I. IntroductionLinux Virtual Server (LVS) is a Virtual Server in Unix-like systems and one of the most outstanding projects contributed to open-source organizations in China. LVS exists as a front-end (ctor) in Unix-like systems and is also called a scheduler. It does not provide any services, only requests that come in through the Internet are accepted and then forwarded to the real server running in the background for processing, and then the response is sent to the client. LVS has two important components: IPVS and IPVSADM. Ipvs is the core component of LVS. It is just a framework, similar to iptables, and works in kernel space. Ipvsadm is used to define the forwarding rules of LVS and works in the user space. LVS has three forwarding types: 1. LVS-NAT model, known as Network Address Translation, implementation is relatively simple. 2. LVS-DR model, called direct routing model, is widely used. 3. LVS-TUN model, called tunnel model.
Ii. attributes of the three models of LVS:
1. LVS-NAT model's working attributes or features: (1 ). all RealServer cluster nodes and front-end scheduler ctor must be in the same subnet (2 ). generally, the IP address (RIP) of the RealServer is a private address, which facilitates communication between RealServer cluster nodes (3 ). generally, the front-end ctor has two IP addresses, one of which is VIP and is a virtual IP address. The client initiates a request to this IP address. One is DIP, which is the real IP address of ctor. The RIP gateway must point to the DIP of Director. (4 ). this model can implement port ing (5 ). the operating system of RealServer can be any operating system (6 ). the front-end ctor Ctor not only processes the request initiated by the client, but also the response information of the backend RealServer, and forwards the response information of the RealServer to the client (7 ). front-end ctor easily becomes the bottleneck of the overall cluster system performance. 2. LVS-DR model's working attributes or features: This model works through MAC address forwarding, how to forward will be described later. (1 ). all RealServer cluster nodes and front-end scheduler ctor must be in the same physical network (2 ). RIP can use a public IP address (3 ). the RIP gateway cannot point to DIP (4 ). the front-end ctor only processes client requests and then forwards the requests to the RealServer. the backend RealServer directly responds to the client and does not pass through Director (5 ). this model does not support port ing (6 ). realServer can use most operating systems (7 ). the performance of this model is better than the basic working attributes or features of the LVS-NAT3.LVS-TUN model (1 ). the RealServer server and the frontend ctor can be in different networks (2 ). RIP must not be a private IP (3 ). the front-end ctor only processes client requests, and then forwards the requests to the RealServer. the backend RealServer directly responds to the client and does not go through Director (4 ). this model does not support port ing (5 ). which operating systems support IP tunneling can be used by RealServer?
3. LVS Scheduling Method:
1. fixed Scheduling Method static server adjustment Method (1 ). RR round robin (2 ). WRR Weighted Round Robin (3 ). DH target address hash (4 ). SH source address hash2.Dynamic Scheduling Method dynamic server adjustment Method (1 ). least LC connections (2 ). WLC weighted least join (3 ). SED minimum expected latency (4 ). NQ never queues scheduling method (5 ). LBLC is based on local minimum connections (6 ). LBLCR local least-connection with replication
Iv. Rule SADM component definition rule format:
1. define the cluster service format: (1 ). add cluster service: ipvsadm-A | E-t | u | f service-address [-s scheduler] [-p [timeout] [-M netmask]-: add a new cluster service-E: edit a cluster service-t: Indicates tcp protocol-u: Indicates udp protocol-f: Indicates firewall-Mark, and the firewall marks service-address: the IP address of the cluster service, that is, the duration of the persistent connection of the scheduling algorithm-p specified by VIP-s, for example, # ipvsadm-Lcn, view persistent connection status-M definition mask ipvsadm-D-t | u | f service-address delete a cluster service ipvsadm-C clear all rules ipvsadm-R reload rule ipvsadm-S [-n] Save rule 2. add RealServer rules to the cluster service: (1 ). add RealServer rule ipvsadm-a | e-t | u | f service-address-r server-address [-g | I | m] [-w weight]-a to add a new realserver rule-e edit realserver rule-t tcp protocol-u udp protocol-f firewall-Mark, firewall tags service-address realserver IP address-g representation defined as LVS-DR model-I representation defined as LVS-TUN model-m representation defined as LVS-NAT model-w defined weight, the following describes the specific weights SADM-d-t | u | f service-address-r server-address -- delete a realserver‑sadm-L | l [options] -- view the defined rules as shown in Figure: # ipvsadm-L-n ipvsadm-Z [-t | u | f service-address] -- clear the counter
5. LVS-NAT model example
1. First, configure the network environment. Three virtual machines are required (this experiment is completed on the Virtual Machine). One is used as the Director, and the other two are RealServer1 and RealServer2.
Director requires two NICs. The Eth0 Nic is Birdged, The Eth1 Nic is Host-only, and the NIC of RealServer1 and RealServer2 are also Host-only. 2. To demonstrate the effect, configure the two NICs of ctor into IP addresses not in the same CIDR block. The IP addresses of RealServer1 and RealServer2 are in the same CIDR block. The plan is as follows:
Note: You must configure the Vmnet1 IP address of the local physical machine and the Eth1 Nic IP address of ctor in the same network segment, at the same time, point the gateways of RealServer1 and RealServer2 to the Eth1 NIC address of the ctor host, as shown in:
3. After the network environment is configured, configure ipvsadm to ensure that the IP address of Eth0 can be pinged on the physical machine, as shown in:
Ping indicates that the physical host can communicate with the Director virtual host. 4. on the Director virtual host, configure: # echo 1>/proc/sys/net/ipv4/ip_forward -- enable the IP forwarding function # rpm-qa ipvsadm -- check whether ipvsadm is installed, if not installed, install it directly by using yum installation # yum install ipvsadm-y to define LVS-NAT model rules here using a web server demo, nginx services are provided on both 192.168.24.44 and 192.168.24.45. The webpage information provided by 192.168.24.44 is "welcome realserver 1 ", the webpage information provided by 192.168.24.45 is "welcome realserver 2" # ipvsadm-A-t 172.16.100.24: 80-s rr # ipvsadm-a-t 172.16.100.24: 80-r 192.168.24.44-m # ipvsadm-a-t 172.16.100.24: 80-r 192.168.24.45-m # ipvsadm-L-n -- view the defined rules. These rules are temporary rules, it will not take effect permanently. To save the rule permanently, run the following command: # service ipvsadm save 5. access 172.16.100.24 in the Internet Explorer, as shown in:
If you access 172.16.100.24 in the google browser, the following information is displayed:
If you refresh the page or use different browsers, the page will be displayed in turn, which is the simplest Server Load balancer!
6. Implementation Process of LVS-DR model:1. first, plan the cluster and network environment. Three VMS are required, as shown in figure: Director can have only one Nic Eth0 and the connection type is Birdged ), nic connection types of RealServer1 and RealServer2 are also bridging (Birdged ):
2. configure cluster Service (1 ). on the Director server, configure: # ifconfig eth0: 1 172.16.100.100 broadcast 172.16.100.100 netmask 255.255.255.255 up # route add-host 172.16.100.100 dev eth0: 1 # echo 1>/proc/sys/net/ipv4/ip_forward -- enable IP Forwarding (2 ). configure on the realserve1 Server: # echo 1>/proc/sys/net/ipv4/conf/lo/arp_ignore # echo 1>/proc/sys/net/ipv4/conf/all/arp_ignore # echo 2> /proc/sys/net/ipv4/conf/lo/arp_announce # echo 2>/proc/sys/net/ipv4/conf/all/arp_announce # ifconfig lo: 0 172.16.100.100 broadcast 172.16.100.100 netmask 255.255.255.255.255 up # route add-host 172.16.100.100 dev lo: 0 (3 ). configure # echo 1>/proc/sys/net/ipv4/conf/lo/arp_ignore # echo 1>/proc/sys/net/ipv4/conf/all on the realserver2 Server /arp_ignore # echo 2>/proc/sys/net/ipv4/conf/lo/arp_announce # echo 2>/proc/sys/net/ipv4/conf/all/arp_announce # ifconfig lo: 0 172.16.100.100 broadcast 172.16.100.100 netmask 255.255.255.255.255 up # route add-host 172.16.100.100 dev lo: 0 (4 ). then configure the ipvsadm rule on ctor: # ipvsadm-A-t 172.16.100.100: 80-s rr-g # ipvsadm-a-t 172.16.100.100: 80-r 172.16.24.34 # ipvsadm-a-t 172.16.100.100: 80-r 172.16.24.44 (5 ). verify in the browser: Perform the first access, as shown in:
Perform the second access, as shown in:
3. ssl-based access [root @ mail ~] # Ipvsadm-A-t 172.16.100.100: 443-s rr [root @ mail ~] # Ipvsadm-a-t 172.16.100.100: 443-r 172.16.24.2-g [root @ mail ~] # Ipvsadm-a-t 172.16.100.100: 443-r 172.16.24.3-g
Ii. LVS Persistence and lvs persistent connectivityPersistent connection type: (1 ). persistent Client Connections (PCC), Persistent Client connection: No matter what service (such as port 80 web service, port 3306 mysql Service) request the Client initiates, will be located on the same specific real server through ctor, as long as the real server provides this service and will continue to connect, if the client connection times out, real server allows A certain range of persistent connections. The default persistent connection duration is 300 m # ipvsadm-a-t 172.16.100.100: 0-p 1200 # ipvsadm-A-t 172.16.100.100: 0-r 172.16.100.34-g-w 10 # ipvsadm-a-t 172.16.100.100: 0-r 172.16.100.44-g-w 5 verification results such:
(2 ). persistent Port Connections (PPC), Persistent Port connection: No matter what Port requests the client initiates (such as Port 80, which provides web services, Port 23, is to provide the telnet service ....), all requests are forwarded to the same real server through ctor and are continuously connected. If a client requests a web service and corresponding to realserver1, the web service provided by realserver1. Iptables: [root @ mail ~] # Iptables-t mangle-a prerouting-I eth0-p tcp-d 172.16.100.100 -- dport 80-j MARK -- set-mark 20 [root @ mail ~] # Iptables-t mangle-a prerouting-I eth0-p tcp-d 172.16.100.100 -- dport 443-j MARK -- set-mark 20 [root @ mail ~] # Iptables-t mangle-L-nChain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- 0.0.0.0/0 172.16.100.100 tcp dpt: 80 MARK set 0x14 MARK tcp -- 0.0.0.0/0 172.16.100.100 tcp dpt: 443 MARK set 0x14 make port 80 and port 443 a persistent firewall tag, at the same time, it is directed to the same realserver, that is, it is realserver1 when accessing the 80 service, and then it is directed to realserver1 when accessing the 443 service, and defines the cluster service based on the firewall tag, it is also called the port's affinity. Ipvsadm: [root @ mail ~] # Ipvsadm-A-f 20-s wlc-p 1200 [root @ mail ~] # Ipvsadm-a-f 20-r 172.16.24.2-g-w 3 [root @ mail ~] # Ipvsadm-a-f 20-r 172.16.24.3-g-w 2 [root @ mail ~] # Ipvsadm-LnIP Virtual Server version 1.2.1 (size = 4096) Prot LocalAddress: Port sched1_flags-> RemoteAddress: Port Forward Weight ActiveConn InActConnFWM 20 wlc persistent 1200-> 172.16.24.3: 0 Route 2 0 0-> 172.16.24.2: 0 Route 3 0
This article is from the "knowledge system" blog