Load balancing based on session cookie?

networking web-applications load-balancing

I have a web app that is going to run on multiple servers. I'd like to make sure, that requests using the same session (HTTP cookie header with value JSESSIONID=x) always communicate with the same server. That is, until the session "moves" to a different server in certain circumstances (not only when the server fails, but also due to some server side caching and performance strategies).

My web app works well with that scenario, but what kind of load balancer should I use? Obviously, I could load balance on application level, but I'm looking for something more efficient. Maybe specialized hardware (maybe not)? I can't spend a lot of money...

Update

Thanks for your answers so far: I found out now, that Pound and HAProxy can be configured to look for certain cookies. I couldn't find out yet, if they also allow to update the mapping dynamically (when the session "moves" to a different app server)?

And are there (inexpensive) hardware solutions, which can do that, too? (Would that cost less than an extra load balancing server?)


Solution 1:

Using "sticky (persistent) sessions" is generally not advised. If you do this, you lose a lot of the benefits of load balancing. The load will not be balanced and you will lose high availability, as certain clients will be unable to access your application in case of failure.

You want your session to be dynamic. With Java, it's typically stored in memory and clustered to all servers via multicast. More commonly, the session will be stored in a database.

If your Web application requires sticky sessions, your architecture may need improvements.

As far as load balancer solutions, there are many out there and the subject has been covered extensively here. I like LVS. Others like nginx. Foundry Networks, which was acquired by Brocade, makes some solid commercial products. They're the main commercial solution for hardware load balancers. Barracuda also has a Linux/OSS-based "appliance" that can be used for Load Balancing.

Solution 2:

A couple of solutions for you then.

Write a session storage method that uses a database to store session information and if its on multiple servers you could cluster the db. It really depends on how you're deciding to organise things and other idea is to use a server with memcache on behind the webservers and store the sessions in there.

That way you have sessions in a single place and it no longer matters which web server the client is directed to.

Solution 3:

Before to spend money....take a look of software open source load balancer like Pound or HAProxy.

I agree with suggestions of Warner and Stu.

Solution 4:

I just read the article Making applications scalable with Load Balancing by the HAProxy author Willy Tarreau, and it contains all the answers I needed.

Here's my personal summary of what I learnt:

  • "Cookie learning" and "Cookie insertion" seem to be usual features of load balancers.
  • You need a level 7 load balancer to inspect cookies, but some hardware load balancers "approximate" this on the packet level (which sometimes even leads to corrupted data!)
  • Other level 7 load balancers use a full TCP/IP stack, and work correctly, but they require much more processing power. In that case, a server with a strong CPU might be faster than a hardware load balancer (?)

The article is from 2006, some things may have changed since.

Related

Windows Server 2008 R2 Domain Controller Backup
APC Smart-UPS: remote power shutoff?
What tools are there to create and manage an apt repository?
How does UDP track connections?
Connect to Postgres remotely, open port 5432 for Postgres in iptables
How to allow password based login from a given IP-range, force others to use PubKey
Override template shell on linux system in Active Directory domain?
Clear arp cache
What is an "application firewall"?
Postfix not forwarding to .forward address
Determine the wireless network name from command-line in Linux
TXT record is forwarded because of CNAME