TCP Load-BalancingΒΆ

A TCP load-balancer is a frontend TCP/IP connection terminator that forwards inbound connections to any one of a list of configured backends, while it usually monitors the availability of each backend in order to ensure that any service associated with the connection remains available and functional.

As such, a variety of aspects are crucial to the sustained operations of a TCP load-balancer;

  1. Monitor backend service availability on as accurate an application level as possible [1],
  2. Conform to TCP/IP connection specifications and client- and server-node implementation details [2],
  3. Provide transparent proxying capabilities, such that the receiving backend can determine the original source IP address and port of the connection [3],
  4. (...)


[1]This means that for a web server backend node, an actual GET, HEAD or similar HTTP command needs to be issued against the web server application, such that a managed expectation is fullfilled.

A TCP connection is created with a handshake – a SYN packet is sent out, a SYN,ACK packet is received in response, and a final ACK is required to establish the connection.

This final ACK packet may also have the FIN flag set, indicating that the connection is to be considered terminated. It is supposed to be responded to by the other end of the TCP connection, and that response in turn is supposed to be acknowledged.


The need for transparent proxying may not be required for protocols that the load-balancer can introspect, apply policy rules to, conditionally forward on to a (sub-)set of backend nodes, or respond to the client on.

Examples of such include the HTTP protocol, for which a backend node’s web server can interpret the X-HTTP-Forwarded-For header as containing the original source IP address for the connection.