How does LVS/nginx handle session problems?

Source: Internet
Author: User
Tags nginx server

Business System Architecture:

Extension 1: nginx (master) + keepalived + nginx (Backup) + 3 web clusters + MySQL (master-slave) + EMC clariion cx4 Storage
Extension 2: LVS (master) + keepalived + LVS (Backup) + 3 web clusters + MySQL (master-slave) + EMC clariion cx4 Storage

The operating system uses 64-bit rhel5.4/centos5.4, the server uses hp360g6 + hp580g5, the front-end firewall of the Business System for wasai usg5000 + WAF-T3-500 (Anti-DDoS, phishing and injection attacks, etc)

If nginx Load balancer is used, ip_hash is used to replace the default RR method. That is, requests from a client IP address can be hashedAlgorithmLocate on the same backend Web server to avoid session loss and solve the session problem. However, the ip_hash command cannot ensure the load balancing of backend servers. Some backend servers may receive many requests, but some backend servers may receive fewer requests. In this way, the significance of load balancing is lost. Our solution is to write the user's login session information into the backend MySQL database, which is also achieved in the subsequent CMS system, and the effect is also good. Later, I proposed a compromise, if the number of concurrent nginx connections (that is, the nginx Server Load balancer's nginxstatus's active connections) is greater than 2000, the session is written into the MySQL database. If the number of concurrent connections is small, ip_hash works well.

In addition, if the ip_hash parameter is added to upstream, the test shows that a backend server does not automatically jump after it fails, the following method is recommended:

    1. upstream njzq.com {
    2. ip_hash;
    3. server 172.16.94.216: 9000 max_fails = 0 ;
    4. server 172.16.94.217: 9000 max_fails = 0 ;
    5. server 172.16.94.218: 9000 max_fails = 0 ;
    6. }

The ipvsadm-P scheme adopted by LVS in the second-to-second extension. The session persistence time is measured in seconds. I usually set it to 120 s. This option is very useful for dynamic websites: This session persistence function is available when users log on to the website from a remote account, you can forward user requests to the same application server. When a user accesses the server for the first time, his access request is forwarded to a real server by the Server Load balancer, so that he can see a login page, the first access is complete; then he enters the user name and password in the login box, then submit. At this time, the problem may occur-login fails. Because there is no session persistence, the Server Load balancer may forward 2nd requests to other servers. So is the connection always recommended between the client and the server after the configuration? Is the connection to another real physical server after 120 seconds? I tried the following experiment: LVS uses a single server, 192.168.1.102, VIP is 192.168.1.188, And the backend is two Web servers, 192.168.1.103 and 192.168.1.104.

Run the following script on LVS. Run the script on two real servers and bind the VIP address 192.168.1.188. Use the lvs_dr.sh and real. Sh scripts on the LVS and physical servers respectively.

  1. [Root @ ltos LVS] # Cat lvs_dr.sh
  2. #! /Bin/bash
  3. # Website Director VIP.
  4. Sns_vip=192. 168.1.188
  5. Sns_rip1=192. 168.1.103
  6. Sns_rip2=192. 168.1.104
  7.  
  8. ./Etc/rc. d/init. d/functions
  9.  
  10. Logger $0 called with $1
  11.  
  12. Case "$1" in
  13.  
  14. Start)
  15. # Set squid VIP
  16. /Sbin/ipvsadm -- set 30 5 60
  17. /Sbin/ifconfig eth0: 0 $ sns_vip broadcast $ sns_vip netmask 255.255.255.255 broadcast $ sns_vip up
  18. /Sbin/route add-host $ sns_vip Dev eth0: 0
  19. /Sbin/ipvsadm-a-t $ sns_vip: 80-s wlc-P 120
  20. /Sbin/ipvsadm-a-t $ sns_vip: 80-r $ sns_rip1: 80-g-W 1
  21. /Sbin/ipvsadm-a-t $ sns_vip: 80-r $ sns_rip2: 80-g-W 1
  22. Touch/var/lock/subsys/ipvsadm>/Dev/null 2>& 1
  23.  
  24. ;;
  25. Stop)
  26. /Sbin/ipvsadm-C
  27. /Sbin/ipvsadm-z
  28. Ifconfig eth0: 0 down
  29. Route del $ sns_vip
  30. Rm-RF/var/lock/subsys/ipvsadm>/Dev/null 2>& 1
  31. Echo "ipvsadm stoped"
  32. ;;
  33.  
  34. Status)
  35.  
  36. If [! -E/var/lock/subsys/ipvsadm]; then
  37. Echo "ipvsadm stoped"
  38. Exit 1
  39. Else
  40. Echo "ipvsadm OK"
  41. Fi
  42. ;;
  43.  
  44. *)
  45. Echo "Usage: $0 {START | stop | status }"
  46. Exit 1
  47. Esac
  48. Exit 0

Two real Web physical servers run the real. Sh script

  1. #! /Bin/bash
  2. Sns_vip=192. 168.1.188
  3. ./Etc/rc. d/init. d/functions
  4.  
  5. Case "$1" in
  6. Start)
  7. Ifconfig lo: 0 $ sns_vip netmask 255.255.255.255 broadcast $ sns_vip
  8. /Sbin/route add-host $ sns_vip Dev lo: 0
  9. Echo "1">/Proc/sys/NET/IPv4/CONF/LO/arp_ignore
  10. Echo "2">/Proc/sys/NET/IPv4/CONF/LO/arp_announce
  11. Echo "1">/Proc/sys/NET/IPv4/CONF/All/arp_ignore
  12. Echo "2">/Proc/sys/NET/IPv4/CONF/All/arp_announce
  13. Sysctl-P>/Dev/null 2>& 1
  14. Echo "RealServer start OK"
  15. ;;
  16. Stop)
  17. Ifconfig lo: 0 down
  18. Route del $ sns_vip>/Dev/null 2>& 1
  19. Echo "0">/Proc/sys/NET/IPv4/CONF/LO/arp_ignore
  20. Echo "0">/Proc/sys/NET/IPv4/CONF/LO/arp_announce
  21. Echo "0">/Proc/sys/NET/IPv4/CONF/All/arp_ignore
  22. Echo "0">/Proc/sys/NET/IPv4/CONF/All/arp_announce
  23. Echo "RealServer stoped"
  24. ;;
  25. *)
  26. Echo "Usage: $0 {START | stop }"
  27. Exit 1
  28. Esac
  29. Exit 0

It is observed that when the client 192.168.1.100 initiates the first connection request, The LVS Server Load balancer assigns it to the following physical server 192.168.1.104. After three handshakes are completed, the connection status is established, after the TCP connection is terminated for a considerable period of time, the actual Web server status is fin_wait, and the new connection initiated at 192.168.1.100 will always be connected to 192.168.1.104.

Note: a dynamic website refers to a PHP login. If the backend is a cache cluster, this session option can be removed. However, f5, currently, there is no chance to test the function.

During project implementation, I used to share with my colleagues the habit of dividing the entire system architecture into three layers: Server Load balancer layer, web layer, and database layer. I found that everyone liked to talk about the concept of cluster, I am confused about this concept. Although I know they are referring to LVS, I prefer to use the term Server Load balancer. The Server Load balancer is the nginx/lvs I mentioned above, they can distribute client requests to backend server clusters based on different algorithms, such as Apache, tomcat, and squid clusters. High Availability is to use the frontend Server Load balancer as a failover, that is, replace the standby machine with the faulty machine in a short time (<1 s, currently, mature load models are available in the LVS + keepalived and nginx + keepalived architectures (heartbeat I am mainly used in the intranet development environment and has not yet invested in the production environment, I suggest say Linux cluster, so you will know it is LVS environment, if the above statement or configuration is incorrect, please notify 51cto editor or the author of fuqin cooking wine yuhongchun027@163.com, we will Make corrections immediately to avoid misleading readers.

[51cto.com exclusive special article. This article will not be reprinted without authorization. Please indicate the author and source of the original article for the reprinted by the partner media !]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.