Linux Server Load balancer cluster system solution

1. Introduction to Linux virtual servers

Linux Virtual Server (LVS) is a high-availability Server Load balancer cluster system. The system can provide Load Capacity proportional to the number and performance of server nodes, effectively improving service throughput, reliability, redundancy, adaptability, and high performance and price ratio. At the same time, LVS is also an effective way to achieve high-end server performance using low-end devices.
Linux Virtual Server (LVS) is a cluster composed of the director master server and several real-Server servers. Real-server is responsible for providing services. The master server controls the real-server Based on the specified scheduling algorithm. The cluster structure is transparent to users. The client only communicates with the virtual IP of A Single IP cluster system. That is to say, from the client perspective, only one server exists here.
Real-server provides many services, such as ftp, http, dns, telnet, nntp, and smtp. The master Server controls the Real-Server. When a client sends a service request to LVS, Director uses a specific scheduling algorithm to specify a Real-Server to respond to the request. The client only corresponds to the IP address of Load Balancer, that is, the virtual IP address, VIP.
Ii. Advantages
* Increase throughput: to achieve higher throughput, the overhead of adding real-servers in LVS only increases linearly. If we choose to replace a higher-performance server to achieve a considerable throughput, the overhead is much larger, and the replaced old server will cause a waste of resources.
* Redundancy: if a real-server in LVS stops the service due to upgrade or other reasons, the termination and restoration of the service will not interrupt the service of the entire LVS client.
* Adaptability: whether the throughput needs to change gradually due to changes in daily transactions or changes quickly due to sudden changes in transactions, the increase or decrease in the number of servers is transparent to the client.
Iii. Structure Diagram
　
The traditional "Client/Server" relationship is still applicable in LVS because:
* The IP addresses of all servers are mapped to one IP address (VIP). The client can only see this IP address.
* All servers regard it as directly related to the client.
Basic settings of an LVS
Iv. Basic principles and functions
In fact, ctor primarily acts like a vro, but it contains a route table for completing the LVS function. These route tables allow ctor to forward packets belonging to the LVS service to real-servers. If http port 80) is a service set by LVS, these packets will be forwarded by ctor, and director does not listen to VIP: 80.
Director uses three different forwarding Methods
1. VS-NAT: network address translation (NAT)
2. VS-DR: direct routing (DR). The MAC address on the package is changed and then forwarded to real-server.
3. VS-Tun: tunnelling, which is encapsulated by IPIP and then forwarded to real-server.
VS-NAT method is easier to achieve, only need a function tcpip stack, the disadvantage is that the throughput is not large enough, and the number of real-server supported is limited. The VS-DR mode has a large throughput and supports a large number of real-servers. The VS-TUN mode has similar characteristics as VS-DR, but it is mainly used for real-server distribution over the Internet. real-servers can be remote to ctor, real-servers can be in different network segments. However, the VS-DR and VS-TUN forwarding methods need to modify the ifconfig and route table of real-server.
LVS can provide almost all service Single Port and 2 port services), except for VS-DR and VS-Tun, it cannot provide services including identd and rsh that initialize connections from real-servers ).
Real-servers can be the same and provide the same services such as http and ftp. The file system keeps the content consistent. This type of LVS is used to increase the number of service clients. Real-server can also be different and have different services or operating systems.
5. VS-NAT Based on network address translation, network address translation, NAT)
VS-NAT is the most basic method of LVS, which is the easiest way to set an LVS for testing.
When the customer sends a request, director will rewrite the target address of the received package to a real-server and forward it to the real-server. Real-server reply will be sent to ctor, director will change the source address of the reply package to VIP
Unlike VS-DR and VS-TUN, real-server only needs one function tcpip stack. Real-server can be any operating system. You do not need to make any configuration changes on real-server. In addition to routing tables, you need to set the default gateway of real-server to director ).
Extension and workflow for the VS-NAT approach.
　
Vi. direct routing, DR)
　
After Director receives a request packet from the client, select a real-server Based on the scheduling algorithm to parse the MAC address of the real-server, and sends a link layer package containing an IP datasync to the MAC. After the Real-server receives the packet, it restores the IP address datax. After finding the route table, it finds that the VIP address is in the local device lo: 0, non-arp) and handed over to the port listener. Because Real-server receives a packet from CIP-> VIP, when constructing a reply packet, it is VIP-> CIP. Real-server searches for the route table and sends a reply to the client's default gateway. The reply does not go through ctor.
What you need to do on real-server is to configure a non-arping lo: 0 device. And the service needs to listen to the corresponding port of the VIP.
The VS-DR mode has a large throughput and supports a large number of real-servers.
VII. VS-Tun tunnel, tunnelling)
This method is based on VS-DR. The difference is that director encapsulates the packet IP address and forwards it to real-server. VS-TUN's real-servers can be remotely connected to director, and each real-server can be deployed on a separate network. However, you need to work on the router to allow output packets whose source address is VIP.
The configuration method and requirements are similar to those of VS-DR. You only need to switch the lo: 0 device to the tunl0 device, and the corresponding module is ipip.