LVS's DR, NAT, TUN three modes to quickly build

What is LVS

The English name is LVS Linux Virtual Server, namely Linux virtual servers. It is our country's Dr. Zhang Wen-song an open source project. In memory linux 2.6, it has become part of the kernel, before this kernel version you will need to recompile the kernel.

LVS role

LVS is mainly used for load balancing multiple servers. It operates at the network layer, can achieve high performance, high availability server clustering technology. It is inexpensive, the combination of a number of low-performance servers together to form a super server. It is easy to use, simple configuration, and a variety of load balancing methods. It is stable and reliable, a server does not work even in a server cluster, it does not affect the overall results. In addition scalability is also very good.

LVS three operating modes

NAT mode (VS-NAT)

• Principle: IP header destination address is sent to the client data packets into the IP address of one of the RS, RS concurrent point on the load balancer to process, RS after processing the data through the load balancing to , a load balancer original IP address of the packet and then changed their IP, the destination address to the client IP address can end, during which both the incoming flow, or flow out, must go through the load balancer .
• Advantages: a cluster of physical servers can use any support TCP / IP operating systems, load balancing requires only a valid IP address.
• Cons: Limited scalability. When too many server nodes (ordinary PC server) growth, the load balancer will become the bottleneck of the whole system, because all the request packets and response packets have been flowing to the load balancer. When too many server nodes, a large number of packets are in the intersection of the load balancer that, the speed will slow down!

IP tunnel mode (VS-TUN)

• How it works: First, you know, most of the Internet service request packet on the Internet is very short, and response packets usually large. After then the tunnel mode is, the client to the packet, a new IP header encapsulated marker (only the destination IP) issued RS, the RS is received, the first to unlock the first packet, packet data reduction process directly back to the client, do not need to go through the load balancer. Note that since the RS need to load balancer sent me a packet reduction, so that must support IPTUNNEL agreement. so, in RS kernel must be compiled to support this option IPTUNNEL
• Advantages: the load balancer is responsible for the request packet only distributed backend server node, the RS a response packet directly to the user. Therefore, reducing the amount of data flow in the load balancer, the load balancer is no longer the bottleneck of the system, it can handle the huge amount of requests in this way, a load balancer can be distributed into many RS. And running can be distributed in different areas of the public Internet.
• Drawback: RS node tunnel mode requires legitimate IP, this approach requires all servers support the "IP Tunneling" (IP Encapsulation) protocol, a server may only be limited to the part of the Linux system.

Direct routing mode (VS-DR)

• Principle: The load balancer and RS use the same IP DR Foreign Service but only to respond to ARP requests, all RS to own the IP of the ARP request that is keeping silent, the gateway will request for the service of all IP. directed to DR, and DR receives a data packet according to the scheduling algorithm, find the corresponding RS, the RS destination MAC address to a MAC (since the same IP) and distribute this request RS. in this case the received RS packet, after the process is completed, since the same IP, the data may be directly returned to the customer, receive this packet is equal to the same, the process returns directly to the client from the client directly. Since the load balancer to the layer 2 header for change, it must be in a broadcast domain, can simply be appreciated between the load balancer and the RS is on the same switch.
• Advantages: and TUN (tunnel mode), as only the load balancer to distribute the request response packet back to the client via a separate routing method. Compared with the VS-TUN, VS-DR tunnel structure does not require such an implementation, the operating system can be used most as a physical server.
• :( shortcomings can not say shortcomings, can only be said to be inadequate) requires the card must load balancer on the physical network card in a physical segment.

Common load balancing scheduling algorithm

Round robin scheduling (RR)

Round robin scheduling (Round Robin referred to as 'RR') algorithm is the manner in cycles of the request to schedule a different server, the algorithm is the biggest feature is simple. Polling algorithm assumes that all the capabilities of the server processes the request are the same, the scheduler will average all requests assigned to each real server.

Weighted Round Robin (WRR)

Weighted round robin (Weight Round Robin referred to as 'WRR') is mainly an optimization algorithm and supplement polling algorithm, the LVS will consider the performance of each server, and to add a weight to each server, to the server if the A value 1, value 2 to the server B, then the scheduler schedules the request to the server B, server a would be twice. The higher the weight of the server, the more processing the request.

The minimum number of connections (LC)

The minimum connection scheduling (Least Connections referred to as 'LC') algorithm is to assign a new connection request to the server with the smallest number of currently connected. The minimum connection scheduling is a dynamic scheduling algorithm that estimates the number of the server by connecting to the server is currently active. Scheduler needs to record the number of connections to each server has been established, when a request is dispatched to a server, which is 1 plus the number of connections; when the connection is lost or a timeout, which is 1 minus the number of connections.

Weighted least connections scheduling (the WLC)

Weighted least connections (Weight Least Connections referred to as 'WLC') connected to the scheduling algorithm is the smallest superset corresponding weight represents the processing performance of each server. The default value of 1 to the server, the system administrator can dynamically set the weight of the server. Weighted least-connection scheduling in scheduling a new connection so that the server has been established as a value proportional to the number of connections and their weights. Queries scheduler may automatically load the real server, and dynamically adjusts the weight.

Destination address hashing scheduling (DH)

Scheduling target address hash (Destination Hashing abbreviation 'DH') algorithm according to the request destination IP address as the hash key (Hash Key) to find the corresponding server from the list of hash static allocation, if the server is available and and not overloaded, the request is sent to the server, otherwise empty.

Scheduling the source address hash (SH)

Scheduling the source address hash (Source Hashing abbreviation 'SH') algorithm according to the source IP address of the request, as the hash key (Hash Key) to find the corresponding server from the list of hash static allocation, if the server is available and and not overloaded, the request is sent to the server, otherwise empty. Hash function with the hash of the destination address it uses the same scheduling algorithm, which is substantially similar to the target address hash algorithm process scheduling algorithm.

LVS_DR mode

Installation ipvsadm

yum install -y ipvsadm

View ipvsadm status and activate lvs

ipvsadm

Configuring the LVS

• Binding VIP address

ip addr add 10.0.0.3/24 dev eth0

• Clear all LVS rule (first time use need not be cleared)

ipvsadm -C

• Set tcp, tcpfin, udp link timeout

ipvsadm --set 30 5 60

• Add a virtual service

ipvsadm -A -t 10.0.0.3:80 -s wrr -p 20

• The virtual service associated with the real service

ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.202:80 -g -w 1
ipvsadm -a -t 10.0.0.3:80 -r 10.0.0.200:80 -g -w 1

• View Results

ipvsadm -Ln

Vip configuration on both web servers

• Vip binding on the lo card

ip addr add 10.0.0.3/32 dev lo

• Modifications to the kernel, the ARP response inhibition

cat >>/etc/sysctl.conf<< EOF
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
EOF

sysctl -p

Test Results

Because so little effect LVS load balancing access 10.0.0.30 respectively with two different browsers

LVS_NAT mode

IP address planning

CPU name	IP addresses
LVS	eth0: 172.16.1.201, eth1: 10.0.0.201
nginx	eth0: 172.16.1.200, gw 172.16.1.201
Nx1	eth0: 172.16.1.202, gw 172.16.1.201

LVS server configuration

• Add a virtual service

ipvsadm -A -t 10.0.0.201:80 -s wrr -p 20

• The virtual service associated with the real service

ipvsadm -a -t 10.0.0.201:80 -r 172.16.1.202:80 -m -w 1
ipvsadm -a -t 10.0.0.201:80 -r 172.16.1.200:80 -m -w 1

• View Results

ipvsadm -Ln

• Modify the kernel configuration, open routing and forwarding

vim /etc/sysctl.conf 修改 net.ipv4.ip_forward=1 

sysctl -p

web server without having to configure

• test
  
  

LVS_TUN mode

ip planning

CPU name	IP addresses
lvs	eth0:10.0.0.201,vip:10.0.0.203
nginx	eth0:10.0.0.200,vip:10.0.0.203
Nx1	eth0:10.0.0.202,vip:10.0.0.203

Add vip

• lvs

ifconfig tunl0 10.0.0.203 broadcast 10.0.0.203 netmask 255.255.255.0 up
route add -host 10.0.0.203 dev tunl0
ipvsadm -A -t 10.0.0.203:80 -s rr
ipvsadm -a -t 10.0.0.203:80 -r 10.0.0.200:80 -i
ipvsadm -a -t 10.0.0.203:80 -r 10.0.0.202:80 -i

• nginx 与 Nx1

ifconfig tunl0 10.0.0.203 netmask 255.255.255.0 broadcast 10.0.0.203 up
route add -host 10.0.0.203 dev tunl0

cat >>/etc/sysctl.conf<< EOF
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.tunl0.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
EOF

sysctl -p

Test results