Understanding the load balancing process
When load balancing is active, traffic becomes more evenly distributed to monitoring tools. This ensures the monitoring tools are not overwhelmed, and network visibility can be improved.
Load balancing has different meanings in networking. The definition of load balancing can differ depending on the network device. In the Matrix, load balancing refers to forwarding network port traffic as evenly as possible to tool ports. The network traffic, measured by volume of network conversations or packets, is distributed as evenly as possible to tool ports connected to the rule.
Use load balancing when you have limited or no visibility to a faster network interface. Consider this scenario: your organization has a 10 Gb network link, but your analysis tools only have 1 Gb interfaces. Until the analysis tools are upgraded, you have limited visibility into the network. One solution can be to use load balancing. For example, a 10 Gb network link that is consistently utilized at 30% or less could be load balanced to three 1 Gb tool ports. Load balancing can play an important role in giving your organization the network visibility that a restrictive budget or other factor prohibits.
Always try dedicating enough tool ports to balance the traffic without dropping packets. Try dedicating a sufficient number of tool ports when load balancing; the exact number depends on many factors. You risk dropped packets (tool port oversubscription) without enough tool ports in a load balancing setup. Load balancing can still be used with an insufficient number of tool ports, but you might need to enforce packet trimming or filtering to lower the utilization enough so that packets do not drop.
Load balancing does not provide any type of redundancy or failover for your connected tools. Although you could design a layout to replicate traffic and forward it to multiple tool ports, a vital step in creating a simple redundancy strategy, load balancing is not designed to complement this goal. Replication (meaning load balancing is disabled) is a better choice when many tools need identical data. Load balancing guarantees that the load-balanced traffic forwarded to tools is never identical streams.
Load balancing does not interact with applications to achieve results. The purpose of load balancing is for taking traffic and distributing it more evenly to the analysis tools connected to tool ports. The Matrix is designed to perform load balancing without agent software or other potential points of failure. With the exception of packet trailers and recalculated CRC values after trimming (both disabled by default), the Matrix does not modify packets.
Load balancing should complement the analysis goals of connected tools. When load balancing, care should be taken to ensure tools receive the correct traffic for their intended purpose. For example, a monitoring tool that inspects header fields or specific strings in payload might benefit from packet-based load balancing.This tool could fulfill its intended purpose simply by observing individual packets. Conversely, a protocol analyzer or performance management tool may need to receive full conversations using conversation load balancing to reconstruct data streams, measure VoIP quality, and more.