CloudHub Dedicated Load Balancer (DLB) simplified

September 14, 2020

In this technical article, we will learn how to create a Dedicated Load Balancer (DLB) and discuss its advantages.

What is a load balancer?

A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers.
balancers are generally grouped into two categories: Layer 4 and Layer 7.
Layer 4 load balancers act upon data found in network and transport layer protocols (IP, TCP, FTP, UDP).
Layer 7 load balancers distribute requests based upon data found in application layer protocols such as HTTP.
The load balancer term is mostly used for HTTP Load Balancer.

Load balancing algorithms

Different load balancing algorithms provide different benefits. The choice of load balancing method depends on your needs:

Round Robin: Requests are distributed across the group of servers sequentially.
Least Connections: A new request is sent to the server with the fewest current connections to clients. The relative computing capacity of each server is factored into determining which one has the least connections.
Least Time: Sends requests to the server selected by a formula that combines the fastest response time and fewest active connections. It’s exclusive to NGINX Plus.
Hash: Distributes requests based on a key you define, such as the client IP address or the request URL. NGINX Plus can optionally apply a consistent hash to minimize redistribution of loads if the set of upstream servers changes.
IP Hash: The IP address of the client is used to determine which server receives the request.
Random with Two Choices: Picks two servers at random and sends the request to the one that is selected by then applying the Least Connections algorithm (or for NGINX Plus the Least Time algorithm, if so configured).

Benefits of a load balancer

Reduced downtime
Scalable
Redundancy
Flexibility
Efficiency
Global server load balancing

What are CloudHub Load Balancers?

CloudHub provides two types of load balancers:

Shared Load Balancer: provides basic load balancing functionality
Dedicated Load Balancer: enables you to deploy and configure one or more custom load balancers within an Anypoint Virtual Private Cloud (Anypoint VPC)

Comparison between shared and dedicated load balancer

Shared Load Balancer	Dedicated Load Balancer
CloudHub provides a default shared load balancer that is available in all environments.	Need to purchase. Dedicated load balancers are an optional component of Anypoint Platform.
Shared load balancers don’t allow you to configure custom SSL certificates or proxy rules.	Define SSL configurations to provide custom certificates and optionally enforce two-way SSL client authentication.
Shared load balancers have lower rate limits that help ensure platform stability. Rate limits on shared load balancers are applied according to region.	DLB have higher rate limit thresholds than SLB.
If an application exceeds the rate limit for a shared load balancer, the load balancer returns a 503 Service Unavailable response.	NA
Anypoint VPC is optional to use a shared load balancer.	Without Anypoint VPC we can’t use dedicated load balancer

How CloudHub routes external requests

When we deploy the application on CloudHub, we get a generic url to access the endpoints. Generic URL looks as below:

<application-name>.<region>.cloudhub.io

<application-name> is the deployed application name, which is unique across all the MuleSoft clients.
<region> is the region name in which an application is deployed.

The public CloudHub (shared) load balancer already redirects these requests, where myApp is the name of the Mule application deployment to CloudHub:

HTTP requests to http://myApp.<region>.cloudhub.io redirects to http://mule-worker-myApp.<region>.cloudhub.io:8081

HTTPS traffic to https://myApp.<region>.cloudhub.io redirects to https://mule-worker-myApp.<region>.cloudhub.io:8082

We can also directly access the deployed application using the below URL. In this case, the request is not redirected by a shared load balancer.

<protocol>://mule-worker-<application-name>.<region>.cloudhub.io:<port>

<protocol>
<application-name> is the deployed application name which is unique across all the MuleSoft clients.
<region> is the region name in which an application is deployed.
<port>

Dedicated load balancer architecture

A CloudHub dedicated load balancer enables you to route external HTTP and HTTPS traffic to multiple Mule applications deployed into CloudHub workers inside a Virtual Private Cloud (VPC).

Each CloudHub dedicated load balancer is assigned to an Anypoint VPC and that Anypoint VPC runs within a particular service region.

The dedicated load balancer routes both external and VPC-internal traffic to CloudHub workers deployed into that Anypoint VPC.

Routing external requests to the dedicated load balancer:

A CloudHub dedicated load balancer provides an alternative domain name to route HTTP requests to Mule applications listening on port 8091 and HTTPS requests to Mule applications listening on port 8092.
You can also use mapping rules to rename requests to the CloudHub dedicated load balancer to a different Mule application domain name.
The CloudHub dedicated load balancer exposes an external domain name that resolves to two public IP addresses, which are accessible from outside your CloudHub Anypoint VPC network.

<lb-name> is the name you gave to the load balancer when you created it:

<lb-name>.lb.anypointdns.net
<lb-name>.lb-prod-eu-rt.anypointdns.net (EU control plane)

Create a CloudHub Dedicated Load Balancer

CloudHub Dedicated Load Balancer can be created in three ways:

Using Anypoint Platform
Using Anypoint CLI
Using Anypoint Platform API

In this article, we will explore the first method.

Sign into your Anypoint Platform account as a user with the Organization Administrators role.
From Anypoint Platform, click Runtime Manager.
Click load balancers, then click Create Load Balancer.
Enter a name for your load balancer. This must be unique across all MuleSoft customers.
Select a target Anypoint VPC from the drop-down list.
Specify the amount of time the DLB waits for a response from the Mule application in the Timeout in Seconds field.
The default value is 300 seconds.
Add any whitelisted classless inter-domain routing (CIDR) as required.
The IP addresses you specify here are the only IP addresses that can access the load balancer. The default value is 0.0.0.0/0.
Select the inbound HTTP mode for the load balancer.
This property specifies the behavior of the load balancer when receiving an HTTP request. Valid values are:
- Off: Causes the load balancer to silently drop the request.
- On: Accepts the inbound request on the default SSL endpoint using the HTTP protocol.
- Redirect: Redirects the request to the same URL using the HTTPS protocol.
Options:
- Disable Static IPs specify to use dynamic IPs, which do not persist when the DLB restarts.
- Keep URL encoding specifies the DLB passes only the %20 and %23 characters as is.
- If you deselect this option, the DLB decodes the encoded part of the request URI before passing it to the CloudHub worker.
- Support TLS 1.0 specifies to support TLS 1.0 between the client and the DLB.
- Upstream TLS 1.2 specifies to force TLS 1.2 between the DLB and the upstream CloudHub worker.
Add Certificate
Add URL Mapping URL (optional)
Click Create Load Balancer

Dedicated Load Balancer URL mapping rules

The CloudHub dedicated load balancer (DLB) routes requests from clients to Mule apps deployed within the VPC.
Mapping rules enable you to forward requests to the DLB (input URL) to a different Mule application name and domain.
You can either define mapping rules when you create the DLB, or you can define and add them to an existing DLB using Runtime Manager, the command-line interface (CLI), or the CloudHub API.
The Default Rules are created automatically as shown below.

Sample mapping rules

Rule # 1: http://<lb-name>.lb.anypointdns.net/<app-name> request will be redirected to application <app-name> which is running on 8091 port and LB name is <lb-name>.lb.anypointdns.net
Rule # 2: http://dev.<lb-name>.lb.anypointdns.net/<app-name> request will be redirected to application dev-<app-name> which is running on 8091 port and LB name is <lb-name>.lb.anypointdns.net
Rule # 3: http://<lb-name>.lb.anypointdns.net/sapi/finance/V1/<app-name> request will be redirected to application sapi-finanance-1-<app-name> which is running on 8091 port and LB name is <lb-name>.lb.anypointdns.net

Mapping rules priority is determined in the order they are listed i.e. the first rule has higher priority and the last rule has lowest priority.

Scenarios

Suppose VPC already has predefined rules as shown below:

If users try to access applications with different URLs, then the expected behavior will be as shown below.

Q: Is Dedicated Load Balancer deployed on existing Application Cores?

A: When a client buys a Dedicated Load Balancer License, it comes with a default two cores. These cores are different from the application cores. A maximum of eight cores can be used by a Dedicated Load Balancer.

Q: Can we access Dedicated Load Balancer using IP Address instead of <lb-name>.lb.anypointdns.net?</lb-name>

A: Yes. Each Dedicated Load Balancer is deployed in 2 VCores and has a Public IP that is associated with <lb-name>.lb.anypointdns.net. Hence, it can be accessed using the IP Address as well.</lb-name>

Q: Can we access Dedicated Load Balancer using the CNAME other than <lb-name>.lb.anypointdns.net?</lb-name>

A: Yes. In such cases, CNAME entry should be done in the company DNS server for <lb-name>.lb.anypointdns.net or both the IP Address associated with it.</lb-name>

— By Mohammad Mazhar Ansari