Why transaction security and message security modes have different behaviours when passing the message to the destination?

suppose there are three machine: client,load balancer and Service machine ,and the service is invoked by the load balancer.

When using transport security,the load balancer must decrypt and understand the messages before dispating them to service,

but when using messages security,the load balancer just forward the encrypted messages to the service,

My puzzles is why the load balancer must decrypt and understand the messages before dispating them to service when using transport security 开发者_运维问答,but the load balancer doesn't do the decrypt operation when using message security mode ?

Can't the load balancer just forward the encrypted messages to the service just like it plays in the messages security?

A number of issues might require that.

For example, Consider the case of a web-server system. Using HTTP1.1, a client might open a single connection, and use it to send many GET requests to the server. If the transport layer is encrypted, and the load-balancer only forwards the packets, it would not be aware of the different requests flowing through the same connection. In such a case, all requests will go to the same server, without any load balancing.

On the other hand, if the load balancer acts as a connection end-point, it would be able to perform effectively.

(note that depending on the protocols and on the goal of load-balancing in the specific system, there might be cases with other issues, and there also might be cases which would work even without decryption in the load-balancer)