How Different SLB Transmission Modes Shape Traffic Flow: A Deep Dive

1. Background of SLB

SLB (Server Load Balancer) distributes client requests among multiple servers offering the same service. It presents a virtual service IP (VIP) to clients; when many clients access the VIP, the load balancer uses algorithms to allocate traffic to backend real servers (RS) to balance load, avoid performance bottlenecks, and improve service efficiency and quality.

From the client’s perspective, the RS IP is hidden; only the VIP is visible.

2. Three Transmission Modes of SLB

Difference between Layer 7 and Layer 4 SLB:

Layer 4 SLB: service type set to TCP/UDP; the device only parses up to layer 4, establishing a connection with RS after the three‑way handshake with the client.

Layer 7 SLB: service type set to HTTP/FTP/HTTPS, parses up to layer 7; after the client handshake, the device waits for a layer‑7 request before connecting to RS.

SLB works in three transmission modes:

Reverse proxy mode

Transparent (pass‑through) mode

Triangle mode

In all modes, client packets first reach the load balancer, which is the prerequisite for normal operation. Example network topology:

Client: 10.8.21.40

Load balancer: 172.16.75.83

VIP: 172.16.75.84

RS1: 172.16.75.82

RS2: 172.16.75.85

Packet capture is performed on both RS and client using Tcpdump and Wireshark.

3. Reverse Proxy Mode

In reverse proxy mode, external users access internal servers through the load balancer, which acts as a reverse proxy.

When the load balancer receives a client request, it records the packet’s source IP, destination IP, protocol, ports, service type, and interface index, then rewrites the destination address to the selected RS IP while keeping the destination port unchanged. The source address is changed to the load balancer’s downstream interface IP, and a random source port is used when sending to the RS.

After the RS replies, the load balancer rewrites the source to the VIP and the destination to the client’s IP/port before forwarding the response.

4. Transparent Mode

In transparent mode, the RS cannot detect the presence of the load balancer; for the client, the RS IP appears as the VIP.

When the load balancer receives a packet whose source is the client and destination is the VIP, it forwards the packet to the optimal RS based on load‑balancing policy. The RS sees the client’s real IP as the source and replies directly to the client. The load balancer then rewrites the source IP to the VIP before forwarding the reply.

5. Triangle Mode

In triangle mode, after the client sends a request to the load balancer, the device selects the optimal RS and forwards the packet at layer 2 using the RS’s MAC address. The RS is configured with the VIP on a loopback interface, so it sends replies directly to the client; the load balancer does not modify the traffic.

6. Summary

Because reverse proxy mode hides the client’s real IP from the RS, firewalls can restrict traffic to only the load balancer’s IP, and adding an X‑Forwarded‑For header can allow the RS to identify the original client, improving security.