Several Implementation Ways of Web Load Balancing

Others 2022-05-23 11:47:39 views: 0

Load Balance (Load Balance) is an application of cluster technology (Cluster). Load balancing can distribute work tasks to multiple processing units, thereby increasing concurrent processing capabilities. The most common load balancing application today is web load balancing. Depending on the principle of implementation, common web load balancing technologies include: DNS round robin, IP load balancing, and CDN. The IP load balancing can be implemented using hardware devices or software.

What is web load balancing

 

Server cluster (Cluster) enables multiple server nodes to work together. According to different purposes, server clusters can be divided into:

  • High-performance cluster: Distribute a single heavy-load request to multiple nodes for processing, and finally aggregate the processing results
  • High-availability cluster: improve redundant units and avoid single point of failure
  • Load Balancing Cluster: Distribute a large number of concurrent requests to multiple processing nodes. Since the failure of a single processing node does not affect the entire service, a load balancing cluster also achieves high availability.

The commonly mentioned load balancing (Load Balance) refers to the realization of a load balancing cluster. Load balancing implements Scale Out to avoid vertical upgrades (Scale Up).

The web load balancing in this article refers specifically to the load balancing technology that can share web requests (http, https, etc.).

 

Fundamental

 

Any load balancing technology must find a way to establish some kind of one-to-many mapping mechanism: the entry of a request is mapped to multiple nodes that process the request, so as to achieve divide and conquer (Divide and Conquer).

This mapping mechanism makes multiple physical existences externally manifest as a virtual whole, shielding the internal structure from service requesters.

Using different mechanisms to establish the mapping relationship, different load balancing technologies can be formed. Common ones include:

  • DNS round robin
  • CDN
  • IP Load Balancing

 

DNS

 

DNS round robin is the easiest way to load balance. Using the domain name as the access entry, multiple DNS A records are configured so that requests can be distributed to different servers.

DNS round robin does not have a fast health check mechanism, and only supports WRR scheduling policy, which makes it difficult to "balance" the load, and is usually used in scenarios with low requirements. In addition, the DNS polling method directly exposes the real address of the server to the user, which is not conducive to server security.

CDN

CDN (Content Delivery Network, Content Delivery Network). The content is synchronized to a large number of cache nodes through the publishing mechanism, and expanded on the DNS server to find the nearest cache node to the user as the service provider node.

Because it is difficult to build a large number of cache nodes, the services of CDN operators are usually used. At present, there are very few domestic service providers, and the price is relatively expensive according to the flow rate.

 

IP Load Balancing

 

IP load balancing is a load balancing based on a specific TCP/IP technology. Such as NAT, DR, Turning, etc. is the most frequently used method. For its principle, you can refer to another article below: Load balancing method in lvs .

IP load balancing can be implemented using hardware devices or software. The main products of hardware devices are F5-BIG-IP-GTM (F5 for short), and the main software products are LVS, HAProxy, and NginX. Among them, LVS and HAProxy can work on layers 4-7, and NginX can work on layer 7. For a simple comparison of the three, you can refer to here .

The hardware load balancing device can make the core part into a chip, which has better performance and stability, and the manageability, documentation and services of commercial products are better. The only problem is the price.

Software load balancing is usually open source software. The degree of freedom is high, but the cost of learning and management will be relatively large.

 

F5

 

F5, whose full name is F5-BIG-IP-GTM, is the most popular hardware load balancing device with a concurrency capacity of millions. Key features of the F5 include:

  1. Load balancing and redundancy for multiple links

    Multiple ISP links can be connected to achieve load balancing and high availability between links.

  2. Firewall Load Balancing

    F5 has the capability of load balancing and automatic troubleshooting of heterogeneous firewalls.

  3. Server load balancing

    This is the main function of F5. F5 can configure Virtual Server to implement load balancing, health check, and call retention for all servers that provide services to the outside world.

  4. High availability

    The redundancy design of the F5 device itself can ensure 99.999% uptime, and the failover time of the dual-machine F5 is millisecond.

    Using F5, you can configure link redundancy and server redundancy for the entire cluster, and improve a reliable health check mechanism to ensure high availability.

  5. safety

    Similar to a firewall, F5 adopts a default deny policy, which can add additional security protection to any site against common network attacks, including DDoS, IP spoofing, SYN attacks, teartop and land attacks, ICMP attacks, etc.

  6. easy to manage

    F5 provides HTTPS, SSH, Telnet, SNMP and other management methods, including detailed real-time reports and historical records reports. A secondary development kit (i-Control) is also provided.

  7. other

    F5 also provides auxiliary functions such as SSL acceleration, software upgrade, IP address filtering, and bandwidth control.

 

LVS

 

LVS ( Linux Virtual Server, Linux Virtual Server) is an open software developed by Dr. Zhang Wensong , which has been integrated into the Linux kernel.

Based on different network technologies, LVS supports multiple load balancing mechanisms. Including: VS/NAT (based on network address translation technology), VS/TUN (based on IP tunnel technology) and VS/DR (based on direct routing technology).

In addition, in order to meet different needs, Taobao developed VS/FULLNAT , which is essentially based on network address translation technology. There is also a DNAT module based on VS/FULLNAT recently.

No matter which mechanism is used, LVS does not directly process the request, but forwards the request to the real server (Real Server). Different mechanisms determine how response packets are returned to the client.

 

VS/NAT

NAT (Network Address Translation), also known as network masking or IP masking, is the process of converting an IP address in an IP packet header to another IP address.

NAT can convert private (reserved) addresses into legal IP addresses. It is usually used for direct mapping between a public IP address and multiple internal private IP addresses, and is widely used in various types of Internet access methods and various types of networks.

By using NAT to translate the destination address to multiple servers, load balancing can be achieved, and internal servers can be hidden and protected to avoid attacks from outside the network. Commercial load balancing devices such as Cisco's LocalDirector, F5's Big/IP and Alteon's ACEDirector are based on the NAT method.

VS/NAT (Virtual Server via Network Address Translation) is a method for implementing load balancing based on NAT technology. Its architecture is shown in the following figure:

 

  1. When the client accesses the network service through the Virtual IP Address (the IP address of the virtual service), the request message arrives at the scheduler

  2. The scheduler selects a server from a set of real servers according to the connection scheduling algorithm , rewrites the virtual IP Address of the message to the address of the selected server, and rewrites the destination port of the message to the corresponding port of the selected server. Send the modified message to the selected server.

  3. The real server processes the request and sends the response message to the scheduler.

  4. The scheduler changes the source address and source port of the packet to the Virtual IP Address and the corresponding port
  5. The scheduler sends the modified message to the user

In the VS/NAT cluster system, the request and response data packets need to pass through the load scheduler. When the number of real servers is between 10 and 20, the load scheduler will become a new bottleneck for the entire cluster system. Most Internet services have this characteristic: the request message is short and the response message often contains a large amount of data. If the request and the response can be processed separately, that is, the load scheduler is only responsible for scheduling the request and returning the response directly to the client, which will greatly improve the throughput of the entire cluster system. Such as IP tunneling technology.

 

VS/TUN

 

IP Tunneling (IP tunneling) technology , also known as IP encapsulation technology (IP encapsulation), is a way of transferring data between networks. An IP packet can be encapsulated into another IP packet (possibly with a different protocol) and forwarded to another IP address. IP tunnels are mainly used for mobile hosts and virtual private networks (Virtual Private Networks), in which the tunnels are established statically. One end of the tunnel has an IP address, and the other end has a unique IP address.

VS/TUN (Virtual Server via IP Tunneling) is a method for implementing load balancing based on tunneling technology. Its architecture is shown in the following figure:

 

The working mechanism of VS/TUN and VS/NAT is basically the same, the difference is:

The scheduler performs secondary encapsulation of the protocol when forwarding the message, and the real server unpacks it after receiving the request. The process is shown in the figure below:

 

  1. The response message is returned directly from the backend server to the client without going through the scheduler.

 

VS/DR

 

DR (Direct Routing, Direct Routing) , one of the methods for routers to learn routing. The router can automatically maintain the routing table for the communication between the networks directly connected to its own network interface, and does not need to perform routing calculation.

Direct routing is usually used when a Layer 3 switch is connected to several VLANs. As long as the direct routing is set, the VLANs can communicate with each other, and no other routing methods need to be set.

VS/DR (Virtual Server via Direct Routing) is a method to achieve load balancing based on direct routing. Its architecture is shown in the following figure:

Similar to the VS/TUN method, VS/DR utilizes the asymmetric characteristics of most Internet services. The load scheduler is only responsible for scheduling requests, and the server directly returns the response to the client, which can greatly improve the throughput of the entire cluster system.

VS/DR requires that both the scheduler and the server group must have a physical network card connected through a non-segmented local area network, that is, through a switch or a high-speed HUB, without a router in between. The VIP address is shared by the scheduler and the server group. The VIP address configured by the scheduler is visible to the outside world and is used to receive virtual service request packets; It is invisible from the outside and is only used to process network requests destined for VIP.

The whole process of VS/DR is very similar to that of VS/TUN. The difference is that the scheduler does not re-encapsulate the request packet, but only changes the target MAC address to the MAC address of the target server selected by the scheduling algorithm. As shown below:

Comparison of the advantages and disadvantages of the three methods

 

VS/NAT

  • advantage

    • No requirement for the operating system of the backend server
    • Only one IP address is required to be configured on the scheduler, and server groups can use private IP addresses.
    • Support port mapping

  • shortcoming

    • Both request and response packets need to go through the scheduler, and the scalability is limited (10+)
    • Require the server and the scheduler to be in the same VLAN
    • Need to point the server's default gateway to the scheduler
    • For those network services that transmit IP addresses or port numbers in message data, it is necessary to write corresponding application modules to convert IP addresses or port numbers in message data.

VS/TUN

  • advantage

    • No need to schedule response packets, high performance
    • The server and scheduler may not be in the same VLAN
    • Support wide area load balancing

  • shortcoming

    • All servers must support the "IP Tunneling" protocol, to install kernel modules (such as IPIP, etc.), the configuration is complex
    • There is the overhead of establishing an IP tunnel
    • The virtual IP (Virtaul IP) is directly bound to the server, which is very risky
    • The server needs to be connected to the external network
    • Port mapping is not supported

VS/DR

  • advantage

    • Compared to VS/TUN, without the overhead of IP tunneling, the performance is the best

  • shortcoming

    • It is required that both the scheduler and the server have a network card connected to the same physical network segment (same VLAN)
    • Require the server network device (or device alias) not to respond to ARP, or to redirect packets to the local Socket port
    • The virtual IP (Virtaul IP) is directly bound to the server, which is very risky
    • Port mapping is not supported

 

VS/FULLNAT

 

As mentioned in the previous section, the previous three traditional load balancing mechanisms each have some shortcomings.

VS/FULLNAT is a new forwarding mode developed to solve these deficiencies. The features of VS/FULLNAT are:

  1. The scheduler and server can communicate across VLANs and do not need to be configured on the same network segment
  2. Both request and response packets go through the scheduler, and the server does not need to bind a virtual IP

These two features of VS/FULLNAT can simplify network topology and reduce operation and maintenance costs and risks.

 

how to choose

 

  1. If people have less money and more money, are willing to buy more servers regardless of performance loss, and want to minimize the workload of operation and maintenance, you can choose FULLNAT
  2. A very popular way is to use DR, there are not many advantages but also not many disadvantages
  3. If you want to do WAN load balancing, then use TUN.
  4. Personally feel that NAT is not used for the Internet. Small concurrent experimental applications or used in non-web occasions, such as MySQL clusters. Of course, if port mapping is required, NAT must be used

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326757572&siteId=291194637
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com