Load Balancing and Host Affinity must be used together for the best distribution of workload across multiple servers.
Where to configure
You can configure Load Balancing and Host Affinity in 2 different ways:
About Load Balancing
Load balancing distributes forwarding traffic among multiple IP addresses to achieve optimal resource utilization, to maximize throughput, and to minimize response time. Typically, you use load balancing to equally distribute client requests to more than one server.
The ProxySG's load balancing methods include:
These above methods of Load Balancing can be configured on your Forwarding services depending on their type:
About Host Affinity
Host Affinity is the attempt to direct multiple connections by a single user to the same member of the servers group. Host affinity causes the user’s connections to return to the same server until the configurable host affinity timeout period is exceeded.
Host Affinity allows you to do one of the followings:
Table of the Host Affinity methods:
|Global Default||Use the default setting for all forwarding hosts on the system.||X||X||X|
|None||Disables host affinity.||X||X||X|
|Client IP address||Uses the client IP address to determine which forwarding group member was last used.||X||X||X|
|Accelerator Cookie||Inserts a cookie into the response to the client.||X||X|
SSL Session ID
|Used in place of a cookie or client IP address. Extracts the SSL session ID name from the connection information.||X|
SSL Session ID
(SGOS version 7.3 and later)
Dynamically uses the session ID, session ticket SHA256 hash, or PSK hash to make multiple client connections to the same forwarding host/group or SOCKS gateway/group.
Note: If your users are all behind the same NAT IP address, the Host Affinity "Client IP address" will be counterproductive as it will always redirect the traffic to the same server considering it is always the same client - no Load Balancing will be performed. Instead, you may want to use "SSL Session ID" if you use HTTPS or use the "Accelerator Cookie" method otherwise.
Using Load Balancing with Host Affinity
By default, if you use load balancing, each connection is treated independently. The connection is made to whichever member of the load-balancing group the load-balancing algorithm selects.
If host affinity is configured, the system checks the host affinity first (before load balancing) to see if the request comes from a known client. If this is a first connection, then load-balancing is used to select a member of the group to which to connect. After Load Balancing is applied, the host affinity records the result of the load balancing and uses it if that client connects again. Host affinity does not make a connection to a host that health checks report is down; instead, if host affinity breaks, the load-balancing algorithm selects a new group member that is healthy and re-establishes host affinity on that working group member.
Symantec highly recommends you to enable Host Affinity if you want to use Load Balancing. The reason is that the application running behind the Forwarding service may require the user to always be connected to the same server. As an example, we suppose a website with a shopping cart that runs on several load-balanced web servers, but only one web server has the session data for a given user’s shopping cart transaction. If a connection is sent to a different Web server (due to load balancing) that has no data about the user’s session, the user has to start all over again. The ProxySG host affinity helps make sure each request goes to its proper destination; however, the proxy does not interact with the session or with session data.