The realization of the NAT/DR model and the detailed understanding of LVS Foundation

Source: Internet
Author: User

LVS: Linux Virtual Server

The so-called virtual service is that when the client requests the service, the service on the front-end scheduler, through a certain way load to the back-end of multiple servers, but for the client is not visible, like the access to the same server, which is virtual meaning

Principle

    • Ipvs: When using the LVS service, a filtering framework in the Linux kernel acts on the input chain and determines whether the Cluster service is clustered by parsing the user's requested IP and port number (if the older version of the kernel is not built-in, it needs to be compiled and installed itself)

When the user request arrives, enters the scheduler kernel space, because the request is the local address, forwards to the input chain, through the request IP and the port, determines whether the request service is the Cluster service, if it is not to enter the user space according to the port number to access the local service, the request message is processed on the input chain, Forwards to the forward chain, finally to the postrouting chain, forwards to the appropriate backend service node

So LVs and iptables cannot be used at the same time

    • Ipvsadm: A tool for LVS to manage cluster services in user space

scheduling algorithm for load

Scheduler Method (Dispatch party method): When a client request arrives, what criteria does the scheduler choose to select the more appropriate server node for the request distribution

Two types of scheduling

Static dispatch : Regardless of the connection load of the background server

    • RR (Round Robin ): Polling

    • Wrr:weight weighted polling , before polling, calculate the scale of each server weight before scheduling

    • Sh:source hash of hash source address: Logs the hash of the client and the corresponding server, the next request from the same host will be assigned the same server node according to the previous record processing

Cookies andsessions: When the client first initiates a visit, the server sends a cookie to the client, the client saves the cookie, and then each request appends cookie information, which is identified by the server as the client. And in the server side of the memory to keep the user browsing records, URLs and other information, this is the session

Session Share: session sharing between service cluster backend service nodes (via network, or sync to shared storage), so that information such as the client's browsing history is shared, even if the client request is assigned to a different node, even if the server node fails, The browsing information is synchronized. if the session shared, then do not need this scheduling algorithm, when the server fails, session share is also a good preventive measures

    • dh:destination Hash Target address hashes (for cache servers, the first request to obtain the cache may not be cached by the other cache servers, when the same content is requested, allocated to the same cache server, without having to cache again)

Dynamic scheduling

    • LC: Minimum Connection

      Compare back-end Realserver active*256+inactive, pick a small value to send the request

    • WLC: Weighted minimum connection (Lpvs default)

      Compare back-end Realserver (active*256+inactive)/weights, pick a low-value send request

    • Sed:shortest expect delay shortest expected delay

      (active+1) *256/weight

    • Nq:never Queue never queue

for the first time on an SED basis each server sends a request at any
time
    • lblc:locality-based LC based on local minimum connection

      Consider the number of cache connections, but the same request is sent as much as possible to the same cache server, which is equivalent to a dynamic DH

    • LBLCR:LBLC with Replication scheduling cache copy Feature

      LBLC will consider the minimum number of connections, but will still distribute the same user request to the same back-end cache server, while the LBLCR is dynamically dispatched to the backend cache server, and the cache share (meaning partial sharing, when the requested cache server does not have the cache, and the other server has, the cached content of the request is synchronized)

three modes of LVS :

    • NAT: Address Translation

    • DR: Direct Routing

    • TUN: Tunnel model

NAT Model

Implementation principle: The client initiates the request, after the request arrives the director load balancer, according to the scheduling algorithm, chooses the appropriate backend service node to carry on the request distribution, the Director then uses the return result to respond to the client, realizes the load balance

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPRXylHjuAABzzkEK7w4133.jpg "title=" Image.png "style=" Float:none; "alt=" wkiol1wdprxylhjuaabzzkek7w4133.jpg "/>

Rules:

    • The cluster node and director must be in the same network

    • RIP is typically a private address and is used only for communication between cluster nodes

    • Director is between client and Realserver, responsible for handling all incoming and outgoing communications

    • Realserver must point the gateway to the dip

Here is a simple experiment and note the point

1: Address Planning

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPT-iSgI7AACQ1MTKwzI115.jpg "style=" float: none; "title=" Image1.png "alt=" Wkiol1wdpt-isgi7aacq1mtkwzi115.jpg "/>

2: Install Ipvsadm

3: See if the Ipvs kernel feature is supported

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/79/wKiom1WdO2-BHjQXAAB96EGkKgM096.jpg "style=" float: none; "title=" Image2.png "alt=" Wkiom1wdo2-bhjqxaab96egkkgm096.jpg "/>

4: Pay attention to time synchronization between director and Realserver

5: Note that the use of Ipvsadm and iptables can not coexist, because the use of the filter mechanism of the NetFilter framework

6: Address configuration:

    • Direct two network adapter for intranet and external network, virtual machine mode, internal network should use Host-only mode

    • Realserver Gateway because of the intranet address that points to direct

7: Start configuring LVS ( Use RR polling schedule )

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6F/79/wKiom1WdPIDwqY25AACYv1qXhAI793.jpg "style=" float: none; "title=" Image3.png "alt=" Wkiom1wdpidwqy25aacyv1qxhai793.jpg "/>

    • -T uses a TCP protocol cluster,-s specifies the scheduling algorithm,-r specifies that REALSERVER,-M is specified as a NAT model

8: View Configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPlDy-MV4AADOskqSmME426.jpg "style=" float: none; "title=" Image4.png "alt=" Wkiol1wdpldy-mv4aadoskqsmme426.jpg "/>

9: Test

    • RS1 Web page content: This is Realserver1

    • RS2 Web page content: This is Realserver2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/79/wKiom1WdPICjYgSbAADHTo1eFlw396.jpg "style=" float: none; "title=" Image5.png "alt=" Wkiom1wdpicjygsbaadhto1eflw396.jpg "/>

    • The result shows that the polling scheduling function has been implemented

    • If the external host test is unsuccessful, the NIC forwarding function may not be started

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPm6DE1CFAABeA4_PAO0813.jpg "style=" float: none; "title=" Image6.png "alt=" Wkiol1wdpm6de1cfaabea4_pao0813.jpg "/>

10: View Connection Status

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPm-TIgetAADiLCrRtus260.jpg "style=" float: none; "title=" Image7.png "alt=" Wkiol1wdpm-tigetaadilcrrtus260.jpg "/>

11: Modify the scheduling algorithm for (WRR weighted polling , and verify)

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6F/79/wKiom1WdPJ-BScRBAAFxR5E55Eg076.jpg "style=" float: none; "title=" Image8.png "alt=" Wkiom1wdpj-bscrbaafxr5e55eg076.jpg "/>

Effect

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6F/79/wKiom1WdPMCAb_UyAAFej98IEfo453.jpg "title=" Image9.png "alt=" Wkiom1wdpmcab_uyaafej98iefo453.jpg "/>

Dr Model

First, the benefit of the DR Model relative to the NAT model is that the Director receives the request only and forwards it to the Real server, without responding to the request, greatly enhancing performance

Implementation principle: The Director and Realserver are equipped with VIP address and their own network card address, the client initiates the request, the IP header source address is CIP and Vip,direct received the message, the discovery request is the Cluster service, will not change the IP above the message data, Source address or CIP and VIP, directly to the MAC address to direct Mac and Rs Mac, the message is forwarded to realserver,realserver received the message, receive the request, generate a response message, and directly respond

Process:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6F/75/wKioL1WdPq-AW_-jAAC8-zaRavQ921.jpg "style=" float: none; "title=" Image10.png "alt=" Wkiol1wdpq-aw_-jaac8-zaravq921.jpg "/>

To achieve the above solutions, the following two issues need to be addressed

1:director and Realserver are equipped with VIP address, if the same network has many of the same IP address, will cause ARP confusion, and we only need to notify the Director of the VIP can

    • The notification response level mechanism using ARP

Arp_announce

Level 0: Default level, local any interface address all advertise

Level 1: Address that is not advertised and is not the same as the other network address

Level 2: Do not advertise addresses that are not the same as the other network addresses, such as: The local eth0 and LO ports are equipped with different addresses, and the LO port address will not be advertised to the network connected to the Eth0 interface

Arp_ignore

Level 0: Default level, local, all respond

Level 1: Response is only given when the requested address is configured on the interface to which the request arrives

VIP can be set at lookback port of Realserver, without notice and response

At the same time the director's VIP can be set on the eth0:0, the normal reply ARP request

    • Or if there is control over the egress route, the VIP directly refers to the static route to the Director

2:realserver received the message, the response, when the source IP is VIP and CIP, the message how to reach the client

In general, the CIP is the public IP, is the network on the client's IP,VIP also for the public IP, when the rip and VIP is not in the same network segment , in order to let the response message sent normally, the Realserver gateway must be pointed to the export device (may be the carrier device) , RIP can be a private network address, or it can be a public network address

Rules

    • Each cluster node and director must be in the same physical network

    • RIP can use a public address for easy network management

    • Director receives requests only and responds directly to customer requests via real

    • Port mappings are not supported

    • Requires an operating system that can hide the VIP as Realserver

    • Can support more nodes than the NAT model

Experiments (using the internal network to do simple simulation, export routing equipment non-carrier equipment in case of)

Experimental planning:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6F/79/wKiom1WdPOCAw_rxAAELIovJZwE289.jpg "title=" Image11.png "style=" Float:none; "alt=" wkiom1wdpocaw_rxaaeliovjzwe289.jpg "/>

1: In accordance with the plan to address the first, the experimental environment should be the address of the bridge mode

2:Realserver The response level of the ARP should be configured to configure the VIP address of the LO Port and set the

Echo 2 >/proc/sys/net/ipv4/conf/all/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore
Echo 2 >/proc/sys/net/ipv4/conf/lo/arp_announce
Echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore

Ifconfig lo:0 192.168.199.133 netmask 255.255.255.255 broadcast 192.168.199.133 up #广播地址为VIP地址 means only one address in the network
Route add-host 192.168.199.133 Dev lo:0 #默认路由表示在当请求的是192.168.199.133 This VIP address, the response should go through lo:0, that is, the IP of the response is the VIP instead of the eth0 IP

3: Configuration on Director

Ifconfig eth0:0 192.168.199.133 netmask 255.255.255.255 broadcast 192.168.199.133 up

Router add-host 192.168.199.133 Dev lo:0

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6F/75/wKioL1WdPt_QoSxKAAEL-1TRIuA407.jpg "title=" Image12.png "alt=" Wkiol1wdpt_qosxkaael-1triua407.jpg "/>


This article is from the "Call Me boxin" blog, so be sure to keep this source http://boxinknown.blog.51cto.com/10435935/1672206

The realization of the NAT/DR model and the detailed understanding of LVS Foundation

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.