Load Balancing cluster, LVS algorithm, building NAT mode LVS architecture

Source: Internet
Author: User
Tags curl haproxy

18.6 Load Balancing Cluster introduction

The software that realizes load Balancing cluster is: LVS, keepalived, Nginx, Haproxy and so on. The LVS belong to four layer (network OSI model), Nginx belongs to seven layer, haproxy can be considered as four layer, also can be used as seven layer.
LVS, Haproxy this four-tiered load balancer can distribute communications other than 80 ports, such as MySQL-3306, and Nginx only supports Http,https,mail.
In contrast, this four-layer LVS is more stable, can withstand more requests, and nginx this seven-layer more flexible, can achieve more personalized requirements.

18.7 LVS Introduction

LVS is based on TCP/IP Routing and forwarding, stability and efficiency is very high, the latest version of LVS is based on Linux kernel 2.6. There are three common modes of LVS: NAT, DR, IP Tunnel. There is a core role in the LVS architecture called the Dispatcher (Load Balance), which distributes various requests from clients, and many servers (real server, or RS), to handle various user requests.

Nat Mode


This model is implemented using the Iptables NAT table
After the user's request to the dispatcher, the requested packet is forwarded to the back-end RS via a preset iptables rule.
RS needs to set the gateway as the Distributor's intranet IP
The data packets that are requested by the user and the packets returned to the user are all passed through the dispatcher, so the dispenser becomes a bottleneck
In NAT mode, only the Distributor has a public IP, so it is more economical to save public IP resources.
In this mode, load balancer is a bottleneck that restricts the schema's handling of user requests, so the pattern is better suited for small-mode clusters (server RS is within 10 units), and this mode has the advantage of saving public network resources.

IP tunnel mode


This mode requires a common IP configuration on the Distributor and all RS, we call it VIP
The target IP requested by the client is the VIP, and after the dispatcher receives the request packet, the packet is processed and the target IP is changed to the IP of Rs so that the packet is on the RS
After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself
Dr Mode


This mode also requires a common IP configuration on the Distributor and all RS, which is the VIP
Unlike IP tunnel, it modifies the MAC address of the packet to the MAC address of the RS.
After the RS receives the packet, it restores the original packet so that the target IP is the VIP, because the VIP is configured on all RS, so it will consider itself
MAC (Media access control or medium access control) address, which is a translation of media access controls, or physical addresses, hardware addresses, to define the location of network devices. In the OSI model, the third layer of the network layer is responsible for the IP address, and the second layer of data link is responsible for the MAC address. So a host will have a MAC address, and each network location will have an IP address dedicated to it. The MAC address is determined by the NIC and is fixed.

ARP (Address Resolution Protocol) addresses resolution protocol, which is a TCP/IP protocol that obtains physical addresses based on IP addresses.
The OSI model divides network work into seven layers, with IP addresses on the third layer of the OSI model and MAC addresses on the second tier, not directly interacting with each other. When sending IP packets over Ethernet, it is necessary to encapsulate the third layer (32-bit IP address), the second layer (48-bit MAC address) header, but because only the destination IP address is known, do not know its MAC address, and can not cross the second to third layer, so need to use Address Resolution Protocol. Using the Address Resolution Protocol, the destination hardware address (MAC address) information can be resolved according to the IP address information in the IP packet header of the network layer, in order to ensure the smooth communication.

Scheduling algorithm for 18.8 LVs

Poll Round-robin RR
Weighted polling Weight Round-robin WRR
Minimum connection least-connection LC
Weighted minimum connection Weight least-connection WLC
The minimum connection based on locality locality-based Least Connections LBLC
Locally-based minimal connection with replication locality-based Least Connections with Replication LBLCR
Destination Address hash dispatch Destination Hashing DH
Source Address hash Dispatch source Hashing sh
The first four algorithms are commonly used.

18.9-18.20 LVS NAT Mode construction

Preparatory work

Network preparation

Three machines.

Distributor (Scheduler Director)
Intranet: External network:

Real Server1 (REAL1)
Intranet: set Gateway to:

Real Server2 (REAL2)
Intranet: set Gateway to:


To turn off the system firewall:
[Email protected] ~]# Systemctl stop Firewalld
[Email protected] ~]# systemctl disable FIREWALLD

To turn off SELinux:
[Email protected] ~]# Setenforce 0
[Email protected] ~]# Vim/etc/selinux/config
Note: These operations are performed on three machines respectively.

The following operations are performed in Real1 and Real2:

To install the Iptables service:
[[Email protected] ~] #yum install-y iptables-services

To set up the Iptables service:
[Email protected] ~]# iptables-f
[[Email protected] ~]# service Iptables Save
iptables:saving firewall rules to/etc/sysconfig/iptables:[OK]
Description: The reason for this setting is that NAT mode is a schema based on the firewall Nat table, so the iptables rule is used.

Start building

Configure Director:

To install the Ipvsadm tool:
[email protected] ~]# Yum install-y ipvsadm

To configure the Ipvsadm script:
[Email protected] ~]# vim/usr/local/sbin/lvs_nat.sh
#! /bin/bash

Turn on routing forwarding on the director server

Echo 1 >/proc/sys/net/ipv4/ip_forward

Turn off redirection of ICMP

echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects

Note the name of the network card, Adai Two network cards are ENS33 and ENS37

echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects

Director Set NAT Firewall

Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s Masquerade

Director set IPVSADM rules

Ipvsadm= '/usr/sbin/ipvsadm '
#-c=clear, purge rule
#-a:=add, add rule;-t:=tcp;-s specify algorithm;
#在此可以添加-P: Specify timeout (resolve session issue: Ensure the same request is distributed to the same RS)
#因为添加-p option will affect the test effect, so this parameter is not added here (note: The time cannot be set to 0)
#-a:=add, adding Rs;-r in NAT Schema: Specify IP;-M for RS: Specify the LVS mode as NAT (Masquerade)
#-w:=weight, assigning weights

Execute the script:
[Email protected] ~]# sh/usr/local/sbin/lvs_nat.sh
#注: There is no error output when executing the script.

To view Ipvsadm rules:
[Email protected] ~]# IPVSADM-LN
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
- MASQ 1 1 3
- MASQ 1 0 4
Configure RS:

Install Nginx on both RS and set its homepage separately to differentiate between the two machines.

[email protected] ~]# Yum install-y nginx
[[email protected] ~]# systemctl start Nginx

Edit Rs1 Home Page:
[Email protected] ~]# vim/usr/share/nginx/html/index.html
This is real server 1.

Edit RS2 Home Page:
[Email protected] ~]# vim/usr/share/nginx/html/index.html
This is real server 2.

Access the public network ip:

[Email protected] ~]# Curl
This is real server 2.
[Email protected] ~]# Curl
This is real server 1.
[Email protected] ~]# Curl
This is real server 2.
[Email protected] ~]# Curl
This is real server 1.
[Email protected] ~]# Curl
That is, build success!

Load Balancing cluster, LVS algorithm, building NAT mode LVS architecture

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.