Multi-tier Load Balancing Group
The multi-tier load balancing feature enables you to create multiple levels of load balancing groups, called tiers. When one tier is unreachable, the system fails over to the next tier. You can have a maximum of three tiers. You must configure the tiers in order; for example, you can’t have tier 3 without having tiers 1 and 2.
The following properties are tier-aware, which means their values can vary by tier:
NAE_IP
NAE_Port
For example, to set up the IP address for tiers 1, 2, and 3, you can set the following:
<NAE_IP Tier="1">110.164.73.222:10.164.73.212:110.164.73.215</NAE_IP>
<NAE_IP Tier="2">110.164.73.223:10.164.73.213:110.164.73.216</NAE_IP>
<NAE_IP Tier="3">110.164.73.224:10.164.73.214:110.164.73.217</NAE_IP>
For example, to set up the port for tiers 1, 2, and 3, you can set the following:
<NAE_Port Tier="1">9000</NAE_Port>
<NAE_Port Tier="2">9000</NAE_Port>
<NAE_Port Tier="3">7000</NAE_Port>
How it Works
The following steps describe what happens when the client attempts to connect to the multi-tier load balancing group for the first time:
The client creates a session. This in turn creates a new load balancer, which stores the
NAE_IP
,NAE_ Port
,Protocol
,Connection_Timeout
, andConnection_Retry_Interval
properties. The load balancer also creates a new connection pool for each server in the load balancing group.The client requests a connection from the load balancer. Since this is the first connection request, the load balancer chooses one of the CipherTrust Manager servers on tier 1 and creates a connection in a round-robin fashion.
The client waits the duration of
Connection_Timeout
for Server 1’s response.Server 1 does not respond within the timeout period. The client ignores Server 1 for the duration of the
Connection_Retry_Interval
.The client attempts to connect to Server 2 on tier 1.
The client waits the duration of
Connection_Timeout
for server 2’s response.The client can’t connect to any Server on tier 1.
The client attempts to connect to a Server on tier 2. The load balancer chooses the first CipherTrust Manager server on tier 2 and tries to create a connection. When the client makes future requests, the load balancer will apply the round-robin algorithm to decide which CipherTrust Manager server to use. (The client will continue to use tier 2 until tier 1 is available.) The client will cycle through all of the CipherTrust Manager servers on all tiers.
The client obtains the connection from Server 3 on tier 2.
The client uses the connection to send a cryptographic request to Server 3.
Server 3 sends the response.
The client receives the response. The load balancer keeps the connection in the pool.
The client requests another connection. The load balancer uses the round-robin algorithm to determine which CipherTrust Manager server to use. The load balancer searches that CipherTrust Manager server’s connection pool for an existing connection.
Related Properties
To connect to a multi-tier load balancing group, you need to set the following parameters in the properties file:
NAE_IP
NAE_Port
Protocol
Connection_Timeout
Connection_Retry_Interval
Load_Balancing_Algorithm
To know more about these properties, refer to Network Configuration Parameters and Connection Configuration Parameters.
Examples
Example 1 - Default Values
The CADP.NETCore_Properties.xml file may contain the following values:
Connection_Timeout=30000
Connection_Retry_Interval=600000
For this example, let’s set:
<NAE_IP Tier="1">alpha:beta:gamma</NAE_IP>
, <NAE_IP Tier="2">psi:omega</NAE_IP>
Connection_Timeout: The client will get an error if it takes longer than 30 seconds to get a response from the server.
Connection_Retry_Interval: If the client cannot connect to a server within the Connection_Timeout
, the client will take that server out of the round-robin rotation for 10 minutes (600000 milliseconds).
Example 2 - Setting Connection_Timeout
<NAE_IP Tier="1">alpha:beta:gamma</NAE_IP> and <NAE_IP Tier="2">psi:omega</NAE_IP>
This time, let's set Connection_Timeout:
Connection_Timeout=2000
Connection_Retry_Interval=600000
The Connection_Retry_Interval
is unchanged.
Connection_Timeout: The client will get an error if it takes more than 2 seconds to get a response from the server. In the event that the server (or your network) is under a heavy load, you can get a timeout even for a running server. In this case, if you set Connection_Retry_Interval
too low, you will just end up having an already overloaded server.
Example 3 - Automatic Failover
You can use the following settings to ensure a speedy failover from one tier to another:
Connection_Timeout=600
Connection_Retry_Interval=600
Result
Connection_Timeout: The client will get an error if it cannot get a connection within .01 minutes.
Connection_Retry_Interval: The client will ignore an unavailable server for .01 minutes.
This configuration is useful when testing the Multi-Tier Load Balancing setup.