server cluster load Balancing (F5,LVS,DNS,CDN) distinction and selection

=======================================

F5 Full Name: F5-BIG-IP-GTM Global traffic manager.

is a company called F5 Networks development of the four-seven-layer switch, hardware and software bundles.

It is said to have originally used BSD systems, which are now Linux; hardware is Intel's PC architecture, plus the surrounding network and dedicated acceleration devices.

Of course, to mention the price, are hundreds of thousands of RMB worth.

This baby is the device that is used to manage the distribution of traffic and content, i.e. load balancing.

It can be seen from the name: Big-ip.

The exterior appears to be an IP, but it is an internal dozens of application server. Performance as a virtual large server.

So I said: good big one IP.

LVS = Linux Virtual Server

Is our Chinese, a doctor called Zhangwensong developed,

His web:http://zh.linuxvirtualserver.org/.

Information on the IBM Web site: Cluster scalability and its distributed architecture (4)

Doctor's comparison of LVs and F5:

On the difference between and F5, it is difficult to say clearly, are doing load-balancing equipment.

F5 is also based on BSD system modifications (it is said to be the latest Linux based), but the important swap is implemented through a dedicated switching chip (similar to the special image processing chip, can save a lot of CPU on image processing operations), In this way, his performance will not depend very much on the processing power of the host's operating system.

F5 load balance is mostly based on Nat/snat, can also achieve proxy, but with less, as a listed company, F5 Natural in the degree of product to do very well, regardless of configuration management convenience, flexibility, performance and stability are relatively good.

LVS in the NAT mode, and F5 function is basically the same, but after all LVs is pure software, performance is dependent on the computing power of the host.

Moreover, LVS is an open source project, should not and a commercial product to compare, others that is to sell, there are many people to maintain and develop, and LVS has been a doctor's duty to maintain the development of a better function, it needs more people to participate in the only line.

That's pretty thorough.

DNS polling is the simplest and most effective way to achieve load balancing, with very low cost in all respects. The goods are very cheap and enough.

The disadvantage is that because there is no detection mechanism, not balanced, fault-tolerant response time is long.

Domestic portal with a lot of this technology, with squid has a very good effect.

Of course, without load balancing, pulling several lines directly from multiple ISPs, providing services is the most original method.

CDN = Content Delivery Network, contents distribution network.

The above is the implementation of the CDN method.

The domestic open service is very few (ChinaCache), but abroad is very popular.

is to provide the cache node, which transforms the access of the target network content into the neighboring node's access.

Response speed/security/transparency/expansion, especially in China, which has not yet liberated Taiwan, is even greater under the network pattern of North-South Division.

But also the noble service, the construction cost is very high.

ADSL + DDNS + CDN is another way to build a small station.

The rental cost of space investment in the flow, directly effective. But electricity and stability are not optimistic.

In fact, CDN is not just doing web services, such as in Korea, most of the CND traffic is occupied by online games.

Just imagine, if you can spread the CDN node in a wide range, it is necessary to have a game so many areas, occupy so many servers?

The conclusion is that while the actual access to the connection and response speed has a significant impact on the current network game, the development bottleneck lies in computing power and data storage access.

Another imagine, the CDN and peer-to-peer combination of Internet personal pc as long as the provision of CDN services, you can get the monthly commission of XX dollars. It's up to the information and application providers to pay for it.

This is a benign development of the industrial chain, like Google next year to launch a free mobile phone, let advertisers pay the same.

But the only thing that is not happy is the ISP, and now the sharing of BT is blocked.

Unless the business is monopolized by them, it is also the end of zombies.

Nor is the user harmless, and data security and information are challenged in a timely manner.

GV is not to see the play, and now there are Web sites can be sealed, write a blog to 1 million registered capital;

If a heap of SSL encrypted data around, the dragon without a tail, how to shield filtration, how to prevent Chuan Ah ~

Looking back at the eyes, the more you look like the net pick, simply to pick a complete

F5 Function Introduction:

1. Multi-link load balancing and redundancy

The key business related to the Internet needs to arrange and configure multiple ISP access links to ensure the quality of network services, eliminate single points of failure and reduce downtime. Multiple ISP access schemes are not a simple routing problem for many different wide area networks, because different ISPs have different autonomous domains, so it is important to consider how to achieve multiple link load balancing in two situations:

More..

Less..

Internal application systems and network workstations in accessing the Internet services and Web sites can be in a number of different links dynamic allocation and load balancing, which is also known as outbound traffic load balance.

External users of the Internet can also dynamically balance the distribution on multiple links while accessing internal Web sites and application systems externally. And can automatically switch to another link to the server and application system when a link is interrupted, which is also known as load balancing for inbound traffic.

The F5 big-ip LC can intelligently solve the above two problems:

For outbound traffic, Big-ip LC received traffic, you can intelligently assign outbound traffic to different Internet interfaces, and do the source address of NAT, you can specify a legitimate IP address for the source address of the NAT, can also be used BIG-IP The interface address of LC is automatically mapped to ensure that packets are received correctly when returned.

For inbound traffic, the BIG-IP LC binds to the public address of two ISP service providers, resolving DNS resolution requests from two ISP service providers respectively. BIG-IP LC can not only respond to the server's health and response speed Ldns the corresponding IP address, but also through two links with the Ldns to establish a connection, based on the RTT time to determine the quality of the link, and the integration of the above two parameters to respond to ldns corresponding IP address.

2. Firewall Load Balancing

Considering that the vast majority of firewalls can only reach the line speed of 30% throughput, so the system to achieve the design requirements of the wire speed processing capacity, must add more than one firewall to meet system requirements. However, the firewall must require the data to come in and out, or the connection will be rejected. How to solve the load balancing problem of firewall is the key problem of the stability of the whole system.

F5 's firewall load Balancing scheme can provide users with the ability of load balancing and automatic fault elimination for heterogeneous firewalls. A typical way to improve firewall processing is to use a "firewall sandwich" approach to achieve the sustainability of transparent devices. This can meet the requirements of certain applications that require the customer to complete a transaction through the same firewall, and maintain the original network security isolation requirements. The F5 standard firewall solution is shown in the following illustration:

Firewall load balanced connection schematic diagram

3. Server Load Balancing

For all external service servers, virtual server can be configured on BIG-IP to achieve load balancing while BIG-IP can continuously check the health of the server and remove it from the load-balancing group once it discovers the failed server.

BIG-IP uses a virtual IP address (The VIP consists of the IP address and the port of the TCP/UDP application, which is an address) for one or more of the user's target servers (called nodes: the IP address of the target server and the port of the TCP/UDP application, which can be the private network address of the Internet. ) to provide services. Therefore, it can provide server load Balancing service for a large number of TCP/IP based network applications. Depending on the type of service, the server group is defined and the traffic can be directed to the appropriate server based on the different service ports. Big-ip continuously to the target server L4 to the L7 rationality check, when the user requests the target Server service through the VIP, Big-ip root according to the target server performance and the network health condition, chooses the performance best server to respond the user's request. If we can make full use of all the server resources and allocate all the traffic balance to each server, we can effectively avoid the "unbalanced" phenomenon.

Using Uie+irules, the TCP/UDP data packet can be opened and the characteristic data is searched, then the corresponding rules are processed according to the search feature data. As a result, traffic can be directed to the appropriate server depending on the user's access to the content, for example, by directing traffic to the appropriate server based on the URL of the user's access request.

4. High availability of system

System high availability can be considered mainly in the following aspects:

4.1. The high availability of the equipment itself: F5 Big-ip specially optimized architecture and excellent processing ability to ensure 99.999% uptime, in the dual-machine redundancy mode can realize the millisecond switch, to ensure the stable operation of the system, in addition to the redundant power module optional. In the use of dual-computer backup mode, the standby switching time will be the fastest in 200ms to switch. BIG-IP products are the industry's only product that can reach the millisecond level switch, and the design is very reasonable, all sessions through the active BIG-IP, the session information through the synchronized data line synchronized to backup Big-ip, to ensure that in the backup User access to session information is also available within the BIG-IP, and the watchdog chip in each device monitors the power frequency of the opposing device through the heartbeat line, and when active BIG-IP fails, watchdog first discovers and notifies backup Big-ip to take over the shared IP , VIP, etc., complete the switching process, because backup big-ip in advance synchronization of good session information, so you can guarantee access to unimpeded.

4.2. Link redundancy: BIG-IP can detect the running status and availability of each link, and achieve real-time detection of links and ISP faults. Once a failure occurs, traffic is transparently and dynamically booted to other available links. By monitoring and managing two-way traffic to and from the data center, both internal and external users can maintain a full time connection to the network.

4.3. Server redundancy, multiple servers provide services at the same time, when a server failure can not provide services, user access will not be interrupted. Big-ip can perform health checks on servers at different levels in the OSI seven-tier model, real-time monitoring server health, if a server failure, BIG-IP determined that it can not provide services, it will be in the service queue, to ensure that the user's normal access to the application, to ensure the correctness of the response content.

5. High safety

BIG-IP uses the firewall design principle, is the default rejects the device, it may add the extra security for any site, the defense Ordinary network attack. It can be easily and securely managed remotely by supporting the command line SSH or supporting browser-managed SSL, improving the security of the device itself, removing idle connections to prevent denial-of-service attacks, being able to perform source route tracking to prevent IP spoofing, and rejecting SYN attacks without ACK buffer acknowledgement; Reject Teartop and land attacks, protect yourself and the server from ICMP attacks, and do not run SMTP, FTP, Telnet, or other vulnerable daemon programs.

The dynamic reaping feature of BIG-IP can efficiently remove idle connections from various types of network Dos attacks, which protects big-ip from being paralyzed by excessive traffic. Big-ip can speed up the connection cut-off rate as the attack volume increases, providing a solution that is highly adaptable and capable of defending against the maximum amount of attack.

BIG-IP's delay binding technology can provide comprehensive SYN flood protection for servers deployed behind Big-ip. At this point, the BIG-IP device acts as a security agent to effectively protect the entire network.

Big-ip can be combined with other safety equipment to build a dynamic security defense system. The BIG-IP can generate a control access list based on the number of connections in the user's unit time and load the list onto other security devices to effectively control the attack traffic.

6.SSL acceleration

On each BIG-IP, SSL hardware accelerator chips are available, and with a license of 100 TPS, users can save their investment by using SSL acceleration for 100 TPS without paying separately. When the system expands in the future, it is easy to upgrade the SSL acceleration performance by license.

7. System Management

BIG-IP provides HTTPS, SSH, Telnet, SNMP and other management methods, user clients need only the operating system with the browser software, no need to install other software. Remote administration can be facilitated and securely by supporting the command line of SSH or SSL that supports browser management. Intuitive, Easy-to-use Web graphical user interface services reduce the cost of implementation and maintenance of multiple ownership infrastructure.

BIG-IP contains detailed real-time reports and historical reports that allow you to benchmark site traffic, related ISP performance, and estimated bandwidth billing cycles. Administrators can fully control the utilization of bandwidth resources through a comprehensive reporting function.

In addition, through the F5 I-control development package, at present there are already based on I-control development of network management software X-control, can be customized for the system service characteristics of the monitoring system, such as the flow of services, a variety of service connections, access, node health status, etc. for visual display.

Alarm mode can provide syslog, SNMP trap, mail and other means.

8. Other

Memory expansion capability: F5 Big-ip more than 1000 units can be expanded to 2G memory, at this time can support 4 million concurrent reply.

Upgrade capability: F5 All equipment can be upgraded by software, within the service validity period, upgrade package by F5 Company provided. F5 Networks has released the latest version of its system, Big-ip V9.0, with the following features: Virtual Ipv4/ipv6 applications, accelerated Web applications up to 3 times times, reduced 66% or more infrastructure costs, ensuring high priority application performance, ensuring higher levels of availability, Dramatically improve network and application security, strong performance, simple management, unmatched adaptive capabilities and extended capabilities and breakthrough performance. Its powerful HTTP compression features can shorten the user download time by 50%, saving 80% of the bandwidth.

IP address filtering and bandwidth control: Big-ip can filter packets based on access control lists and bandwidth control for a critical application to ensure the stable operation of critical applications.

Configuration management and System reporting: F5 BIG-IP provides Web interface configuration and command-line configuration management, and provides rich system reporting, as well as the development of complex configuration and report generation through I-control.