A detailed description of the LVS Load Balancing Cluster service (i.)

LVS Overview

1.lvs:linux Virtual Server
Quad Exchange (routing): forwards it to a server in the backend host cluster based on the destination IP and destination port of the request message (based on the scheduling algorithm);
Not able to implement load balancing on the application tier
LVS (also known as Ipvs) is based on the firewall NetFilter implementation in the kernel

2.lvs Cluster Terminology:

Vs:virtual Server	Virtual services, which can be referred to as director, dispatcher dispatcher, balancer load Balancer
Rs:real Server	Real server
Cip:client IP	Client IP
Vip:director Virtual IP	Equivalent to FIPS (mobile IP), load balancer virtual IP
Dip:director IP	Dispatch IP (second NIC IP address)
Rip:real Server IP	Real Server IP

3.lvs:ipvsadm/ipvs

(1) IPVSADM:CLI tools
User-Space Command-line tool for managing Cluster service and RS on Cluster service; # yum Install-y ipvsadm

(2) Ipvs: Kernel presence (CentOS default support)

The program code that works on the kernel netfilterinput hooks, and its cluster function relies on the cluster server rules defined by IPVSADM;
Support a number of services based on TCP, UDP, SCTP, AH, EST, Ah_est and other protocols;

4. Design-time essentials in a load-balanced cluster:

(1) Session hold
Session sticky (Iphash): IP address binding, source IP record in IP hash table for unified scheduling
Session cluster (MULTICAST/BROADCAST/UNICAST): Broadcast cluster synchronization (replication) session, only for small-scale scenarios
Session server (): Session servers

(2) data sharing (providing consistent storage)
1) shared storage;
Nas:network attached Storage (file level), network attached storage, file server
San:storage Area network (block level), storage region networks
Ds:distributed Storage, distributed coupled
2) Data synchronization: Rsync ...

LVS Model

1.lvs-nat: Address Camouflage model
Multi-Objective Dnat: By modifying the target address and target port of the request message to select the RIP and port of a certain RS;
The client host initiates the request message CIP points to the VIP, through the core network card forwarding function, the VIP will send the request to dip for scheduling, dip according to set algorithm load balanced to the back end of the RS host RIP, in this process the DIP scheduling function will rewrite the target IP address to rip. Request and return requests read to dispatch the dip to perform the conversion operation.

(1) RIP and dip should use private network address, RS mesh should point to dip;
(2) The request and response messages are forwarded through the Director; in extremely high load scenarios, the director may become a system bottleneck (large response message);
(3) Support port mapping (forwarding);
(4) vs must be linux,rs for any operating system;
(5) The rip of Rs must be in the same IP network as the director's dip;

2.LVS-DR (direct routing straight route): Gateway model
Forwarding by modifying the MAC address of the request message; The IP header does not change (the source IP is CIP and the destination IP is always VIP)
The client initiates the request, passes through layer-by-layer routing to the switch closest to the VS server, and forwards the VS server via the switch to the RS server with the VS server load Balancer forwarding request. In this process, the VIP modifies the MAC address dispatch request to the real host. In this process, the ARP protocol is broadcast in a LAN to find the MAC address of the real host. Each RS real host network card will be an alias address VIP, the entire process source address is CIP, the target address is the VIP unchanged. Scheduling is based on looking for Mac. All hosts in the Gateway model must be able to communicate with the external network. This allows the RS host to respond directly to the client.

(1) Ensure that the front-end router will send the target IP to the VIP request message will be sent to director;
Solution:
1) static binding;
2) prohibit RS from responding to VIP ARP requests;
A) defined on arptables;
b) Modify the core parameters of each RS, and the VIP configuration on a specific interface to achieve the prohibition of its response;

(2) RS RIP can use a private address or a public network address;
RIP uses a private address to directly respond to a client by adding a router and an extranet communication
(3) The RS and director must be in the same physical network;
(4) The request message must be dispatched by the Director, but the response message must not pass through the Director;
(5) port mapping is not supported;
(6) Each RS can use most of the operating system;

3.lvs-tun (IP tunneling): IP tunneling model
Forwarding mode: Do not modify the Request packet IP header (the source IP is CIP, the target IP is VIP), but in the original IP header this is again encapsulated an IP header (the source IP is dip, the target IP is RIP);
(1) RIP,DIP,VIP is a public network address;
(2) The Gateway of RS cannot and cannot be pointed to dip;
(3) The request message is dispatched by the Director, but the response message will be sent directly to CIP;
(4) port mapping is not supported;
(5) The OS of RS must support the IP tunneling function;

4.lvs-fullnat: Full model (simultaneously changing the source IP and destination IP of the request message)
Forwarding is achieved by simultaneously modifying the source IP address (CIP-->DIP) and the destination IP address (vip--> RIP) of the request message;
Note: The first three types are standard, the fourth is the post-add type, the kernel may not be supported by default, and the kernel must be self-compiled
(1) The VIP is the public network address, RIP and dip is the private network address, and can not be in the same IP network, but need to communicate with each other through routing;
(2) The source IP of the request message received by RS is a dip, so its response message will be sent to the dip;
(3) The request message and the response message must pass through the Director;
(4) Support port mapping;
(5) RS can use any OS;

LVS Scheduler Scheduling algorithm

1. Static method: Dispatch only according to the algorithm itself
(1) Rr:round Robin, polling mechanism, allocation of requests, in a simple way but the effect of load balancing generally
(2) Wrr:weighted RR, weighted polling, the larger the weight, the greater the load
(3) Sh:source IP hash, source address hash, will be from the same IP request by logging in the IP Hsash table bound on the same server, to achieve session retention
Disadvantage: The scheduling granularity is large, the load balance effect is poor; session stickiness is different, the connection length is different
(4) Dh:desination IP hash, destination address hash. Enables connection tracking, but does not consider load balancing effects
Forward Web proxy, load balance Network user's request to the Internet;
Client--> Director--Web Cache Server (forward proxy)

2. Dynamic method: Evaluation According to the algorithm and the current load status of each RS

Overhead	Load value, vs forwarding when recording the number of active and inactive per RS (even weights) for algorithmic calculation
Active	Active link value, when a new request is held in the established state, there is still a request response
Inactive	Inactive link value, in the established state, the hold idle wait state has not been disconnected

(1) Lc:least Connection, Minimum connection
Overhead=active*256+inactive
Back-end RS who have less connection on the distribution request to that RS, if overhead like the top-down poll list of RS

(2) wlc:weighted least connection, weighted minimum connection
Overhead= (active*256+inactive)/weight, small calculation results will be selected for next hop RS Server
Disadvantage: When the overhead is the same, the top-down poll response, the weight is small if the above the list will respond

(3) Sed:shortest expection delay, shortest expected delay
Overhead= (active+1) *256/weight
Cons: Troubleshoot WLC issues, but cannot ensure that hosts with small weights must respond

(4) Nq:never queue, never queue, improved SED algorithm
RS Weight size arrangement, each RS server assigns one request first, the remainder calculates the allocation according to the weight size

(5) Lblc:locality-based LC, local-based minimum connection, dynamic DH connection algorithm

(6) LBLCR:LBLC with Replication, LBLC with copy function

ipvsadm Command

1. Manage Cluster Services:

ipvsadm-a| E-t|u|f service-address [-S scheduler][-p [timeout]]ipvsadm-d-t|u|f service-address

-A: Add-e: Modify-D: Remove-T, TCP, Vip:port   TCP IP and Port-u, UDP, Vip:port UDP IP and port-f, FWM, Mark   Firewall-S Scheduler: The default is the WLC scheduling algorithm, which can be saved;-P [Timeout]: Out of length, persistent connection dependent, the default length is 300 seconds

2. Manage the RS on the Cluster service:

Ipvsadm-a|e-t|u|f service-address-rserver-address [-g|i|m] [w weight]ipvsadm-d-t|u|f service-address- Rserver-address

-A: Add a rs-e: Modify a rs-d: Delete a rsserver-address refers to rip[:p ORT], the port can be saved as the previous service-address, only NAT mode support port mapping will use [-g|i|m]- G:gateway (default), LVS-DR model-I:IPIP, Lvs-tun tunnel model-m:masquerade,lvs-nat model

3. View

Ipvsadm-l|l[options]-n:numeric, digital format display address and port;-c:connection, display Ipvs connection;--stats: Display statistics;--rate: rate--exact: Exact value, Values that do not go through unit conversions

4. Clear the rule:

Ipvsadm-c

5. Counting device Clear 0:

Ipvsadm-z [-t|u|f service-address]

6. Save and Reload:

Save:

Ipvsadm-s >/path/to/some_rule_fileipvsadm-save >/path/to/some_rule_file

Overload:

Ipvsadm-r </path/from/some_rule_fileipvsadm-restore</path/from/some_rule_file

Note: You need to use a combination of redirects to import the export from the custom rule file

Appendix (IPVSADM-H):

ipvsadm-a| E-t|u|f service-address [-S scheduler][-p[timeout]] [-M netmask] [-B sched-flags]ipvsadm-d-t|u|f service-addressipvsadm-cipvsadm-ripvsadm-s [-n]ipvsadm-a|e-t|u|f service-address-r server-address[-g|i|m][-w Weight] [-X upper] [-y lower]ipvsadm-d-t|u|f service-address-r server-addressipvsadm-l|l [options]ipvsadm-z [-t|u|f ser Vice-address]ipvsadm--set TCP Tcpfin Udpipvsadm-h

A detailed description of the LVS Load Balancing Cluster service (i.)