How SLB Works: Exploring Load Balancer Modes and Packet Flows
This article explains the background of Server Load Balancing (SLB), details its three transmission modes—reverse proxy, transparent, and triangle—illustrates packet interactions with TCP and HTTP flows, and provides analysis of each mode using Wireshark captures.
SLB Background
Server Load Balancing (SLB) distributes client requests across multiple servers offering the same service by using a virtual service IP (VIP). The load balancer selects a backend real server (RS) based on load‑balancing algorithms, masking the RS IP from clients and improving service efficiency and reliability.
SLB Transmission Modes
SLB operates in three transmission modes: reverse proxy, transparent, and triangle. Each mode determines how the load balancer processes and forwards packets between clients and real servers.
Reverse Proxy Mode
Transparent Mode
Triangle Mode
Reverse Proxy Mode
In reverse proxy mode, external clients access internal servers through the load balancer, which acts as a proxy. Upon receiving a client request, the load balancer records packet details, rewrites the destination IP to the selected RS, and changes the source IP to its own downstream interface before forwarding. The RS replies to the load balancer, which then restores the VIP as the source and forwards the response to the client.
Packet flow diagrams:
Transparent Mode
In transparent mode, the RS cannot detect the load balancer; the client sees the VIP as the server IP. The load balancer forwards client packets to the optimal RS without altering the source IP. The RS replies directly to the client, after which the load balancer rewrites the source IP back to the VIP before forwarding.
Packet flow diagrams:
Triangle Mode
In triangle mode, after the load balancer selects the optimal RS, it forwards the packet to the RS using the RS’s MAC address while setting the packet’s source IP to the VIP (typically on a loopback interface). The RS then sends the response directly to the client; the load balancer does not modify the returning packet.
Packet flow diagrams:
Summary
Reverse proxy mode hides client IPs from RS, enhancing security; transparent mode preserves client IPs but requires careful handling of source addresses; triangle mode offers high performance for heavy RS‑to‑client traffic but demands proper routing and VIP configuration on RS loopback interfaces.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.