Introduction of Load Balancer cluster, introduction of LVS and scheduling algorithm, construction of LVS NAT mode

Introduction to load Balancing clusters

• The software that realizes load Balancing cluster is: LVS, keepalived, Nginx, Haproxy and so on. The LVS belong to four layer (network OSI model), Nginx belongs to seven layer, haproxy can be considered as four layer, also can be used as seven layer.

• The Keepalived load balancing function is actually the LVS

• LVS, Haproxy this four-tiered load balancer can distribute communications other than 80 ports, such as mysql-3306, and Nginx only supports Http,https,mail.

• In contrast, this four-layer LVS is more stable, can withstand more requests, and nginx this seven-layer more flexible, can achieve more personalized requirements.

LVS Introduction

• LVS was developed by the Chinese Zhangwensong.
• Popularity is no less than Apache httpd, TCP/IP-based routing and forwarding, high stability and efficiency
• The latest version of LVS is based on Linux kernel 2.6 and has not been updated for many years
• LVS has three common patterns: NAT, DR, IP Tunnel
• A core role in the LVS architecture is called the Dispatcher (Load balancer), which is used to distribute the user's requests, as well as many servers that handle user requests (Real Sever, RS)

LVS NAT Mode

• This model is implemented using the Iptables NAT table

• After the user's request to the dispatcher, the requested packet is forwarded to the back-end RS via a preset iptables rule.

• RS needs to set the gateway as the Distributor's intranet IP

• The user requests I go to the packet and the packets returned to the user all pass through the dispatcher, so the dispenser becomes the bottleneck

• In NAT mode, only the Distributor has a public IP, so it is more economical to save public IP resources.

Note: in this mode, load balancer is a bottleneck that restricts the schema from handling user requests, so this mode is more suitable for small-mode clusters (server RS is within 10 units), and this mode has the advantage of saving public network resources.

LVS IP tunnel mode

• This mode requires a common IP configuration on the Distributor and all RS, we call it VIP

• The target IP requested by the client is the VIP, and after the dispatcher receives the request packet, the packet is processed and the target IP is changed to the IP of Rs so that the packet is on the RS

• After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself

Note: Real server returns directly to the user via a public IP address, omitting the data back to the load balancer dispatcher, so there is no bottleneck in the load balancer.

LVS DR Mode

• This mode also requires a common IP configuration on the Distributor and all RS, which is the VIP

• Unlike IP tunnel, it modifies the MAC address of the packet to the MAC address of the RS.

• After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it considers itself

LVS Scheduling algorithm

• Poll Round-robin RR

  • The user's request came over, it balanced the request distributed to RS, no merits and demerits of

• Weighted polling Weight Round-robin WRR

  • With the weight of polling, you can set the weight of the machine, the high-weight machine sent more requests

• Minimum connection least-connection LC

  • Send the request to please I go to a small number of RS

• Weighted minimum connection Weight least-connection WLC

  • Minimum connection with weight, high weight priority

• The minimum connection based on locality locality-based Least Connection LBLC

• Locally-based minimal connection with replication locality-based Least Connections with Replication LBLCR

• Destination Address hash dispatch Destination Hashing DH

• Source Address hash Dispatch source Hashing sh

Commonly used is the first four algorithm LVS NAT mode construction

is achieved through iptables

Preparatory work

• Prepare three virtual machines

  • Dispatcher (Scheduler director)

    Intranet: 192.168.159.133, extranet: 192.168.64.151

  • Real Server1 (real 1)

    Intranet: 192.168.159.131, Gateway: 192.168.159.130

  • Real Server2 (real 2)

    Intranet: 192.168.159.132, Gateway: 192.168.159.130

• Shut down the firewall for three machines

  It is recommended to use Iptables:
  [Email protected] ~]# Systemctl stop Firewalld
  Close FIREWALLD Firewall

  [Email protected] ~]# systemctl disable FIREWALLD
  Prohibit FIREWALLD firewall from booting

  It is recommended to use Iptables
  [email protected] ~]# Yum install-y iptables.service
  Installing Iptables.servcie

  [Email protected] ~]# Systemctl enable iptables
  Set iptables boot up

  [Email protected] ~]# systemctl start iptables
  Open Iptables Service

  [Email protected] ~]# iptables-f
  Empty firewall rules

  [[Email protected] ~]# service Iptables Save
  Save current rule

  The reason for this setting is that NAT mode is a schema based on the firewall Nat table, so the iptables rule is used.

  Temporarily close SELinux
  [Email protected] ~]# Getenforce
  View SELinux Status
  Enforcing is on, Permissive is off
  [Email protected] ~]# Setenforce 0/1
  Turn firewall on and off
  0 is off, 1 is open

  Permanently close SELinux
  [Email protected] ~]# Vim/etc/selinux/config
  Change SELinux from enforcing to disabled

Configure the Dispatcher

• Installing Ipvsadm on the DIR (distributor)

  [email protected] ~]# Yum install-y ipvsadm
  This tool is kind of like iptables.
  If the download is slow, enter/etc/yum.repos.d/
  Rename the Epel.repo and change it back after it's done.

• Scripting on the Dir (dispatcher)

  [Email protected] ~]# vim/usr/local/sbin/lvs_nat.sh
  #! /bin/bash
  Turn on routing forwarding on the director server
  Echo 1 >/proc/sys/net/ipv4/ip_forward
  Turn off redirection of ICMP
  echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
  echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
  Note the name of the network card, my two NICs here are Ens33 and ENS37
  echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
  echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects
  Director Set NAT Firewall
  Iptables-t nat-f
  Iptables-t Nat-x
  Iptables-t nat-a postrouting-s 192.168.64.0/24-j Masquerade
  Director set IPVSADM rules
  Ipvsadm= '/usr/sbin/ipvsadm '
  $IPVSADM-C
  -c=clear, purge rule
  $IPVSADM-A-T 192.168.64.151:80-s RR
  -a:=add, add rules, define the rules of the algorithm;
  -T: Distributor IP (external network IP);
  -s specifies the algorithm;
  -P: Specifies the time-out (fixed session issue: Ensure that the same request is distributed to the same RS) in seconds.
  Because the Add-p option affects the test effect, the parameter is not added here (note: The time cannot be set to 0)
  $IPVSADM-T 192.168.64.151:80-r 192.168.159.131:80-m-W 1
  $IPVSADM-T 192.168.64.151:80-r 192.168.159.132:80-m-W 1
  -a:=add, increasing the RS in the NAT architecture;
  -r: Specifies the IP of RS;
  -M: Specify the LVS mode as NAT (Masquerade)
  -w:=weight, assigning weights

  Execute script:
  [Email protected] ~]# sh/usr/local/sbin/lvs_nat.sh
  There is no error output stating that the script was executed.

  To view Ipvsadm rules:
  [Email protected] ~]# IPVSADM-LN
  IP Virtual Server version 1.2.1 (size=4096)
  Prot Localaddress:port Scheduler Flags
  Remoteaddress:port Forward Weight activeconn inactconn
  TCP 192.168.64.151:80 RR
  -192.168.159.131:80 MASQ 1 0 0
  -192.168.159.132:80 MASQ 1 0 0

Configure RS

• Install Nginx on both RS and set the homepage separately to differentiate between the two machines.

  [email protected] ~]# Yum install-y nginx
  [[email protected] ~]# systemctl start Nginx

  If Nginx is a Yum installation, its home directory is/usr/share/nginx/html/index.html

Test

• Access to extranet ip:192.168.64.151

  [Email protected] ~]# Curl 192.168.64.151
  This is real server 2
  [Email protected] ~]# Curl 192.168.64.151
  This is real server 1
  [Email protected] ~]# Curl 192.168.64.151
  This is real server 2
  [Email protected] ~]# Curl 192.168.64.151
  This is real server 1

Introduction of Load Balancer cluster, introduction of LVS and scheduling algorithm, construction of LVS NAT mode