The principle of LVS load balancing, the actual deployment of LVS load balancing in NAT mode (detailed picture and text!)
Article Directory
One, cluster technology
1. The meaning of clusters
The so-called cluster is also called a cluster (Cluster). It is composed of multiple hosts, but only appears as a whole externally, and only provides one access entry (domain name or IP), which is equivalent to a large computer.
In practical applications, there will always be a load balancing server before the web server cluster. The task of the load balancing device is to serve as the entrance to the web server traffic, select the most suitable web server, and forward the client's request to it for processing. Transparent forwarding from the client to the real server.
LVS, Nginx, and HAProxy are currently the three most widely used software load balancing software.
2. Applicable scenarios
The use of load balancing is generally based on the use of different technologies at different stages as the scale of the website increases.
If it is a small and medium-sized web application, for example, the daily PV is less than 10 million, using Nginx is completely fine.
If there are a lot of machines, DNS polling can be used. LVS consumes a lot of machines.
For large websites or important services, and there are more servers, you can consider using LVS.
At present, the website architecture is generally reasonable and popular: the web front-end uses Nginx/HAProxy+Keepalived as the load balancer; the back-end uses MySQ L database with one master and multiple slaves and read-write separation, and uses the LVS+Keepalived architecture.
3. The significance of the existence of clusters
3.1 The emergence of the problem
In Internet applications, as sites have higher and higher requirements for hardware performance, response speed, service stability, and data reliability, a single server can no longer meet the requirements for load balancing and high availability.
3.2 Solution
Method 1: Use expensive minicomputers and mainframes. (High cost)
Method 2: Use multiple relatively inexpensive ordinary servers to build a service cluster. (Low cost)
Most companies choose method two to integrate multiple servers, use LVS to achieve high server availability and load balancing, and provide the same services externally from the same IP address. And this is a cluster technology commonly used in enterprises-LVS (Linux Virtual Server, Linux Virtual Server).
Note: The first type is vertical expansion, and the second type is horizontal expansion.
2. Types of clusters
1. According to the target difference of the cluster, it can be divided into three types
Load balancing cluster
High-availability cluster
High-performance computing cluster
2. Overview of the three clusters
Load Balance Cluster
- With the goal of improving the responsiveness of the application system, processing as many access requests as possible, and reducing latency, the overall performance of high concurrency and load (LB) is obtained.
- The load distribution of LB relies on the offloading algorithm of the master node, which distributes the access requests from the client to multiple server nodes, thereby alleviating the load of the entire system.
High Availability Cluster
- To improve the reliability of the application system and reduce the interruption time as much as possible, to ensure the continuity of the service, and achieve the fault tolerance effect of high availability (HA)
- The working mode of HA includes duplex and master-slave modes. Duplex means that all nodes are online at the same time; master-slave means that only the master node is online, but when a failure occurs, the slave node can automatically switch to the master node.
For example: "Failover", "Dual-system hot backup" and so on.
High Performance Computer Cluster
- With the goal of increasing the CPU computing speed of the application system, expanding the hardware resources and analysis capabilities, it will obtain the equivalent of large-scale, supercomputer high-performance computing (HPC) capabilities.
- The high performance of the high-performance computing cluster relies on "distributed computing" and "parallel computing". The CPU, memory and other resources of multiple servers are integrated through dedicated hardware and software to achieve computing capabilities that only large and supercomputers have. .
Three, load balancing cluster architecture
1. Load balancing structure
- At the first level, the load scheduler (Load Balancer or Director)
accesses the unique entrance of the entire cluster system, and uses the VIP address shared by all servers externally, which is also called the cluster IP address. Usually two schedulers, the main and the backup, are configured to achieve hot backup. When the main scheduler fails, it can be smoothly replaced to the backup scheduler to ensure high availability. - The second layer,
the application services provided by the server pool (Server Pool) cluster are borne by the server pool, where each node has an independent RIP address (real IP), and only processes client requests distributed by the scheduler. When a node fails temporarily, the fault-tolerant mechanism of the load scheduler will isolate it and wait for the error to be eliminated before re-entering it into the server pool. - The third layer, Shared Storage
provides stable and consistent file access services for all nodes in the server pool, ensuring the unity of the entire cluster. Shared storage can use NAS devices or provide dedicated servers for NFS sharing services.
2. LVS load balancing mechanism
- LVS is a four-layer load balancing, which is built on the fourth layer of the OSI model-the transport layer. The transport layer has the familiar TCP/UDP, and LVS supports TCP/UDP
load balancing. - Because LVS is a four-layer load balancing, compared to other high-level load balancing solutions, such as DNS domain name rotation resolution, application layer load scheduling, client scheduling, etc., its efficiency is very high.
3. Analysis of load balancing cluster working mode
- Load balancing clusters are currently the most commonly used cluster type in enterprises
- The cluster load scheduling technology has 3 working modes, the modes are as follows
3.1 NAT mode: address translation
- Network Address Translation, referred to as NAT mode
- Similar to the private network structure of the firewall, the load scheduler acts as the gateway of all server nodes, that is, as the access entrance of the client, and also the access exit of each node in response to the client
- The server node uses a private IP address and is located on the same physical network as the load scheduler. The security is better than the other two methods.
3.2 TUN mode: IP tunnel
- IP Tunnel, referred to as TUN mode
- Adopting an open network structure, the load scheduler only serves as the client's access entrance, and each node directly responds to the client through its own Internet connection, instead of passing through the load scheduler
- The server nodes are scattered in different locations in the Internet, have independent public IP addresses, and communicate with the load scheduler through a dedicated IP tunnel
3.3DR mode: direct routing
- Direct Routing, referred to as DR mode
- It adopts a semi-open network structure, which is similar to the structure of the TUN model, but the nodes are not scattered everywhere, but are located on the same physical network as the scheduler
- The load scheduler is connected to each node server through the local network, without the need to establish a dedicated IP tunnel
In the above three working modes
- The NAT method only needs one public IP address, making it the easiest to use load balancing mode with better security. Many hardware load balancing devices use this method;
- DR mode and TUN mode have stronger load capacity and wider application range, but the security of the node is slightly worse.
Four, about LVS virtual server
1.Linux Virtual Server
● Load balancing solution developed for Linux kernel
● Founded by Dr. Zhang Wensong of China in May 1998
● Official website: http://www.linuxvirtualserver.orgl
● LVS is actually equivalent to virtualized applications based on IP addresses. Load balancing based on IP address and content request distribution proposes an efficient solution
2. The importance of LVS
LVS has now become a part of the Linux kernel, compiled as an ip_ vs module by default, and can be called automatically when necessary. In the CentOS 7 system, the following operations can manually load the ip_ vs module and view the version information of the ip_ vs module in the current system.
#加载ip_va模块
modprobe ip_vs
#确认内核对LVS的支持
cat /proc/net/ip_vs
3. LVS management tool: ipvsadm
ipvsadm function and option description
| Options | function |
|---|---|
| -A | Add a virtual server |
| -D | Delete the entire virtual server |
| -s | Specify load scheduling algorithm (polling: rr, weighted round-robin: wrr, least connection: lc, weighted least connection: wlc) |
| -a | Means to add a real server (node server) |
| -d | Delete a node |
| -t | Specify VIP address and TCP port |
| -r | Specify RIP address and TCP port |
| -m | Indicates the use of NAT cluster mode |
| -g | Indicates the use of DR mode |
| -i | Means to use TUN mode |
| -w | Set the weight (when the weight is 0, the node is suspended) |
| -p 60 | Means to keep a long connection for 60 seconds |
| -l | View LVS virtual servers in a list (the default is to view all) |
| -n | Display address, port and other information in digital form, often used in combination with the "-l" option. ipvsadm -ln |
4. LVS load scheduling algorithm
1) Round Robin
● The received access requests are allocated to each node (real server) in the cluster in turn in order, and each server is treated equally, regardless of the actual number of connections and system load of the server
2) Weighted Round Robin
● Distribute requests according to the weight value set by the scheduler. Nodes with higher weight value will get the task first, and the more requests are allocated.
● Ensure that the server with strong performance bears more access traffic
3) Least Connections
● According to the number of connections established by the real server, the received access request is assigned to the node with the least number of connections first
4) Weighted Least Connections (Weighted L east Connections)
● When the performance difference of server nodes is large, the weight can be automatically adjusted for the real server
● Nodes with higher performance will bear a larger proportion of the active connection load
Five, LVS load balancing NAT mode cluster deployment
The LVS scheduler is used as the gateway of the Web server pool, LVS has two network cards, respectively connected to the internal and external networks, using the round-robin (rr) scheduling algorithm
Environment deployment
| Host | operating system | IP address | Required tools/services |
|---|---|---|---|
| Load scheduler | CentOS7 7-2 |
Internal gateway: 192.168.2.4 External gateway: 12.0.0.1 |
ipvsadm |
| NFS server | CentOS7 7-3 |
192.168.2.5 | rpcbind、nfs-utils |
| Web node server 1 | CentOS7 7-4 |
192.168.2.6 | rpcbind、nfs-utils、httpd |
| Web node server 2 | CentOS7 7-5 |
192.168.2.7 | rpcbind、nfs-utils、httpd |
| Client | Windows10 | 12.0.0.10 |
Note: The gateway of the load dispatcher can be set to its own IP or not. The gateways of the server and client must be set, and the address is the internal and external gateway addresses of the load dispatcher. (A gateway is required for cross-network access)
1. Deploy NFS shared storage
CentOS7-3 192.168.2.5
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
yum -y install nfs-utils rpcbind
systemctl start rpcbind.service
systemctl start nfs.service
systemctl enable nfs.service
systemctl enable rpcbind.service
mkdir /opt/test1
mkdir /opt/test2
chmod 777 /opt/test1
chmod 777 /opt/test2
vim /etc/exports
/opt/test1 192.168.2.0/24(rw,sync)
/opt/test2 192.168.2.0/24(rw,sync)
exportfs -rv
2. Configure the node server
Web1 server: CentOS7-4 192.168.2.6
Web2 server: CentOS7-5 192.168.2.7
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
yum install httpd -y
systemctl start httpd.service
systemctl enable httpd.service
yum -y install nfs-utils rpcbind
systemctl start rpcbind
systemctl enable rpcbind
showmount -e 192.168.2.5
Web1 server: CentOS7-4 192.168.2.6
mount.nfs 192.168.2.5:/opt/test1 /var/www/html
df -h
echo 'this is test1 web!' > /var/www/html/index.html
Web2 server: CentOS7-5 192.168.2.7
mount.nfs 192.168.2.5:/opt/test2 /var/www/html
df -h
echo 'this is test2 web!' > /var/www/html/index.html
3. Configure the load scheduler
Load scheduler: inner gateway ens33: 192.168.2.4, outer gateway ens36: 12.0.0.1
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
1) Configure SNAT forwarding rules
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
或
echo '1' > /proc/sys/net/ipv4/ip_forward
sysctl -p
iptables -t nat -F
iptables -F
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o ens36 -j SNAT --to-source 12.0.0.1
2) Load the LVS kernel module
#加载 ip_vs模块
modprobe ip_vs
#查看 ip_vs版本信息
cat /proc/net/ip_vs
3) Install the ipvsadm management tool
yum -y install ipvsadm
#启动服务前须保存负载分配策略
ipvsadm-save > /etc/sysconfig/ipvsadm
或
ipvsadm --save > /etc/sysconfig/ipvsadm
systemctl start ipvsadm.service
4) Configure load distribution strategy (NAT mode only needs to be configured on the server, no special configuration is required for the node server)
#清除原有策略
ipvsadm -C
ipvsadm -A -t 12.0.0.1:80 -s rr
ipvsadm -a -t 12.0.0.1:80 -r 192.168.2.6:80 -m
ipvsadm -a -t 12.0.0.1:80 -r 192.168.2.7:80 -m
#启用策略
ipvsadm
#查看节点状态,Masq代表 NAT模式
ipvsadm -ln
#保存策略
ipvsadm-save > /etc/sysconfig/ipvsadm
4. Test results
Use a browser to visit http://12.0.0.1/ on a client with an IP of 12.0.0.10, refresh and test the load balancing effect at intervals
