This article is reproduced from: http://kb.cnblogs.com/page/188170/
(one)
A simple understanding of Layer 4 and Layer 7 load balancing:
①The so-called Layer 4 is load balancing based on IP+port; Layer 7 is load balancing based on application layer information such as URLs; Similarly, there are Layer 2 load balancing based on MAC addresses and Layer 3 load balancing based on IP addresses. In other words, Layer 2 load balancing will receive requests through a virtual MAC address, and then assign it to a real MAC address; Layer 3 load balancing will receive requests through a virtual IP address, and then assign it to a real IP address; four Layer receives requests through virtual IP+port, and then distributes them to real servers; Layer 7 receives requests through virtual URLs or hostnames, and then distributes them to real servers.
②The so-called Layer 4 to Layer 7 load balancing is to determine how to forward traffic based on Layer 4 information or Layer 7 information when load balancing the servers in the background. For example, Layer 4 load balancing is to determine which traffic needs to be load balanced by publishing the IP address (VIP) of Layer 3 and then adding the port number of Layer 4, and NAT the traffic to be processed and forward it to the background server. And record which server handles the TCP or UDP traffic. All subsequent traffic of this connection is also forwarded to the same server for processing. The seven-layer load balancing is based on the four-layer (no four-layer is absolutely impossible to have seven-layer), and then consider the characteristics of the application layer, such as the load balancing of the same Web server, in addition to the VIP plus 80 port identification Whether the traffic needs to be processed can also be determined according to the seven-layer URL, browser category, and language whether to perform load balancing. For example, if your web server is divided into two groups, one is Chinese language and the other is English language, then Layer 7 load balancing can automatically identify the user language when users access your domain name, and then select The corresponding language server group performs load balancing processing.
③ Load balancers are usually called Layer 4 switches or Layer 7 switches. The Layer 4 switch mainly analyzes the IP layer and the TCP/UDP layer to achieve Layer 4 traffic load balancing. In addition to supporting Layer 4 load balancing, Layer 7 switches also analyze application layer information, such as HTTP protocol URI or cookie information.
1. Load balancing is divided into L4 switch (layer four switching), that is, it works at the fourth layer of OSI, which is the TCP layer. This kind of Load Balance does not understand application protocols (such as HTTP/FTP/MySQL, etc.). Example: LVS, F5.
2. The other is called L7 switch (layer seven switching), the highest layer of OSI, the application layer. At this point, the Load Balancer can understand the application protocol. Example: haproxy, MySQL Proxy.
Note: Many of the above Load Balancers can do both Layer 4 switching and Layer 7 switching.
(two)
Load balancing devices are also often referred to as "Layer 4 to Layer 7 switches", so what is the difference between Layer 4 and Layer 7?
First, the difference in technical principles.
The so-called four-layer load balancing , that is, mainly through the target address and port in the message, plus the server selection method set by the load balancing device, to determine the final internal server.
Taking the common TCP as an example, when the load balancing device receives the first SYN request from the client, it selects an optimal server through the above method, and modifies the target IP address in the packet (to the back-end server). IP), forwarded directly to the server. The connection establishment of TCP, that is, the three-way handshake is established directly between the client and the server, and the load balancing device only acts as a router-like forwarding action. In some deployment scenarios, in order to ensure that the server's return packets can be correctly returned to the load balancing device, the original source address of the packet may be modified while forwarding the packet.
The so-called seven-layer load balancing , also known as "content switching", mainly determines the final selected internal server mainly through the truly meaningful application layer content in the message, plus the server selection method set by the load balancing device.
Taking the common TCP as an example, if the load balancing device needs to select the server according to the real application layer content, it can only accept the real application sent by the client only after the final server establishes a connection (three-way handshake) with the client. Then, according to the specific fields in the packet and the server selection method set by the load balancing device, the final internal server is determined. A load balancing device in this case is more like a proxy server. Load balancing and front-end clients and back-end servers will establish TCP connections respectively. Therefore, from the perspective of this technical principle, the seven-layer load balancing obviously requires higher load balancing equipment, and the ability to handle seven layers is bound to be lower than the four-layer mode of deployment.
Second, the needs of application scenarios.
The advantage of the seven-layer application load is to make the entire network more " intelligent ". For example, user traffic accessing a website can forward image requests to a specific image server through a seven-layer method and use caching technology; text requests can be forwarded to a specific text server and use compression. Technology. Of course, this is just a small case of a seven-layer application. From the technical principle, this method can modify the client's request and the server's response in any sense, which greatly improves the flexibility of the application system at the network layer. Many functions deployed in the background, such as Nginx or Apache, can be moved forward to the load balancing device, such as Header rewriting in client requests, keyword filtering in server responses, or content insertion.
Another feature that is often mentioned is security. The most common SYN Flood attack in the network, that is, hackers control many source clients and use fake IP addresses to send SYN attacks to the same target. Usually, this kind of attack will send a large number of SYN packets and exhaust relevant resources on the server to achieve Denial of Service ( DoS ) purpose. It can also be seen from the technical principle that these SYN attacks will be forwarded to the back-end server in the four-layer mode; while in the seven-layer mode, these SYN attacks will naturally be terminated on the load balancing device and will not affect the normal operation of the background server. . In addition, the load balancing device can set a variety of strategies at the seven-layer level to filter specific packets, such as SQL Injection and other application-level specific attack methods, and further improve the overall security of the system from the application level.
The current 7-layer load balancing mainly focuses on the application of the HTTP protocol, so its application scope is mainly for many websites or internal information platforms and other systems developed based on B/S. Layer 4 load balancing corresponds to other TCP applications, such as ERP systems developed based on C/S.
Third, the seven-layer application needs to be considered.
1: Is it really necessary? Layer 7 applications can indeed improve traffic intelligence. At the same time, it will inevitably bring about complex equipment configuration, increased load balancing pressure, and complexity in troubleshooting. When designing the system, it is necessary to consider the mixed situation of the simultaneous application of four layers and seven layers.
2: Is it really possible to improve security . For example, in a SYN Flood attack, the seven-layer mode does block these traffic from the server, but the load balancing device itself must have strong anti-DDoS capabilities. Otherwise, even if the server is normal and the load balancing device as the central scheduling fails, the entire application will collapse.
3: Whether there is enough flexibility . The advantage of the seven-layer application is that it can make the traffic of the entire application intelligent, but the load balancing device needs to provide a complete seven-layer function to meet the application-based scheduling of customers according to different situations. The simplest assessment is whether it can replace the scheduling function on servers such as Nginx or Apache in the background. A load balancing device that can provide a seven-layer application development interface allows customers to arbitrarily set functions according to their needs, and it is truly possible to provide powerful flexibility and intelligence.
(This section is from the "ADC Technology Blog" blog, please be sure to keep this source http://virtualadc.blog.51cto.com/3027116/591396)
(three)
Introduction to Layer 4 and Layer 7 of Load Balancing:
Load Balance (Load Balance) is based on the existing network structure, which provides a cheap, effective and transparent method to expand the bandwidth of network devices and servers, increase throughput, strengthen network data processing capabilities, and improve network flexibility and availability. .
Load balancing has two meanings: first, a large amount of concurrent access or data traffic is shared on multiple node devices for separate processing, reducing the time for users to wait for a response; second, a single heavy-load operation is shared on multiple node devices for parallel processing After processing, each node device summarizes the results and returns them to the user, and the system processing capacity is greatly improved.
The load balancing technology to be introduced in this article mainly refers to the application of balancing the traffic load between all servers and applications in the server group. At present, most of the load balancing technologies are used to improve applications such as Web servers, FTP servers and other mission-critical servers. Availability and scalability of Internet server programs.
Classification of load balancing technologies
At present, there are many different load balancing technologies to meet different application requirements. The following are classified from the device objects used in load balancing, the network level of the application (referring to the OSI reference model), and the geographical structure of the application.
Software/hardware load balancing
Software load balancing solution refers to the installation of one or more additional software on the corresponding operating system of one or more servers to achieve load balancing, such as DNS Load Balance, CheckPoint Firewall-1 ConnectControl, etc. Its advantages are based on specific environments , the configuration is simple, the use is flexible, and the cost is low, which can meet the general load balancing requirements.
The software solution also has many disadvantages, because the installation of additional software on each server will consume a certain amount of system resources. The more powerful the module, the more it will consume. Therefore, when the connection request is particularly large, the software itself will It becomes a key to the success or failure of server work; the software scalability is not very good, and it is limited by the operating system; due to the bugs of the operating system itself, it often causes security problems.
The hardware load balancing solution is to directly install a load balancing device between the server and the external network. This kind of device is usually called a load balancer. Because the special device completes the special task and is independent of the operating system, the overall performance is greatly improved. Coupled with diversified load balancing strategies and intelligent traffic management, the optimal load balancing requirements can be achieved.
There are various forms of load balancers. In addition to being load balancers in an independent sense, some load balancers are integrated in the switching device and placed between the server and the Internet link, and some use two network adapters to connect the load balancer. The function is integrated into the PC, one is connected to the Internet, and the other is connected to the internal network of the back-end server farm.
Generally speaking, hardware load balancing is better than software in function and performance, but it is expensive.
From the geographical structure of its application, load balancing is divided into local load balancing (Local Load Balance) and global load balancing (Global Load Balance, also known as regional load balancing). Local load balancing refers to load balancing for local server groups. Load balancing refers to load balancing among server groups that are placed in different geographical locations and have different network structures.
Local load balancing can effectively solve the problems of excessive data traffic and heavy network load, and it does not need to spend expensive expenses to purchase servers with excellent performance, make full use of existing equipment, and avoid the loss of data traffic caused by a single point of failure of the server. It has flexible and diverse balancing strategies to reasonably distribute data traffic to the shared burden of servers in the server group. Even if the existing server is expanded and upgraded, a new server is simply added to the service group without changing the existing network structure and stopping the existing service.
Global load balancing is mainly used for sites that have their own servers in multiple regions. In order to enable global users to access the nearest server with only one IP address or domain name, so as to obtain the fastest access speed, it can also be used for subsidiaries. Large companies with widely distributed sites use Intranet (enterprise intranet) to achieve the purpose of uniform and rational distribution of resources.
Load balancing at the network level
According to the different bottlenecks of heavy load on the network, starting from different levels of the network, we can use the corresponding load balancing technology to solve the existing problems.
As the bandwidth increases and the data traffic continues to increase, the data interface of the core part of the network will face a bottleneck problem. The original single line will be difficult to meet the demand, and the line upgrade is too expensive or even difficult to achieve. At this time, it can be considered. Link aggregation (Trunking) technology.
Link aggregation technology (layer 2 load balancing) uses multiple physical links as a single aggregated logical link, and network data traffic is shared by all physical links in the aggregated logical link, thus increasing the logical The capacity of the link is enlarged so that it can meet the demand for increased bandwidth.
Modern load balancing techniques typically operate at Layer 4 or Layer 7 of the network. Layer 4 load balancing maps a legally registered IP address on the Internet to the IP addresses of multiple internal servers, and dynamically uses one of the internal IP addresses for each TCP connection request to achieve the purpose of load balancing. In Layer 4 switches, this kind of balancing technology is widely used. A destination address is the VIP (Virtual IP address) connection request of the server group. The data packets flow through the switch. Or UDP port number and a certain load balancing strategy, map between server IP and VIP, and select the best server in the server group to process connection requests.
Layer 7 load balancing controls the content of application layer services, provides a high-level control method for access traffic, and is suitable for applications to HTTP server groups. Layer 7 .
The advantages of Layer 7 load balancing are shown in the following aspects:
Through the inspection of HTTP headers, HTTP400, 500 and 600 series of error messages can be detected, so the connection request can be redirected to another server transparently, avoiding application layer failures.
According to the type of data flowing through (such as judging whether the data packet is an image file, a compressed file or a multimedia file format, etc.), the data flow can be directed to the server of the corresponding content for processing, thereby increasing the system performance.
According to the type of connection request, such as static document request such as ordinary text and image, or dynamic document request such as asp and cgi, the corresponding request can be directed to the corresponding server for processing, which improves the performance and security of the system.
Layer 7 load balancing is limited by the protocols it supports (usually only HTTP), which limits its wide application, and checking HTTP headers will take up a lot of system resources, which will inevitably affect the performance of the system. In the case of requests, the load balancing device itself can easily become the bottleneck of the overall network performance.
load balancing strategy
In practical applications, we may not want to just distribute client service requests to internal servers evenly, regardless of whether the server is down or not. Instead, I want to make the Pentium III server accept more service requests than the Pentium II. A server that handles fewer service requests can allocate more service requests, and the failed server will no longer accept service requests until the failure recovers, etc. Wait.
Select an appropriate load balancing strategy to enable multiple devices to complete tasks together, eliminating or avoiding existing bottlenecks such as uneven network load distribution and long response time for data traffic congestion. In each load balancing method, there are corresponding load balancing strategies for load balancing at the second, third, fourth and seventh layers of the OSI reference model according to different application requirements.
There are two key factors for the pros and cons of the load balancing strategy and the difficulty of its realization: first, the load balancing algorithm, and second, the detection method and capability of the network system status.
Considering the different types of service requests, the different processing capabilities of the servers, and the uneven load distribution caused by random selection, in order to more reasonably distribute the load to multiple internal servers, it is necessary to apply corresponding services that can correctly reflect the processing of each server. Load balancing algorithm for capacity and network status :
Round Robin: Each time a request from the network is distributed to the internal servers in turn, starting from 1 to N and then starting over. This kind of balancing algorithm is suitable for the situation that all the servers in the server group have the same hardware and software configuration and the average service request is relatively balanced.
Weighted Round Robin: According to the different processing capabilities of the servers, each server is assigned different weights so that it can accept service requests with the corresponding weights. For example, the weight of server A is designed to be 1, the weight of B is 3, and the weight of C is 6, then servers A, B, and C will receive 10%, 30%, and 60% of service requests respectively. This balancing algorithm can ensure that high-performance servers get more utilization and avoid overloading low-performance servers.
Random Balance (Random): Randomly distribute requests from the network to multiple internal servers.
Weighted Random: This equalization algorithm is similar to the weighted round-robin algorithm, but it is a random selection process when processing requests for sharing.
Response Time: The load balancing device sends a probe request (such as Ping) to each internal server, and then decides which server to respond to the client's service request according to the fastest response time of each internal server to the probe request. . This balancing algorithm can better reflect the current running state of the server, but the fastest response time only refers to the fastest response time between the load balancing device and the server, not the fastest response time between the client and the server.
Least Connection (Least Connection): The time that each client request service stays on the server may vary greatly. As the working time increases, if a simple round-robin or random balancing algorithm is used, each server The connection process may vary greatly and is not truly load balanced. The least number of connections balancing algorithm has a data record for each server that needs to be loaded internally, recording the number of connections currently being processed by the server. When there is a new service connection request, the current request will be allocated to the server with the least number of connections. The server makes the balance more in line with the actual situation and the load is more balanced. This balancing algorithm is suitable for long-term processing request services, such as FTP.
Processing capacity balancing: This balancing algorithm will allocate service requests to the server with the lightest processing load (converted according to the server CPU model, CPU number, memory size, and current number of connections, etc.), because the processing of the internal server is considered. capacity and current network operating conditions, so this balancing algorithm is relatively more accurate, especially when applied to the seventh layer (application layer) load balancing.
DNS response balance (Flash DNS): On the Internet, whether it is HTTP, FTP or other service requests, the client generally finds the exact IP address of the server through domain name resolution. Under this balancing algorithm, load balancing devices located in different geographical locations receive a domain name resolution request from the same client, and resolve the domain name to the IP address of their corresponding server at the same time (that is, the same as the load balancing device). The IP address of the server in the same geographic location) and return it to the client, the client will continue to request the service by resolving the IP address with the first received domain name, and ignore other IP address responses. In the case that this kind of balancing strategy is suitable for global load balancing, it is meaningless for local load balancing.
Although there are a variety of load balancing algorithms that can better allocate data traffic to servers to load, but if the load balancing strategy does not have the ability to detect the network system status, once a server or a certain section of load balancing equipment and servers In the case of network failures, the load balancing device still directs part of the data traffic to that server, which will inevitably cause a large number of service requests to be lost and fail to meet the requirements of uninterrupted availability. Therefore, a good load balancing strategy should have detection :
Ping detection: Detect the status of the server and network system by ping. This method is simple and fast, but it can only roughly detect whether the network and the operating system on the server are normal, and it is powerless to detect the application services on the server.
TCP Open detection: Each service will open a connection through TCP, and check whether a TCP port on the server (such as Telnet port 23, HTTP port 80, etc.) is open to determine whether the service is normal.
HTTP URL detection: For example, an access request to the main.html file is sent to the HTTP server. If an error message is received, the server is considered to be faulty.
In addition to the two factors mentioned above, the pros and cons of the load balancing strategy, in some applications, we need to assign all requests from the same client to the same server for burden, such as the server registering the client, shopping In the case of a local database where service request information is stored, it is crucial to assign the client's sub-requests to the same server for processing. There are two ways to solve this problem. One is to assign multiple requests from the same client to the same server for processing according to the IP address. The corresponding information between the client IP address and the server is saved on the load balancing device; The client browser cookie makes a unique identifier to assign multiple requests to the same server for processing, which is suitable for clients who surf the Internet through a proxy server.
There is also an Out of Path Return mode. When a client connection request is sent to a load balancing device, the central load balancing device will direct the request to a certain server, and the server's response request will no longer be returned to the central load balancing device. The device bypasses the traffic distributor and returns it directly to the client. Therefore, the central load balancing device is only responsible for accepting and forwarding requests, which reduces the network load a lot and provides the client with a faster response time. This mode is generally used in HTTP server groups. A virtual network adapter should be installed on each server, and its IP address should be set as the VIP of the server group, so that the three-way handshake can be successfully achieved when the server directly responds to the client's request.
Load Balancing Implementation Elements
The load balancing solution should be considered in the early stage of website construction, but sometimes with the explosive growth of access traffic, beyond the expectations of decision makers, this has become a problem that has to be faced. When we introduce a load balancing solution or even implement it, like many other solutions, we first determine the current and future application requirements, and then make a trade-off between the cost and the benefit.
According to the current and future application requirements, to analyze the differences of network bottlenecks, we need to establish which type of load balancing technology to use, what kind of balancing strategy to use, and how much to meet in terms of availability, compatibility, security, etc. needs, and so on.
Regardless of whether the load balancing solution is implemented by means of less expensive software, or by purchasing expensive hardware such as Layer 4 switches and load balancers with stronger performance and functions, or other types of balancing technologies, the following The terms are all issues that we may want to consider when introducing an equilibrium scheme:
Performance: Performance is a key issue we need to consider when introducing a balanced solution, but it is also the most difficult issue to grasp. When measuring performance, the number of packets passing through the network per second can be used as a parameter, and the other parameter is the maximum number of concurrent connections that can be handled by the server farm in the balanced scheme. However, it is assumed that a balanced system can handle millions of concurrent connections. The number of connections, but it can only be forwarded at a rate of 2 packets per second, which obviously has no effect. The pros and cons of performance are closely related to the processing capability of the load balancing device and the balancing strategy adopted, and there are two points to note: 1. The overall performance of the balancing solution on the server farm is the key to the speed of responding to client connection requests; 2. Load Balance the performance of the device itself to avoid a service bottleneck due to insufficient performance when there are a large number of connection requests. Sometimes we can also consider adopting a mixed load balancing strategy to improve the overall performance of the server farm, such as the combination of DNS load balancing and NAT load balancing. In addition, for sites with a large number of static document requests, caching technology can also be considered, which is more cost-effective and can improve response performance; for sites with a large number of ssl/xml content transmissions, ssl/xml should be considered. Accelerate technology.
Scalability: IT technology is changing with each passing day. The latest product a year ago may now be the product with the lowest performance in the network; the rapid increase in business volume, the network one year ago now requires a new round of expansion. A suitable balancing solution should be able to meet these requirements, balance the load between different operating systems and hardware platforms, balance the load of different servers such as HTTP, mail, news, proxy, database, firewall, and Cache, and Some resources are dynamically added or deleted in a completely transparent manner to the client.
Flexibility: A balanced solution should be able to flexibly provide different application requirements to meet changing application requirements. When different server groups have different application requirements, there should be a variety of balancing strategies to provide a wider range of choices.
Reliability: In sites that require high quality of service, a load balancing solution should be able to provide complete fault tolerance and high availability for the server farm. However, when the load balancing device itself fails, there should be a good redundancy solution to improve reliability. When redundancy is used, multiple load balancing devices in the same redundant unit must have an effective way to monitor each other and protect the system from major failures as much as possible.
Ease of management: Whether it is a balanced solution through software or hardware, we all hope that it has a flexible, intuitive and safe management method, which facilitates installation, configuration, maintenance and monitoring, improves work efficiency and avoids errors. On the hardware load balancing device, there are currently three management methods to choose from: 1. Command Line Interface (CLI: Command Line Interface), which can be managed by connecting to the serial interface of the load balancing device through the HyperTerminal, or by telnet remote login management , when initializing the configuration, the former is often used; 2. Graphical User Interfaces (GUI: Graphical User Interfaces), including management based on ordinary web pages, and security management through Java Applet, generally need to be installed on the management side. version of the browser; three, SNMP (Simple Network Management Protocol, Simple Network Management Protocol) support, through the third-party network management software to manage SNMP-compliant devices.