Global load balancer design
Anycast routing, health checks, and failover patterns for multi-region deployments behind a single IP.
Architecture
Announce the same /24 prefix from every edge PoP via BGP. Upstream routers see multiple paths and forward to the nearest hop. Each PoP runs a layer-4 proxy that terminates TLS and forwards to regional backends over WireGuard tunnels.
Health checks
Active probes run every 5 seconds from each PoP against every backend. A backend is drained after three consecutive failures. Passive checks track TCP RST rates and 5xx responses; a spike above 10% triggers a pre-drain alarm.
Failover
When a region goes dark, BGP withdraws the route within 90 seconds. Sticky sessions are pinned via an encrypted cookie containing the backend ID. On failover the cookie is re-encrypted for the new target region so clients never re-authenticate.
Observability
Export per-PoP metrics — active connections, request latency p50/p99, TLS handshake rate — to a centralized Prometheus instance. Dashboards group by region and alert when any PoP drops below 80% of its baseline throughput for more than two minutes.