server load balancers use application data, so with IPsec ESP, SSL/TLS, these mechanisms may not work well.¶
Load balancing is the technique that distributes packets to multiple servers. For packet distribution, the destination address translation technique is useful, however, this technique itself breaks internet transparency.¶
After distribution, if writing back to the original destination address may be possible, it is possible to recover transparency. This is the basic idea and architecture of MSLB. Figure 2 shows the architecture of MSLB.¶
This method processes only the destination address of the IP header. This method can be applied to both IPv4 and IPv6.¶
Figure 3 shows a basic server load balancing system with MSLB. This case two-stage configuration with one MSLB-F and one-stage many MSLB-Bs.¶
MSLB-F is a front function of MSLB and translates the destination address to one of the addresses of MSLB-B. BSLB-B is the backend function of MSLB and translates the destination address to the original server address, i.e. address of MSLB-F. The IP address of MSLB-F and all servers are the same value.¶
MSLB-F may multi-stage configuration. Figure 4 shows a three-stage configuration with two-stage MSLB-F and one-stage many MSLB-Bs.¶
Figure 5 shows one arm configuration of the server load balancing system with MSLB.¶
MSLB-F is a front function of MSLB and translates the destination address to one of the addresses of MSLB-B. BSLB-B is a backend function of MSLB and translates the destination address to the original server address, i.e. address of MSLB-F. The IP address of MSLB-F and all servers are the same value.¶
In this configuration, MSLB-F connects to the network with a single link, that is one arm configuration. In this case, the return packet, i.e.packet from server to client does not pass through the MSLB-F.¶
MSLB has two modes, one is address translation mode, and the other is encapsulation mode.¶
This mode uses an address translation technique.¶
Figure Figure 6 shows packet processing with address translation mode.¶
In this figure, to the client, the IP address is allocated IP_C1, IP_C2, and the server IP address is IP_S. In this case, IP_S is also allocated to all servers and MSLB-F. And to the MSLB-B, IP_B1, IP_B2, IP_B3 is allocated. This allocation is shown in the upper part of Figure 6.¶
The lower part of Figure 6 shows packet transfered between client and server. From the client to the server, only the destination address is translated, MSLB-F translates from IP_S to IP_B1, and MSLB-B translate from IP_B1 to IP_S. Then the destination address of the packet sent to the client and the destination address of the packet that receives the server are the same. That means transparency remains.¶
Return packet, i.e., from the server to the client is not translated, it just forwarded.¶
On the Internet, the client IP address and server IP address must Global IP address, however, the IP address of MSLB-B may private IP address.¶
Figure 7 shows the MSLB table. MSLB has this table and translates the destination address using this table value. MSLB-F checks the source IP address and translates the destination address with this table.¶
Using IPv4-IPv6 translation may be possible, i.e., IPv4 packet translated to IPv6, then translate to IPv4 or IPv6 packet translate to IPv4, then translate IPv6 may possibleFigure 8 shows possible combination of IPv4 and IPv6. These IPv4-IPv6 translation cases will be defined in the future.¶
This mode uses an encapsulation technique.¶
Figure Figure 9 shows packet processing with encapsulation mode.¶
In this figure, to the client, the IP address is allocated IP_C1, IP_C2, and the server IP address is IP_S. In this case, IP_S is also allocated to all servers and MSLB-F. And to the MSLB-B, IP_B1, IP_B2, IP_B3 is allocated. This allocation is shown in the upper part of Figure 6.¶
The lower part of Figure 6 shows packet transfered between client and server. From the client to the server, MSLB-F encapsulates the original IP packet and sends it to MSLB-B. MSLB-B decapsulates the outer IP header and forwards it to the server. The inner IP packet does not change, which means, transparency is remained.¶
With encapsulation mode, packet size is increased, so fragmentation is needed if the encapsulated packet size exceeds MTU or Path MTU. MSLB-F MUST support tunnel MTU discovery [RFC1853]. Fragmentation and Path MTU discovery [RFC1191] issue will be described in the future.¶
Return packet, i.e., from the server to the client is not encapsulated, just forwarded.¶
On the Internet, the client IP address and the server IP address must Global IP address, however, the IP address of MSLB-B may private IP address.¶
Figure 10 shows the MSLB table. MSLB has this table and encapsulates and generates an outer header with the destination address using this table value. MSLB-F checks the source IP address and generates the destination address of the outer header with this table.¶
Using IPv4 over IPv6 encapsulation or IPv6 over IPv4 encapsulation may be possible, i.e., IPv4 packet encapsulated to IPv6, then decapsulate to IPv4 or IPv6 packet encapsulated to IPv4, then de-encapsulated IPv6 may be possible. Figure 11 shows the possible combination of IPv4 and IPv6. These IPv4-IPv6 encapsulation cases will be defined in the future.¶
[RFC2827] describes ingress filtering for defending against DoS attacks that employ IP source address spoofing.¶
Depending on the location of the MSLB-F and MSLB-B, packets from the server to the client may be discarded by ingress filtering. In such a case, encapsulating the packet from server to client might resolve. Figure 12 shows such a solution.¶
MSLB has the following characteristics.¶
This document does not request IANA.¶
Note to RFC Editor: this section may be removed on publication as an RFC.¶
Security consideration is not discussed in this memo.¶