Enterprise Cluster platform Architecture implementation and application practical combat (Haproxy+keepalived article)

Difference between one or four-and seven-layer load balancing

The so-called four layer is the fourth layer in the ISO reference model. The four-tier load balancer, also known as the four-layer switch, is based on IP-plus-port load balancing through the analysis of traffic on the IP layer and TCP/UDP layer. The common four-tier load balancer has LVS, F5, and so on.

As an example of a common TCP application, when the load balancer receives the first SYN request from the client, it chooses an optimal backend server through the Set load balancing algorithm, modifies the destination IP address in the message to the back-end server IP, and forwards it directly to the backend server. Such a load balancing request is complete. From this process, a TCP connection is established directly between the client and the server, and the load balancer simply completes a router-like forwarding action. In some load-balancing strategies, the packets returned by the backend server can be correctly passed to the load balancer, and the original source address of the message may be modified at the same time as the message is forwarded. The entire process is shown.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/82/B5/wKioL1dfXEiy30hCAABEn10fvd8185.png "title=" ww.png "alt=" Wkiol1dfxeiy30hcaaben10fvd8185.png "/>

Similarly, a seven-tier load balancer, also known as a seven-layer switch, is located at the highest layer of the OSI, the application layer, where the load balancer supports a variety of application protocols, such as HTTP, FTP, SMTP, and so on. The seven-tier load balancer can also be called a "content exchanger", depending on the message content and then the load balancing algorithm to select the backend server. For example, for the load balancing of Web servers, the seven-tier load balancer can not only offload the load according to the "ip+ port", but also can determine the load balancing strategy based on the URL of the website, access domain name, browser category, language, etc. For example, there are two Web servers in both English and Chinese two web sites, two domain names are a, B, to achieve access to a domain name to enter the Chinese site, access to the B domain name into the English site, which is almost impossible to achieve in the four-tier load balancer, And seven-tier load balancing can be based on the client access to different domain names to select the corresponding Web page for load balancing processing. Common seven-layer load balancer has haproxy, nginx and so on.

Here is still a common example of TCP applications, because the load balancer to obtain the content of the message, so can only replace the back-end server and the client to establish a connection, and then to receive the message sent by the client content, The final selected internal server is then determined based on the specific field in the message plus the load balancing algorithm set in the load balancer. Throughout the entire process, a seven-tier load balancer is similar to a proxy server in this case. The entire process is as shown.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/82/B7/wKiom1dfW06APOX2AABGWCtgsH0727.png "title=" Www.png "alt=" Wkiom1dfw06apox2aabgwctgsh0727.png "/>

Comparing the entire process of four-tier load balancing and seven-tier load balancing, it can be seen that in seven-tier load Balancing mode, the load balancer has a TCP connection to the client and back-end servers, and only one TCP connection is established in the four-tier load-balancing mode. As a result, the seven-layer load balancer requires a higher load balancing device, while the seven-tier load-balancing processing capability is certainly less than the four-tier mode load balancer.

Similarities and differences of Haproxy and LVS

Through the introduction of the previous article, we should basically understand the advantages and disadvantages of haproxy load balancing and LVS load balancing and similarities and differences. Here is a simple summary of the similarities and differences between the two load balancer software:

1) both are software load balancing products, but LVS is a soft load balancer based on Linux operating system, and Haproxy is a soft load balancer based on the third application.

2)LVs is a four-tier IP load balancing technology, while Haproxy is a comprehensive load balancing solution that provides TCP and HTTP applications based on four-tier and seven-tier technologies.

3)LVS works on the fourth level of the ISO model, so its condition monitoring function is single, and Haproxy is powerful in condition monitoring, it can support various state detection methods such as port, URL, script and so on.

4)Although the Haproxy is powerful, the overall processing performance is lower than the four-tier model of LVS load balancing, while LVS has network throughput and connection load capabilities close to the hardware devices.

To sum up, haproxy and LVS have advantages and disadvantages, there is no good or bad points, to choose which as a load balancer, to the actual application of the environment to decide.

Three, rapid installation of haproxy cluster software

You can download the Haproxy source package at Haproxy's official website, http./www.haproxy.org/ Here is the operating system Centos6.5 version For example, the download Haproxy is the current stable version of haproxy-1.6.4.tar.gz, the installation process is as follows:

[[Email protected] app]# tar zcvf haproxy-1.6.4.tar.gz[[email protected] app #cd Haproxy-1.6.4[[email protected] haproxy-1.6.4] #make target=linux26 prefix=/usr/local/haproxy [[email protected] haproxy-1.6.4] #make install prefix=/ Usr/local/haproxy #将haproxy安装到/usr/local/haproxy [[email protected] haproxy-1.6.4] #mkdir/usr/local/haproxy/conf# Haproxy default does not create the profile directory, here is the creation of the Haproxy profile directory [[email protected] haproxy-1.6.4]# CP examples/option-http_proxy.cfg/usr/ Local/haproxy/conf/haproxy.cfg#haproxy

After the installation is complete, the default installation directory does not have a configuration file, here is the sample configuration file inside the source package is copied to the configuration file directory

In this way, the Haproxy installation is complete.

Iv. haproxy Basic Configuration file

The Haproxy profile is composed of 5 parts depending on function and purpose, but some parts are not required and can be configured according to the needs of the appropriate section.

(1)Global Section

Used to set global configuration parameters, which are process-level configurations, usually related to operating system configuration.

(2)defaults part

The configuration section of the default parameter. The parameter values set in this section are automatically referenced by default to the Frontend, backend, and listen sections below, so if some parameters are in a common configuration, simply add them once in the defaults section. If the same parameters as the Defaults section are configured in the frontend, backend, and listen sections, the values corresponding to the Defaults section parameters are automatically overwritten.

(3)frontend part

This section is used to set up front-end virtual nodes that receive user requests. Frontend is a component that was introduced after the HAProxy1.3 version, and the backend component was introduced. By introducing these components, the complexity of the Haproxy configuration file is greatly simplified. Frontend can directly specify the backend backend to use based on ACL rules.

(4)backend part

This section is used to set up the configuration of the cluster backend service cluster, which is used to add a set of real servers to handle requests from front-end users. The real server added is similar to the real Servers node in LVS.

(5)Listen part

This section is a combination of the frontend and backend parts. Before the HAProxy1.3 version, all configuration options for Haproxy are set in this section. To maintain compatibility, the new version of Haproxy still retains the configuration of the listen component. Currently in Haproxy, the two configuration methods can be selected either.

The following is a complete haproxy configuration file

global        log 127.0.0.1 local0 info         maxconn 4096        user  nobody        group nobody         daemon        nbproc 1         pidfile /usr/local/haproxy/logs/haproxy.piddefaults         mode http        retries 3         timeout connect 10s         timeout client 20s        timeout server 30s         timeout check 5sfrontend www          bind *:80         mode   http          option  httplog          option  forwardfor         option   httpclose         log      global         #acl  host_www            hdr_dom (host)    -i      www.zb.com          #acl  host_img             hdr_dom (host)    -i      img.zb.com          #use_backend  htmpool    if       host_www         #use_backend  imgpool    if       host_img        default_backend   htmpoolbackend htmpool        mode     http        option   redispatch         option   abortonclose         Balance  static-rr        cookie   serverid         option   httpchk GET /index.jsp         server  237server 192.168.81.237:8080 cookie  server1 weight 6 check inter 2000 rise 2 fall 3      &nbsP;  server  iivey234 192.168.81.234:8080 cookie server2 weight 3  check inter 2000 rise 2 fall 3backend imgpool         mode    http        option    redispatch        option    abortonclose        balance  static-rr         cookie   SERVERID         Option   httpchk get /index.jsp        server   host236 192.168.81.236:8080 cookie server1 weight 6 check inter  2000 rise 2 fall 3listen admin_stats         bind 0.0.0.0:9188        mode http         log 127.0.0.1 local0 err        stats  refresh 30s        stats uri /haproxy-status         stats realm welcome login\ Haproxy         stats auth admin:[email protected]         stats hide-version        stats  Admin if true

V. Load balancing function for start and test haproxy

1. Start-up and management Haproxy start service: #/usr/local/haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy.cfg Restart Service: #/usr/local/ Haproxy/sbin/haproxy-f/usr/local/haproxy/conf/haproxy.cfg-st ' cat/usr/local/haproxy/logs/haproxy.pid ' Stop service: # Killall Haproxy

Six, haproxy load balancer algorithm and usage skills

1. Load balancing algorithm supported by Haproxy

(1), Roundrobin, express simple polling, load balancing basic algorithm

(2), STATIC-RR, indicated by weight

(3), Leastconn, indicating that the least connected person first

(4), source, which indicates the origin of the IP based on the request

(5), Uri, which represents the URI according to the request;

(6), Url_param, to dispatch according to the URL parameter of the request

(7), HDR (name), which indicates that each HTTP request is locked according to the HTTP request header;

(8), Rdp-cookie (name), which indicates that each TCP request is locked and hashed according to the cookie (name).

2. Common Load Balancing algorithm

(1) Polling algorithm: Roundrobin

(2) According to the request source IP algorithm: source

(3) Minimum number of connector processing algorithm: Lestconn

Vii. Intelligent load balancing via ACL rules for Haproxy

Since Haproxy can work in a seven-tier model, it is important to use strong and flexible ACL rules to implement HAPROXY's powerful functions, and to implement an intelligent load balancing system based on Haproxy with ACL rules. The Haproxy uses ACL rules to accomplish two main functions, namely:

1) Check that client requests are legitimate by setting ACL rules. If the ACL rules are met, then it will be released, but if the rule is not met, the request is interrupted directly.

2) requests that conform to ACL rules are submitted to the backend backend server cluster, which enables load balancing based on ACL rules.

ACL rules in Haproxy are often used in frontend segments, using the following methods:

ACL-Custom ACL-name ACL method-I [Matching path or file]

which

ACL: is a keyword that represents the beginning of a defined ACL rule. You need to follow the custom ACL name later.

ACL method: This field defines the method for implementing ACLs, Haproxy defines a number of ACL methods, frequently used methods are Hdr_reg (host), Hdr_dom (host), Hdr_beg (host), Url_sub, Url_dir, Path_beg, Path_end and so on.

-I: Indicates that case is ignored, followed by a matching path or file or regular expression.

The Haproxy parameter that is used with the ACL rule also has use_backend,use_backend followed by a backend instance name, which indicates which backend instance to request after the ACL rule is satisfied, and Use_ The backend also corresponds to the Default_backend parameter, which indicates which backend backend is used by default when the ACL condition is not met.

A few examples of common ACL rules are listed below:

ACL Www_policy Hdr_reg (host)-I ^ (www.z.cn|z.cn) ACL Bbs_policy hdr_dom (host)-I bbs.z.cnacl url_policy url_sub-i buy_si D=use_backend server_www If Www_policyuse_backend server_app if Url_policyuse_backend Server_bbs if Bbs_policydefault_ Backend Server_cache

Viii. Web monitoring platform using Haproxy

Haproxy Although the failover of services, but in the event of a host or service failure, and can not notify operations personnel, which is very high timeliness of business systems, is very inconvenient, but Haproxy seems to take this into account, In the new version, Haproxy has launched a web-based monitoring platform that allows you to view the operational status of all back-end servers in this clustered system, and in the event of a back-end service or server failure, the monitoring page will display the fault information in different colors. This solves the problem of the back-end server fault alarm to a great extent, the OPS personnel can monitor this page to discover the node fault in the first time, and then repair the fault.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/82/B7/wKiom1dfW-TSuP9-AAEuBOq06VM630.png "title=" 123. PNG "alt=" Wkiom1dfw-tsup9-aaeuboq06vm630.png "/>

This article is from the "Love Linux" blog, make sure to keep this source http://ixdba.blog.51cto.com/2895551/1788995

Enterprise Cluster platform Architecture implementation and application practical combat (Haproxy+keepalived article)