Multi-tier Load Balancing Group

The multi-tier load balancing feature enables you to create multiple levels of load balancing groups, called as tiers. When one tier is unreachable, the system fails over to the next tier. You can have a maximum of three tiers. You must configure the tiers in order, for example, you cannot have tier 3 without having tiers 1 and 2.

Refer to Load Balancing Group for details on load balancing.

The following parameters are tier-aware, that is, their values can vary by tier:

To vary the values by tier, add the suffix .n to the parameter's name, where n is the tier number. You can opt to apply one value to all tiers by omitting the .n suffix.

To set up the IP address for tiers 1, 2, and 3, set the following:

<NAE_IP Tier="1">110.164.73.222:10.164.73.212:110.164.73.215</NAE_IP>

<NAE_IP Tier="2">110.164.73.223:10.164.73.213:110.164.73.216</NAE_IP>

<NAE_IP Tier="3">110.164.73.224:10.164.73.214:110.164.73.217</NAE_IP>

To set up the port for tiers 1, 2, and 3, set the following:

<NAE_Port Tier="1">9000</NAE_Port>

<NAE_Port Tier="2">9000</NAE_Port>

<NAE_Port Tier="3">7000</NAE_Port>

How Multi-tier Load Balancing Group Works

The following steps describe what happens when the client attempts to connect to the multi-tier load balancing group for the first time:

1. The client creates a session. This in turn creates a new load balancer. The load balancer stores the NAE_IP, NAE_Port, Protocol, Connection_Timeout, and Connection_Retry_Interval parameters.

   If persistent connections are enabled, the load balancer also creates a new connection pool for each server in the load balancing group, else the connection pool is not created.

   Tip

   It is recommended to enable persistent connection.

2. The client requests a connection from the load balancer. For the first connection request, the load balancer chooses one of the available CipherTrust Managers at random and creates a connection. For future requests, the load balancer will apply the Load_Balancing_Algorithm to decide which CipherTrust Manager to use. The load balancer chooses server 1 on tier 1.

3. The client waits the duration of the Connection_Timeout for server 1 response.

4. If server 1 does not respond within the timeout period, the client ignores server 1 for the duration of the Connection_Retry_Interval.

5. The client attempts to connect to server 2 on tier 1.

6. The client waits the duration of the Connection_Timeout for a response from server 2. The client cannot connect to any server on tier 1 within the Unreachable_Server_Retry_Period.

7. The client attempts to connect to a server on tier 2. For the first connection request, the load balancer chooses one of the available CipherTrust Managers at random and creates a connection. For future requests, the load balancer will apply the Load_Balancing_Algorithm to decide which CipherTrust Manager to use. The load balancer chooses server 1 on tier 2. The client will cycle through all of the CipherTrust Managers on all tiers until the Maximum_Server_Retry_Period expires.

8. The client obtains the connection from server 3 on tier 2.

9. The client uses the connection to send a cryptographic request to server 3.

10. Server 3 sends the response.

11. The client receives the response. The load balancer keeps the connection in the pool, if persistent connections are enabled. Otherwise, the connection is closed.

12. The client requests another connection. The load balancer uses the algorithm selected in the Load_Balancing_Algorithm to decide which CipherTrust Manager to use. If persistent connections are enabled, the load balancer searches that CipherTrust Manager’s connection pool for an existing connection.

Related Parameters

Refer to Network Configuration Parameters and Connection Configuration Parameters for details about the network and connection configuration related parameters.