Chapter 7 - 09 - Discuss Importance of Load Balancing in Network Security - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Load Balancing through Clustering

Load Balancing Cluster Web Cluster

Host
VIP:192.0.2.1 192.168.0.1
Passive Load Balancer -
gaoen Services
192.168.0.1:80
[:]................... -
E]
| e.................. é 192.168.0.1:80
Internet
Intemet | e.E D
b I Internal
Internal 1PIP ¢¢ :H
:- s
5= \ 17216112 | :H
::
iPl
orenesK >)C »>
V" v :i: -§::: Host
Host
S A
H ~a” CTTTIN > KE: : 192.168.0.2
192.168.0.2
:: ~= !: Services
Virtual Server
Virtual Server 192.168.0.2:80
192.168.0.2:50
VIP:192.0.2.1 o,., § Intemalip
wmal® :., f 17216111
w, H§
[ (RSOOSR
™) R -Foes :i e
o
Users VIP:192.0.2.1
VIP:192,0.2.1 o
Hool 192.168.0.3
Active Load Balancer Services
192.168.0.3:80
192.168.0.3:80

Load Balancing through Clustering
Many organizations use clustering to host multiple redundant web servers for handling
requests for a single web application. If one of these web servers fails, then another server
automatically takes over the responsibility of the failed server. When load balancing is used
along with clustering, the availability of web services is improved, and the latency in processing
requests is reduced.

Virtual IP

A virtual IP is used with load balancing and clustering. Here, a virtual server is used to map IP
addresses of the network traffic originating from and transmitted to the Internet. The virtual
server has one IP address that is publicly available. It is directly connected to the load balancers.
Using multiple load balancers helps in handling failover situations. All these load balancers
share a common virtual IP. The traffic is forwarded to the active load balancer using a
redundancy protocol such as the Common Address Redundancy Protocol (CARP). This protocol
ensures that the active load balancer is assigned with a virtual IP and it processes all the
requests sent to that virtual IP. When the active load balancer fails, the redundancy protocol is
responsible for forwarding the traffic to a passive load balancer.

Module 07 Page 1000 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Council
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Load Balancing Cluster Web Cluster

Host
VIP:192.0.2.1 192.168.0.1
Passive Load Balancer Bt Services
: 192.168.0.1:80
Internet et Greeere....... Internal IP :
172.16.1.12 ; :
°. : Host
o Jinasaen >|= : 192.168.0.2
= £ Services
Virtual Server : 192.168.0.2:80
VIP:192.0.2.1. : IntemaliP -
-, $172.16.1.11 :
E...................... s o
VIP:192.0.2.1 192.168.0.3
Active Load Balancer Services
192.168.0.3:80

Figure 7.138: Load balancing through clustering

Active—Passive

An active—passive cluster uses special-purpose hardware to reduce system downtime. This type
of cluster includes one active server, one passive server, and a load balancer. This infrastructure
helps in handling failover situations and forwards user requests to the correct server in the
cluster. In this type of cluster, the primary server is designated as active and the standby server
as passive. The requests are forwarded to the active server, and the standby server remains
passive/inactive. The passive or failover server acts as a backup and takes over when the active
or primary server drops its connection or becomes incapable of serving. The active—passive
method is not scalable, but it can be used to achieve uninterrupted services. Active—passive
configurations are used in websites, databases, and mail servers.
Active—Active

An active—active cluster consists of two identically configured nodes that dynamically run
similar services instantaneously. This cluster can achieve load balancing and can disseminate
workloads to the nodes, thereby avoiding the overloading of any node. If any node fails, the
client is automatically connected with the other node and receives full resource access until it is
permitted. When the first node recuperates or is restored, the client requests are again split
between both server nodes. Using an active—active cluster for heavy traffic reduces network
performance as the failure of one server can increase the workload of other servers.

Module 07 Page 1001 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Lertinea
Lertiiiea Lybersecurity
Lybersecurity fecnnician
1echnician exam 2Z1Z2-62
eXam 21Z2-62
Network Security Controls — Technical Controls

Load Balancing Tools
EdgeNexus Load | It provides services such as layer 4-7 load balancing, application
-R :5.3 Azure Load Balancer
Balancer acceleration, single sign-on, and advanced traffic management https://azure.microsoft.com

Elastic Load Balancing
https://aws.amazon.com
i

i
LALALAY

— == T : —— NGINX Plus
NGINX Plus
) M= T i https://www.nginx.com

Citrix ADC platforms
https://www.citrix.com
coo0o0o0
©c0o000
>

Avi Vantage
https://avinetworks.com

hitps://www.edgenexus.io
Copyright © by E I. All Reproduction
is Strictly
All Rights Reserved. Reproduction Strictly Prohibited

Load Balancing Tools
= EdgeNexus Load Balancer
Source: https://www.edgenexus.io
EdgeNexus Load Balancer provides services such as layer 4—7
4-7 load balancing, application
acceleration, pre-authorization and single sign-on, web-application firewall, and
advanced traffic management. It distributes data among multiple data centers and
clouds to deliver fast, scalable, and resilient applications, regardless of location. It
implements load balancing and failover policies based on several criteria, including
advanced health checks and user geo-location.

Module 07 Page 1002 Certified Cybersecurity Technician Copyright © by EC-Council
Certiniea Cybersecurity fecnhnician
fechnician Exam Zl1Z-64
2Z12-64
Network Security Controls — Technical Controls

© cnsimn
© antien Rowm
W omme © e
oy
EDGE NEXWUS
EDGENEXUS fl
n
Fre—-x
Py

i Ve e
_W** ° ERETE o
°m“ o © Copy bervne a 0 Add o - |

-h v e
Mede vir
e Vi
i Emabied
Cmabind " A seay
1P Addees ANl
AN e/ [ Peetia
Mash Peets ron
Fort Sarvice Mame
Service Mame Tervee Trpe
Yervie Trpe
X
g] ||
-- v,7 10481
040 M0
Mo Fl2 ee
Act
At -.-.
3 v
v 172031
17202 MaM00
Mmoo 00
00 Layer
L 44 TCR
100
-
- -
£ 2021
M2%3021 1829300
M8M00 way
44y Sewent 45 OMand
Sorent 35, OMaag Loy 4 7CP
Lapwr 4700 |
-- vv 2021
20021 13824900
a0 et
addy et
Lewent Ba-Licryption
Be-Encrypion Lage
Laye 44 100
TCP ||
Actve
Actve - - 7< was
wang 3983880
MWMI0 [L Loy
Laywr 4dTCR
TCP
At
Actew - - -v waeny
a0y a0
1333952930 00 1o
wtte
Adtve
Actve -- -- 7z< Ve
waene w0
R B TR %0L wrre
wrTe ||
acte
Actee -. -- I4 waens
Wawrns 18980
0 00
[ wrte
wrrTe
|
[———_ ——— — — ——— ] i

nSl Buskc
Basic | Adenced
Advwnced Bep@wIN
Bep@WIN ‘
l
-e O
Seernn
)
atue Activey
Activey Addren
Address ron
Port Wweint
Weighe Carcutates Weight
Calculated Weight Notes
Motes
==
o=
o- Onwe
Onwa EXTE
N4av2 00[ 0o
o ©wo
0o Web Larves 22
Web Larver
-
o On e
Onwve N4
Vawin [ oD
L] o
e Wb
Web ferver 33
terver

IN Laewy
Lnewry o
00O

@ View
View o
&& Sptem
Srtem [+]
0

F Advanced ©
0

e
&e ©.
©

L
e Copyright © 2005-301 JotHEXUS Lid. ANl Bights Besarved.

Figure 7.139: Screenshot
Figure 7.139: Screenshot of
of EdgeNexus
EdgeNexus Load
Load Balancer
Balancer

Some of the additional load balancing tools are listed below:
»= Azure Load Balancer (https://azure.microsoft.com)
=» Elastic Load Balancing (https://aws.amazon.com)
* NGINX Plus (https.//www.nginx.com)
= Citrix ADC Platforms (https://www.citrix.com)
* AviVantage (https://avinetworks.com)

Module 07 Page 1003 Certified Cybersecurity Technician Copyright © by EC-Council