Introducing the First True Layer 7 Global and Local Load Balancer

Today’s feature announcement is one of our most significant to date. After a long time in development, Incapsula is rolling out a brand new set of availability features that combine the benefits of top-tier load balancing appliances with the ease of setup, cost-efficiency and scalability of the cloud.

At the core of today’s release is Incapsula’s novel approach to GSLB (Global Server Load Balancing) – the first true Layer 7 GSLB solution that significantly improves upon current DNS-based alternatives.

This release also introduces many new availability options, which provide granular control over all in-datacenter and cross-datacenter routing tasks. With these we give our clients the tools they need to handle any scenario, without the need for any additional physical or virtual appliances.

The DNS Compromise

Incapsula’s new GSLB options address the problems faced by many IT organizations that need to manage multiple hosting facilities for purposes of performance optimization or to enable delivery of geo-customized content and services.

Until now, such GSLB setups could only be achieved through the use of DNS protocol. The fact that DNS was never really intended for load distribution or failover tasks, and is not layer 7 aware, led to several issues, including:

• Unpredictable upstream caching – Some DNS and ISP providers will not comply with TTL settings, resulting in an uneven performance.
• Sub-optimal distribution – DNS load balancer respond to domain queries with a list of IPs, to be accessed in semi-random order.
• High upfront costs – Added costs of multiple in-datacenter appliances required to partially compensate for ineffective DNS-based routing.
• Lack of layer 7 visibility – Lack of detailed, HTTP request level information preventing data-driven decision making.

The upshot of these issues is the ‘DNS compromise’ – the current industry standard which exists only for the lack of a better alternative.

A Better Alternative

Our new availability solution leverages Incapsula’s on-edge position, which puts in control over all routing tasks. With this release, we are extending this control to our users, allowing them to create routing policies based on factors like geo-location, server health and network performance.

How does it work?

The new GSLB controls allow users to map their network infrastructure by assigning their origin IPs (or CNames) to their hosting datacenters. Once the network is mapped, the user can then assign rules for in-datacenter and cross-datacenter load distribution, which are carried out by Incapsula’s globally-deployed reverse proxies.

These new capabilities are also supported by a robust health monitoring system, which is used to execute automated in-datacenter and cross-datacenter failover policies.

One of the benefits of this reverse proxy setup is that – regardless of the network condition – the only IPs that will ever travel upstream are that of Incapsula’s proxies themselves. This fact alone eliminates any ISP or DNS cache-related issues, allowing for instantaneous re-routing and failover.

More importantly, this setup allows Incapsula to offer a single integrated solution; eliminating the preliminary costs of purchasing appliances as well as the overhead and the in-direct costs of split architecture.

New Global Load Balancing and Failover Options

Incapsula’s GSLB algorithm can be configured to support the following distribution methods:

• Best Connection Time – Choosing the most effective route, based on periodic sampling of servers’ response times.
• Geo-Targeting – Routing traffic to specific datacenters, based on the visitor’s geo-location, with an option to redirect to another datacenter in case of failover.

At the same time, the failover configurations allow Incapsula users to customize and fine-tune their health monitoring policies based on factors such as:

• Percentage of monitors that must report server down time (e.g., more than 50%)
• Minimum number/ratio of requests (per monitor) needed to declare downtime
• Time period in which the server remained unresponsive
• Type of HTTP response that can point to a possible downtime (e.g., 500-599)
• And more

New Local Load Balancing and Failover Options

Our previous in-datacenter load distribution solution used Least Pending Requests (LPR) logic as its default method, which leveraged Incapsula’s Layer 7 presence for accurate load distribution.

With this new release, Incapsula users can now choose between several load distribution methods:

• Least Pending Requests – Next request is routed to the origin server with the smallest number of pending HTTP requests.
• Least Open Connections – Next request is routed to the origin server with the smallest number of open TCP connections.
• Source IP Hash – Hashing function persistently maps the visitor’s IP address to one of the origin servers.
• Random – Next request is routed randomly to one of the origin servers.

In addition, to accommodate different in-datacenter setups, we have added the following options:

• Assign in-datacenter standby servers
• Use external CNAMEs (such as Amazon alias names) instead of explicit IP addresses
• Configure port offsets to allow single public IP setups (e.g., firewall appliances)