How LVS works and Related Algorithms

 

 

First, we need to understand the working mechanism of LVS:

In LVS, ctor itself does not respond to the request, but only accepts the forwarded request to the rear. realservers is the real response request in the background.

 

LVS works basically like DNAT, but not exactly like it. It is a layer-4 switch. By default, it judges a user's request through the address and port requested by the user, in this way, it is forwarded to the host that actually provides services in the background, and it is determined that such a request is implemented through socket, so it can be implemented at Layer 4.In addition, the forwarding process is transparent to users (simply put, users access the Dr IP address, while users do not know the process when Dr is forwarded to RSS)

 

 

LVS Working Mode

1. DNAT

2. Direct routing

3. Tunnel

 

Benefits:

1. High concurrency

2. High Redundancy

3. Applicability: extends servers and reduces servers to facilitate server expansion and contraction

 

IP address type of LVS

1. VIP: virtual IP address, which does not provide services but forwards user requests to the backend

2 rip: The real IP address, the IP address that the client actually provides services

3. Dip: Scheduling IP address, usually the IP address of the LVS connected to rip

4. CIP: Client IP address. the IP address of the user upon request

 

Process: for example

 

= ======================================

LVS cluster type:

1. LVS-NAT DNAT

2. LVS-DR direct routing

3. LVS-TUN Tunnel

 

The three types are described in detail below:

 

Principle of LVS-NAT Model

User requests and responses must go through ctor

Both the source and target addresses must be converted, while the target address translation is transparent.

 

Limited scheduler expansion in this architecture, ctor will process all the requests, the pressure is relatively high, expansion to 10 nodes will not work

 

Requirements:

1. The cluster node must be in the same physical network, the same subnet or VLAN

2. Dip and rip can only be in the same network (subnet) and cannot span network segments

3. The rip address is usually a private address.

4. All rip entries must use dip as the gateway (address translation)

5. Nat addresses can be converted to ports (for example, 80 -- 8080)

6. Any operating system can perform rip.

7. Director may become the bottleneck of the entire system.

 

 

 

Data transmission:

Through layer-2 (data link layer) Forwarding (ARP), the MAC address of Dr is converted to the MAC address of RIP (not changed, but forwarded), so that data transmission is realized, after the RSS response, convert the rss mac address to the rip MAC address.

 

= ======================================

 

Principle of LVS-DR Model

 

The user's request must go through ctor, And the RealServer directly returns the request in response (the figure shows a problem, there may be different gateways, and there is still a vro)

 

 

You must configure iptables rules to reject MAC address translation or modify the Linux kernel response.

 

Advantages: Because it has less address translation than Nat, the response speed is faster.

 

Features

1. It must be in the same physical network(Connected to the same vswitch)

2. Rip can use a public IP address (recommended)

3. Director only forwards requests, while RealServer directly responds to requests without forwarding

4. the gateway of the cluster node cannot point to dip

5. Cannot perform port conversion (not supported)

6. The vast majority of operating systems can implement RealServer, while RealServer needs to configure multiple IP addresses for the same Nic

7. Dr-mode ctor can drive more nodes than Nat-Mode

Data transmission:

Solution data entry:

To avoid direct Rs response, set the VIP address for Lo: 0 on the server and CIP for the local Nic so that the RS will not respond directly, hiding the RS

Solve the problem:

By default, Linux sets the NIC from which the data packet is sent, and the source address is set to the NIC address. By adding a special route, If the destination address is Lo's VIP address, set the source address to the lo address when you exit.

Routing Information principle:

Add a host route and set the VIP address as a network segment. The subnet mask is 255.255.255.255. In this way, the VIP address becomes the best IP address when it goes out.

 

 

The best performance on the Internet is the Dr application,However, a disadvantage is that the distance between hosts must be relatively close (such as a data center ),In the event of natural disasters and man-made disasters, the cluster will be over, so we need to use tunnels such as VPN to achieve remote distribution.

 

 

= ======================================

Principle of LVS-TUN Model:

 

Virtual tunnel implementation:

1. leased line (encrypted)

2. Layer 2: add a layer of MAC outside of Mac

3. Layer 3: add an IP address to the target IP Address

 

Tunneling objective: to hide an intent by converting an IP address (IP address set)

 

Features:

1. The cluster node and director do not have to be in the same network

2. The rip must use a public IP address.

3. Director only needs to process incoming requests and does not need to process outgoing requests.

4. The response request must not pass through direcor.

5. Directory does not support port ing

6. Only the operating systems that support the IP tunneling protocol can be used as RealServer.

 

Advantage: The LVS-TUN can implement a network-based cluster, which is out of the distance between realservers of the LVS-DR.

 

 

= ======================================

 

The load balancing of LVS depends on the algorithm (Scheduling Methods: Scheduling Method)According to their characteristics, they are divided into the following two categories:

1. fiexd scheduling static (fixed)

2. dnamic scheduling Dynamics

 

 

Fiexdscheduling static Algorithm

 

Features: The connection status of the backend RealServer is not considered, but the number of backend connections must be considered as standard dynamically.

1. Round-Robin (RR) Round Robin

Both the first access to A, the second access to B, and the third access to ..... Loop down

 

2. Weighted Round-Robin WRR

Enhanced argument: Improving the backend server response capability

The weight is defined based on the response capability of the backend server, and requests are forwarded based on the weight.

 

3. Destination hashing DH

Objective: To implement fixed forwarding for requests targeting the target address

Forward specific requests from the same userFixed specified host (such as providing Web Services)To improve the cache (webpage File Cache) Utilization (hit rate ).

 

4. Souce hashing sh

Purpose: always forward the address from the same user to the router or firewall

Application scenarios:

 

Specify users' requests to different firewalls on average to achieve an average Intranet load, and use a specific firewall (GATEWAY) To Go Out (access the Internet)

 

Static algorithm defects: Ignore the background real-server load and connection status

 

 

 

Dynamic algorithm: dynamicscheduling mehtodd

There are two concepts:

Active connection: the real-server in the background is currently inActive and establishedstate (to be associated), Such as SSH, or telnet, will remain active.

 

Inactive connection:Inactive or non-fin data packets, such as httpd (keepalive is not enabled ),Httpd, unless keepalive is enabled, is directly disconnected after sending, and is in inactive state.

 

Related dynamic Algorithms

1. LC least-connection least connections

LC also checks the number of active connections and the number of inactive connections on a host. The minimum number of connections (the number of active connections is small) will accept the next connection request.

 

LC detects both active connections and inactive connections. It uses active connections * 256 + inactive connections as overhead connections.Who is the child of overhead?, To whom

However, the inactive connection also affects the connection. When the active connection ratio is large, the result will be affected.

 

2. wlc weighted least-connection weighted least connections

 

Weighted by machine performance. Overhead/weighted request to be forwarded to the small one

 

The weighted algorithm is one of the best algorithms in cluster applications and is fair.

 

 

2. Sed shortest expected delay minimum latency

Improvements based on wlc

Overhead = (Active + 1) * 256/weighted

 

We will not consider the inactive state. We will implement the number of active States + 1 with the smallest number and accept the next request.

The purpose of + 1 is to consider excessive inactive connections during weighting.

 

Defect: When the permission is too large, the idle server is always in the unconnected state.

 

NQ algorithm never queues

Ensure that there is no space for a host.Based on SED, no matter how many, the second time must be given to the next one,Ensure that no host is idle

 

NQ is used without considering inactive connections. Sed should consider active connections.

For dns udp, you do not need to consider non-active connections, while for httpd services in the maintained state, you need to consider the pressure of non-active connections to the server.

 

 

Lblc is based on local least join algorithm

Difference from DH: Considering the backend load capacity and connection conditions

Supports weight, which is improved based on the wlc

 

 

Lblcr local least number of connections with replication

It is an improvement for lblc and can achieve Load Balancing Based on lblc

 

 

Judge the backend, who has few connections. When a has many connections while B is idle, part of a's connections will be allocated to B (breaking the original rules, avoid unfair scope)