Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

WebSocket load-balancing

The WebSocket protocol provides full duplex communication between client and server over a single TCP connection. The initial handshake occurs over the HTTP protocol, while subsequent WebSocket message frames layer over the TCP protocol, as illustrated in WebSocket load-balancing .

WebSocket load-balancing

You can configure FortiADC in such as way that it is able to load-balance Layer-7 virtual servers with HTTP or HTTPS profiles to the WebSocket protocol without any change to the default configuration. During the setup phase, the virtual server works in HTTP mode, processing Layer-7 information. It automatically detects the connection and upgrade exchange, and is able to switch to tunnel mode when the upgrade negotiation succeeds. When the WebSocket is established, and the virtual server fails over to tunnel mode in which no data is analyzed anymore (and anyway, WebSocket does not communicate in HTTP). See WebSocket with FortiADC.

WebSocket with FortiADC

If you want to configure your FortiADC appliance to perform HTTP inspection and WebSocket traffic load-balancing, you must use a Layer-7 virtual server with an HTTP profile. If WebSocket traffic is over the transport layer security protocol, you must use a Layer-7 virtual server with an HTTPS profile and choose an appropriate server SSL profile in the real-server pool.

If you only want WebSocket load-balancing, use a Layer-4 or Layer-7 virtual server with a TCP profile.

For more information, see https://en.wikipedia.org/wiki/WebSocket and http://tools.ietf.org/html/rfc6455.

WebSocket load-balancing

The WebSocket protocol provides full duplex communication between client and server over a single TCP connection. The initial handshake occurs over the HTTP protocol, while subsequent WebSocket message frames layer over the TCP protocol, as illustrated in WebSocket load-balancing .

WebSocket load-balancing

You can configure FortiADC in such as way that it is able to load-balance Layer-7 virtual servers with HTTP or HTTPS profiles to the WebSocket protocol without any change to the default configuration. During the setup phase, the virtual server works in HTTP mode, processing Layer-7 information. It automatically detects the connection and upgrade exchange, and is able to switch to tunnel mode when the upgrade negotiation succeeds. When the WebSocket is established, and the virtual server fails over to tunnel mode in which no data is analyzed anymore (and anyway, WebSocket does not communicate in HTTP). See WebSocket with FortiADC.

WebSocket with FortiADC

If you want to configure your FortiADC appliance to perform HTTP inspection and WebSocket traffic load-balancing, you must use a Layer-7 virtual server with an HTTP profile. If WebSocket traffic is over the transport layer security protocol, you must use a Layer-7 virtual server with an HTTPS profile and choose an appropriate server SSL profile in the real-server pool.

If you only want WebSocket load-balancing, use a Layer-4 or Layer-7 virtual server with a TCP profile.

For more information, see https://en.wikipedia.org/wiki/WebSocket and http://tools.ietf.org/html/rfc6455.