Load Balancing Blog: http://virtualadc.blog.51cto.com/
The deployment methods of load balancing can be simply divided into four categories: serial connection, one-arm, transparent and server direct return.
1. Concatenated routed mode (Routed)
In the routing deployment method, the gateway of the server usually needs to point to the load balancing device. In this case, the traffic processing is the simplest. The load balancing only performs one destination address NAT (when selecting a server) and one source address NAT (when responding to client packets). )
2. One-arm mode
In the one-arm mode, the server gateway usually points to the core switch to ensure that the traffic can be processed normally; the load balancing device needs to perform NAT translation of the source address and the destination address at the same time. That is to say, in this case, the server cannot record the source address of the real access client . If it is http traffic, it can be compensated by inserting the real source address in the header and adjusting the logging of the server.
3. Transparent mode (Transparent)
In transparent mode, the server and the load balancing device are on the same network segment; through Layer 2 transparent transmission, the traffic of the server needs to pass through the load balancing device.
4. Direct Server Return (DSR)
Direct server return is an earlier common method of load balancing. By modifying the configuration on the server, the load balancing device actually only processes the traffic requested by the client, and all the traffic responded by the server is directly returned to the client. In the early days, it was often used as a means to avoid performance bottlenecks when the load balancing performance was low. Since this method can only use some basic layer 4 loads, current high-performance load balancing devices usually do not use such deployments, but still have applications for voice and video types with high latency requirements.
| Deployment method |
Features |
advantage |
shortcoming |
| Inline routing mode |
The load balancing device uses two different network segments, Use Layer 3 to distribute traffic More common deployment methods |
• The load balancing device isolates the server effectively, and the security is the best
•服务器网关指向负载均衡设备, 功能实现更简单,有利于最大化负载均衡性能
•服务器可以直接接收到真实访问源客户IP地址
|
•对现有拓扑结构变动较大
•需要考虑内网服务器是否有对外访问需求,必要时需要设置静态NAT转换
|
| 单臂模式 One-arm |
VIP(提供服务的虚拟IP)和真实服务器在同一网段; 最常见的部署方式 |
•部署方便,对现有拓扑结构变动小
•和应用无关的流量不会通过负载均衡设备
•内部应用无影响,外部应用通常需要前端防火墙做NAT映射到应用VIP
|
•不能有效的屏蔽真实服务器,安全方面需要考虑
•服务器网关不是负载均衡设备时
1)负载均衡设备需要做源地址NAT后再转发流量,需要IP地址增多 2)服务器不能直接接收访问客户源地址,需要对应用做修改后才可以通过其他方式获得真实访问地址 |
| 透明模式 |
负载均衡设备和服务器之间部署在同一网段, 仅在有特殊需求时使用 |
• Minimal changes to existing topology
• The server can directly receive the real access source client IP address
|
Deployment is not intuitive, Cumbersome to debug and troubleshoot |
| DSR |
Server return packets do not pass through the load balancing device . Return directly to the client; Short delay , suitable for applications with high delay requirements such as streaming media |
•
High performance, can handle high throughput
• The server can directly receive the real access source client IP address
|
Only 4 -layer load balancing can be done, and services based on 7 -layer cannot be realized Optimizations ( such as compression, etc. ) cannot be used The loopback address needs to be configured on the server |