Load Balance (Load Balance) is an application of cluster technology (Cluster) . Load balancing can distribute work tasks to multiple processing units, thereby increasing concurrent processing capabilities. The most common load balancing application today is web load balancing. Depending on the principle of implementation, common web load balancing technologies include: DNS round robin, IP load balancing, and CDN. The IP load balancing can be implemented using hardware devices or software.
1. http redirection
When an HTTP proxy (such as a browser) requests a URL from the web server, the web server can return a new URL through the Location tag in the HTTP response header. This means that the HTTP proxy needs to continue to request this new URL to complete the automatic jump.
2. DNS load balancing
DNS is responsible for providing domain name resolution services. When visiting a site, in fact, it is first necessary to obtain the IP address pointed to by the domain name through the DNS server of the domain name of the site. In this process, the DNS server completes the mapping from the domain name to the IP address. Similarly, this mapping can also be one-to-many. At this time, the DNS server acts as a load balancing scheduler. It distributes user requests to multiple servers just like the http redirection conversion strategy, but its implementation The mechanism is completely different.
3. Reverse proxy load balancing
This must be touched by everyone, because almost all mainstream web servers are keen to support load balancing based on reverse proxy. Its core job is to forward HTTP requests. Nginx, Haproxy
Compared with the previous HTTP redirection and DNS resolution, the scheduler of the reverse proxy plays the role of the middleman between the user and the actual server:
1. Any HTTP request to the actual server must go through the scheduler
2. The scheduler must wait for the HTTP response from the actual server and feed it back to the user (the first two methods do not require scheduling feedback, the actual server sends it directly to the user)
characteristic:
1. Rich scheduling strategies. For example, different weights can be set for different actual servers, so as to achieve the effect of more work for those who are capable.
2. The concurrent processing capability of the reverse proxy server is high, because it works at the HTTP level.
3. The forwarding operation of the reverse proxy server itself requires a certain overhead, such as creating threads, establishing a TCP connection with the back-end server, receiving the processing results returned by the back-end server, analyzing HTTP header information, frequent user space and kernel space Switching, etc. Although this part of the time is not long, when the backend server has a very short time to process the request, the forwarding overhead is particularly prominent. For example, when requesting static files, it is more suitable to use the DNS-based load balancing method described above.
4. The reverse proxy server can monitor the back-end servers, such as system load, response time, availability, number of TCP connections, traffic, etc., so as to adjust the load balancing strategy according to these data.
5. The reflective proxy server can allow users to always forward all requests in a session cycle to a specific back-end server (sticky session). The advantage of this is to maintain the local access of the session, and the second is to prevent the back-end server. The dynamic memory cache is a waste of resources.
4. IP Load Balancing (LVS-NAT)
Because the reverse proxy server works at the HTTP layer, its own overhead has severely restricted scalability, thus limiting its performance limit. Is it possible to achieve load balancing below the HTTP level?
NAT server: It works at the transport layer, it can modify the sent IP data packets and modify the destination address of the data packets to the actual server address.
5. Direct Routing (LVS-DR)
NAT works at the transport layer (the fourth layer) of the network layering model, while direct routing works at the data link layer (the second layer), which seems to be more awkward. It forwards the packet to the actual server by modifying the destination MAC address of the packet (without modifying the destination IP). The difference is that the actual server's response packet will be sent directly to the client without going through the scheduler.
6. IP Tunnel (LVS-TUN)
Request forwarding mechanism based on IP tunnel: The IP data packet received by the scheduler is encapsulated in a new IP data packet and forwarded to the actual server, and then the response data packet of the actual server can reach the client directly. At present, most of Linux supports it, and it can be implemented with LVS, which is called LVS-TUN. Unlike LVS-DR, the actual server and the scheduler can not be in the same WANt network segment. The scheduler forwards requests to the actual server through IP tunneling technology. , so the actual server must also have a valid IP address.
IP负载均衡可以使用硬件设备,也可以使用软件实现。硬件设备的主要产品是F5-BIG-IP-GTM(简称F5),软件产品主要有LVS、HAProxy、NginX。其中LVS、HAProxy可以工作在4-7层,NginX工作在7层。
F5
F5的全称是F5-BIG-IP-GTM,是最流行的硬件负载均衡设备,其并发能力达到百万级。F5的主要特性包括:
1、多链路的负载均衡和冗余
可以接入多条ISP链路,在链路之间实现负载均衡和高可用。
2、防火墙负载均衡
F5具有异构防火墙的负载均衡与故障自动排除能力。
3、服务器负载均衡
这是F5最主要的功能,F5可以配置针对所有的对外提供服务的服务器配置Virtual Server实现负载均衡、健康检查、回话保持等。
4、高可用
F5设备自身的冗余设计能够保证99.999%的正常运行时间,双机F5的故障切换时间为毫秒级。
使用F5可以配置整个集群的链路冗余和服务器冗余,提高可靠的健康检查机制,以保证高可用。
5、安全性
与防火墙类似,F5采用缺省拒绝策略,可以为任何站点增加额外的安全保护,防御普通网络攻击,包括DDoS、IP欺骗、SYN攻击、teartop和land攻击、ICMP攻击等。
6、易于管理
F5提供HTTPS、SSH、Telnet、SNMP等多种管理方式,包含详尽的实时报告和历史纪录报告。同时还提供二次开发包(i-Control)。
7、其他
F5还提供了SSL加速、软件升级、IP地址过滤、带宽控制等辅助功能。