Layer 4 load balancing tunnel mode

The tunnel mode looks like the Direct Server Return mode, except that traffic between the load-balancer and the server can be routed.

The load-balancer encapsulates the request in an IP tunnel to the server.
The server recover the client request from the loadbalancer, process it and forward the response directly to the client.

TCP connection overview

The loadbalancer takes client requests then encapsulate them into an IP tunnel to forward them to the server.

Data flow

The client traffic between the server and the load-balancer is tunneled and can be routed between both of them.
The server will answer directly to the client.

Pros and cons


  • backends from multiple datacenters can be used
  • load-balancer network bandwith is not a bottleneck anymore
  • total output bandwith is the sum of each backend bandwith


  • requires patched backend to be able to tunnel IP traffic
  • no layer 7 advanced features are available

When use this architecture?

  • when the only way to reach backends is routing.
  • where no intelligence is required
  • when output capacity of the load-balancer could be the bottleneck


About Baptiste Assmann

Aloha Product Manager HAProxy consultant
This entry was posted in Aloha, architecture, layer4 and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s