Global load balancing
A global load balancer manages traffic across server resources located in multiple regions. While a single origin server can serve all website content if traffic volumes and latency are manageable, a global load balancer uses a pool approach to distribute traffic across multiple origins. This pooling provides several benefits, including:
- Minimizes response time
- Increasing availability through redundancy
- Maximizes traffic throughput
A global load balancer routes traffic to the pool with the highest priority, distributing the load among the origin servers within that pool. If the primary pool becomes unavailable, traffic automatically routes to the next highest-priority pool.
When pools are assigned to specific regions, traffic originating from those regions is sent to the corresponding regional pools first. Traffic only falls back to default pools (typically the lowest-priority pool) if all regional pools for that area are unavailable.
How it works
When you create a global load balancer in CIS, a DNS record is automatically added with the name of the load balancer. When a client makes a DNS request, the load balancer returns one of the origin IP addresses from the associated origin pool.
For example, consider an origin pool that contains two origin IP addresses 169.61.244.18
and 169.61.244.19
. If a global load balancer named glbcust.ibmmo.com
is created using this pool, a client on the
internet can run the following command:
$ ping glbcust.ibmmo.com
PING glbcust.ibmmo.com (169.61.244.18): 56 data bytes
In this example, CIS:
- Created a DNS record named
glbcust.ibmmo.com
. - Used the global load balancer to resolve the DNS name to one of the IP addresses in the origin pool.
In this configuration, the global load balancer doesn't end the TCP connection.
However, if you enable proxy mode for the DNS record or the global load balancer and set Security > TLS > Mode to anything other than Off, the behavior changes. CIS will then end the client connection and establish a second connection to the origin server.
In this proxied example, CIS:
- Still creates a DNS record named
glbcust.ibmmo.com
. - Resolves the DNS name to a CIS-provided IP address.
Now, connections to glbcust.ibmmo.com
are ended by CIS, and HTTPS certificates are hosted by CIS (which is required for TCP termination).
After the client connects to the application, the connection path looks like this:
[client]<--tls-->[cis]<-->[origin server]
This setup improves security and allows CIS to apply additional features like caching, firewall rules, and traffic inspection.