Load Balancing Blog: http://virtualadc.blog.51cto.com/
As a device that spans the 2-7 layer protocol of the network, the load balancing device is often placed at the connection between the network device and the application device. The requirements for the engineer's basic knowledge of the network and application are much higher than other devices, so we need to focus on the basic functions. more effort to understand. There is another name for the load balancing device: Layer 4/7 switch, but it is first a Layer 2-3 switch, which requires us to master the basic knowledge of Layer 2-3 first , and then the content introduced in this article.
There are three basic features of server load balancing : load balancing algorithm, health check and session retention. These three features are the basic elements to ensure the normal operation of load balancing. Some other functions are some deepening on top of these three functions. Below we introduce the function and principle of each function in detail.
Before the load balancing device is deployed, the user directly accesses the server address (there may be a server address mapped to another address on the firewall in the middle, but it is essentially one-to-one access). When a single server cannot handle the access of many users due to insufficient performance, it is necessary to consider using multiple servers to provide services. The way to achieve this is load balancing. The implementation principle of the load balancing device is to map the addresses of multiple servers into an external service IP (we usually call it VIP . Regarding the mapping of the server, the server IP can be directly mapped to the VIP address, or the server IP:Port can be mapped . Into VIP:Port , different mapping methods will take corresponding health checks , when port mapping, the server port and VIP port can be different) , this process is transparent to the user side, the user does not actually know that the server is loaded. Balanced, because they still access a destination IP, then after the user's access reaches the load balancing device, how to distribute the user's access to the appropriate server is the work of the load balancing device. Specifically, the above is used. The three major Features .
Let's do a detailed access flow analysis :
When a user (IP: 207.17.117.20) accesses the domain name www.a10networks.com , the public network address of the domain name will first be resolved through DNS query: 199.237.202.124 , and then the user 207.17.117.20 will access the address 199.237.202.124 , so the data The packet will reach the load balancing device, and then the load balancing device will distribute the data packet to the appropriate server, see the following figure:
When the load balancing device sends the data packet to the server, the data packet has made some changes. As shown in the figure above, before the data packet reaches the load balancing device, the source address is: 207.17.117.20 , and the destination address is: 199.237.202.124, When the load balancing device forwards the data packet to the selected server, the source address is still: 207.17.117.20, and the destination address becomes 172.16.20.1 . We call this method destination address NAT (DNAT) . In general, DNAT must be done in server load balancing (there is another mode called direct server return -DSR , which does not do DNAT , we will discuss it separately), and the source address depends on the deployment mode. Sometimes it also needs to be converted into other addresses, which we call: source address NAT (SNAT) . Generally speaking, SNAT is required in bypass mode , but not in concatenated mode. This diagram is in concatenated mode, so the source address No NAT is done .
Let's look at the return packet of the server, as shown in the figure below, it has also undergone the IP address conversion process, but the source / destination address in the response packet is exactly reversed with the request packet, the source address of the packet returned from the server is 172.16.20.1 , and the destination address is For 207.17.117.20, after reaching the load balancing device, the load balancing device changes the source address to 199.237.202.124 , and then forwards it to the user to ensure the consistency of access.
The above is the processing flow of a single data packet. So how does the load balancing device choose the server? This is the first Feature we are going to introduce:
load balancing algorithm
Generally speaking, load balancing devices support multiple load balancing distribution strategies by default, such as:
Ø Polling ( RoundRobin ) sends the request to each server in a circular order. When one of the servers fails, AX takes it out of the sequential circular queue and does not participate in the next poll until it returns to normal.
Ø Ratio : Assign a weighted value to each server, and according to this ratio , assign user requests to each server. When one of the servers fails, AX takes it out of the server queue and does not participate in the allocation of the next user request until it returns to normal.
Ø Priority ( Priority ): Group all servers, define priorities for each group, and assign user requests to the server group with the highest priority (within the same group, using a pre-set polling or ratio algorithm, assign User's request); when all servers in the highest priority or a specified number of servers fail, AX will send the request to the server group of the next priority. In this way, a hot backup method is actually provided for the user.
Ø The least number of connections ( LeastConnection ): AX will record the current number of connections on each server or service port, and new connections will be delivered to the server with the least number of connections. When one of the servers fails, AX takes it out of the server queue and does not participate in the allocation of the next user request until it returns to normal.
Ø Fastest response time ( Fast Reponse time ): New connections are delivered to those servers that respond the fastest. When one of the servers fails, AX takes it out of the server queue and does not participate in the allocation of the next user request until it returns to normal.
The above are general load balancing algorithms, and some algorithms may also be used according to different needs, such as:
ØHash algorithm (hash): Hash the source address and port of the client, and forward the result to a server for processing. When one of the servers fails, it is taken out of the server queue. Do not participate in the next user-requested assignment until it returns to normal.
ØPolicy -based load balancing: Set guiding rules for different data streams, users can edit the traffic distribution policies by themselves, and use these policies to implement guiding control over the passing data streams.
Ø 基于数据包的内容分发:例如判断HTTP的URL,如果URL中带有.jpg的扩展名,就把数据包转发到指定的服务器。
继续看图分析,第二个用户207.17.117.21也访问www.a10networks.com,负载均衡设备根据负载均衡算法将第二个用户的请求转发到第二台服务器来处理。
假设在工作过程中,突然有一台服务器出现问题怎么办? 这就涉及到我们要介绍的第二个Feature:
健康检查
健康检查用于检查服务器开放的各种服务的可用状态。负载均衡设备一般会配置各种健康检查方法,例如Ping,TCP,UDP,HTTP,FTP,DNS等。Ping属于第三层的健康检查,用于检查服务器IP的连通性,而TCP/UDP属于第四层的健康检查,用于检查服务端口的UP/DOWN,如果要检查的更准确,就要用到基于7层的健康检查,例如创建一个HTTP健康检查,Get一个页面回来,并且检查页面内容是否包含一个指定的字符串,如果包含,则服务是UP的,如果不包含或者取不回页面,就认为该服务器的Web服务是不可用(DOWN)的。如下图所示,负载均衡设备检查到172.16.20.3这台服务器的80端口是DOWN的,负载均衡设备将不把后面的连接转发到这台服务器,而是根据算法将数据包转发到别的服务器。创建健康检查时可以设定检查的间隔时间和尝试次数,例如设定间隔时间为5秒,尝试次数为3,那么负载均衡设备每隔5秒发起一次健康检查,如果检查失败,则尝试3次,如果3次都检查失败,则把该服务标记为DOWN,然后服务器仍然会每隔5秒对DOWN的服务器进行检查,当某个时刻发现该服务器健康检查又成功了,则把该服务器重新标记为UP。健康检查的间隔时间和尝试次数要根据综合情况来设置,原则是既不会对业务产生影响,又不会对负载均衡设备造成较大负担。
假设是同一个用户继续访问,后续的连接会怎么处理呢? 看下图:
用户207.17.117.25之前发起的第一个连接是207.17.117.25:4003-〉199.237.202.127:80,负载均衡设备将该连接转发到了172.16.20.4,接着发起第二个连接207.17.117.25:4004-〉199.237.202.127:80,我们看到该连接还是转发到了服务器172.16.20.4,为什么呢?因为负载均衡设备配置了会话保持。
会话保持
会话保持用于保持会话的连续性和一致性,由于服务器之间很难做到实时同步用户访问信息,这就要求把用户的前后访问会话保持到一台服务器上来处理。举个例子,用户访问一个电子商务网站,如果用户登录时是由第一台服务器来处理的,但用户购买商品的动作却由第二台服务器来处理,第二台服务器由于不知道用户信息,所以本次购买就不会成功。这种情况就需要会话保持,把用户的操作都通过第一台服务器来处理才能成功。当然并不是所有的访问都需要会话保持,例如服务器提供的是静态页面比如网站的新闻频道,各台服务器都有相同的内容,这种访问就不需要会话保持。
Load balancing devices generally configure some session retention options by default, such as source address session retention, cookie session retention, etc. Different session retention should be configured based on different applications, otherwise it will cause load imbalance or even access exceptions. For details, please refer to my other essay: " Choice of Session Retention Modes in Different Application Environments ".
This article introduces the basic functions and implementation principles of load balancing. It does not seem difficult, but the knowledge involved in load balancing is actually very extensive. According to the different user systems, we need to be familiar with different protocols and application processes, and even involve Some development languages and software platforms, otherwise we may not be able to make effective judgments in the event of a failure. In this sense, an engineer of a load balancing device must master the knowledge of various aspects such as network, application and system. should be used as a basis for accumulation.