Flow-based load-balancing involves classifying data communication traffic into flows based on characteristics of data packets. As data packets (for example, Internet Protocol (IP) data packets) arrive at a load-balancing device (or “load-balancer”), the load-balancer examines these data packets to determine the relevant characteristics that these data packets possess. The load-balancer may be configured with a set of stored criteria against which the load-balancer compares the characteristics of each data packet. The set of stored criteria defines one or more flows; each flow is associated with one or more criteria. Upon determining that a received data packet's characteristics satisfy a particular flow's defined criteria, the load-balancer assigns that data packet to the particular flow. The load-balancer also may be configured with a set of stored rules. Each flow may be associated with one or more rules. After determining that a data packet belongs to a particular flow, the load-balancer may apply the rules to the data packet in order to handle the data packet in a specified manner. Thus, the load-balancer may handle all data packets that belong to a particular flow according to that flow's set of rules, but the load-balancer may handle data packets that belong to different flows differently if those flows' rules differ. A flow's rules may indicate, among other actions, that the load-balancer should route all data packets that belong to the flow ought to a particular server.
For example, in order to determine the flow to which an incoming data packet belongs, the load-balancer (which might be an Ethernet switch or router) may examine the data packet's “quintuple” (or “5-tuple”). This quintuple typically consists of (a) the data packet's source IP address, (b) the data packet's destination IP address, (c) the data packet's source Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port, (d) the data packet's destination TCP or UDP port, and (e) the data packet's transport layer protocol identifier (e.g., TCP or UDP). The load-balancer obtains this information by examining the data packet's headers (e.g., the IP header, the TCP header, and/or the UDP header). Each header is of an expected length and offset, and therefore the load-balancer knows at which bits of the data packet to look in order to obtain the quintuple information.
After obtaining the data packet's quintuple, the load-balancer determines which, if any, of the flows' criteria are satisfied by the information in the quintuple. For example, a flow might be associated with criteria that specify a range of source IP addresses and destination IP addresses in order to shape all traffic that passes from one specified set of devices to another specified set of devices. For another example, a flow might be associated with criteria that specify a particular TCP destination port in order to shape all traffic that is likely to be associated with a particular application or purpose. Flows may be prioritized relative to each other so that a data packet will always be assigned to the highest-priority flow even if the data packet's quintuple satisfies more than one flow's criteria. Upon determining a flow whose criteria the data packet's quintuple satisfies, the load-balancer assigns the data packet to that flow and applies, to the data packet, the rules that are associated with that flow.
For example, the flow to which a data packet is assigned might be associated with rules that state that the data packet is to be encrypted and routed to a particular server—even if that server is not actually associated with the data packet's destination IP address. For another example, the rules associated with the data packet's assigned flow might state that data packet is to be dropped, and not forwarded at all. The load-balancer handles each data packet according to the rules that are associated with that data packet's assigned flow. To help ensure that no single server of a set of servers becomes overwhelmed with data traffic while other servers in the set sit relative idle, the load-balancer's rules may be configured to route different flows' data packets to different servers in the server set in a manner that is as equitable as possible. Thus, the load-balancing is “flow-based.”
One limitation of flow-based load-balancing arises from the fact that flow-based load-balancing relies on quintuples to classify packets into flows. Flow-based load-balancing only works when certain protocols are being used. If protocols which do not contain the quintuple information are used, then there is no way to classify packets into flows. This limitation therefore places restrictions on the protocols that communicants are able to use in their communications. Often, communicants do not want to be restricted in this manner. Often, communicants would like to have freedom of choice in the protocols that they use to communicate with each other. Where a communications network is being used by multiple different parties, each different party might want to use a different set of communication protocols. Thus, versatility in the kinds of communications protocols that a load-balancing technique can handle would be ideal, but is not currently allowed under traditional flow-based load-balancing approaches.