LVS (Linux virtual Server) is a virtual server in the Unix-like system and is one of the best projects in China to contribute to open source organization. LVS in the Unix-like system
is as a front-end (Director) exists, also known as the scheduler, which itself does not provide any services, but will be sent through the Internet request received and then forwarded to the background to run the real
The server (realserver) is processed and then responds to the client.
LVS has two important components: one is Ipvs, the other is ipvsadm. Ipvs is the core component of LVS, which is itself just a framework, similar to iptables, working in kernel space.
Ipvsadm is used to define the forwarding rules of LVS, working in user space.
LVS has three types of forwarding:
1.lvs-nat model, called network address translation, is easy to implement.
2.LVS-DR model, called Direct routing model, is widely used.
The 3.lvs-tun model, called the tunnel model.
Two, LVS three kinds of model work attribute:
1.lvs-nat the working properties of the model or special:
(1). All Realserver cluster nodes and front-end scheduler director are in the same subnet
(2). Normally realserver IP address (the following Jiancheng RIP) is a private address to facilitate communication between realserver cluster nodes
(3). Usually the front end of the director has two IP addresses, one for the VIP, is a virtual IP address, the client to the IP address to initiate the request.
One is dip, is the real director IP address, RIP Gateway to point to Director Dip.
(4). This model can realize port mapping
(5). Realserver's operating system can be any operating system
(6). The front end of the director not only to handle the client-initiated request, but also to deal with the background realserver response information, the Realserver response to the information sent to the client
(7). The front-end director can easily become the bottleneck of the performance of the whole cluster system.
2.LVS-DR the working properties or characteristics of the model: this model is forwarded by MAC address, and how to forward it will be introduced later.
(1). All Realserver cluster nodes and front-end scheduler director are in the same physical network
(2). RIP can use the public network IP
(3). RIP Gateway does not point to dip
(4). The front end of the director only processing the client's request, and then forwarding the request to Realserver, the backend Realserver directly respond to the client, no longer through the Director
(5). This model does not support port mapping
(6). Realserver can use most of the operating system
(7). The performance of this model is superior to Lvs-nat
Basic working attributes or characteristics of the 3.lvs-tun model
(1). The Realserver server and the front-end director can be in different networks
(2). RIP must not be a private IP
(3). The front end of the director only processing the client's request, and then forwarding the request to Realserver, the backend Realserver directly respond to the client, no longer through the Director
(4). Port mapping is also not supported in this model
(5). Realserver only operating systems that support IP tunneling
Three. LVs scheduling Method LVs Scheduling methods:
1.Fixed scheduling method for static adjustment of clothes
(2). WRR Weighted Polling
(3). DH Target Address Hash
(4). SH Source Address Hash
Method of dynamic adjustment of 2.Dynamic scheduling methods
(1). LC Minimum Connection
(2). WLC Weighted Least connection
(3). SED Minimum expected latency
(4). NQ never queue scheduling method
(5). LBLC local-based minimum connections
(6). LBLCR Least-locally-based connection with replication
Iv. Ipvsadm component defines the format of the rule:
1. Define the Cluster service format:
(1). Add Cluster Service:
ipvsadm-a| E-t|u|f Service-address [-S scheduler]
[-P [Timeout]] [M netmask]
-A: means to add a new cluster service
-e: Editing a Cluster service
-T: Represents a TCP protocol
-U: Represents UDP protocol
-F: Indicates Firewall-mark, firewall tag
Service-address: IP address of Cluster service, VIP
-S specified scheduling algorithm
-P persistent connection length, such as #ipvsadm-lcn, view persistent connection status
ipvsadm-d-t|u|f service-address Delete a Cluster service
Ipvsadm-c clear all the rules.
2. Add Realserver rules to cluster services:
Ipvsadm-a|e-t|u|f Service-address-r server-address
-A add a new realserver rule
-F Firewall-mark, firewall markings
IP address of service-address Realserver
The-G representation is defined as the LVS-DR model
-I expression defined as Lvs-tun model
-m representation defined as Lvs-nat model
-W defines weights, followed by specific weights
ipvsadm-d-t|u|f service-address-r server-address--delete a realserver
ipvsadm-l|l [Options]--View defined rules
Ipvsadm-z [-t|u|f service-address]--empty counter
Five, Lvs-nat model example
1. First configure the network environment, to three virtual machines (this experiment is completed on the virtual machine), one for director, the other two are RealServer1 and RealServer2
Where director to two network cards, Eth0 network card for Bridge (birdged), Eth1 network card is only host (host-only), RealServer1 and RealServer2 of the network card are only host
2. In order to demonstrate the effect, the Director two network cards are configured to not the same network segment of the IP address, RealServer1 and RealServer2 IP address for the same network segment, planning the following figure:
Note that the IP address of the Vmnet1 of the local physical machine is configured to be in the same network segment as the IP address of the director Eth1 NIC, while the RealServer1 and RealServer2 gateways are directed to the Director network card address of the ETH1 host. As shown in the following illustration:
3. Configure the network environment after the start of the configuration Ipvsadm to ensure that the physical machine can ping Eth0 IP address, as shown in the following figure:
Can ping, indicating that the physical host has been able to communicate with the Director virtual host.
4. Configure on the director virtual host:
#echo 1 >/proc/sys/net/ipv4/ip_forward--IP Forwarding enabled
#rpm-qa Ipvsadm--see if Ipvsadm is installed, install it if it is not installed, use Yum installation directly
Defining Lvs-nat Model Rules
This is a demo of a Web server, with Nginx services on both 192.168.24.44 and 192.168.24.45, where
192.168.24.44 provides Web page information for "Welcome Realserver 1", 192.168.24.45 provides Web page information for "Welcome Realserver 2"
#ipvsadm-A-T 172.16.100.24:80-s RR
#ipvsadm-A-t 172.16.100.24:80-r 192.168.24.44-m
#ipvsadm-A-t 172.16.100.24:80-r 192.168.24.45-m
#ipvsadm-L-N-View defined rules
These rules are temporary rules that do not last forever, and you can save the rules for permanent entry, as follows:
5. Access to 172.16.100.24 in the Internet Explorer browser displays the following image information:
Access to 172.16.100.24 in Google browser displays the following image information:
If you refresh the page or use a different browser, the page will be displayed in turn, which is the simplest server load balancing!
Vi. the implementation process of the LVS-DR model:
1. Planning the Cluster and network environment first requires three virtual machines, as shown in the following illustration:
At this point director can have only one network card Eth0, connection type is bridged (birdged), RealServer1 and RealServer2 network card connection types are also bridged (birdged):
2. Configure Cluster Services
(1). Configure on the director server:
#ifconfig eth0:1 172.16.100.100 broadcast 172.16.100.100 netmask up
#route add-host 172.16.100.100 Dev eth0:1
#echo 1 >/proc/sys/net/ipv4/ip_forward--IP Forwarding enabled
(2). Configure on the REALSERVE1 server:
# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
# echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
# echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
#ifconfig lo:0 172.16.100.100 broadcast 172.16.100.100 netmask 255.255.255.255 up
#route add-host 172.16.100.100 Dev lo:0
(3). Configure on the REALSERVER2 server
# echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
# echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
# echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
# echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
#ifconfig lo:0 172.16.100.100 broadcast 172.16.100.100 netmask 255.255.255.255 up
#route add-host 172.16.100.100 Dev lo:0
(4). Then configure the Ipvsadm rule on the Director:
#ipvsadm-A-T 172.16.100.100:80-s rr-g
#ipvsadm-A-t 172.16.100.100:80-r 172.16.24.34
#ipvsadm-A-t 172.16.100.100:80-r 172.16.24.44
(5). Verify in the browser:
For your first visit, as shown in the following illustration:
For a second visit, as shown in the following illustration:
[Root@mail ~]# ipvsadm-a-T 172.16.100.100:443-s RR
[Root@mail ~]# ipvsadm-a-T 172.16.100.100:443-r 172.16.24.2-g
[Root@mail ~]# ipvsadm-a-T 172.16.100.100:443-r 172.16.24.3-g
Second, the LVS persistence, LVS's lasting connectivity
Persistent connection type:
(1). Persistent client connections (PCC), Persistent clients connection: No matter what kind of service the client initiates
Services (such as 80-port Web services, 3306-port MySQL service) requests will be director to the same specific real server,
As long as this real server provides this service and continues to connect, if the client connection times out, real server allows a certain range of
Persistent connection length, default persistent connection length of 300m
#ipvsadm-A-t 172.16.100.100:0-P 1200
#ipvsadm-A-t 172.16.100.100:0-R 172.16.100.34-g-W 10
#ipvsadm-A-t 172.16.100.100:0-R 172.16.100.44-g-W 5
The validation effect is shown below:
(2). Persistent port connections (PPC), persistent ports connection: that is, regardless of what port requests the client initiates (such as 80 ports, which provide Web services, 23 ports, are provided Telnet service ...),
Will go through the director and forward the request to the same real server and continue to connect. If a client requests a Web service, the corresponding is Realserver1, when the user quits and initiates a request for a Web service.
is still a Web service provided by Realserver1.
[Root@mail ~]# iptables-t mangle-a prerouting-i eth0-p tcp-d 172.16.100.100--dport 80-j MARK--set-mark 20
[Root@mail ~]# iptables-t mangle-a prerouting-i eth0-p tcp-d 172.16.100.100--dport 443-j MARK--set-mark 20
[Root@mail ~]# iptables-t mangle-l-N
Chain prerouting (Policy ACCEPT)
Target Prot opt source destination
Mark TCP--0.0.0.0/0 172.16.100.100 TCP dpt:80 mark set 0x14
Mark TCP--0.0.0.0/0 172.16.100.100 TCP dpt:443 mark set 0x14
Make 80-port and 443-Port a persistent firewall tag, directed to the same realserver, which is realserver1 when accessing the 80 service,
And then to visit the 443 service, it's still directed to Realserver1.
Based on the firewall tag to define the Cluster service, also known as the port of affinity relationship.
[Root@mail ~]# ipvsadm-a-F 20-s wlc-p 1200
[Root@mail ~]# ipvsadm-a-F 20-r 172.16.24.2-g-W 3
[Root@mail ~]# ipvsadm-a-F 20-r 172.16.24.3-g-W 2
[Root@mail ~]# Ipvsadm-ln
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
-> remoteaddress:port Forward Weight activeconn inactconn
-> 172.16.24.3:0 Route 2 0 0
-> 172.16.24.2:0 Route 3 0
This article comes from the "Knowledge System" blog
