At Ubicloud, we recently announced our Load Balancer (LB) service. This service distributes traffic across a set of VMs and provides high availability through health checks. Also, our Basic Plan comes at at no charge. This way, you can start building web apps using our LB, VMs, and Postgres service at a fraction of the cost of other cloud providers.
We like Ubicloud Load Balancer's simplicity in design and implementation. For our networking stack, we use Linux nftables. By extending on that implementation, we could build a scalable and flexible implementation in less than 1,000 lines of code. The core load balancer logic is just 8 lines.
This blog post shares our requirements, provides background on Ubicloud’s networking architecture, and then describes our LB implementation.
Elastic Load Balancers come in various flavors and address a diverse set of requirements on the cloud. For Ubicloud, we decided to start with the smallest set of requirements that our users would need to deploy web applications. This meant providing:
These requirements guided our design decisions. We aimed to build a Network Load Balancer that operates at Layer 4 of the OSI model. We also wanted to have the option to include Layer 7 functionality and add features like TLS termination and DDoS protection. With these, we thought we’d be in a good position to handle current and future requirements.
Ubicloud’s architecture has a control plane and data plane. The control plane holds the data model, responds to web requests, and coordinates changes to the data plane.
The control plane also “starts up” the data plane. Initially, the data plane consists of bare metal Linux machines. The control plane cloudifies these bare metal machines by installing required libraries. We refer to a cloudified bare metal machine as a VM host.
On the networking side, Ubicloud reprograms the Linux kernel in each VM host. This way, Ubicloud creates a network overlay on VM hosts. This includes the following.
This architecture lends itself nicely to providing a simple and scalable load balancing service.
On the data plane side, when customers put two VMs behind a single load balancer, we already have two network namespaces on different hosts. These namespaces handle NAT and firewalls. We introduce a new NAT table to selectively reroute connections to one of the VMs.
Our load balancer then is a set of extra nftables rules. We don’t run an additional process or node. Instead, the VM hosts act as load balancing network switches. Therefore, if you have four VMs behind a load balancer, you effectively have four load balancing nodes.
These nodes are tied together with a single DNS name, provided to the customer. The client can connect to any load balancing node, which then forwards the flow to the appropriate VM based on the algorithm and connection state.
For example, the following Linux netfilter rules load balance each connection in a round-robin fashion.
The following diagram shows the whole connection flow on the data plane side.
This design provides distributed load balancing on the data plane side. However, we still need to detect VM and host unavailability and have our load balancer perform failovers.
For this, we rely on the control plane. Our control plane already monitors VM health, making it the logical place to integrate load balancer health checks. By default, the control plane sends a health probe every 30 seconds and waits for 15 seconds for the VM to reply. If there are 3 consecutive failures, the control plane considers the VM unhealthy for load balancing purposes and updates necessary state changes on the data plane side.
All in all, these changes took less than 1,000 lines of code, where more than half of that code included our unit tests. Ubicloud is an open source project; and you can see our load balancer implementation in GitHub.
To create Ubicloud Load Balancer, we integrated load balancing into a VM’s network namespace using Linux nftables. This approach allowed us to provide high availability, security, and performance without additional infrastructure costs.
As importantly, we enabled this functionality in hundreds of lines of code. Thanks to this simplicity, we believe we can maintain our load balancing service at low operational cost and quickly add new features as needed.
This blog post covered Ubicloud Load Balancer’s design and implementation. If you have any questions about our design or load balancing feature requests, please drop us an email at [email protected].