xBalancer is a purpose-built hardware load balancer supporting 240Gbps in full line rate, designed to share network security solutions and monitoring devices across multiple links and solve oversubscription and device performance issues. It is mostly used inline and has integrated dual heartbeat (network and tool sides).

Recently I was asked about setting xBalancer’s link awareness and load balancing capabilities.

 

xBalancer’s link-state awareness the load balancer hash function are global: all load balancers are or are not link-state aware, and all load balancers use the same hash function. Use the system set command to control it.

The lb_link_aware argument controls whether the load balancer is link-state aware: When lb_link_aware=on, load balancers distribute all traffic among all ports in the load balance group that have link up; if a link goes down, no traffic is lost. When lb_link_aware=off, load balancers distribute all traffic among all ports in the load balance group regardless of link state; if a link goes down, the traffic that would be sent to that link is lost.

The lb_hash_sym argument controls whether the load balancing hash function is symmetric for source and destination IP addresses and ports. When lb_hash_sym=on, the hash value is the same when source and destination IP addresses and ports are swapped, so return traffic in a conversation is sent to the same tool as the forward traffic. When lb_hash_sym=off, the hash function is not symmetrical and return traffic in a conversation can be sent can be sent to a different tool than the forward traffic.

The lb_hash argument controls which packet header fields are included in the hash. One can choose any combination of the following fields:

  • IPv4 or IPv6 source address (ip_src)
  • IPv4 or IPv6 destination address (ip_dst)
  • Layer 4 source port (l4_src_port)
  • Layer 4 destination port (l4_dst_port)
  • Protocol (ip_protocol)
  • MAC source addess (mac_src)
  • MAC destination address (mac_dst)
  • VLAN number (vlan)
  • Ethertype (ethertype)

One can create any combination of the 5-tuple for the hash calculations. By default, both IP addresses, both Layer 4 ports, and the protocol are used. To ensure stickiness, when lb_hash_sym=on, the source and destination MAC address fields are automatically included in the hash function.

For most applications, the suitable configuration is:

Net Optics> system set lb_link_aware=on lb_hash_sym=on lb_hash=5tuple

Net Optics> commit                # commit is required to activate the settings