The tunnel mode looks like the Direct Server Return mode, except that traffic between the load-balancer and the server can be routed.
The load-balancer encapsulates the request in an IP tunnel to the server.
The server recover the client request from the loadbalancer, process it and forward the response directly to the client.
TCP connection overview
The loadbalancer takes client requests then encapsulate them into an IP tunnel to forward them to the server.
The client traffic between the server and the load-balancer is tunneled and can be routed between both of them.
The server will answer directly to the client.
Pros and cons
- backends from multiple datacenters can be used
- load-balancer network bandwith is not a bottleneck anymore
- total output bandwith is the sum of each backend bandwith
- requires patched backend to be able to tunnel IP traffic
- no layer 7 advanced features are available
When use this architecture?
- when the only way to reach backends is routing.
- where no intelligence is required
- when output capacity of the load-balancer could be the bottleneck
- HAProxy Technologies
- Aloha load balancer: HAProxy based LB appliance
- HAPEE: HAProxy Enterprise Edition