| OLD | NEW |
|---|
| (Empty) | |
| 1 Load Balancing in gRPC |
| 2 ======================= |
| 3 |
| 4 # Objective |
| 5 |
| 6 To design a load balancing API between a gRPC client and a Load Balancer to |
| 7 instruct the client how to send load to multiple backend servers. |
| 8 |
| 9 # Background |
| 10 |
| 11 Prior to any gRPC specifics, we explore some usual ways to approach load |
| 12 balancing. |
| 13 |
| 14 ### Proxy Model |
| 15 |
| 16 Using a proxy provides a solid trustable client that can report load to the load |
| 17 balancing system. Proxies typically require more resources to operate since they |
| 18 have temporary copies of the RPC request and response. This model also increases |
| 19 latency to the RPCs. |
| 20 |
| 21 The proxy model was deemed inefficient when considering request heavy services |
| 22 like storage. |
| 23 |
| 24 ### Balancing-aware Client |
| 25 |
| 26 This thicker client places more of the load balancing logic in the client. For |
| 27 example, the client could contain many load balancing policies (Round Robin, |
| 28 Random, etc) used to select servers from a list. In this model, a list of |
| 29 servers would be either statically configured in the client, provided by the |
| 30 name resolution system, an external load balancer, etc. In any case, the client |
| 31 is responsible for choosing the preferred server from the list. |
| 32 |
| 33 One of the drawbacks of this approach is writing and maintaining the load |
| 34 balancing policies in multiple languages and/or versions of the clients. These |
| 35 policies can be fairly complicated. Some of the algorithms also require client |
| 36 to server communication so the client would need to get thicker to support |
| 37 additional RPCs to get health or load information in addition to sending RPCs |
| 38 for user requests. |
| 39 |
| 40 It would also significantly complicate the client's code: the new design hides |
| 41 the load balancing complexity of multiple layers and presents it as a simple |
| 42 list of servers to the client. |
| 43 |
| 44 ### External Load Balancing Service |
| 45 |
| 46 The client load balancing code is kept simple and portable, implementing |
| 47 well-known algorithms (ie, Round Robin) for server selection. |
| 48 Complex load balancing algorithms are instead provided by the load balancer. The |
| 49 client relies on the load balancer to provide _load balancing configuration_ and |
| 50 _the list of servers_ to which the client should send requests. The balancer |
| 51 updates the server list as needed to balance the load as well as handle server |
| 52 unavailability or health issues. The load balancer will make any necessary |
| 53 complex decisions and inform the client. The load balancer may communicate with |
| 54 the backend servers to collect load and health information. |
| 55 |
| 56 # Proposed Architecture |
| 57 |
| 58 The gRPC load balancing approach follows the third approach, by having an |
| 59 external load balancer which provides simple clients with a list of servers. |
| 60 |
| 61 ## Client |
| 62 |
| 63 When establishing a gRPC stream to the balancer, the client will send an initial |
| 64 request to the load balancer (via a regular gRPC message). The load balancer |
| 65 will respond with client config (including, for example, settings for flow |
| 66 control, RPC deadlines, etc.) or a redirect to another load balancer. If the |
| 67 balancer did not redirect the client, it will then send a list of servers to the |
| 68 client. The client will contain simple load balancing logic for choosing the |
| 69 next server when it needs to send a request. |
| 70 |
| 71 ## Load Balancer |
| 72 |
| 73 The Load Balancer is responsible for providing the client with a list of servers |
| 74 and client RPC parameters. The balancer chooses when to update the list of |
| 75 servers and can decide whether to provide a complete list, a subset, or a |
| 76 specific list of “picked” servers in a particular order. The balancer can |
| 77 optionally provide an expiration interval after which the server list should no |
| 78 longer be trusted and should be updated by the balancer. |
| 79 |
| 80 The load balancer may open reporting streams to each server contained in the |
| 81 server list. These streams are primarily used for load reporting. For example, |
| 82 Weighted Round Robin requires that the servers report utilization to the load |
| 83 balancer in order to compute the next list of servers. |
| 84 |
| 85 ## Server |
| 86 |
| 87 The gRPC Server is responsible for answering RPC requests and providing |
| 88 responses to the client. The server will also report load to the load balancer |
| 89 if a reporting stream was opened for this purpose. |
| 90 |
| 91 ### Security |
| 92 |
| 93 The load balancer may be separate from the actual server backends and a |
| 94 compromise of the load balancer should only lead to a compromise of the |
| 95 loadbalancing functionality. In other words, a compromised load balancer should |
| 96 not be able to cause a client to trust a (potentially malicious) backend server |
| 97 any more than in a comparable situation without loadbalancing. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1932353002:
Initial checkin of gRPC to third_party/
Base URL: https://chromium.googlesource.com/chromium/src.git@master