Introduction to load Balancing clusters
The software that realizes load Balancing cluster is: LVS, keepalived, Nginx, Haproxy and so on. The LVS belong to four layer (network OSI model), Nginx belongs to seven layer, haproxy can be considered as four layer, also can be used as seven layer.
The Keepalived load balancing function is actually the LVS
LVS, Haproxy this four-tiered load balancer can distribute communications other than 80 ports, such as mysql-3306, and Nginx only supports Http,https,mail.
- In contrast, this four-layer LVS is more stable, can withstand more requests, and nginx this seven-layer more flexible, can achieve more personalized requirements.
LVS Introduction
- LVS was developed by the Chinese Zhangwensong.
- Popularity is no less than Apache httpd, TCP/IP-based routing and forwarding, high stability and efficiency
- The latest version of LVS is based on Linux kernel 2.6 and has not been updated for many years
- LVS has three common patterns: NAT, DR, IP Tunnel
- A core role in the LVS architecture is called the Dispatcher (Load balancer), which is used to distribute the user's requests, as well as many servers that handle user requests (Real Sever, RS)
LVS NAT Mode
This model is implemented using the Iptables NAT table
After the user's request to the dispatcher, the requested packet is forwarded to the back-end RS via a preset iptables rule.
RS needs to set the gateway as the Distributor's intranet IP
The user requests I go to the packet and the packets returned to the user all pass through the dispatcher, so the dispenser becomes the bottleneck
- In NAT mode, only the Distributor has a public IP, so it is more economical to save public IP resources.
Note: in this mode, load balancer is a bottleneck that restricts the schema from handling user requests, so this mode is more suitable for small-mode clusters (server RS is within 10 units), and this mode has the advantage of saving public network resources.
LVS IP tunnel mode
This mode requires a common IP configuration on the Distributor and all RS, we call it VIP
The target IP requested by the client is the VIP, and after the dispatcher receives the request packet, the packet is processed and the target IP is changed to the IP of Rs so that the packet is on the RS
- After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself
Note: Real server returns directly to the user via a public IP address, omitting the data back to the load balancer dispatcher, so there is no bottleneck in the load balancer.
LVS DR Mode
This mode also requires a common IP configuration on the Distributor and all RS, which is the VIP
Unlike IP tunnel, it modifies the MAC address of the packet to the MAC address of the RS.
- After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it considers itself
LVS Scheduling algorithm
Poll Round-robin RR
- The user's request came over, it balanced the request distributed to RS, no merits and demerits of
Weighted polling Weight Round-robin WRR
- With the weight of polling, you can set the weight of the machine, the high-weight machine sent more requests
Minimum connection least-connection LC
- Send the request to please I go to a small number of RS
Weighted minimum connection Weight least-connection WLC
- Minimum connection with weight, high weight priority
The minimum connection based on locality locality-based Least Connection LBLC
Locally-based minimal connection with replication locality-based Least Connections with Replication LBLCR
Destination Address hash dispatch Destination Hashing DH
- Source Address hash Dispatch source Hashing sh
Commonly used is the first four algorithm LVS NAT mode construction
is achieved through iptables
Preparatory work
-
Prepare three virtual machines
-
Dispatcher (Scheduler director)
Intranet: 192.168.159.133, extranet: 192.168.64.151
-
Real Server1 (real 1)
Intranet: 192.168.159.131, Gateway: 192.168.159.130
-
Real Server2 (real 2)
Intranet: 192.168.159.132, Gateway: 192.168.159.130
Shut down the firewall for three machines
It is recommended to use Iptables:
[Email protected] ~]# Systemctl stop Firewalld
Close FIREWALLD Firewall
[Email protected] ~]# systemctl disable FIREWALLD
Prohibit FIREWALLD firewall from booting
It is recommended to use Iptables
[email protected] ~]# Yum install-y iptables.service
Installing Iptables.servcie
[Email protected] ~]# Systemctl enable iptables
Set iptables boot up
[Email protected] ~]# systemctl start iptables
Open Iptables Service
[Email protected] ~]# iptables-f
Empty firewall rules
[[Email protected] ~]# service Iptables Save
Save current rule
The reason for this setting is that NAT mode is a schema based on the firewall Nat table, so the iptables rule is used.
Temporarily close SELinux
[Email protected] ~]# Getenforce
View SELinux Status
Enforcing is on, Permissive is off
[Email protected] ~]# Setenforce 0/1
Turn firewall on and off
0 is off, 1 is open
Permanently close SELinux
[Email protected] ~]# Vim/etc/selinux/config
Change SELinux from enforcing to disabled
Configure the Dispatcher
Installing Ipvsadm on the DIR (distributor)
[email protected] ~]# Yum install-y ipvsadm
This tool is kind of like iptables.
If the download is slow, enter/etc/yum.repos.d/
Rename the Epel.repo and change it back after it's done.
Scripting on the Dir (dispatcher)
[Email protected] ~]# vim/usr/local/sbin/lvs_nat.sh
#! /bin/bash
Turn on routing forwarding on the director server
Echo 1 >/proc/sys/net/ipv4/ip_forward
Turn off redirection of ICMP
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
Note the name of the network card, my two NICs here are Ens33 and ENS37
echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects
Director Set NAT Firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 192.168.64.0/24-j Masquerade
Director set IPVSADM rules
Ipvsadm= '/usr/sbin/ipvsadm '
$IPVSADM-C
-c=clear, purge rule
$IPVSADM-A-T 192.168.64.151:80-s RR
-a:=add, add rules, define the rules of the algorithm;
-T: Distributor IP (external network IP);
-s specifies the algorithm;
-P: Specifies the time-out (fixed session issue: Ensure that the same request is distributed to the same RS) in seconds.
Because the Add-p option affects the test effect, the parameter is not added here (note: The time cannot be set to 0)
$IPVSADM-T 192.168.64.151:80-r 192.168.159.131:80-m-W 1
$IPVSADM-T 192.168.64.151:80-r 192.168.159.132:80-m-W 1
-a:=add, increasing the RS in the NAT architecture;
-r: Specifies the IP of RS;
-M: Specify the LVS mode as NAT (Masquerade)
-w:=weight, assigning weights
Execute script:
[Email protected] ~]# sh/usr/local/sbin/lvs_nat.sh
There is no error output stating that the script was executed.
To view Ipvsadm rules:
[Email protected] ~]# IPVSADM-LN
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 192.168.64.151:80 RR
-192.168.159.131:80 MASQ 1 0 0
-192.168.159.132:80 MASQ 1 0 0
Configure RS
Install Nginx on both RS and set the homepage separately to differentiate between the two machines.
[email protected] ~]# Yum install-y nginx
[[email protected] ~]# systemctl start Nginx
If Nginx is a Yum installation, its home directory is/usr/share/nginx/html/index.html
Test
Access to extranet ip:192.168.64.151
[Email protected] ~]# Curl 192.168.64.151
This is real server 2
[Email protected] ~]# Curl 192.168.64.151
This is real server 1
[Email protected] ~]# Curl 192.168.64.151
This is real server 2
[Email protected] ~]# Curl 192.168.64.151
This is real server 1
Introduction of Load Balancer cluster, introduction of LVS and scheduling algorithm, construction of LVS NAT mode