Traffic distribution process in a network request | JD Cloud technical team

Mobile 2023-06-04 19:33:54 views: null

1. Summary

Modern enterprise-level or Internet systems often require traffic planning to achieve transparent multi-level distribution. In the process of sending traffic from the client to the server for processing, the functionally irrelevant technical components that flow through include (tools and means used to achieve the goal of "transparent distribution"): client cache, domain name server, transmission link, Content delivery network, load balancer, server-side cache. The value brought by transparent offloading: high-availability architecture and high concurrency.

This article mainly introduces the network request process in traffic planning and:

Part 1: Briefly introduce the process of a network request, and then introduce the collocation method of front-end network components and the collocation method of back-end network components that I have learned so far

Part 2: Introduce the mapping relationship between LB load system, vip and rip

Part 3: Introducing Intranet Domain Name Resolution and Public Network Domain Name Resolution

2. Network request process

The general request process and the explanation of the terms of the request process come from: https://cf.jd.com/pages/viewpage.action?pageId=766717554

2.1 General request process

2.2 Explanation of terms in the request process

rip: real ip, refers to virtual machine or container ip

vip: virtual ip, cannot cross computer rooms , online application, load, automatic detection and other functions, divided into public network vip and intranet vip

Intranet: specifically refers to the interior of the computer room , strict firewall policy, no firewall between intranets, you can apply for intranet VIP to provide load balancing for mutual access between applications; intranet ≠ office network

Office network: personal computer network in the office area, access to intranet computer room applications through reverse proxy

Public network: Internet user network, through DNS + public network vip to access intranet computer room applications

Remarks (I understand it myself, it may not be understood correctly):

The public network vip is the virtual ip of the public network. Virtual does not mean that the ip cannot be found on the public network. Virtual is relative to the server ip (rip). VIP does not directly undertake business logic

The public network VIP actually exists on the public network, and the intranet VIP actually exists on the company intranet.

2.3 Collocation of front-end network components

Reference link: http://jdthelp.jdos.jd.com/help/bestpractice/multi-web-demo.html

External network access needs to meet the following structure: jen-nginx is linked behind the VIP to proxy the front-end main application, and static applications 1~N are linked behind the jen agent

Test environment: Multiple front-end projects may have the following architecture: domain name -> VIP -> JEN agent (access files in different folders according to different domain names) -> static application

2.4 Collocation method of back-end network components

Back-end applications are divided into two types in terms of calling methods (http calling JSF calling)

Front-end application --- (protocol http or https) --- back-end front-end application -- (protocol jsf private protocol) --- JSF microservice application

The load between the back-end front-end application ----- jsf micro-service application is determined by the consumer, so generally there is no need to pay attention to the load between the two.

Method 1: Load under vip (LB load system) + Nginx

Remarks for Method 1:

You can directly mount the server under VIP, and Nginx is not necessary here, unless you need the functions provided by nginx (except load).

If you only use nginx for load, then please remove the nginx component. There is no need to add this component. The LB of the VIP of the group already includes the load function, so do not increase the complexity of the system.

Method 2: Load at the container K8S level

LB provided by vip:

The LB provided by vip is directly connected to the IP of the machine, and there is no concept of grouping between multiple IPs, and there is no detection mechanism .

Every time you go online, you need to remove the machine under load, and then hang the machine up after the online is completed

Xingyun Deployment-Advanced Functions-Load Balancing ( Load at the container k8s level ) Advantages:

There is a concept of machine grouping: After grouping according to the dimension of computer room or computer room + computer room cluster, each group applies for its own load balancing.

With a probing mechanism: set up a healthy probing path and perform probing for the load. There is no need to remove the machine under load every time you go online.

3. Brief introduction of LB load system

In fact, vip itself is an ip, not much real value. VIP can be understood as the entrance ip of group LB load balancing, and LB load balancing is the real distribution component.

VIPs are automatically allocated and reused by the system (VIP resources are precious, and VIPs allocated by the system may be reused ). LB load balancing has two distribution rules:

1. How to implement the diversion rules

There are two ways to implement shunt rules, default rules and special rules.

Default rule: For domain names, traffic is connected to the backend cluster. This is a template, you can choose the scope of application.

Dedicated rules: For VIPs, backend clusters can be independently specified for a VIP. Among them, the special rule has the highest priority.

The relationship between default rules and dedicated rules:

common ground difference
The default rule has one and only one diversion rule for a port of the domain name. The dedicated rule has one and only one diversion rule for a port of the VIP. The default rule must exist; the priority of the dedicated rule is high; when the dedicated rule is not set, the backend pointed to by the default rule will be inherited

3.1 Default rules: default distribution rules: domain name + port + cluster, unique distribution rules

Remarks: The vip allocated by the system may be reused

In the default rules, it is assumed that the VIPs assigned by the system are all 111.111.111

Domain name A ( www.a.jdcom) + a port port(80) of the domain name forwards the request to the backend cluster A through the configured vip (111.111.111).

Domain name B ( www.b.jd.com ) + a port port(443) of the domain name forwards the request to the backend cluster B through the configured vip (111.111.111).

3.2 Dedicated rules: There is only one shunt rule for a port facing vip

Remarks: (Guess not sure): VIPs in dedicated rules may not be multiplexed.

Note: A VIP can also use multiple ports, such as HTTP is 80 and 443, TCP is 2000-2014

4. The mapping relationship between vip and rip (very important)

One-to-one: one computer room, one vip corresponds to one rip

One-to-many: One computer room, one vip corresponds to multiple rips

Many-to-many: multiple computer rooms, the vip of each computer room corresponds to multiple rips under the computer room

4.1 The convention of mounting rip under vip

  1. The vip (computer room entrance) is in the dimension of the computer room. Of course, if there is a problem with the vip, it is generally a problem with the computer room, and the chance of this happening will be relatively small.

  2. VIP is in the dimension of the computer room, but which machines are connected to the VIP is determined by the R&D personnel, so the machines under the VIP may cross the computer room. However, R&D personnel should correspond to the computer room entrance ( vip ) of this location according to the computer room view ( the location of the computer room of the machine ), and should comply with this rule as much as possible.

4.2 Why should we abide by this agreement?

1. Minimize the scope of the problem as much as possible: If the machines under your VIP span across computer rooms, if there is a problem with the VIP, the machines in multiple computer rooms cannot receive traffic

2. Match the goal of the network disconnection drill as much as possible: the network disconnection drill in the computer room, it is estimated that the VIP will not let the traffic enter the next layer. If you mount the rip across the computer room under the VIP, it will directly make the network disconnection drill in the computer room become A cross-computer room drill (because machines in multiple computer rooms will not receive traffic)

5. Intranet domain name resolution (computer room view and computer room entrance description)

  1. Intranet domain name resolution: VIP is based on the computer room entrance (currently there are Langfang VIP Majuqiao VIP and Indonesia VIP) .

  2. Each view must be resolved. Langfang View—>Langfang VIP, Maju Bridge View—>Maju Bridge VIP, Other Views—>Choose Maju Bridge or Langfang VIP (Must point to available online VIP)

  3. In order to optimize access in the computer room, the VIP in the computer room is preferred.

  4. Considering that the old computer rooms have been or are being removed from the shelves, Langfang and Majuqiao VIPs are preferred for old computer rooms, and foreign VIPs are preferred for foreign applications.

6. Public domain name resolution

The pop entry is in the computer network, and pop means the network access point (pop). Pop is located outside the edge of the network enterprise and is the entry point for accessing the enterprise network. The services provided by the outside world enter through pop. These services include Internet access and wide area connection. and telephone service (PSTN).

pop entry: When a new application goes online, it should apply for a VIP at the point of presence (pop).

DNS:

No need for VIP: directly fill in your own public IP

Need VIP:

  1. Please apply for VIP at the POP entrance in advance

  2. Before parsing, please bind the host offline to test the availability of VIP services

  3. Analyze according to the POP entrance VIP corresponding to the operator

7. Summary

A simple request process is the most practical, and a practical request process is the easiest.

Use simple and practical matching methods to satisfy traffic distribution, and don't mix them randomly to increase the complexity of the system.

Author: JD Insurance Zhang Jiangtao

Source: JD Cloud Developers

{{o.name}}
{{m.name}}

Guess you like

Origin my.oschina.net/u/4090830/blog/9770570
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com