As network volumes increase and network links are upgraded to 10 Gbps and beyond, complex inline monitoring devices such as Intrusion Prevention Systems (IPSs), Data Loss Prevention (DLP) devices, Web Application Firewalls (WAFs), Database Activity Monitors, (DAMs), Next Generation Firewalls, and Application Performance Management tools are becoming oversubscribed. One approach to remediate this problem is to replicate tools and distribute the traffic among them using a monitoring load balancer. This application note explains how Net Optics xBalancer can be used to load balance traffic to inline monitoring devices. It includes provisions for ensuring high availability and business continuity in regard to the traffic on the monitored network link.
Note: The xBalancer ships with preloaded configuration files covering many inline and out-of-band load balancer configurations. (Use the CLI command list for a list of these files, and load to load any configuration.) However, the deeper understanding provided by this paper is useful when designing load balancing solutions, and when modifying load balance configurations and debugging particular scenarios.
Load Balancing for Inline Monitoring Devices
Many monitoring tools such as protocol analyzers and traffic recorders operate out of band: mirrored copies of network traffic flow to the tools, but never return to the network. Other monitoring tools such as IPSs must be deployed inline (also called in band) because the nature of their functions requires that they are able to block or alter traffic on the network. The actual network traffic, not mirrored copies, flows into an inline tool and back out onto the network.
When an out-of-band tool becomes oversubscribed, it is a fairly straight-forward task to replicate the tool and load‑balance traffic to them. Besides balancing the traffic fairly evenly, the other main requirement for out-of‑band load balancing is that the balanced traffic should be flow-coherent, meaning that entire conversations between two endpoints are not split between multiple tools; sometimes it is described as conversations being “sticky” to tools. In any case, the load balancer does not run the risk of interfering with the network traffic because the monitoring is out of band.
Load balancing inline tools, on the other hand, presents new challenges because they can interfere with network traffic and even bring down a business-critical link, and because they deal with bidirectional traffic flows. Conventional monitoring load balancers may not be able to meet inline load balancing requirements. Net Optics designed xBalancer specifically for inline load balancing. This paper explains how to configure xBalancer for different inline load balancing applications and take advantage of its various high-availability and advanced management features.
The figure illustrates typical out-of-band and inline load balancing applications using xBalancer in combination with Net Optics Taps and Bypass Switches. (Taps and Bypass switches are not required in all applications.) ...
Click to download Application Note (pdf, 16 pages, 2.5 MB)