Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Download PDF
Copy Link

Server load balancing basics

An application delivery controller (ADC) is like an advanced server load balancer. An ADC routes traffic to available destination servers based on health checks and load-balancing algorithms. ADCs improve application availability and performance, which directly improves user experience.

The physical distance between clients and the servers in your backend server farm has a significant impact on server response times. Besides physical distance, the most important factors contributing to server performance are:

  • Number of simultaneous connections and requests that the servers can handle
  • Load distribution among the servers

The purpose of an ADC is to give you multiple methods for optimizing server response times and server capacity.

After you have deployed an ADC, traffic is routed to the ADC virtual server instead of the destination real servers.

 Basic network topology shows an example of a basic load balancing deployment. The FortiADC appliance is deployed in front of a server farm, and the network interfaces are connected to three subnets: a subnet for management traffic; a subnet that hosts real servers A, B, and C; and a different subnet that hosts real servers D, E, and F. The FortiADC system performs health checks on the real servers and distributes traffic to them based on system logic and user-defined settings.

 Basic network topology

Optionally, you can further improve application security and performance by offloading system processes from the server and having them handled transparently by the ADC. Server tasks that can be handled by the FortiADC appliance include SSL encryption/decryption, WAF protection, Gzip compression, and routing processes, such as NAT.

 FortiADC processing shows the order in which the FortiADC features process client-to-server and server-to-client traffic.

 FortiADC processing

In the client-to-server direction:

  • If SNI or SSL decryption is applicable, the system acts on those exchanges.
  • Then, security module rules filter traffic, and traffic not dropped continues to the virtual server module.
  • Virtual server security features are applied. Traffic not dropped continues for further processing.
  • If a caching rule applies, the FortiADC cache serves the content and the request is not forwarded to a backend server.
  • If the system selects a destination server based on a persistence rule, content route, or script, the load balancing rules are not applied.
  • After selecting a server, the system performs any rewriting and re-encryption actions that are applicable, and then forwards the packets to the server.

In the server-to-client direction:

  • WAF HTTP response, NAT, rewriting, persistence, and caching rules are applied.
  • If applicable, the FortiADC compresses and encrypts the server response traffic.

Server load balancing basics

An application delivery controller (ADC) is like an advanced server load balancer. An ADC routes traffic to available destination servers based on health checks and load-balancing algorithms. ADCs improve application availability and performance, which directly improves user experience.

The physical distance between clients and the servers in your backend server farm has a significant impact on server response times. Besides physical distance, the most important factors contributing to server performance are:

  • Number of simultaneous connections and requests that the servers can handle
  • Load distribution among the servers

The purpose of an ADC is to give you multiple methods for optimizing server response times and server capacity.

After you have deployed an ADC, traffic is routed to the ADC virtual server instead of the destination real servers.

 Basic network topology shows an example of a basic load balancing deployment. The FortiADC appliance is deployed in front of a server farm, and the network interfaces are connected to three subnets: a subnet for management traffic; a subnet that hosts real servers A, B, and C; and a different subnet that hosts real servers D, E, and F. The FortiADC system performs health checks on the real servers and distributes traffic to them based on system logic and user-defined settings.

 Basic network topology

Optionally, you can further improve application security and performance by offloading system processes from the server and having them handled transparently by the ADC. Server tasks that can be handled by the FortiADC appliance include SSL encryption/decryption, WAF protection, Gzip compression, and routing processes, such as NAT.

 FortiADC processing shows the order in which the FortiADC features process client-to-server and server-to-client traffic.

 FortiADC processing

In the client-to-server direction:

  • If SNI or SSL decryption is applicable, the system acts on those exchanges.
  • Then, security module rules filter traffic, and traffic not dropped continues to the virtual server module.
  • Virtual server security features are applied. Traffic not dropped continues for further processing.
  • If a caching rule applies, the FortiADC cache serves the content and the request is not forwarded to a backend server.
  • If the system selects a destination server based on a persistence rule, content route, or script, the load balancing rules are not applied.
  • After selecting a server, the system performs any rewriting and re-encryption actions that are applicable, and then forwards the packets to the server.

In the server-to-client direction:

  • WAF HTTP response, NAT, rewriting, persistence, and caching rules are applied.
  • If applicable, the FortiADC compresses and encrypts the server response traffic.