7.3. Load balancing

UserGate supports load balancing for various services within a local network, including internal servers published on the Internet (DNAT) and internal servers without publication. Balancing can be provided to:

  • Internal servers published on the Internet (DNAT)

  • Internal servers that are not published.

  • Balance the traffic which is sent to external ICAP servers or ICAP farm.

  • Balance the traffic which is sent to servers published through reverse proxy.

The balancer uses various techniques to dynamically allocate queries received on the IP address of a virtual server to IP addresses of physical servers. To set up balancing, create new balancing rules in the Network policies-->Load balancing section.

To create a balancing rule for TCP/IP servers, select Add a TCP/IP load balancer and provide the following parameters:

Name

Description

Enabled

Enables or disables a rule

Name

Name of the balancing rule

Description

Description of the balancing rule

Virtual server IP

Select an IP address from the list of addresses assigned to UserGate network interfaces. If necessary, administrators can also add more IP addresses to any interface.

Protocol

TCP or UDP for which you are going to perform load balancing

Port

Port for which you are going to perform load balancing

Scheduler

You can choose between 4 load balancing methods:

  • Round robin - each new connection is forwarded to the next server in the list to distribute load across all servers

  • Weighted round robin - this method is similar to Round robin except that each server is assigned a weight to distribute traffic according with servers' performance

  • Least connections - each new connection is forwarded to the server which is serving the least number of connections at the moment

  • Weighted least connections - this method is similar to Least connections except that each server is assigned a weight to distribute traffic according with servers' performance

Real servers

Add a new pool of physical servers to which you are going to forward traffic. Specify the following parameters for each server:

  • IP address of server

  • Port to which you are going to forward user requests

  • Weight. This factor allows for more efficient load distribution among physical servers when using Weighted round robin or Weighted least connections. Larger weights correspond to higher server loads

  • Mode. Two options are possible:
    Gate - forwards traffic to a virtual server by means of routing.
    Masq - forwards traffic to a virtual server by means of NAT

Fallback

Failover mode is used when all physical servers are unavailable. To activate the fallback mode, enable it and then specify the following parameters:

  • IP address of the server to which requests will be forwarded in case of fallback

  • Port to which you are going to forward user requests

  • Mode. Two options are possible:
    Gate - forwards traffic to a virtual server by means of routing.
    Masq - forwards traffic to a virtual server by means of NAT

Monitoring

Based on monitoring functionality, you can set up automatic health checking for physical servers. All servers that fail to pass the health check will be excluded from balancing.

Mode

Monitoring method for physical servers. Possible values:

  • ping - checks availability of a node using the ping command

  • connect - checks availability of a node by establishing a TCP connection with a certain port

  • negotiate - checks availability of a node by sending the predefined HTTP or DNS query and matching the actual response with the expected one. To set up this mode, select a service type (HTTP or DNS) and the rows Request and Expected response

Check interval

Minimum time period between subsequent checks

Check timeout

Maximum time period of waiting for a response

Max failures

Number of failed attempts of physical server checking after which the server will be considered unavailable and therefore will be excluded from balancing.

Important! Balancing rules have a higher priority and therefore are applied before NAT/DNAT/routing rules.

The ICAP service balancer distributes the workload on external ICAP server farms, e.g. to an external server farm with the anti-virus software. Then this balancer can be used in ICAP rules. To create an ICAP server balancer, select Add an ICAP load balancer and provide the following parameters:

Name

Description

Enabled

Enable or disable the rule

Name

Name of the balancing rule

Description

Description of the balancing rule

ICAP profiles

Select ICAP profiles of the servers to which the workload should be distributed. For more details on ICAP servers, please refer to section Integration with external ICAP servers.

The reverse proxy server balancer distributes the workload on internal servers or server farms published using the reverse proxy rules. Then this balancer can be used in reverse proxy rules. To create a reverse proxy server balancer, select Add a reverse proxy load balancer and provide the following parameters:

Name

Description

Enabled

Enable or disable the rule

Name

Name of the balancing rule

Description

Description of the balancing rule

Reverse proxy profiles

Select reverse proxy profiles of the servers to which the workload should be redistributed. For more details on publication using reverse proxy rules, please refer to the Publication of HTTP/HTTPS resources using the reverse proxy section.