Always direct requests from a client to the same application server. For LVS, there is no relationship between persistent connections and algorithms. That is, using any of the algorithm LVS can implement the same client request forward to the previously selected application server to maintain the session. And the same client can be different requests can be directed to the same application server, such as 2 application servers in the cluster, each application server provides a Web service and Telnet service, so long as the client, even if it requests different services two times, it can also be directed to the same application server.
LVS maintains a persistent connection table in its own memory buffer, with a correspondence between each client and the application server assigned to it, provided that no session has timed out. The LVS itself has commands to view persistent connections.
ipvsadm–l–persistent-Conn # Show Persistent connection Ipvsadm–l–c # Show persistent connection table
For LVS, enabling persistent connection is the setting of the-p parameter when setting up the Cluster service, which is the default of 300 seconds.
ipvsadm–a| E ...-P
In SSL-based sessions, a persistent connection is usually used, because when a connection is made, the dual-hair needs authentication, encryption, and so on, if the session is not maintained, then a refresh will go to negotiate, which is wasteful of resources and inefficient.
We calculate the persistent connection, we first change the algorithm to RR, so it is rotation, more beautiful effect:
This will change the Web service once the browser is not refreshed.
Because the same host is directed to the same server, its inactive links are relatively large.
We use the web and telnet,80 ports here, and then we start the Telnet service on the application server, which is Port 23rd.
On Linux, the root account is not allowed to telnet, so to test the Telnet connection needs to establish a separate account, is the normal account on the line.
Install on 2 application servers:
Start the service
To establish a user on each application server, the process is slightly. Test Telnet as follows:
Then set up a Cluster service for Port 23rd, as follows:
Connection test, open 2 terminals
At this time telent are directed to the same server, although different terminals are open. Below we are also accessing the following Web, as follows
As can be seen, this is the PPC mode, that is, the same host access to different services, are located on the same host. In the time-out period, your access to port 80 will always be directed to the same host, Access 23 will be the same, the different services will vary the host, but the same service-oriented host must be the same.
If you want to implement whether the same service, as long as it is from the same host, in the timeout period of time is directed to the same application server, this is the PCC mode.
The principle of PCC mode is that regardless of the user request which service port, all to the application server forwarding, plainly, it just look at the client IP, do not look at the client access port, as long as the IP is the same, to the previous selected application server forwarding, if it requested the port on the application server does not, then the error, This error is not to find the service, is not to say that a serious mistake.
We use Ipvsadm–c to clear all cluster services and then re-establish them.
We see that the port setting is 0, which means all ports, when you set the port is 0, you must set the-p parameter. Whether the PCC or PPC mode is the key is to see if the Cluster service is set to 0 port or a specific port. Let's Test it again:
At this point we see that whenever a host is located on the first visit, the service is directed to the same host regardless of the time of the timeout.
PCC can direct different services from the same host to the same application server, but this allows for all port requests, and if I want to implement a specified number of port services instead of all ports, how do I do that? It is only to bind the different ports to the same cluster service, which is to use the firewall tag feature.
A port tag is defined on the prerouting chain of the firewall, such as setting 80, 23, and so on to the same token, and then doing the tag on the Cluster service.
How do I define a tag? Empty the existing Ipvs rule:
To set the prerouting rule for a firewall:
This means that the –t is specified as the mangle table;-A is added to the prerouting chain (it needs to be marked when it enters, this is the first of the 4 chains in iptables);-D Destination Address (VIP);-I eth0 set to the network card or not set;-P TCP is set to TCP protocol,--dport 80 is specify 80 port,-j mark Mark,--set-mark 10 tag number is 10 (any one is not occupied).
Create a Cluster service
Note that I have not set a persistent connection here because there is no add-p parameter. The-F 10 Specifies that the firewall is labeled as 10, which is already configured in the iptables above.
Add an Application Server
Once configured, you can access the Web page by 80, or you can log in via Telnet. If you want to use a persistent connection, add the-p parameter directly. Here I modify, or firewall tag 10, here set the persistent connection length-p, default seconds.
Access test: 130 is WEB2
Note: The 801-like and 443 bindings in the production environment are marked with a firewall. While using persistent connections can disrupt load balancing, the Web service, especially e-commerce, forums, blogs, microblogs, and so on, must be used, or the session will be interrupted.
Although LVS can make persistent connections but usually we do not do this, it is common to use the cache server to save the user's session. The following is a very simple structure to illustrate
Above is a forum structure, through the LVS do load balancing, and in order not to increase the burden of LVS does not open the connection persistence function, but in order to ensure the consistency of user session, using the memcached cache server, PHP can save the user's session information on the memcached server, No matter how many Web front-end servers you have, you can go to the memcached server to get user session information. This enables the session to be consistent and shared. Memcached itself is not a service, it is a programming API.
Because it is a number of Web front-end servers, the site update page is normal, in order to quickly update the paging file, you need a file synchronization mechanism, because these paging files are stored locally on the Web server, so use Sersync (c/S structure) to complete, the Web Server installation client, When they receive the INOTIFY notification, they go to the server to pull the file for update.
User uploaded attachments These things cannot be saved on the database, so use a file server to store them.
For e-commerce sites, 80 and 443 are bundled together, because 443 secure connections are used when making payments. But although 80 and 433 are pages, but they are different services, so also to use LVS persistent connection, whether or not using session sharing, if the payment can be taken out of this information to transfer to a new service, rather than Web services, that is another thing. In this scenario, if you use 443, all Web servers are bound to the certificate, and they use the same certificate because they are the same as the external domain name.
Small jobs: Turn on the 80 and 433 services on the Web server, and then use the persistent connection method to stay in session.
LVS (v) Persistent connection of LVS
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
