Principles and implementation of six major Web load balancing and six major web Load Balancing
First understand the so-called "balancing"
It cannot be understood in a narrow sense that the workload assigned to all actual servers is the same, because the load capacities of multiple servers are different, which may be reflected in the differences in hardware configuration and network bandwidth, it may also be because a server has multiple roles. What we call "balancing" is that we hope that all servers will not be overloaded and play the role of the largest program.
1. http redirection
After an http proxy (such as a browser) requests a URL from the web server, the web server can return a new URL through the Location mark in the http response header. This means that the HTTP proxy needs to continue to request this new URL to complete automatic redirect.
Performance defects:
1. throughput limit
The throughput of the master Site Server is evenly distributed to the transferred server. Assume that the RR (Round Robin) scheduling policy is used, and the maximum throughput of the sub-server is 1000 reqs/s, so the throughput of the master server must reach 3000 reqs/s to fully play the role of three sub-servers. If there are 100 sub-servers, can the master server have a high throughput? Conversely, if the maximum throughput of the primary service is 6000 reqs/s, the average throughput allocated to the subserver is 2000 reqs/s, the maximum throughput of the current sub-server is 1000 reqs/s, so you have to increase the number of sub-servers to 6 to meet the requirements.
2. Different Depth of redirect access
Some redirect a static page, and some redirect a complex dynamic page, so the actual server load difference is unpredictable, but the main site server does not know anything. Therefore, it is not good for the whole site to use the redirection Method for load balancing.
We need to weigh the overhead of the transfer request and the overhead of processing the actual request. The smaller the former is than the latter, the larger the meaning of redirection, such as downloading. You can go to many image download websites and try to find that all basic downloads use Location for redirection.
Ii. DNS load balancing
DNS is responsible for providing domain name resolution services. When accessing a website, you must first obtain the IP address pointed to by the domain name through the DNS server of the website. In this process, the DNS server completes the ing from the domain name to the IP address. Similarly, the ing can be one-to-many. At this time, the DNS server acts as the Server Load balancer scheduler, it distributes user requests to multiple servers just like http redirect conversion policies, but its implementation mechanism is completely different.
Run the dig command to view the DNS settings of "baidu ".
It can be seen that baidu has three A records
Compared with http redirection, DNS-Based Load Balancing completely saves the so-called primary site, or the DNS server already acts as the primary site. But the difference is that, as a scheduler, the performance of the DNS server is almost unnecessary. Because DNS records can be cached by the DNS servers at all levels of the browser or Internet access service provider, the DNS server will request resolution again only after the cache expires. In other words, DNS does not have http throughput limit. Theoretically, the actual number of servers can be increased infinitely.
Features:
1. Intelligent Resolution can be performed based on the user's IP address. The DNS server can find A server closest to the user record in all available A records.
2. Dynamic DNS: update the DNS server every time the IP address is changed. Of course, a certain delay is inevitable because of the cache.
Disadvantages:
1. No user can directly see the actual server that the DNS is resolved to, resulting in inconvenience caused by debugging by the server O & M personnel.
2. Policy limitations. For example, you cannot introduce the context of an HTTP request to a scheduling policy. In the HTTP redirection-Based Server Load balancer system described earlier, the scheduler works at the HTTP level, it can fully understand the design of scheduling policies based on the application logic of the site after an HTTP request, such as filtering and transferring based on different URLs of the request.
3. To adjust the scheduling policy based on the Real-Time Load difference of the actual server, the DNS server needs to analyze the health status of each server during each resolution operation. For the DNS server, this kind of custom development has a high threshold, not to mention that most sites only use third-party DNS services.
4. DNS record caching. The caching of different programs on DNS servers at all levels will make you dizzy.
5. Based on the above points, the DNS server cannot properly balance the workload. Finally, whether or not to choose a DNS-based load balancing method depends on your needs.
Iii. Reverse Proxy Server Load balancer
This is certainly something that everyone has access to, because almost all mainstream Web servers are keen to support reverse proxy-based load balancing. Its core task is to forward HTTP requests.
Compared with the previous HTTP redirection and DNS resolution, the reverse proxy scheduler assumes the role of the user and the actual server intermediary:
1. Any HTTP request to the actual server must go through the Scheduler
2. The scheduler must wait for the HTTP response from the actual server and send it back to the user (the first two methods do not require scheduling feedback, but are directly sent to the user by the actual server)
Features:
1. Rich scheduling policies. For example, you can set different weights for different actual servers to achieve the effect of more effort.
2. High requirements on the concurrent processing capability of the reverse proxy server because it works at the HTTP layer.
3. The reverse proxy server requires certain overhead for forwarding operations, for example, creating a thread, establishing a TCP connection with the backend server, receiving the processing results returned by the backend server, analyzing the HTTP header information, frequent switching between user space and kernel space, etc. Although this time is not long, however, when the backend server processes requests for a very short period of time, the forwarding overhead is particularly prominent. For example, to request static files, it is more suitable to use the DNS-based load balancing method described earlier.
4. The reverse proxy server can monitor backend servers, such as system load, response time, availability, TCP connections, and traffic, so as to adjust the load balancing policy based on the data.
5. The reflection proxy server allows you to always forward all requests in a session cycle to a specific backend server (sticky session ), one advantage of this is to maintain local access to the session, and the other is to prevent the waste of resources in the dynamic memory cache of the backend server.
4. IP Server Load balancer (LVS-NAT)
Because the reverse proxy server works on the HTTP layer, its own overhead has severely restricted scalability and thus restricted its performance limit. Can we achieve load balancing at the HTTP level?
NAT server: it operates on the transport layer. It can modify the IP packet sent and change the destination address of the packet to the actual server address.
Starting from the Linux2.4 kernel, its built-in Neftilter module maintains some data packet filtering tables in the kernel, which contain rules for controlling data packet filtering. Fortunately, Linux provides iptables to insert, modify, and delete filter tables. What's even more exciting is that the ipv2.6.x kernel has a built-in IPVS module, which works in the Netfilter module, but it focuses more on IP load balancing.
If your server kernel has been installed with the IPVS module, you can
If there is output, IPVS has been installed. IPVS's management tool is ipvsadm, which provides a command line-based configuration interface that can be used to quickly implement the Load Balancing System. This is the well-known LVS (Linux Virtual Server, Linux Virtual Server ).
1. Enable the packet forwarding option of the Scheduler
Echo 1>/proc/sys/net/ipv4/ip_forward
2. Check whether the actual server uses the NAT server as its default gateway. If not, add
Route add default gw xx. xx
3. Use ipvsadm to configure
Ipvsadm-A-t 111.11.11.11: 80-s rr
Add a virtual server.-t is followed by the Internet ip address and port of the server.-s rr refers to the RR scheduling policy that adopts simple round robin (this is a static scheduling policy. In addition, LVS also provides a series of dynamic scheduling policies, such as the minimum connection (LC), weighted least connections (WLC), and the minimum expected time delay (SED)
Ipvsadm-a-t 111.11.11.11: 80-r 10.120.210: 8000-m
Ipvsadm-a-t 111.11.11.11: 80-r 10.120.211: 8000-m
Add two actual servers (no Internet ip addresses required).-r is followed by the Intranet ip address and port of the actual server.-m indicates that packets are forwarded in NAT mode.
Run ipvsadm-L-n to view the actual server status. In this way, we are done.
The experiment proves that the NAT-Based Load Balancing System is used. As a scheduler, the NAT server can increase the throughput to a new height, which is almost twice that of the reverse proxy server. This is mostly due to the low overhead of request forwarding in the kernel. However, when the request content is too large, the overall throughput of Server Load balancer is not much different, whether based on reverse proxy or NAT. This shows that the overhead of Server Load balancer is large, it is worth considering using a simple reverse proxy to build a Server Load balancer system.
The bottleneck of such a powerful system is the network bandwidth of the NAT server, including the internal network and external network. Of course, if you don't have enough money, you can spend money to buy a gigabit switch, a 10-ge switch, or even a Server Load balancer hardware device. But what if you are a slave?
A simple and effective method is to mix NAT-based clusters with the previous DNS, such as 5 clusters with Mbps egress broadband, and then use DNS to evenly direct user requests to these clusters, at the same time, you can also use DNS smart resolution to achieve nearby access to the region. This configuration is sufficient for most businesses, but the NAT server is not good enough for large-scale websites that provide services such as downloads and videos.
V. Direct routing (LVS-DR)
NAT is the transport layer (Layer 4) of the layered network model, while direct routing is the data link layer (Layer 2. It modifies the target MAC address of the data packet (without modifying the target IP address) and forwards the data packet to the actual server. The difference is that the response data packet of the actual server will be sent directly to the customer's slave, without passing through the scheduler.
1. Network Settings
Assume that one Server Load balancer scheduler, two servers, three Internet ip addresses and one server, the default gateways of the three servers must be the same, and the same ip address alias must be set, assume that the alias is 10.10.120.193. In this way, the scheduler will be accessed through the IP alias 10.10.120.193. You can direct the domain name of the site to this IP alias.
2. Add the ip alias to loopback interface lo
This is to prevent the actual server from looking for other servers with this IP alias and run the following in the actual server:
In addition, it also prevents the actual server from responding to ARP broadcasts from IP aliases in the network. Therefore, it also needs to execute:
Echo "1">/proc/sys/net/ipv4/conf/lo/arp_ignore
Echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce
Echo "1">/proc/sys/net/ipv4/conf/all/arp_ignore
Echo "1">/proc/sys/net/ipv4/conf/all/arp_announce
After configuration, you can use ipvsadm to configure the LVS-DR cluster.
Ipvsadm-A-t 10.10.120.193: 80-s rr
Listen SADM-a-t 10.10.120.193: 80-r 10.10.120.210: 8000-g
Ipvsadm-a-t 10.10.120.193: 80-r 10.10.120.211: 8000-g
-G means that data packets are forwarded through direct routing.
The biggest advantage of LVS-DR over LVS-NAT is that the LVS-DR is not limited by the scheduler bandwidth, for example, assuming that the three servers are limited to 10 Mbps at the WAN switch egress, as long as there is no speed limit on the LAN switch connecting the scheduler and the two actual servers, then the use of LVS-DR can theoretically reach 20 Mbps maximum egress broadband, because the response data packets of the actual server can be directly sent to the user end without passing through the scheduler, it has nothing to do with the outbound bandwidth of the scheduler and can only be related to itself. If you use a LVS-NAT, the cluster can only use up to 10 Mbps of broadband. Therefore, the more response data packets far exceed the service of the request data packet, the more overhead of the scheduler transfer request should be reduced, the more the overall expansion capability can be improved, and the more it depends on the WAN egress bandwidth.
In general, LVS-DR is suitable for building scalable Load Balancing systems, whether it is Web server, file server, and video server, it has excellent performance. The premise is that you must purchase a series of valid IP addresses for the actual device.
6. IP tunneling (LVS-TUN)
IP tunneling-based request forwarding mechanism: encapsulate the IP data packets received by the scheduler in a new IP data packet and forward it to the actual server. Then, the response data packets of the actual server can be directly sent to the client. At present, most Linux support, can be implemented with LVS, called LVS-TUN, and LVS-DR is different, the actual server and scheduler can be different from the same WANt network segment, the scheduler forwards requests to the actual server through the IP tunneling technology, so the actual server must also have a valid IP address.
In general, both LVS-DR and LVS-TUN are suitable for responding to and requesting asymmetric Web servers, and how to make a choice from them depends on your network deployment needs, because the LVS-TUN can deploy the actual server in different regions as needed, and transfer requests according to the principle of nearby access, so there is a need like this, should choose LVS-TUN.