Introduction
This article first describes the characteristics of the four-layer load balancing technology, and then derives the working principles of the NAT model and DR model of the four-layer load balancer by asking questions. Through this article, you can learn about the technical characteristics of four-layer load balancing, the working principles of the NAT model and the DR model, and the advantages and disadvantages of the NAT model and the DR model. Readers can focus on the reasons for the evolution from the NAT model to the DR model (the birth of a technology must be to make up for the shortcomings of existing technology). In addition, readers can pay more attention to some basic and low-level knowledge, such as kernel space, user space, computer network, etc. For the convenience of description, the "Four-tier Load Balancer" is referred to as "FLB" (Four-tier Load Balancer) in this article.
1. Basic topology of FLB in the network
FLB works on the fourth layer (transmission control layer) of the OSI seven-layer network reference model. FLB must have two IP addresses, VIP and DIP. VIP is the access address exposed to the client; DIP is the distribution IP of FLB. The data packet is sent to the back-end server that actually provides services (hereinafter referred to as "RS" (Real Server)) through the network card where DIP is located, as shown in the figure below.
Among them, CIP is the client's ip, and RIP is the RS's ip.
2. Characteristics of Layer 4 Load Balancing Technology
Since FLB works at the transmission control layer, its processing (forwarding) of data packets always runs in the kernel state and does not cause switching between the kernel state and the user state.
Although FLB works at the transmission control layer, it does not perform a three-way handshake with the client. It only "peeps" at the IP address and port number in the data packet, and then forwards the data packet according to the configured rules, which is extremely fast.
3. Ask questions
In Figure 1, if the client sends a data packet and finally reaches server1, since the destination IP of the client data packet is VIP, when server1 receives the data packet, it finds that the destination IP of the data packet is not its own IP, so wouldn't the data be discarded? Bag?
4. NAT model
NAT (Network Address Translation) model, to solve the problem in 3, you can add address translation to the client's destination address vip in FLB, convert vip to the ip of a certain back-end RS, and then send the data packet out. Details The network topology is shown in Figure 2.
It should be noted that the default gateway of the above backend server needs to be configured as the address of the load balancing server. In this way, the data packets responded by the server can be returned to the load balancing server.
Disadvantages of the NAT model
The obvious point is that when doing NAT address translation, the computing power of the load balancing server CPU will be consumed. In most cases, the data packets requested by the client from the server are small, while the data packets the server responds to the client are large. This is " asymmetric ". When implementing load balancing through NAT, the client request message and the data message returned by the server must go through the load balancing server for network address translation. If the concurrent traffic of the request is large, a large number of concurrent response messages will be returned to FLB. , the network bandwidth of the load balancing server will become a bottleneck .
5. DR (Direct Route) model
Direct routing mode can solve two drawbacks of the NAT model. DR mode does not go through NAT address translation, but directly writes the source IP of the data packet returned by the server as VIP and sends it out. This involves several key points:
- Since the source IP of the data packet returned by the server should be written as vip instead of rip, vip needs to be configured locally on the server. And this VIP must be hidden from the outside world , which means that the outside world (client, load balancer) cannot directly access the VIP in the server, but must access the VIP exposed by the load balancer.
- In the load balancer, the source IP of the data packet received from the client is cip, and the destination IP is the vip exposed by the load balancer. So how can the load balancer send the data packet to the server? (Since the server's VIP is hidden, the load balancing server can only see the rip). In DR mode, this is achieved through MAC address spoofing . After the load balancing server receives the client's request packet, it replaces the destination MAC address with the MAC address of a back-end server1 (before the replacement, the destination MAC address was the MAC address of the load balancer), and then sends the packet. Perform point-to-point communication, so server1 receives the client's data packet. Point-to-point communication relies on the MAC address (data link layer).
- Based on the above content: To achieve point-to-point communication between the load balancer and the back-end server, there is a restriction: the DIP of the load balancing server and the back-end server must be in the same computer room (LAN).
According to the above derivation, the basic network topology of the DR model is shown in Figure 3.
How to configure VIP in RS and how to hide VIP? Let’s listen to the next chapter’s decomposition: LVS DR model experimental construction and verification.
Author: JD Logistics Wu Hongquan
Source: JD Cloud Developer Community Ziyuanqishuo Tech Please indicate the source when reprinting