First, we need to understand the working mechanism of LVS:
In LVS, ctor itself does not respond to the request, but only accepts the forwarded request to the rear. realservers is the real response request in the background.
LVS works basically like DNAT, but not exactly like it. It is a layer-4 switch. By default, it judges a user's request through the address and port requested by the user, in this way, it is forwarded to the host that actually provides services in the background, and it is determined that such a request is implemented through socket, so it can be implemented at Layer 4.In addition, the forwarding process is transparent to users (simply put, users access the Dr IP address, while users do not know the process when Dr is forwarded to RSS)
LVS Working Mode
1. DNAT
2. Direct routing
3. Tunnel
Benefits:
1. High concurrency
2. High Redundancy
3. Applicability: extends servers and reduces servers to facilitate server expansion and contraction
IP address type of LVS
1. VIP: virtual IP address, which does not provide services but forwards user requests to the backend
2 rip: The real IP address, the IP address that the client actually provides services
3. Dip: Scheduling IP address, usually the IP address of the LVS connected to rip
4. CIP: Client IP address. the IP address of the user upon request
Process: for example
= ======================================
LVS cluster type:
1. LVS-NAT DNAT
2. LVS-DR direct routing
3. LVS-TUN Tunnel
The three types are described in detail below:
Principle of LVS-NAT Model
User requests and responses must go through ctor
Both the source and target addresses must be converted, while the target address translation is transparent.
Limited scheduler expansion in this architecture, ctor will process all the requests, the pressure is relatively high, expansion to 10 nodes will not work
Requirements:
1. The cluster node must be in the same physical network, the same subnet or VLAN
2. Dip and rip can only be in the same network (subnet) and cannot span network segments
3. The rip address is usually a private address.
4. All rip entries must use dip as the gateway (address translation)
5. Nat addresses can be converted to ports (for example, 80 -- 8080)
6. Any operating system can perform rip.
7. Director may become the bottleneck of the entire system.
Data transmission:
Through layer-2 (data link layer) Forwarding (ARP), the MAC address of Dr is converted to the MAC address of RIP (not changed, but forwarded), so that data transmission is realized, after the RSS response, convert the rss mac address to the rip MAC address.
= ======================================
Principle of LVS-DR Model
The user's request must go through ctor, And the RealServer directly returns the request in response (the figure shows a problem, there may be different gateways, and there is still a vro)
You must configure iptables rules to reject MAC address translation or modify the Linux kernel response.
Advantages: Because it has less address translation than Nat, the response speed is faster.
Features
1. It must be in the same physical network(Connected to the same vswitch)
2. Rip can use a public IP address (recommended)
3. Director only forwards requests, while RealServer directly responds to requests without forwarding
4. the gateway of the cluster node cannot point to dip
5. Cannot perform port conversion (not supported)
6. The vast majority of operating systems can implement RealServer, while RealServer needs to configure multiple IP addresses for the same Nic
7. Dr-mode ctor can drive more nodes than Nat-Mode
Data transmission:
Solution data entry:
To avoid direct Rs response, set the VIP address for Lo: 0 on the server and CIP for the local Nic so that the RS will not respond directly, hiding the RS
Solve the problem:
By default, Linux sets the NIC from which the data packet is sent, and the source address is set to the NIC address. By adding a special route, If the destination address is Lo's VIP address, set the source address to the lo address when you exit.
Routing Information principle:
Add a host route and set the VIP address as a network segment. The subnet mask is 255.255.255.255. In this way, the VIP address becomes the best IP address when it goes out.
The best performance on the Internet is the Dr application,However, a disadvantage is that the distance between hosts must be relatively close (such as a data center ),In the event of natural disasters and man-made disasters, the cluster will be over, so we need to use tunnels such as VPN to achieve remote distribution.
= ======================================
Principle of LVS-TUN Model:
Virtual tunnel implementation:
1. leased line (encrypted)
2. Layer 2: add a layer of MAC outside of Mac
3. Layer 3: add an IP address to the target IP Address
Tunneling objective: to hide an intent by converting an IP address (IP address set)
Features:
1. The cluster node and director do not have to be in the same network
2. The rip must use a public IP address.
3. Director only needs to process incoming requests and does not need to process outgoing requests.
4. The response request must not pass through direcor.
5. Directory does not support port ing
6. Only the operating systems that support the IP tunneling protocol can be used as RealServer.
Advantage: The LVS-TUN can implement a network-based cluster, which is out of the distance between realservers of the LVS-DR.
= ======================================
The load balancing of LVS depends on the algorithm (Scheduling Methods: Scheduling Method)According to their characteristics, they are divided into the following two categories:
1. fiexd scheduling static (fixed)
2. dnamic scheduling Dynamics
Fiexdscheduling static Algorithm
Features: The connection status of the backend RealServer is not considered, but the number of backend connections must be considered as standard dynamically.
1. Round-Robin (RR) Round Robin
Both the first access to A, the second access to B, and the third access to ..... Loop down
2. Weighted Round-Robin WRR
Enhanced argument: Improving the backend server response capability
The weight is defined based on the response capability of the backend server, and requests are forwarded based on the weight.
3. Destination hashing DH
Objective: To implement fixed forwarding for requests targeting the target address
Forward specific requests from the same userFixed specified host (such as providing Web Services)To improve the cache (webpage File Cache) Utilization (hit rate ).
4. Souce hashing sh
Purpose: always forward the address from the same user to the router or firewall
Application scenarios:
Specify users' requests to different firewalls on average to achieve an average Intranet load, and use a specific firewall (GATEWAY) To Go Out (access the Internet)
Static algorithm defects: Ignore the background real-server load and connection status
Dynamic algorithm: dynamicscheduling mehtodd
There are two concepts:
Active connection: the real-server in the background is currently inActive and establishedstate (to be associated), Such as SSH, or telnet, will remain active.
Inactive connection:Inactive or non-fin data packets, such as httpd (keepalive is not enabled ),Httpd, unless keepalive is enabled, is directly disconnected after sending, and is in inactive state.
Related dynamic Algorithms
1. LC least-connection least connections
LC also checks the number of active connections and the number of inactive connections on a host. The minimum number of connections (the number of active connections is small) will accept the next connection request.
LC detects both active connections and inactive connections. It uses active connections * 256 + inactive connections as overhead connections.Who is the child of overhead?, To whom
However, the inactive connection also affects the connection. When the active connection ratio is large, the result will be affected.
2. wlc weighted least-connection weighted least connections
Weighted by machine performance. Overhead/weighted request to be forwarded to the small one
The weighted algorithm is one of the best algorithms in cluster applications and is fair.
2. Sed shortest expected delay minimum latency
Improvements based on wlc
Overhead = (Active + 1) * 256/weighted
We will not consider the inactive state. We will implement the number of active States + 1 with the smallest number and accept the next request.
The purpose of + 1 is to consider excessive inactive connections during weighting.
Defect: When the permission is too large, the idle server is always in the unconnected state.
NQ algorithm never queues
Ensure that there is no space for a host.Based on SED, no matter how many, the second time must be given to the next one,Ensure that no host is idle
NQ is used without considering inactive connections. Sed should consider active connections.
For dns udp, you do not need to consider non-active connections, while for httpd services in the maintained state, you need to consider the pressure of non-active connections to the server.
Lblc is based on local least join algorithm
Difference from DH: Considering the backend load capacity and connection conditions
Supports weight, which is improved based on the wlc
Lblcr local least number of connections with replication
It is an improvement for lblc and can achieve Load Balancing Based on lblc
Judge the backend, who has few connections. When a has many connections while B is idle, part of a's connections will be allocated to B (breaking the original rules, avoid unfair scope)