Load Balancing Group
A load balancing group is a group of the CipherTrust Manager servers the client can connect to. Load balancing is a mechanism to equally distribute the connection load across the CipherTrust Manager servers when there are concurrent requests.
You create a load balancing group by listing multiple server IP addresses/Hostnames (separated by colons) in the NAE_IP parameter.
Example
<NAE_IP Tier="1">192.168.1.10:192.168.1.11:192.168.1.12</NAE_IP>
CADP for .NET Core allows you to create multiple levels of load balancing groups, called as tiers. Refer to Multi-Tier Load Balancing Group for details.
Note
It is recommended that all the devices in a load balancing group are also members of the same cluster. Refer to CipherTrust Manager Administration Guide for details.
How Load Balancing Group Works
The following steps describe what happens when the client attempts to connect to the load balancing group for the first time:
The client creates a session. This in turn creates a new load balancer. The load balancer stores the
NAE_IP,NAE_Port,Protocol,Connection_Timeout, andConnection_Retry_Intervalparameters.If persistent connections are enabled, the load balancer also creates a new connection pool for each server in the load balancing group, else the connection pool is not created.
Tip
It is recommended to enable persistent connection.
The client requests a connection from the load balancer. For the first connection request, the load balancer chooses one of the available CipherTrust Managers at random and creates a connection. For future requests, the load balancer will apply the
Load_Balancing_Algorithmto decide which CipherTrust Manager to use.The client waits the duration of the
Connection_Timeoutfor a server response.If server 1 does not respond within the timeout period, the client ignores server 1 for the duration of the
Connection_Retry_Interval.The client attempts to connect to server 2.
The client obtains the connection.
The client uses the connection to send a cryptographic request to server 2.
Server 2 sends the response.
The load balancer keeps the connection in the connection pool, if persistent connections are enabled. Otherwise, the connection is closed.
Related Parameters
| NAE_IP | Connection_Timeout |
| NAE_Port | Connection_Retry_Interval |
| Protocol | Load_Balancing_Algorithm |
Refer to Network Configuration Parameters and Connection Configuration Parameters for details about the network and connection configuration related parameters.
Examples
Default Values
The CADP.NETCore_Properties.xml file uses the following default values:
| Parameter | Default Value | Impact on Load Balancing |
|---|---|---|
| Connection_Timeout | 30000 | The client will get an error if it takes longer than 30 seconds to get a response from the server. |
| Connection_Retry_Interval | 600000 | If the client cannot connect to a server within the Connection_Timeout, the client will take that server out of the round-robin rotation for 10 minutes (600000 milliseconds). |
Setting Connection_Timeout
Set the Connection_Timeout as follows:
| Parameter | Default Value | Impact on Load Balancing |
|---|---|---|
| Connection_Timeout | 2000 | The client will get an error if it takes more than 2 seconds to get a response from the server. In the event that the server (or your network) is under a heavy load, you can get a timeout even for a running server. In this case, if you set the Connection_Retry_Interval too low, you will just end up having an already overloaded server. |
| Connection_Retry_Interval | 600000 | This parameter is unchanged. |
Automatic Failover
Use the following settings to ensure a speedy failover from one tier to another:
| Parameter | Default Value | Impact on Load Balancing |
|---|---|---|
| Connection_Timeout | 600 | The client will get an error if it cannot get a connection within .01 minutes. |
| Connection_Retry_Interval | 600 | The client will ignore an unavailable server for .01 minutes. |
This configuration is useful when testing the Multi-Tier Load Balancing Group setup.
