1. load balancing and cluster description
Load balancing and cluster description
2.LVS Introduction
(1) LVS is Linux Virtual Servershort, which is Linux Virtual Server is a sponsored by Dr. Zhang Wen-song free software projects, its official site is www.linuxvirtualserver.org. Now LVS is already part of the standard Linux kernel, so a higher performance.
(2) effect LVS software: LVS provide load balancing techniques to achieve a high-performance, highly available server cluster, which has good reliability, scalability, and operability. Thus at low cost to achieve optimal service performance.
3, LVS advantages and disadvantages
1, the advantages
High concurrent connections : LVS kernel-based work, carrying capacity and superior concurrent processing. Single LVS load balancer can support thousands of concurrent connections.
Strong Stability **: ** is working on the 4th floor of the distribution network for use only, this feature also determines its strongest performance in load balancing software in the best stability, memory and cpu resource consumption pole low.
** Low cost: ** hardware load balancer at least hundreds of thousands, as many as hundreds of thousands of millions, LVS just one server and can deploy free to use, cost-effective.
** Simple configuration: ** LVS configuration is very simple, just a few lines of commands to complete the configuration, it can also be written scripts to manage.
** support a variety of algorithms: * support for multiple arguments algorithm, can be used according to mobilize the business scene
** supports a variety of operating models: ** can be based on business scenarios, using different operating modes to address the request process in a production environment.
Wide range of applications: Because LVS work in four layers, so it can do load balancing for almost all applications, including http, databases, DNS, ftp services, etc.
2, lack of
Work at Layer 4, Layer 7 does not support the rule changes, the mechanism is too large, not suitable for small-scale applications.
3, LVS core components and terminology
1, core components
LVS management tools and kernel modules ipvsadm / ipvs
ipvsadm: user space command-line tool for managing cluster services on the cluster and RS and other services;
ipvs: the program working on the core, request forwarding can be achieved according to user-defined cluster;
3, jargon
VS : Virtual Server virtual service #
Director, Balancer # load balancers, distributor
RS : Real Server back-end request processing server #
CIP : # Client IP Client IP
VIP : Director Virtual IP load balancer virtual IP #
DIP : Director # IP load balancer real IP
RIP : Real Server IP # back-end request processing server real IP
4. LVS core model and mode of work
① When a client request arrives kernel space load balancer will first reach the PREROUTING chain.
② When the destination address of the kernel discovery request packet is native, the packet sent to the INPUT chain.
③ LVS IPVS ipvsadm the user space and kernel space of the composition, is used to define rules ipvsadm, IPVS ipvsadm using rules defined work, working on the INPUT chain IPVS, when the packet arrives at the INPUT chain, IPVS will first be checked, if destination address and port of the packet in the rule is not inside it, then this packet will be released to the user space.
④ If the destination address and port in the rule data packets inside the inside, then this data packet is to be modified to pre-defined destination address back-end server, and sent POSTROUTING chain.
⑤ The last sent to the backend via the server POSTROUTING chain.
5.LVS load balancing four operating modes
LVS / NAT: Network Address Translation mode, data traffic inbound / outbound through distributor (IP load balancing, he changes the IP address) - using the three functions
LVS / DR: direct routing mode, only the stop data flow through the distributor (the data link layer load balancing, because his purpose is to modify the mac address) - the layer 2 functions mac address
LVS / TUN: tunnel mode, only the inbound data traffic through the distributor
LVS / full-nat : two-way conversion: by source address request message for DIP, the goal is to achieve forward RIP: for the response packet, the source address is modified VIP, CIP to achieve the target address is forward
6, LVS four modes principle, as well as advantages and disadvantages
1, NAT mode (LVS-NAT)
Principle: IP header destination address is sent to the client data packet, and replaced on the IP address of the load balancer one of RS, and the RS forwards to this process, RS after processing the data to go through the load balancer, the original IP address of the packet load balancer then changed their IP, the destination address to the client IP address can end, during which both the incoming traffic, or out of traffic must go through the load balancer.
advantages: a cluster of physical servers can use any support TCP / IP operating systems, load balancing requires only a valid IP address (public ip).
Cons: Limited scalability. When too many server nodes (ordinary PC server) growth, the load balancer will become the bottleneck of the whole system, because all the request packets and response packets have been flowing to the load balancer. When too many server nodes, a large number of packets are in the intersection of the load balancer that, the speed will slow down!
2, direct routing (Direct Routing) mode (LVS-DR)
Principle: load balancer and RS use the same IP external services but only DR ARP request responds, all RS to own the IP of ARP remain silent request. that is, a request for the service gateway IP will all directed to DR, and DR receives a data packet according to the scheduling algorithm, find the corresponding RS, the RS destination MAC address to a MAC (since the same IP) and this a request to the RS. In this case, after the RS receives the data packet, the processing is completed, since the same IP, the data may be directly returned to the client, the packet is then equal to the received directly from the client is no different, directly after treatment back to the client.
advantages: and TUN (tunnel mode), as only the load balancer to distribute the request response packet back to the client via a separate routing method. Compared with the VS-TUN, VS-DR tunnel structure does not require such an implementation, the operating system can be used most as a physical server.
:( shortcomings can not say shortcomings, can only be said to be inadequate) requires the card must load balancer on the physical network card in a physical segment.
3, IP tunnel (Tunnel) mode (VS-TUN)
Principle: Most Internet service request packet on the Internet is very short, and response packets usually large. After then the tunnel mode is, the client to the packet, a new IP header encapsulated marker (only the destination IP) issued RS, the RS is received, the first to unlock the first packet, packet data reduction process directly back to the client, you do not need to go through the load balancer. Note that since the RS need to load balancer sent me a packet reduction, so that must support IPTUNNEL agreement. so, in RS kernel must be compiled to support this option IPTUNNEL
advantage: the load balancer is only responsible for the request package to the back-end server node, and the RS package will answer directly to the user. Therefore, reducing the amount of data flow in the load balancer, the load balancer is no longer the bottleneck of the system, it can handle the huge amount of requests in this way, a load balancer can be distributed into many RS. And running can be distributed in different areas of the public Internet.
Drawback: RS node tunnel mode requires legitimate IP, this approach requires all servers support the "IP Tunneling" (IP Encapsulation) protocol, a server may only be limited to the part of the Linux system.
4, FULL-NAT mode
Principle: The client initiates a request for VIP, Director took the discovery request is a request to the back-end service. Direcrot request packet do full-nat, Dip to the source ip, ip is converted to the target of any RIP RS rear end, and then sent to the backend, rs upon request, responds to the respective source ip target Rip ip or DIP, and routing to internal routing Director, Director received a response packet, a full-nat. The source address of VIP, the target address to CIP
Request using DNAT, SNAT response using
lvs-fullnat (bi-directional conversion)
By source address request packet is DIP, the goal is to achieve forward RIP: For the response packet, the source address is modified VIP, CIP to achieve the target address is forwarded:
CIP --> DIP VIP --> RIP
RIP --> VIP DIP–>CIP
7.lvs achieve four load-balancing project combat
5, the difference between the four of
lvs-nat and lvs-fullnat: request and response messages via the Director
lvs-nat: RIP gateway to point DIP
lvs-fullnat: two-way conversion
lvs-dr and lvs-tun: To request packets via the Director, but the response message RS sent directly by the Client
lvs-dr: by the new MAC header to realize the package, the MAC forwarding network
lvs-tun: implemented by the original IP packet encapsulating the new outer IP header forwarding, support for long-distance communication
LVS load balancing cluster enterprise applications in actual combat LVS / DR mode LVS-NAT mode
LVS load balancing cluster enterprise applications in actual combat
