The Art of Network Traffic Distribution - Load Balancing

André Vink By: André Vink November 01, 2018

For some reason, whenever I hear the term Load Balancing, I think of a circus high-wire act. Similar to the person walking on a relatively thin cable wire – about 50 or more scary feet above the ground – holding a long vertical bar for equilibrium. The analogy more or less stops with that bar (which helps the acrobat keep his or her balance). That acrobat uses the balancing bar – on a wire – and carries out a precision act in order not to fall.

Load balancing is also a precision act. Its role within the network results in many benefits for helping the network devices carry out their tasks in the best possible way. With respect to network security, load balancing plays a key role in ‘balancing performance’ to make sure the network doesn’t ‘fall’.

network migration

What is Load Balancing?

Load balancing is all about distributing a single input to multiple outputs. In the network, this is carried out according to load balancing algorithms that decide what the best routes are.

There are various reasons for doing this. For example, if your network tools such as NPMD, firewalls, IPDS, and others, are being overwhelmed by network traffic – or to prevent that from happening – you would want to distribute the traffic in order to apportion it and thus avoid overwhelming network points with a too heavy of a load.

From a different point of view, but using the same use case example, you know that you need to upgrade your infrastructure to greater capacity (for example, from 1Gb to 10Gb, or from 10Gb to 40Gb or 100Gb). However, you may not want to (or possibly cannot afford to) currently invest in buying the necessary components, and since you already have lesser capacity working tools – then the load balancing scenario can save you from an immediate outlay.

The load balancing device will distribute the load securely, and your network will function as required. You can then buy new equipment at a later date – and upgrade at your discretion and as budget allows. In this way, using the load balancing mechanism correctly results in both excellent end-user benefits in improving operating efficacy, as well as in reducing CAPEX costs.

The load balancing elements typically sit in-band (or in-line) between the client and the hosts that provide the services the client wants to use. They are used for deployments where the network tool can affect the data traffic passing through it. 


However, load balancing is also sometimes used in out-of-band deployments (where the network tools are used to inspect and analyze data traffic without affecting network flow).


There are many load balancing use case that assures network resiliency, reliability, and improvement in network performance – all the while providing network redundancy for essential services. One such function is in empowering network security.

The Load Balancing Method, NPBs, and IPS

Load balancing plays a key role in intrusion protection system (IPS) solution deployments. As bandwidth growth continues, core networks, data centers, and large enterprises need to be able to scale without compromising on their performance or security. Security may be compromised when customers are tempted to emphasize scalability and inspection throughput at the expense of inspection efficacy. Typically, a single IPS appliance may scale to satisfy demand in the short term, but more customers require scalability and speed beyond the capabilities of any single IPS appliance. For an IPS solution to be truly future-proof, it should support the addition of new appliances according to changing demands and accelerated performance requirements, and it should scale in a manageable and cost-effective way. NPBs with their selection of load balancing methods is the most cost effective way to provide this scalability at a lower total cost of ownership (TCO).

When load balancing across the IPS appliances (engines) it is important that traffic is distributed across the IPS engines proportionately according to each engine's capabilities. For example, if traffic is unevenly distributed across identical IPS engines, one or more engines will become overloaded while resources lay idle on other engines and the group's maximum performance will be limited. Likewise, if traffic is evenly distributed across IPS engines with very different capabilities, the lowest performing engine will dictate the performance ceiling of the group. The optimal load balancing policy will depend on the IPS engines used as well as the typical traffic characteristics of your network.

When deploying load balancing for an inline security solution like an IPS, another critical functionality that the NPB is able to offer is the Bypass functionality.  Bypass functionality together with load balancing assures high availability of IPS services. This enables IPS engine software upgrades with no downtime as well as fast failover recovery in the event of IPS engine failure.

About Static and Dynamic Load Balancing

There are many types of load balancing algorithms which primarily fall into two categories: Static and Dynamic load balancing.

  • Static load balancing allocates the data traffic by calculating a hash of the various source and destination addresses with the port numbers of the traffic flow. The result is used to control how the data flows are allocated to the existing routes.
  • Dynamic load balancing allocates data traffic flows to suitable routes according to bandwidth utilization, as monitored over different routes. Dynamic allocation can also be proactive or reactive. In the case of proactive, the assignment is fixed once made, while in the case of reactive, the network logic keeps monitoring available routes and allocates the data traffic across them as the network load profiles change (for example, with new data flows or the completion of existing flows).


The best load balancing tool for the network is the packet broker. When used in combination with a well-designed IDS security solution, a network packet broker (NPB) provides assurance that the network has a formidable defense against attempts at security breaches by malicious intent.

The NPB is an essential device for many network monitoring scenarios. It plays a critical role in load balancing, aggregating, and filtering network data traffic. Each of these NPB functions are precision acts that support and empower the security monitoring capabilities of the network infrastructure.

Load balancing disperses a networks workload to process requests faster, and ensure that traffic is arriving at the correct location on your network. Load balancing is both sophisticated and complex, and most definitely should not be overlooked if ensuring network connectivity is a high priority.

Niagara Networks are industry specialists in network visibility and ensuring the most high-performance Network Packet Brokers are available for your enterprise and network needs. Contact us to find out more about Niagara Networks solutions or to schedule a consultation with one of our network visibility experts.