Introduction to LVSNAT mode

LVS is short for LinuxVirtualServer. it is often used as a load balancer in B/S network applications in the actual environment. it works in the layer-7 network model, the network layer, that is to say, in the IP layer, because data processing is completed in the Linux kernel state, the performance is very high ,...

LVS is short for Linux Virtual Server. it is often used as a load balancer in B/S network applications in the actual environment. it works in the layer-7 network model, the network layer, that is to say, in the IP layer, because data processing is completed in the Linux kernel state, the performance is very high. compared with Apache, Nginx, and Haproxy, the performance is not at the same level.
 
Here I will briefly describe the deployment environment of LVS during the application:

A brief explanation of the next process for a user to access www.opencfg.com:
 
1. the user entered the http://www.opencfg.com in the browser, the user's computer through the network to ask DNS, www.opencfg.com domain name IP address
2. the DNS server selects an LVS virtual service IP address (VIP) closest to the user in the server list through the user's address)
3. access the LVS server through the IP address obtained by the user's browser through DNS
4. there are three LVS usage methods:
(1). NAT mode
(2) Direct routing in DR mode
(3). TUN mode, IP tunnel
5. if The NAT mode is used, step 5 is generated. the web server returns data to LVS.
6. if the DR/TUN mode is used, the data is directly returned to the user by the web server (the web server requires an internet IP address). In NAT mode, is that the web server first returns to LVS (here the web server does not need an Internet IP address), LVS then returns to the user
 
 
The core technology of LVS is used in three methods. here we first introduce the first mode, NAT
 
I. Traditional NAT mode

For example, in lvs nat mode, an Apache IP address is selected based on a scheduling list to forward data packets.
 
The scheduling list is as follows:
 
Protocol Virtual IP Address Port Real IP Address Port
TCP 74.125.71.99 80 192.168.1.201 80
192.168.1.202 80
 
 
The following source and target addresses may be sent to the Web service:

Source 220.181.112.143: 3879 dest 74.125.71.99: 80
 
LVS selects a server from the scheduling list, for example, 192.168.1.201: 80. The target dest address of the report will be changed to 192.168.1.201: 80 and sent to the selected Apache Server.
Source 220.181.112.143: 3879 dest 192.168.1.201: 80
 
The response packets returned from Apache Server to LVS are as follows:
Source 192.168.1.201: 80 dest 220.181.112.143.3879
 
Here, the source address is the intranet address of the Apache Server. the source address of the response packet will be changed to the LVS address 74.125.71.99: 80, and then the message will be sent to the user.
Source 74.125.71.99: 80 dest 220.181.112.143.3879
 
In this way, the user thinks that it is the correct response from LVS (74.125.71.99: 80) and does not know whether the request is handled by Apache Server 192.168.1.201 or Apache Server 192.168.1.202, this completes the conversion between the intranet address and the Internet address.
 
The biggest advantage of NAT mode is:
 
1. saving Internet IP addresses
It is a good choice for IPV4 address shortage because it does not occupy internet IP addresses.
2. non-invasive
You do not need to set any Apache Server. you only need an intranet IP address. for users, the internal Apache Server is transparent.
It is also very important that the MTU size does not need to be modified on the Linux system of LVS working in NAT mode, and a non-intrusive, lightweight
Practice.
3. security
The NAT network structure is a private network structure similar to the firewall. through the internal IP address, the service node pool
Isolated from the Internet. The service node cannot communicate directly with the client. whether it is request data or response data, the IP address must be sent through the server load balancer.
Package processing is convenient for some centralized processing operations.
 
The disadvantage of NAT mode is:
 
To rewrite the packet header address for the network packets entering and exiting the cluster, the performance of the entire cluster will be affected when the load is heavy, and the load balancer is easy to become a bottleneck.
 
To solve the bottleneck in the NAT mode, you can use the DR and TUN modes, and write again later.