Nowadays, LoadBalancing is one of the basic needs for the application systems to perform optimally while considering some important factors like- scalability and high availability. Every cloud is providing LBaaS (LoadBalancing as a Service) as an offering so the consumers don’t have to worry about the setup and management of load-balancers by themselves.
But it’s not like that cloud is offering a single type of load balancer for every use case because for different use-case we require a different type of load balancer. For example- we have different load-balancers for Layer4 and Layer7 level traffic.
Recently AWS had a new family member in their load-balancer family and they named it “Gateway Load Balancer“. So gateway load-balancer is a load-balancing service provided by AWS to send traffic to the different appliances, applications, firewalls, etc. that are not part of the current VPC.
Gateway Load Balancer
I guess you are still confused with the use case of the gateway load balancer. Let me try to explain it with the use-case which we encountered. Since I am working in a DevOps consulting company, so every day I get to interact with different client and their use-cases. So I was having a discussion with a client who is in the security domain and they were explaining to me their use case. They have purchased a commercial firewall and set it up in shared VPC and wanted their other VPC applications (Dev, Pod) to use the firewall as a gateway for sending the traffic outside the world.
We gave a thought to this approach for a while and observed that this is a very genuine use case for security-specific domain-based companies. Then we started to evaluate the solution for this use-case and got introduced to the silver bullet of these kinds of use-cases “Gateway Load Balancer”. Here is the architecture diagram they wanted to achieve.
- There will be a gateway load balancer created inside the shared VPC which will send the traffic to Firewall servers.
- For the VPCs that want to communicate to the gateway load-balancer, we need to create a Gateway load-balancer endpoint similar to the VPC endpoint through which we can define the route in the routing table.
Properties of Gateway Load Balancer
- It works on the third layer of the OSI model.
- GWLB listens and transfers all the packets and the network is transparent i.e. no changes in the network.
- Gateway load-balancer uses the concept of GENEVE port and sends traffic to appliances on the same protocol.
- Provides the capability for the appliance as a service (example – firewall-as-a-service).
In the next part of this blog, I will explain how we can configure the gateway load balancer for a sample appliance running in a different VPC. It will be a more practical implementation of it.
I hope you guys have enjoyed the reading but if you have any feedback or suggestions, please reach out to me. If you have any interesting use-case for gateway load balancers please share them in the comments section.
Blog Pundit: Sandeep Rawat
Opstree is an End to End DevOps solution provider