Glad you enjoy it! Thanks Bahaa

Glad you like them! thanks Erlad!

Thanks Jeetendra!! appreciate it

Agreed

I think the data here is URL u just entered in the browser which gives IP address so doesn't make sense if you don't want to see them this URL for privacy reasons

Iliasbhal aww 😊 thank you so much I am glad you enjoy the content

Glad you like them!

Thanks 😊 haproxy tutorial is requested a lot! Ill need to make it soon. Have so much other videos on my backlog

❤️❤️ that is awesome 👏 thank you for your kind words and glad you enjoyed the content 🙏🙏

@@hnasr still counting, after learning from all the linked and suggested videos I'm finally seeing the first video of websockets for which I initially came 😂 came for websockets became network engineer and more aware back-end engineer ur awesome dude I have no words for the content quality and availability

Thanks George! Glad it was

Kristen n charles

PK CC you guys are awesome! Of course I will make videos on topic you guys interested in. Ill just adjust priorities. Hope you enjoy it and thanks for commenting ! Stay awesome 😎

Thanks Nafas!

Rahul Pandey thanks Rahul!

Glad you enjoyed it!

Hi, could you please share any documentation to verify this information

Glad you liked it

العفو

Thanks Dan!

Thanks Brian, I talked about DOS here kzbin.info/www/bejne/anqapYONbdSZaMk

😊 thanks !

I'm wondering abaut that either. It's so weird.

If you are an office fan You will like this http/2 video kzbin.info/www/bejne/nIeugaV6p6qqiqs

Your concerns are totally valid. If there are too many concurrent connections, it can throttle the load balancer itself bringing down the overall availability of the system. Hence, heavy traffic applications like Google and Facebook opt for distributed load balancing where the load balancer is not a single server. Google offers one such service called GCLB-Google cloud load balancer. You can find some info on it here:landing.google.com/sre/workbook/chapters/managing-load/

may be you would have found your answer, if not, see keepalived video of Hussein. You will get an idea Edit : keywords VIP ( virtual ip ), VRRP

ووالديك مهدي.. تسلم عزيزي

You think? kzbin.info/www/bejne/nIeugaV6p6qqiqs

TLDR?

that cracked me up lol

Fantastic question. Layer 7 load balancer must terminate TLS while Layer 4 load balancer doesn’t have to. L4 LB can terminate TLS means serve the certificate from the LB, which means it can decrypt and look at the content. It can also decides to Passthrough the TLS. Hello all the way to the backend which means it is end to end encryption and cert is served from Backend

Filippo Machi Thanks Filippo! Man i just love these questions because they make me think 💭 Ok so short answer is you can use a layer 4 load balancer with SSE and websockets much easier and reliable than a layer 7 load balancer. Not saying you cannot do it with L7LB But you need to find a load balancer that actually supports that. Here is why: layer 4 load balancer will NAT the tcp connection to final destination server and exchange packets in a single connection. So the server can send information to the load balancer and load balancer will simply NAT things to the client. So if i make an HTTP GET request to a L4 LB, first i try to establish a tcp connection with LB, LB will actually build a table and change the packet ip address destination to one of the backend servers, and forward the packet, and then simply acts like a gateway(kinda like how your router works) and now one your tcp connection is established you are tethered to one server .. so any http request on the same tcp will ALWAYS go to the same backend server.. unless you establish a new session. That is why SSE and websockets work normally since they are stateful like that.. However with layer 7 LB as we explained in the video, the client connects to the load balancer first so thats one tcp connection and the load balancer will establish another tcp connection to the backend server. So if I make a simple HTTP request to the layer 7 load balancer, my final destination as a client is the load balancer, The load balancer will then block my request (synchronously) and make the request to one of the backend servers, get the result, unblock me and return the result. So in this case most load balancers are really waiting for a request from clients ... but what happen if all of a sudden the server started to send something to the load balancer? (Server side events) what does that mean? How does the layer 7 load balancer know what client to forward the request to ? Smart load balancers might actually build a table and start mapping ip addresses to client ports. Other load balancers might make the backend server respond to the client directly So you see how complex it is to do layer 7, you can use layer 4 LB, The only thing is you will get a sticky load balancer to a single server per client session. i need to do more research and videos on this topic very interesting.. Hope that helps!

@@hnasr thanks a lot for answering my question, let me know if you perform further research or video regarding this topic :)

Good question! One implementation is to keep a table of what sourceIP goes to what Destination IP so it can map it. This is called NAT (network address translation) check out the NAT video I did How Network Address Translation is used on Layer 4 Load Balancing and Port forwarding

Rico Agung Firmansyah Thanks 🙏 I use google slides

Marta Zagrajek thanks! Not yet, didnt make a dedicated haproxy video, its on the list of videos to make I made one about nginx though. Next up is websockets 🕸

@@hnasr I will keep waiting ;)

Good question! LB starts and establishes a connection B1 to backend1 and B2 to backend2 Client establishes connection C1 with LB. Client sends a request on C1, LB receive it, looks at the content, perhaps changes it and then send the request on B1. LB wait for B1 to respond, once it gets back the result, it sends back the result to client. all this the client is synchronously waiting.. Client sends another request on C1, LB receive it, looks at the content, perhaps changes it and then send the request on B2 (because of round robin algorithm) .. same thing hope this helps

Jexxie Woo thanks 🙏 I did notice that after i posted the video. Thankfully nothing in the chopped screen is important. Appreciate your comment ! And ill make sure to avoid that in the future.

gmanon thanks! Yes some proxies actually take advantage of both L7 and L4 example is websocket proxying.. (check out my video on that) first request is a layer 7 request to detect http upgrade and then it switches to layer 4 streaming

Minh Tran thanks Minh for the suggestion I agree. L7 load balancing is complex topic that needs its own video. Envoy is a good candidate

Douglas Mendez Correct, think about your WIFI router , if you connect to google from your mobile phone (on wifi) it is a single TCP connection between you and Google .( not a tcp connection between you and router and between the router and google) despite the router actually making the connection on your behalf because it has the public ip address. Your router uses NAT. A layer 4 load balancer that uses NAT function the same way.

@@hnasr Just curious, i might not be making any sense also. So, Routers do not work at layer 4 so they actually don't concern with TCP. But does a client communicate with Layer 4 LB (HAProxy) without a layer 4 protocol? If it uses TCP, then there should be a TCP connection between the client and the LB? Apologies if i am completely going off.

Great question Andrew! Let's address your assumption first : "It's my understanding that the client makes a TCP connection with the server itself, not the load balancer and that the TCP connection stays open (side-question, when does it know to close?)" That is only true if the load balancer is a Layer 4 load balancer which acts as a gateway and merely "forwards" packets to the final server destination by essentially doing a NAT (IP translation). So yeah it is a single TCP connection in this case between the client and the backend server through the layer 4 load balancer. As to your question when does it know to close the connection, there is a timeout that is set in the load balancer after which it will terminate the connection after a certain time of idleness. Now to your second part of question "So, let's say I make a GET request for index.html, it goes through the load balancer, the load balancer connects me to Server 1. I get back the index.html, and in that file there is a Javascript in a tag, so I make an additional request for that JS file under the same TCP connection. How does the load balancer in the second request know which server I have a TCP connection with? Does the load balancer keep a dictionary of this information?" Little bit complicated in today's modern architecture, so I'm gonna simplify it first. So lets first assume you are using a client or a browser that uses a single TCP connection instead (most browsers uses 6 TCP connections which complicates your question).. so lets assume the client browser is old fashion and uses one tcp connection, with that assumption lets move forward.. The first time you make a GET request your destination is the load balancer, The client connects to the load balancer IP address which as we explain in 6:30 takes that destination IP address and swaps it up with one of backend servers based on some sort algorithm, once it picks a server that is it. The connection is sticky since it is one TCP connection from the client to the backend server lets call that server, server A. Then you might do TLS if necessary through the same TCP connection always going to server A, then as you said you make a GET request to the load balancer, the LB receives it swaps destination IP to server A because the load balancer now have a table that says client is connected to server A through this unique connection, so your backend server A receives your GET request, processes it get you the Index.html and sends it back to the load balancer which in itself swaps its destination ip address (which is the load balancer ) with the client ip address and forwards the request to client .. which the client then processes the HTML as you said finds that it needs to process the SRC and makes a request to pull the test.JS file which goes through the same exact process through the same TCP connection to server A.. Now .. with modern architecture browsers have 6 TCP connections usually like chrome and it will send multiple requests through these TCP connections in parallel and thats ok because HTTP is stateless so your javascript file might come from Server B but your index.html might come from server A.. It becomes even more complicated with HTTP/2 because the server actually pre-processes the index.html and finds out that you will eventually need the test.js file or whatever and it will send you (pushes you) both files at once using multiplexing.. if the load balancer is a layer 7 load balancer then you will get 2 tcp connections between you as a client and load balancer and between the load balancer and the server .. which gives you truly stateless non-sticky requests but you suffer from some limitation as I talk about in the video .. sorry for the long answer! and thanks for your support, donate button in the description of the video.. just you guys watching and commenting and asking these excellent questions is enough for me really! Stay awesome hope that helps .

Had this question myself, saw an article (medium.com/martinomburajr/distributed-computing-tcp-vs-http-s-load-balancing-7b3e9efc6167) that might be relevant!

Thanks Fujin for your message! I use canva because I suck at photoshop haha hope that helps

Thanks man.

It depends on your backend if the backend supports TLS then IIS should really do a TLS Passthrough not termination (since you said its layer 4 LB) the certificate being served will be the backend not the LB If the backend doesn’t support TLS then it the LB will do a TLS termination and serves its certificate instead. The traffic on the backend will be unencrypted might not be desirable

You can set the timeouts as needed check out the video here kzbin.info/www/bejne/p4rRcmV6e6p4gtk

A very interesting insights lets unpack it the backend network interface of HAProxy must live in the same network as backend servers. Probably I am imagining a network switch between them. One port going from HAP to the switch, and from the switch to each backend server. So now the numbers. If we assumed defaults 1 Gbps for all ports. Than haproxy can upload and download 1 Gb per second (~128 MB each second). so if two clients concurrently requested to fetch a resource that is 128MB In size, from HAP, the first request goes to backend 1 the second goes to backend 2. But it will take HAProxies two full seconds to download this resource from each server (assuming no caching) So yes! a 2Gbps uplink:dnlink HAProxy will download the two resources concurrently in 1 second (50%) faster. And to answer your final question, yes if server 1 and 2 uploaded 1 TB each, then HAProxy will have “downloaded” 2TB. Thanks! Let me know if I missed something

Himanshu Jain correct the client will be provided the LB certificate. That means you have to put the cert/private key in the LB.. some people don’t like this and use a layer 4 LB instead and serve the cert from the original backend I discuss this here kzbin.info/www/bejne/i3zZfGpsh9Okq9U

@@hnasr Thanks for the quick reply. Just to be clear, my question is what certificate would be shared between LB and Backend server? Will it be different from what LB provides to client?

It depends on the domain name the cert is issued for.. could be the same could be different.

@@hnasr Hmm. Right. Thanks for clearing this..🙂

Qasim Albaqali hey Qasim, check out my in depth HAPROXY Video HAProxy Crash Course (TLS 1.3, HTTPS, HTTP/2 and more) kzbin.info/www/bejne/p4rRcmV6e6p4gtk