Building an eBPF/XDP L2 Direct Server Return Load Balancer from Scratch
15 days ago
- #eBPF
- #DSR
- #load-balancing
- NAT-based XDP load balancer handles traffic in both directions, which can be resource-intensive and a bottleneck.
- Direct Server Return (DSR) allows backends to respond directly to clients, bypassing the load balancer on return paths.
- DSR preserves the original client IP, enabling backends to maintain per-user sessions or log requests by source IP.
- Layer 2 DSR rewrites only MAC addresses, keeping IP headers unchanged, and uses a Virtual IP (VIP) shared between load balancer and backends.
- VIP is configured on the load baler's main interface and on the loopback interface of backends to prevent direct client connections.
- ARP settings on backends prevent advertising the VIP, ensuring traffic must pass through the load balancer.
- Load balancer uses simple hashing to select backends and updates MAC addresses for packet forwarding without modifying IP headers.
- Backends process packets with the VIP on their loopback interface, recognizing them as their own and responding directly to clients.
- Layer 2 DSR requires load balancer and backends to be on the same subnetwork, limiting scalability and increasing failure risks.
- IPIP DSR is introduced as a solution for scenarios where load balancer and backends are on different networks.