Security / December 4, 2018

The Power of Load Balancing and Security Tools

We all know change is the only constant in the world of technology. For networks, that means dealing with ever increasing speeds and volumes of traffic while minimizing any network downtime. Of course, balancing the need for constant uptime and speed/capacity upgrades is the need to monitor and secure your business operations — and that means being able to analyze the traffic flowing through your infrastructure with a variety of security, application and performance management tools.

Given you’re on the Gigamon blog, you probably already know that we have a wide variety of features that help you solve this problem — but I want to dig into one of them a little deeper today and help you think about how best to deploy this powerful feature: load balancing.

What Is Load Balancing?

At its most basic, load balancing helps you to ensure the tools analyzing your network traffic are utilizing the full capacity you have purchased without being overloaded and slowing down your business. Load balancing does this by enabling you to share a traffic flow across multiple devices in an intelligent way. Let’s look at the most typical use cases.

Resilience — Inline or Out of Band

Having just enough tool capacity to perform the task you need is great — until the tool or application fails or needs to be taken offline for maintenance, and then you either lose that function entirely or you need to provision double the capacity you need in a fail-over architecture.

It’s much better to use load balancing to spread the traffic across a group of tools with enough spare capacity when they are all operational to cover in the event one or more instances become unavailable (n+1 protection). Imagine using five 10G IPS devices to protect a 40G link — no need for a network outage if you need to upgrade the IPS software, just take one out of the group at a time and the load balancing will spread the traffic across the other four. The failover can be automated by using our heart-beat options that check that the availability of connected tools.

Network/Tool Speed Mismatch — Use Older Devices and Add Incremental Capacity

Consider the example above. When the enterprise upgraded their external link from 10G to 40G they had two choices: Decommission their existing 10G IPS devices and then buy a new 40G appliance, or simply load balance the traffic from their new 40G across their existing IPS appliances and add some new 10G devices to the tool group when the traffic volume warranted it. If desired, you can even have a variety of tool speeds creating the tool group, so you can have 1G, 10G and 40G devices all having traffic shared across them, for a more efficient load balance solution.

Managing Tool/Network Capacity Mismatch

Even when your network speed matches your tool speed, the tool may not be capable of actually performing its function at full line rate. Many 10G inline security tools can’t actually process and inspect traffic at rates higher than 4-7G.

In this case, you have three choices:

  • Throttle traffic on that link so you don’t exceed the processing speed of the tool.
  • Live with congestion and poorly performing business applications when the tool can’t keep up.
  • Load balance the traffic across multiple devices that together, can inspect the traffic at the speed required. As network capacity grows faster than the processing speeds increase for analytics tools, this is becoming more and more important.

Aggregation — Maximize Load Balance Tool Utilization

By combining load balancing with other functions available in our products, you can architect more efficient inspection architectures for your tool rack. Aggregate traffic from multiple network links, consolidate tools into centralized locations and load balance the resulting traffic flows across a group of tools to maximize their utilization while providing resilience across the group.

For each of these use cases, Gigamon offers a variety of stateful and stateless load balancing options, ensuring traffic is distributed to achieve the objective you set out for.

Traffic can be distributed based on a variety of options: bandwidth, cumulative traffic, packet rate, connection, round robin and stateless hashing. Session information can be kept to together, ensuring security tools that need to see complete sessions to inspect them properly can operate as expected. Of course, these are all available to be used in conjunction with other GigaSMART® functions to build a solution that’s perfect for your requirement.

Questions About Load Balancing?

If you’d like to know more, please contact us today, and we’ll put you in touch with a local Gigamon support representative who can help you further. Or come on over to the Gigamon Community and share your experience and questions about load balancing.

Back to top