Health checks remove failed servers
The load balancer probes each backend periodically. Failed servers are removed from rotation automatically.
6.3 Load Balancers and Proxies
IDS and IPS handle security. Load balancers handle a different problem: distributing traffic efficiently across multiple servers.
Load Balancers
Section titled “Load Balancers”A load balancer distributes incoming connections across multiple backend servers. Clients connect to a single VIP (Virtual IP). The load balancer maps each connection to a backend server using algorithms like round-robin, least connections, or weighted distribution.
Health Checks
Section titled “Health Checks”A health check tests each backend server periodically. The load balancer sends a probe (TCP connect, HTTP GET, or custom script) at a configured interval. If a server fails a configurable number of consecutive checks, the load balancer removes it from rotation. When the server passes checks again, the load balancer restores it.
| Health Check Type | Method | Use Case |
|---|---|---|
| TCP connect | Opens a TCP connection to the port | Verify the port is listening |
| HTTP GET | Sends an HTTP request, checks status code | Verify the application responds |
| Custom script | Runs a script that returns pass/fail | Verify application-specific logic |
Session Persistence
Section titled “Session Persistence”Some applications require all requests from the same client to reach the same backend server. Session persistence (sticky sessions) achieves this by mapping a client (identified by source IP, cookie, or TLS session ID) to a specific backend. Without persistence, a user’s session state on server 1 is invisible to server 2, causing authentication failures or lost shopping carts.
In OT, session persistence matters for SCADA web interfaces where the session state tracks the operator’s current view and alarm acknowledgments.
Proxies
Section titled “Proxies”A proxy server acts as an intermediary between clients and servers. A forward proxy sits between internal clients and the internet, providing content filtering and caching. A reverse proxy sits in front of backend servers, providing TLS termination, caching, and load balancing. A transparent proxy intercepts traffic without client configuration.
Key Takeaways
Section titled “Key Takeaways”Session persistence for stateful apps
SCADA web interfaces and other stateful applications require sticky sessions to maintain operator context.
What Comes Next
Section titled “What Comes Next”Load balancers distribute traffic across servers. The next page covers NAS and SAN, the storage appliances that provide file-level and block-level access to data.
References
Section titled “References”- CompTIA Network+ N10-009 Exam Objectives, Domain 1: Networking Concepts