Understanding SLB: How Reverse Proxy, Transparent, and Triangle Modes Work

SLB Background

Server Load Balancing (SLB) provides a virtual service address (VIP) that distributes client requests across multiple backend servers using load‑balancing algorithms, preventing overload, improving service efficiency, and enhancing reliability.

Clients see only the VIP; the real server (RS) IPs are hidden.

Three Transmission Modes of SLB

SLB operates in three modes:

Reverse Proxy Mode

Transparent Mode

Triangle Mode

All modes require client packets to first reach the load‑balancer before being processed.

Reverse Proxy Mode

In reverse proxy mode, the load‑balancer acts as an intermediary for external clients accessing internal servers. Upon receiving a client packet, the balancer records source and destination information, rewrites the destination IP to the selected RS, keeps the destination port unchanged, and changes the source IP to its own downstream interface IP before forwarding.

The RS replies to the balancer, which then rewrites the source IP back to the VIP and forwards the response to the client.

Packet capture using Tcpdump and Wireshark at both RS and client sides shows the full TCP three‑way handshake and subsequent HTTP exchange.

Analysis reveals that the RS sees the balancer’s IP as the client source, so the original client IP is lost; adding an X‑Forwarded‑For header can preserve it.

Transparent Mode

In transparent mode, the RS cannot detect the balancer’s presence; the client’s request appears to come directly to the VIP. The balancer forwards the packet to the chosen RS without altering the source IP. The RS replies directly to the client, after which the balancer rewrites the source IP back to the VIP before forwarding.

Packet analysis shows identical TCP handshake steps to reverse proxy mode, while HTTP packets retain the original client IP.

Triangle Mode

In triangle mode, after the balancer selects the optimal RS, it forwards the packet based on MAC address while setting the source IP to the VIP (typically on a loopback interface). The RS then sends the response directly to the client, and the balancer does not modify the returning packets.

Analysis indicates that RS must have a route to the client and the VIP configured on its loopback interface; otherwise, packets are dropped.

Summary

Reverse proxy mode offers higher security by allowing firewalls to restrict traffic to the balancer’s IP and by using X‑Forwarded‑For headers. Transparent mode preserves the client’s original IP but requires careful routing. Triangle mode is suitable for high‑traffic or many‑connection scenarios where the balancer does not need to process return traffic.