Layer-4 and layer-7 Load Balancing details, layer-4 and layer-7 Load Balancing
I. background of SLB:
SLB (Server Load balancer): when multiple servers provide the same service, the Server Load balancer device has a virtual service address. When a large number of clients access the virtual service IP address from outside, the server Load balancer device distributes these packet requests to backend Servers Based on the server Load balancer algorithm to balance the load pressure on each server, this prevents other services from running slowly or even downtime when they reach the performance critical point when there is less pressure on the server, thus improving service efficiency and quality. Therefore, for the client, the IP address of the RS (real server) is the virtual service IP address of the server Load balancer device. The real IP address of the RS server is invisible to the client.
Ii. Three SLB transmission modes:
Differences between layer-7 SLB and layer-4 SLB:
Layer-4 Server Load balancer: Set the service type to tcp/udp on the server Load balancer device. The Server Load balancer device will only be resolved to layer-4. After the Server Load balancer device shakes hands with the client three times, it will establish a connection with RS;
Layer-7 Server Load balancer: configure the service type of the Server Load balancer device to http/ftp/https. The Server Load balancer device parses the packets to layer-7. After the Server Load balancer device shakes hands with the client three times, connection with RS is established only when layer-7 messages are received.
Server Load balancer is mainly used in the following three transmission modes:
Reverse Proxy Mode
Passthrough Mode
Triangle Mode
In different modes, Server Load balancer devices work in different ways. However, in either mode, the request packets initiated by the client always need to be sent to the server Load balancer device for processing, this is the prerequisite for the normal operation of the Server Load balancer device. Simulate the network topology environment:
Client: 10.8.21.40
Server Load balancer device: 172.16.75.83
VIP: 172.16.75.84
RS1IP: 172.16.75.82
RS2IP: 172.16.75.85
During the entire packet interaction process, Tcpdump and Wireshark are used to capture packets at RS and Client respectively, and then Wireshark is used for packet parsing.
Iii. Reverse Proxy mode:
Reverse Proxy: A common proxy device is used by an intranet user to access the server Load balancer instance from the Internet. In this mode, an Internet user accesses the Server Load balancer instance through a proxy device, this is called reverse proxy.
In reverse proxy mode:
After receiving a request from the client, the Server Load balancer device records the packet (source IP address, destination IP address, Protocol Number, source port, destination port, service type, and interface index ), change the destination address of the packet to the IP address of the RS device after the optimization. The destination port number remains the same. The source address is changed to the IP address of the RS interface between the downlink Server Load balancer device and the corresponding RS device. The source port number is randomly sent to RS;
When the RS receives the packet, it will reply to the Server Load balancer device with the source IP address as the RS interface IP address, and the Server Load balancer device will change the source address to the VIP address, the destination port number is changed to the Source Port Number of the Client, and the destination IP address is changed to the source IP address of the Client.
Analyze the entire message interaction process:
TCP handshake process:
First, the Client sends a tcp syn Packet request to the server Load balancer device to establish a connection. The source IP address is the Client's IP address 10.8.21.40, the source port number is 50894, the destination IP address is the VIP address 172.16.75.84, And the destination port number is 80;
After receiving the request message, the Server Load balancer device responds to the syn ack packet with the source IP address 172.16.75.84, port 80, destination IP address 10.8.21.40, and destination port number 50894;
After receiving the packet, the Client replies to the ACK packet. the TCP three-way handshake is successful.
HTTP message interaction process:
After the Server Load balancer device and the client have three handshakes, if the configured layer-7 Server Load balancer receives an HTTP request, then, the corresponding RS (172.16.75.82 in this process) will be selected based on the server Load balancer algorithm and server health status, and a TCP connection will be established with RS:
The server Load balancer device sends a tcp syn packet to request a connection. The source IP address is the IP address 172.16.75.83 of the interface connecting the Server Load balancer device to RS. The source port number is 4574, And the destination IP address is RS 172.16.75.82;
After receiving the packet, RS replies to the syn ack packet with the source IP address 172.16.75.82, port 80, destination IP address 172.16.75.83, destination port number 4574, And the Server Load balancer device replies to the ACK packet to establish three handshakes;
Then, the Server Load balancer device changes the received HTTP packet source IP address to the IP address 172.16.75.83 for the downlink interface connected to RS. The source port number is a random port number and the packet is sent to RS;
After the RS receives the packet, it uses the local IP address 172.16.75.82 and the destination IP address 172.16.75.83 to reply. Therefore, the packet is sent directly to the Server Load balancer device;
After the Server Load balancer device receives the RS response packet, it changes the packet source to the VIP address 172.16.75.84, And the destination IP address 10.8.21.40 is sent back to the Client, then, change the destination port number to the source port number in the HTTP request message. The server access is successful.
Iv. passthrough mode:
When the Server Load balancer device is working in passthrough mode, RS cannot perceive the existence of the Server Load balancer device. for the Client, the rs ip address is the VIP address of the Server Load balancer device.
In this mode, when the server Load balancer device receives a packet whose source IP address is the Client IP address and the destination IP address is the local VIP address, the packets will be sent to the optimal RS device based on the load balancing policy and health condition, and then the RS device will receive the request message with the target local IP address and the source is the actual IP address of the Client;
Then RS will directly respond to this request. The destination IP address of the packet is the IP address of the Client. After the Server Load balancer device receives the packet, it changes the source IP address to the VIP address, then, send the message to the Client.
Result Analysis:
TCP handshake process:
Interaction Process in the same reverse proxy Mode
HTTP message interaction process:
The Client sends an HTTP request to the VIP address 172.16.75.84 of the Server Load balancer device with the source IP address 10.8.21.40. After the Server Load balancer device receives the packet, it performs TCP three-way handshake with the RS, the process is the same as that in reverse proxy mode. Then, the source IP address and source/destination port number of the received HTTP packet are modified to 172.16.75.82, instead of the destination IP address;
When the RS receives a packet from the IP address 10.8.21.40, it replies to the IP address 10.8.21.40. Note that the reply packet must be configured on the RS to pass through the Server Load balancer device, the server Load balancer device changes the source IP address to the VIP address 172.16.75.84 and forwards it to the Client. Otherwise, the Client will receive an HTTP packet with the source IP address 172.16.75.82 and the server fails to access it.
V. Triangle mode:
In triangle mode, when a client sends a request to a server Load balancer device, the Server Load balancer device calculates the optimal RS and forwards the packets to RS Based on the MAC address, configure the source IP address of the message on RS as the VIP address (usually configured on the loopback port). In this case, RS directly sends the message to the Client, this device does not process any response message even if it passes through the Server Load balancer device. Because the transmission path of a packet is similar to a triangle in the whole process, it is called the triangle mode.
Result Analysis:
TCP handshake process:
Because layer-4 SLB is used, the TCP handshake process is somewhat different from the above layer-7 SLB. When the Client and RS complete three handshakes, the Server Load balancer device will directly select RS, establish a TCP three-way handshake with RS;
In the triangle mode, because the RS Loopback port and the Server Load balancer device both have the VIP address 172.16.75.84, when the server Load balancer device selects the corresponding RS through the Server Load balancer algorithm, based on the mac address corresponding to the actually configured rs ip address, TCP connections are established for packets in the form of destination mac as RS and destination IP as VIP.
HTTP message interaction process:
First, the Client sends an HTTP request to the VIP address of the Server Load balancer device. The source address is 10.8.21.40. After the Server Load balancer device receives the packet, it forwards the packet directly to the RS. When the RS receives the source IP address 10.8.21.40, after the destination IP address is a packet from the local Loopback port IP address 172.16.75.84, the packet is directly sent back to 10.8.21.40, and the source IP address is 172.16.75.84. Thus, the server is successfully accessed.