12 Network Load Balancing Overview
Load balancers improve resource usage, scaling ability, and help with instance availability. Two types of load balancers are available on the Oracle Private Cloud Appliance:
- Load Balancer as a Service (LBaaS)
- Network Load Balancer (NLB)
The biggest difference between LBaaS and a NLB is that LBaaS provides Layer-7 routing and the NLB provides Layer-4 pass-through routing. This means that NLB sees only the IP and TCP headers on a packet, while LBaaS sees all headers inserted before the message data, including information in the HTML part of the message.
Although the operational layers are the most obvious difference between LBaaS and NLBs, some features are shared while others differ. For example, both types of LB require a public network load balancer to accept traffic from the internet, and a public LB can't be in a private subnet.
The following table summarizes these major differences.
Table 12-1 LBaaS and NLB Major Characteristics Compared
Major Characteristic | LBaaS | NLB |
---|---|---|
Visibility | Public or Private | Public or Private |
IP Address | Ephemeral or Reserved IP address | Ephemeral or Reserved IP address |
Policy Parameters | Weighted Round Robin, IP hash, Least Connections | IP hash mapped from 5, 3, or 2 header fields |
Layer 4 Functioning | Yes | Yes |
Layer 7 Functioning | Yes | No |
TLS Support | Yes | No |
If a VCN uses network security groups (NSGs), you can associate the load balancer with an NSG. An NSG has a set of security rules that controls allowed types of inbound and outbound traffic. The rules apply only to the resources in the group. An NSG isn't a security list, where the rules apply to all the resources in any subnet that uses the list. See "Controlling Traffic with Network Security Groups" in the the Networking section in the Oracle Private Cloud Appliance User Guide for more information about NSGs.
If you prefer to use security lists for the VCN, see "Controlling Traffic with Security Lists" in the the Networking section of the Oracle Private Cloud Appliance User Guide for more information about security lists.
We recommend that you distribute backend servers across all availability domains.
Other differences are of an operational nature, or involved in configuration limits. Many of the NLB limitations are because of the functioning at Layer 4 and no higher. These differences are listed in the following table.
Table 12-2 Other LBaas and NLB Characteristics Compared
Characteristic | LBaaS | NLB |
---|---|---|
Routing of Requests | Yes | No |
Persistence of Sessions | Yes | No |
SSL Certificates | Yes | No |
Cipher Suites | Yes | No |
Listener Protocol | HTTP, HTTP2, TCP, HTTPS | TCP |
Health Check Protocol | HTTP, TCP | HTTP, HTTPS, TCP |
IP Address Limit | 1 | 1 |
Backend Set Limit | 16 | 4 |
Backend Servers per Backend Set | 512 | 512 |
Total Backend Servers Limit | 512 | 1024 |
Maximum Listeners | 16 | 50 |
Certificate Support | Yes | No |