Ballast

Ballast is a framework that was specifically designed for SSH load balancing by taking advantage of the aliasing and proxying capabilities available in most SSH clients. Within a traditional SSH bastion architecture, where internal resources can only be accessed from the outside via a hardened bastion system, Ballast is completely transparent to users and does not require any external modifications. Bastions and internal hosts must have the Ballast client and a pipe-based TCP relay utility such as netcat installed, which can be easily managed across internal hosts by configuration management tools.

Ballast consists of a Ballast agent on each balanced host, a Ballast server on one or more data servers, and a Ballast client on each bastion and internal host from which the user might access balanced hosts. The Ballast agent periodically collects system load information and sends it to the Ballast server. The server aggregates the load data received from all agents and stores it in a suitable form for making balancing decisions. When the user invokes SSH to a host aliasn designated for balancing, SSH triggers the Ballast client, which contacts the server to resolve balancing aliases to actual balanced host names. The server consults its data and returns one or more hosts, one of which the client connects to via netcat (or equivalent), after which the login proceeds normally.

Unlike traditional load balancers, Ballast has the ability to adjust its balancing strategy based on the invoking user. By tailoring system selections specifically to each individual user, the utility to each user can be maximized instead of choosing a system that may be best according to a common metric, but not ideal for the user's needs.

Software

ballast-1.5.tgz

Ballast is a tool for balancing user load across SSH servers based on configurable criteria such as CPU load and system availability. Ballast is invoked as part of the SSH login process, hence has access to the user name, which is not available in traditional load balancers. This gives ballast the unique ability to perform user-specific load balancing, which has several benefits including separating users who have historically generated high loads and providing a common login interface to users who may be separated based on other criteria such as system accessibility. Ballast includes a simple client, a lightweight data server, and a data collection agent.