Traditionally, load-balancers have been predominantly used in Internet-facing situations with typical Internet protocols for environments with substantial resource utilization, either in terms of processing or bandwidth. To some extent, load-balancers have also been used to make services highly available. But for quite a while, Cisco has built load-balancing services into the IOS on some of their beefier boxes. If you happen to have some of this hardware installed on your intranet, you should consider putting it to good use.
If you need true load-balancing, odds are, you already have an appliance that provides that function. But even if you don't need load-balancing, you can still make some of your intranet services more resilient, in a rather elegant way, using the IOS Server Load Balancing (SLB) feature.
For example, let's say you have an SMTP server. Instead of disrupting mail service frequently for security patches, or other maintenance, you could configure IOS SLB for the SMTP server, and also add the SMTP service to another server. You could use either the "weight" command to put all the load on the primary box, or simply leave the backup box "out of service". Then, when it's time to do maintenance, you could start your daemon on the backup box, bring it "inservice" and take the primary server "out of service".
With this technique, you can shift just about any TCP or UDP service from one server to another totally transparently to the
If you use the "weight" command, then the backup box will actually act as a failover should the primary fail unexpectedly, but that would of course require you to continually run the service on the second box.
Again, this functionality isn't really anything new, but many administrators don't realize the feature exists on their switch or router hardware and can be configured without purchasing a load-balancing appliance and designing some overly complex solution. Many readers will already have large server farms connected to 6500 or 7200 series devices and you should consider configuring the switch to support this even if you don't have a backup configured.
This is especially valuable in situations where you have multiple applications on a single box, because it gives you some flexibility when one application fails and requires a reboot, but you really don't want to disrupt service to the other applications.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in April 2005