LVS/DR Mode of Load balancing

Unlike NAT mode, The DR's Load Balancer Scheduler works on the data link layer in the Network Seven layer protocol, which is the second tier. It forwards the packet to the actual application server by modifying the destination MAC address of the packet, and Most importantly, the response packet of the actual server is returned directly to the client without having to go through the load scheduler

1 , LVS , DR Introduction

lvs Yes linux Virtual Server in the real world Span style= "Color:rgb (51,51,51)" >b/s Structure of the network application in the load balancer to use, working in 7 Layer network model, the network layer, which is usually said ip layer, because data processing is in linux The kernel state is complete, so the performance is generally higher relative to the reverse proxy server;

DR is a Direct Routing The short name of the direct route, the reply packet is returned to the client through a separate routing method. The tunnel structure is not required, so you can use most Linux operating systems as physical servers.

2 , a simple LVS/DR Architecture Diagram

here, I'll simply draw LVS/DR deployment environment When the pattern is applied:

Let's assume that Baidu is using this architectural model (in fact, what is the structure of Baidu I did not field research)

Then to simulate the user access to the situation of Baidu.

1. users in the browser input http://www.baidu.com, the user's computer through the network to inquire DNS, Www.baidu.com The IP address of the domain name .

2.dns server via user's address, In the server list, select a lvs Virtual services ip address or an address that follows the polling policy.

can be used ping Www.baidu.com ip is returned. Span style= "Color:rgb (51,51,51)" > address, this ip address is our dns Return to our address. can also be used dig command, you can see www.baidu.com actually corresponds to 3 " Span style= "Color:rgb (51,51,51)" >ip address

3. the IP address obtained by the user's browser via DNS to access the LVS Server

4. Enter lvs/dr mode andLVS will supply the packet to APACHE or nginx -built reverse proxy server;

5. The reverse proxy server eventually sends the request to the application server;

6. After the application server completes the user request, it is returned directly to the user through the reverse proxy server, without having to pass the LVS server.

3 , IP aliases

The above is the situation from the user's point of view of the data, in this case, will involve a technology, that is IP aliases. It is important for the implementation of direct routing load balancing. A network interface can have an IP address, but a network interface can also have multiple IP addresses, which are called IP aliases.

through DR mode Load Balancer, the scheduler modifies the target of the packet by modifying the MAC address, and forwards the data to the actual application server. But notice, here does not modify the destination IP Address, when we forwarded the data out, the packet found itself to a place should not come, how to do?

I drove to a strange place (Nanpu Bridge), did not know the way, so I asked the roadside people (load balancing equipment), he told me an address ( LVS address), I drove to the direction of passers-by, I open ah, the roadside signs are written Lupu Bridge ( actual application server address ) .

If I do not know the road, then I must be dumbfounded, how to do, in the sign of the Lupu Bridge below, plus the words of the Nanpu bridge.

In this way, I saw the sign of the Nanpu Bridge, and I was able to follow the signs and move on.

IP aliases are similar to a sign on the "Lupu Bridge" and "Nanpu Bridge."

All we have to do is give the actual application server add and scheduler IP with the same address IP alias to allow the packet to run properly.

In addition, to prevent the actual application server from the network for the corresponding IP Aliases for ARP Broadcast:

Echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

Echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

Echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore

Echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce

4 , Configuration LVS/DR

set on the scheduler, and NAT pattern Similar

Ipvsadm–a–t 122.12.12.12:80–s RR

Ipvsadm–a–t 122.12.12.12:80–r 10.0.0.100:8000–g

Ipvsadm–a–t 122.12.12.12:80–r 10.0.0.101:8000–g

to add the actual application server, use the - G option, which means that the scheduler is told to forward packets using direct routing

5 , Performance

relative Lvs/nat mode, DR The pattern does not need to put the returned data through load balancer is forwarded, want him to play an advantage, then the corresponding number and length of the packet is much larger than the request packet, fortunately, most WEB services are characterized by asymmetric responses and requests, so common WEB service, you can use this mode.

in this way, the load balancer is no longer a system bottleneck. If your load balancer only has a 100M full-duplex nic and bandwidth, scaling through the cluster can also allow the entire system to reach 1G of traffic.

from LVS the test results from the official site also tell us that LVS-DR can accommodate - more than the actual application server, for the General Service, this performance is sufficient.

6 , shortcomings

DR mode, you cannot forward data across network segments, and if you have to load across network segments, you must use Lvs/tun mode.

LVS/DR Mode of Load balancing