LVS: Linux Virtual Server
The so-called virtual service is that when the client requests the service, the service on the front-end scheduler, through a certain way load to the back-end of multiple servers, but for the client is not visible, like the access to the same server, which is virtual meaning
Principle
Ipvs: When using the LVS service, a filtering framework in the Linux kernel acts on the input chain and determines whether the Cluster service is clustered by parsing the user's requested IP and port number (if the older version of the kernel is not built-in, it needs to be compiled and installed itself)
When the user request arrives, enters the scheduler kernel space, because the request is the local address, forwards to the input chain, through the request IP and the port, determines whether the request service is the Cluster service, if it is not to enter the user space according to the port number to access the local service, the request message is processed on the input chain, Forwards to the forward chain, finally to the postrouting chain, forwards to the appropriate backend service node
So LVs and iptables cannot be used at the same time
scheduling algorithm for load
Scheduler Method (Dispatch party method): When a client request arrives, what criteria does the scheduler choose to select the more appropriate server node for the request distribution
Two types of scheduling
Static dispatch : Regardless of the connection load of the background server
RR (Round Robin ): Polling
Wrr:weight weighted polling , before polling, calculate the scale of each server weight before scheduling
Sh:source hash of hash source address: Logs the hash of the client and the corresponding server, the next request from the same host will be assigned the same server node according to the previous record processing
Cookies andsessions: When the client first initiates a visit, the server sends a cookie to the client, the client saves the cookie, and then each request appends cookie information, which is identified by the server as the client. And in the server side of the memory to keep the user browsing records, URLs and other information, this is the session
Session Share: session sharing between service cluster backend service nodes (via network, or sync to shared storage), so that information such as the client's browsing history is shared, even if the client request is assigned to a different node, even if the server node fails, The browsing information is synchronized. if the session shared, then do not need this scheduling algorithm, when the server fails, session share is also a good preventive measures
dh:destination Hash Target address hashes (for cache servers, the first request to obtain the cache may not be cached by the other cache servers, when the same content is requested, allocated to the same cache server, without having to cache again)
Dynamic scheduling
LC: Minimum Connection
Compare back-end Realserver active*256+inactive, pick a small value to send the request
WLC: Weighted minimum connection (Lpvs default)
Compare back-end Realserver (active*256+inactive)/weights, pick a low-value send request
Sed:shortest expect delay shortest expected delay
(active+1) *256/weight
Nq:never Queue never queue
for the first time on an SED basis each server sends a request at any
time
lblc:locality-based LC based on local minimum connection
Consider the number of cache connections, but the same request is sent as much as possible to the same cache server, which is equivalent to a dynamic DH
LBLCR:LBLC with Replication scheduling cache copy Feature
LBLC will consider the minimum number of connections, but will still distribute the same user request to the same back-end cache server, while the LBLCR is dynamically dispatched to the backend cache server, and the cache share (meaning partial sharing, when the requested cache server does not have the cache, and the other server has, the cached content of the request is synchronized)
three modes of LVS :
NAT: Address Translation
DR: Direct Routing
TUN: Tunnel model
NAT Model
Implementation principle: The client initiates the request, after the request arrives the director load balancer, according to the scheduling algorithm, chooses the appropriate backend service node to carry on the request distribution, the Director then uses the return result to respond to the client, realizes the load balance
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPRXylHjuAABzzkEK7w4133.jpg "title=" Image.png "style=" Float:none; "alt=" wkiol1wdprxylhjuaabzzkek7w4133.jpg "/>
Rules:
The cluster node and director must be in the same network
RIP is typically a private address and is used only for communication between cluster nodes
Director is between client and Realserver, responsible for handling all incoming and outgoing communications
Realserver must point the gateway to the dip
Here is a simple experiment and note the point
1: Address Planning
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPT-iSgI7AACQ1MTKwzI115.jpg "style=" float: none; "title=" Image1.png "alt=" Wkiol1wdpt-isgi7aacq1mtkwzi115.jpg "/>
2: Install Ipvsadm
3: See if the Ipvs kernel feature is supported
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/79/wKiom1WdO2-BHjQXAAB96EGkKgM096.jpg "style=" float: none; "title=" Image2.png "alt=" Wkiom1wdo2-bhjqxaab96egkkgm096.jpg "/>
4: Pay attention to time synchronization between director and Realserver
5: Note that the use of Ipvsadm and iptables can not coexist, because the use of the filter mechanism of the NetFilter framework
6: Address configuration:
Direct two network adapter for intranet and external network, virtual machine mode, internal network should use Host-only mode
Realserver Gateway because of the intranet address that points to direct
7: Start configuring LVS ( Use RR polling schedule )
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/79/wKiom1WdPIDwqY25AACYv1qXhAI793.jpg "style=" float: none; "title=" Image3.png "alt=" Wkiom1wdpidwqy25aacyv1qxhai793.jpg "/>
-T uses a TCP protocol cluster,-s specifies the scheduling algorithm,-r specifies that REALSERVER,-M is specified as a NAT model
8: View Configuration
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPlDy-MV4AADOskqSmME426.jpg "style=" float: none; "title=" Image4.png "alt=" Wkiol1wdpldy-mv4aadoskqsmme426.jpg "/>
9: Test
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/79/wKiom1WdPICjYgSbAADHTo1eFlw396.jpg "style=" float: none; "title=" Image5.png "alt=" Wkiom1wdpicjygsbaadhto1eflw396.jpg "/>
The result shows that the polling scheduling function has been implemented
If the external host test is unsuccessful, the NIC forwarding function may not be started
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPm6DE1CFAABeA4_PAO0813.jpg "style=" float: none; "title=" Image6.png "alt=" Wkiol1wdpm6de1cfaabea4_pao0813.jpg "/>
10: View Connection Status
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPm-TIgetAADiLCrRtus260.jpg "style=" float: none; "title=" Image7.png "alt=" Wkiol1wdpm-tigetaadilcrrtus260.jpg "/>
11: Modify the scheduling algorithm for (WRR weighted polling , and verify)
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/79/wKiom1WdPJ-BScRBAAFxR5E55Eg076.jpg "style=" float: none; "title=" Image8.png "alt=" Wkiom1wdpj-bscrbaafxr5e55eg076.jpg "/>
Effect
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/79/wKiom1WdPMCAb_UyAAFej98IEfo453.jpg "title=" Image9.png "alt=" Wkiom1wdpmcab_uyaafej98iefo453.jpg "/>
Dr Model
First, the benefit of the DR Model relative to the NAT model is that the Director receives the request only and forwards it to the Real server, without responding to the request, greatly enhancing performance
Implementation principle: The Director and Realserver are equipped with VIP address and their own network card address, the client initiates the request, the IP header source address is CIP and Vip,direct received the message, the discovery request is the Cluster service, will not change the IP above the message data, Source address or CIP and VIP, directly to the MAC address to direct Mac and Rs Mac, the message is forwarded to realserver,realserver received the message, receive the request, generate a response message, and directly respond
Process:
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPq-AW_-jAAC8-zaRavQ921.jpg "style=" float: none; "title=" Image10.png "alt=" Wkiol1wdpq-aw_-jaac8-zaravq921.jpg "/>
To achieve the above solutions, the following two issues need to be addressed
1:director and Realserver are equipped with VIP address, if the same network has many of the same IP address, will cause ARP confusion, and we only need to notify the Director of the VIP can
Arp_announce
Level 0: Default level, local any interface address all advertise
Level 1: Address that is not advertised and is not the same as the other network address
Level 2: Do not advertise addresses that are not the same as the other network addresses, such as: The local eth0 and LO ports are equipped with different addresses, and the LO port address will not be advertised to the network connected to the Eth0 interface
Arp_ignore
Level 0: Default level, local, all respond
Level 1: Response is only given when the requested address is configured on the interface to which the request arrives
VIP can be set at lookback port of Realserver, without notice and response
At the same time the director's VIP can be set on the eth0:0, the normal reply ARP request
2:realserver received the message, the response, when the source IP is VIP and CIP, the message how to reach the client
In general, the CIP is the public IP, is the network on the client's IP,VIP also for the public IP, when the rip and VIP is not in the same network segment , in order to let the response message sent normally, the Realserver gateway must be pointed to the export device (may be the carrier device) , RIP can be a private network address, or it can be a public network address
Rules
Each cluster node and director must be in the same physical network
RIP can use a public address for easy network management
Director receives requests only and responds directly to customer requests via real
Port mappings are not supported
Requires an operating system that can hide the VIP as Realserver
Can support more nodes than the NAT model
Experiments (using the internal network to do simple simulation, export routing equipment non-carrier equipment in case of)
Experimental planning:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/79/wKiom1WdPOCAw_rxAAELIovJZwE289.jpg "title=" Image11.png "style=" Float:none; "alt=" wkiom1wdpocaw_rxaaeliovjzwe289.jpg "/>
1: In accordance with the plan to address the first, the experimental environment should be the address of the bridge mode
2:Realserver The response level of the ARP should be configured to configure the VIP address of the LO Port and set the
Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore
Ifconfig lo:0 192.168.199.133 netmask 255.255.255.255 broadcast 192.168.199.133 up #广播地址为VIP地址 means only one address in the network
Route add-host 192.168.199.133 Dev lo:0 #默认路由表示在当请求的是192.168.199.133 This VIP address, the response should go through lo:0, that is, the IP of the response is the VIP instead of the eth0 IP
3: Configuration on Director
Ifconfig eth0:0 192.168.199.133 netmask 255.255.255.255 broadcast 192.168.199.133 up
Router add-host 192.168.199.133 Dev lo:0
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPt_QoSxKAAEL-1TRIuA407.jpg "title=" Image12.png "alt=" Wkiol1wdpt_qosxkaael-1triua407.jpg "/>
This article is from the "Call Me boxin" blog, so be sure to keep this source http://boxinknown.blog.51cto.com/10435935/1672206
The realization of the NAT/DR model and the detailed understanding of LVS Foundation