Description: The following references the contents of the sixth chapter of "Building a highly available Linux server" Fuqin.
It is relatively simple to build a high-availability environment for load balancing, mainly to understand the principles. This article describes the pros and cons of three load balancers so that they can be used in real-world production applications by demand.
At present, the online environment in the application of more load balancer hardware has F5 big-IP, software has Lvs,nginx and haproxy, high-availability software has heartbeat, keepalived, mature architecture lvs+keepalived, nginx+ Keepalived, haproxy+keepalived and Drbd+heartbeat.
The pros and cons of three load balancers are described below:
Advantages of LVS:
1, strong resistance to load, work on the 4th floor for distribution only, no flow of production, this feature also determines its performance in the Load Balancer software is the strongest; no flow, while ensuring that the performance of the Equalizer Io is not affected by the large traffic;
2, stable work, self has a complete two-machine hot-standby program, such as Lvs+keepalived and lvs+heartbeat;
3, a wide range of applications, can be load-balanced for all applications;
4, the configuration is relatively low, this is a disadvantage is also an advantage, because there is not much to configure things, so do not need too much contact, greatly reducing the chance of human error;
Disadvantages of LVs:
1, the software itself does not support the regular processing, can not do static and dynamic separation, which highlights the advantages of nginx/haproxy+keepalived.
2, if the website application is relatively large, lvs/dr+keepalived is more complex, especially the Windows Server application behind the machine, implementation and configuration and maintenance process is more troublesome, relatively, nginx/haproxy+ Keepalived is a lot easier.
#############################################################
1. Lvs/dr How to process the request message, will modify the IP packet content?
1.1 VS/DR itself does not care about the IP layer above the information, even if the port number is also the TCP/IP stack to determine whether the correct, VS/DR itself mainly do such a few things:
1) Receive client's request, select a Realserver IP based on the load balancing algorithm you set;
2) Select the IP corresponding MAC address as the target Mac, and then re-encapsulate the IP packet into frames forwarded to this RS;
3) record the connection information in the hash table.
Vs/dr do very little, and very simple, so it's very efficient, not much worse than the hardware load balancer device.
The approximate flow of packets and data frames is this:----------------
1.2 has already answered, VS/DR will not modify the contents of the IP packet.
2. Realserver Why should I configure the VIP on the Lo interface? Can I configure the VIP on the Egress network card?
2.1 Since the RS is able to handle IP packets with the target address VIP, you must first allow RS to receive the packet.
Configuring the VIP on Lo completes the receive package and returns the result to the client.
2.2 The answer is that the VIP can not be set on the egress card, otherwise it will respond to the client's ARP request, causing client/gateway arp table disorder, so that the entire load balance does not work properly.
3. Realserver Why suppress ARP frames?
This question has been explained in the previous question, which is further elaborated in the context of the implementation order. We will make the following adjustments when implementing the deployment in detail:
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce echo " 1 ">/proc/sys/net/ipv4/conf/all/arp_ignore echo" 2 ">/proc/sys/net/ipv4/conf/all/arp_announce
I believe that many people will not understand what their role is, only know that there must be. I'm not going to discuss it in detail here, just to make a few notes, just to add it.
3.1
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignoreecho "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
These two articles are not necessary because ARP has no meaning to the logical interface.
3.2 If your RS external network interface is eth0, then
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignoreecho "2" >/proc/sys/net/ipv4/conf/all/arp_announce
The real thing to do is:
echo "1" >/proc/sys/net/ipv4/conf/eth0/arp_ignoreecho "2" >/proc/sys/net/ipv4/conf/eth0/arp_announce
So I personally suggest to add the above two to your script, because in case the system above two default value is not 0, it may be a problem drops.
4. Why LVS/DR Load Balancer (director) and RS are in the same network segment?
From the first question, you should understand how VS/DR forwarded the request to RS, right? It is implemented at the data link layer, so the director must be in the same network segment as Rs.
5. Why is the director on the Lo interface in addition to the VIP in addition to the eth0 with an IP (i.e. dip)?
5.1 If you use tools such as keepalived for HA or load Balance, dip is required for health checks.
5.2 ha or Load balance without a health check mechanism does not have any practical significance.
6. Lvs/dr Ip_forward need to be opened?
No need. Because the director and Realserver are the same network segment, there is no need to turn on forwarding.
7. Will the director's VIP netmask be 255.255.255.255?
LVS/DR, the director's VIP netmask no need to set to 255.255.255.255.
Route add-host $VIP Dev eth0:0
Director's VIP is to be like the normal IP address of the external notice, do not make so special.
8. How do I lvs/dr a three-time handshake for TCP?
#####################################################################
The advantages of Nginx:
1, working on the OSI layer 7th, you can do some diversion strategies for HTTP applications. For example, for the domain name, directory structure. Its regular is more powerful and flexible than haproxy;
2, Nginx dependence on the network is very small, in theory can ping through the load function, this is its advantage;
3, Nginx installation and configuration is relatively simple, testing more convenient;
4, can bear high load pressure and stability, generally can support more than tens of thousands of times the concurrency;
5, Nginx can detect the server internal failure through the port, for example, according to the server to handle the return of the page status code, timeout, etc., and will return the wrong request resubmitted to another node;
6, Nginx is not only a good load balancer/reverse proxy software, it is also a powerful Web application server. LNMP is now also a very popular web environment, and the lamp environment is a rival, nginx in dealing with static pages, especially anti-high concurrency relative Apache has advantages;
7, Nginx now as the Web reverse acceleration cache more and more mature, faster than the traditional squid server, the need for friends can consider using it as a reverse proxy accelerator;
The drawbacks of Nginx:
1, Nginx does not support the URL to detect.
2, Nginx can only support HTTP and email, this it's weak.
3, Nginx session to maintain, the ability to guide the cookie is relatively deficient.
Advantages of Haproxy:
1, Haproxy is support virtual host, can work in 4, 7 layer (support multi-network segment);
2, can add some of the shortcomings of Nginx such as the session of the maintenance, cookie guidance and other work;
3, support the URL detection backend server;
4, it is just like the LVS, itself is only a load balancer software, simply from the efficiency of the haproxy more than Nginx has a better load balancing speed, in concurrent processing is better than nginx;
5, Haproxy can load balance MySQL read, the backend of the MySQL node detection and load balancing, but in the back end of the number of MySQL slaves more than 10 units performance than LVS;
6, the Haproxy algorithm is more, achieves 8 kinds;
Linux LVS Nginx HAProxy pros and cons