Advantages and disadvantages of LVS nginx haproxy

NOTE: For the following content, refer to Chapter 6 of "building a high-availability Linux Server" of fuqin liquor. It is relatively simple to set up a high-availability server Load balancer environment, mainly to understand the principle. This article describes the advantages and disadvantages of the three load balancers so that they can be selected as needed in actual production applications. Currently, there are F5 BIG-IP, LVS, nginx and haproxy, and heartbeat and keepalived in the online environment, mature architectures include LVS + keepalived, nginx + keepalived, haproxy + keepalived, and drbd + heartbeat. the advantages and disadvantages of the three load balancers are described as follows: 1. Strong load resistance, working at Layer 4th for distribution only, and no traffic generation, this feature also determines its strongest performance in the Server Load balancer software. It has no traffic and ensures that the I/O performance of the Server Load balancer is not affected by large traffic. 2. Stable Operation, it has a complete dual-machine Hot Standby solution, such as LVS + keepalived and LVS + heartbeat. 3. It has a wide range of applications and supports Load Balancing for all applications. 4. Low configuration, this is a disadvantage and an advantage. Because there is not much configuration, there is no need for too much contact, which greatly reduces the chance of human error. LVS disadvantages: 1. Software It does not support Regular Expression Processing and does not support static/dynamic separation. This highlights the advantages of nginx/haproxy + keepalived. 2. If the website application is relatively large, LVS/DR + keepalived will be complicated, especially for machines with Windows server applications, and the implementation, configuration, and maintenance processes will be troublesome, nginx/haproxy + keepalived is much simpler. ######################################## ##################### 1. how does LVS/DR modify the IP packet content when processing request packets? 1.1 VS/DR itself does not care about the information above the IP layer, even if the port number is also the TCP/IP protocol stack to determine whether it is correct, VS/DR itself mainly do the following: 1) to receive client requests, select the IP address of a RealServer Based on the server Load balancer algorithm you set. 2) use the MAC address corresponding to the selected IP address as the target MAC address, then, encapsulate the IP package into a frame and forward it to this Rs. 3) record the connection information in the hash table. VS/DR does very few things and is also very simple, so it is very efficient, not much worse than the Hardware load balancing device. The general flow of data packets and data frames is as follows: client --> vs --> Rs --> client1.2 has been answered before. VS/DR will not modify the content of the IP packet. 2. why does RealServer configure VIP on the lo interface? Can I configure the VIP address on the egress Nic? 2.1 To enable rs to process IP packets whose destination address is VIP, RS must first receive the packet. Configure the VIP address on lo to receive the packet and return the result to the client. 2.2 The answer is that the VIP cannot be set on the egress Nic. Otherwise, the client's ARP request will be responded, resulting in disorder of the client/gateway ARP table, and the entire load balance will not work properly. 3. Why does RealServer suppress ARP frames? This issue has been explained in the previous issue. Here we will further discuss it with the Implementation command. We will make the following adjustments during implementation and deployment: echo "1">/proc/sys/NET/IPv4/CONF/LO/arp_ignore echo "2">/proc/sys/NET/IPv4/CONF/LO/arp_announce echo" 1 ">/proc/sys/NET/IPv4/CONF/All/arp_ignore echo" 2 ">/proc/sys/NET/IPv4/CONF/All/arp_announce I believe many people they won't understand what they are, only know that there must be. I am not going to discuss it in detail here. I just want to make a few notes to add. 3.1 echo "1">/proc/sys/NET/IPv4/CONF/LO/arp_ignoreecho "2">/proc/sys/NET/IPv4/CONF/LO/arp_announce yes, ARP is meaningless to logical interfaces. 3.2 If your Rs's external network interface is eth0, so echo "1">/proc/sys/NET/IPv4/CONF/All/arp_ignoreecho "2">/proc/sys/NET/IPv4/CONF/All/arp_announce is actually true the following code is executed: echo "1">/proc/sys/NET/IPv4/CONF/eth0/arp_ignoreecho "2">/proc/sys/NET/IPv4/CONF/eth0/arp_announce so I personally we recommend that you add the above two to your script, if the default values of the two values in the system are not 0, a problem may occur. 4. Why are LVS/DR Load balancer (director) and RS in the same network segment? From the first question, we should understand how VS/DR forwards requests to Rs? It is implemented at the data link layer, so director must be in the same network segment as Rs. 5. Why should I configure an IP address (DIP) for the lo interface in addition to the VIP address in eth0 on director )? 5.1 if keepalived or other tools are used for HA or load balance, dip is required for health check. 5.2 ha or load balance without health check mechanism has no practical significance. 6. Do I need to enable LVS/DR ip_forward? No. Because Director and RealServer are in the same network segment, you do not need to enable forwarding. 7. Must the Director VIP netmask be 255.255.255.255? In LVS/DR, the Director VIP's netmask does not need to be set to 255.255.255, nor does it need to go to route add-host $ VIP Dev eth0: the VIP of 0director is intended to be advertised as a normal IP address. Do not make such a special announcement. 8. how does LVS/DR perform TCP three-way handshake? ######################################## ############################ Advantages of nginx: 1. Working on the OSI Layer 7th, some shunting policies can be made for HTTP applications. For example, the domain name and directory structure. Its regular expression is more powerful and flexible than haproxy. 2. nginx has little dependence on the network. Theoretically, it can be pinged to implement load functions, which is also its advantage; 3. nginx installation and configuration are relatively simple and easy to test. 4. It can handle high load pressure and is stable, and generally support tens of thousands of concurrent requests; 5. nginx can detect internal server faults through ports, such as status codes returned by the server to process web pages, timeout, and so on, and resubmit the requests with returned errors to another node; 6. nginx is not only an excellent Load balancer/reverse proxy software, but also a powerful Web application server. Lnmp is also a very popular Web environment. It is very popular with lamp environments. nginx has advantages over Apache in handling static pages, especially in anti-high concurrency; 7. nginx is now becoming more and more mature as the Web reverse acceleration cache, and its speed is faster than the traditional squid server. If you need it, you can consider using it as the reverse proxy accelerator. disadvantages of nginx: 1. nginx does not support URL detection. 2. nginx only supports HTTP and email, which is weak. 3. The cookie guidance capability is relatively insufficient for nginx session persistence. Advantages of haproxy: 1. haproxy supports Virtual Hosts and can work on Layer 4 and Layer 7 (supports multiple network segments). 2. It can supplement some shortcomings of nginx, such as session persistence, cookie guidance and other work; 3. Support for URL detection of backend servers; 4. Like LVS, it is only a load balancing software; in terms of efficiency, haproxy provides better load balancing speed than nginx, and is superior to nginx in concurrent processing. 5. haproxy can perform load balancing on MySQL reads, checks the backend MySQL nodes and performs load balancing. However, when the number of backend MySQL Server Load balancer instances exceeds 10, the performance is inferior to LVS. 6. There are many haproxy algorithms, reaching 8 types;