Summary of advantages and disadvantages of LVS, Nginx and Haproxy forwarding modes

Vaguely mind now only upstream, Dr, Ip_hash these words. Now on the three forwarding way to do the summary.
One, the LVS forwarding mode

LVS is a highly probable software written by Dr. Zhangwensong on the four floor. Unlike the latter two support seven-tier forwarding, but also because of its simplicity, so it is the most stable. There are three kinds of IP load Balancing technologies: Vs/nat (Virtual server via network address translation), Vs/tun (virtual server via IP tunneling), and vs/ DR (Direct Routing), the specific comparisons between the three are shown in the following table

Lvs
Second, Nginx load mode

Nginx has five load algorithm modes: Polling, weight (weights), Ip_hash, fair, Url_hash. Now explain:

Polling (default): Each request is assigned to a different back-end server in chronological order, and can be automatically removed if the backend server is down.
Weight: Specifies the polling probability, proportional to the weight and the access ratio, for the performance of the backend server. Configured as:

Upstream Bakend {
Server 192.168.0.14 weight=10;
Server 192.168.0.15 weight=10;
}

Ip_hash: Each request is allocated according to the hash result of the access IP, so that each visitor has a fixed access to a back-end server that resolves the session's problem. Configured as:

Upstream Bakend {
Ip_hash;
Server 192.168.0.14:88;
Server 192.168.0.15:80;
}

Fair: The response time of the backend server is allocated to the request, the response time is short priority assignment.

Upstream Backend {
server Server1;
Server Server2;
Fair
}

Url_hash: Assigns requests by accessing the hash result of the URL, directs each URL to the same back-end server, and the backend server is more efficient when cached. Configuration such as:

Upstream Backend {
Server squid1:3128;
Server squid2:3128;
Hash $request _uri;
Hash_method CRC32;
}

Note: In the fifth mode, you need to pay attention to add hash statements in the upstream, the server statement can not write weight and other parameters, Hash_method is the use of the hash algorithm.

The following parameters are frequently followed by the server:

Down indicates that the server before the order temporarily does not participate in the load
The larger the weight defaults to 1.weight, the greater the weight of the load.
Max_fails: The number of allowed requests failed defaults to 1. Returns the error Proxy_next_upstream module definition when the maximum number of times is exceeded
Fail_timeout:max_fails after a failure, the time of the pause.
Backup: All other non-backup machines request backup machines when down or busy. So this machine will be the lightest pressure.

Third, Haproxy

Haproxy is the most of the load algorithm between the three, there are eight kinds, so its application scenario is the most, the configuration is also the most flexible, the specific 8 algorithms are:

①roundrobin, a simple polling, which is the basic load balance;

②STATIC-RR, which is similar to the nginx weight algorithm according to the weights;

③leastconn, which means that the least connected person is treated first, is somewhat similar to the fair of Nginx, but fair is based on response time;

④source, said that according to the request source IP, this is similar to the Nginx Ip_hash mechanism, we use it as a solution to the session problem of a method, suggest concern;

⑤ri, representing the url_hash of the Nginx, according to the requested URI;

⑥rl_param, representing the URL parameter ' balance Url_param ' requires an URL parameter name according to the request;

⑦HDR (name), which indicates that each HTTP request is locked according to the HTTP request header;

⑧rdp-cookie (name), which indicates that each TCP request is locked and hashed according to a cookie (name).

Disadvantages

The advantages and disadvantages of the three load balancers are described below:

The advantages of LVS:
1, strong load resistance, work on the 4th floor for distribution only, no flow of production, this feature also determines that it in the load-balancing software performance of the strongest; no flow, while ensuring that the performance of the Equalizer IO will not be affected by large flow;
2, the work is stable, oneself has the complete dual machine hot standby plan, like lvs+keepalived and lvs+heartbeat;
3, the application of a wide range of applications can be done to load balance;
4, the configuration is relatively low, this is a disadvantage is also an advantage, because there is not too much configuration of things, so do not need too much contact, greatly reduce the probability of human error;
The disadvantages of LVs:
1, the software itself does not support regular processing, can not do static and dynamic separation, which highlights the advantages of nginx/haproxy+keepalived.
2, if the site application is relatively large, lvs/dr+keepalived is more complex, especially after Windows Server application of the machine, implementation and configuration and maintenance process is relatively troublesome, relatively, nginx/haproxy+ The keepalived is much simpler.
#############################################################

1. Lvs/dr How to handle the request message, will modify the IP packet content?

1.1 VS/DR itself will not care about the information above the IP layer, even if the port number is the TCP/IP protocol stack to determine whether the correct, vs/dr itself mainly to do so several things:

1 to receive the client's request, according to your set of load balancing algorithm to select a Realserver IP;

2 to select the IP corresponding MAC address as the target Mac, and then again the IP packet encapsulated into frames forwarded to the RS;

3 Record the connection information in the hash table.

VS/DR does a lot of things, and it's very simple, so it's very efficient, no less than the hardware load balancing device.

The approximate flow of data packets and data frames is this: client--> VS--> RS--> Client

1.2 The previous answer has been answered, VS/DR will not modify the contents of the IP packet.

2. Why should realserver configure the VIP on the Lo interface? Is it OK to configure the VIP on the exit card?

2.1 If you want RS to be able to handle IP packets with the destination address as VIP, you must first allow RS to receive this package.

Configuring the VIP on Lo can complete the receive package and return the result to the client.

2.2 The answer is not to the VIP set in the export card, otherwise will respond to the client ARP request, resulting in Client/gateway arp table disorder, so that the entire load balance can not work properly.

3. Why should realserver suppress ARP frames?

This issue has been explained in the previous question, which is further elaborated in conjunction with the implementation order. We will make the following adjustments when we implement the deployment in detail:

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce I'm sure a lot of people will not understand what they are doing, just know that there must be. I am not going to come up with a detailed discussion here, just to make a few notes, just as a supplement.

3.1

echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
The echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce these two are not available, because ARP has no meaning to the logical interface.

3.2 If your RS external network interface is eth0, then

echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce actually really want to do is:

echo "1" >/proc/sys/net/ipv4/conf/eth0/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/eth0/arp_announce so I personally suggest adding the top two to your script, because in the event that the two default values in the system are not 0, there may be problems.

4. LVS/DR Load Balancer (director) and RS Why should be in the same network segment?

From the first question, you should understand how VS/DR forwarded the request to RS, right? It is implemented at the data link layer, so the director must be in the same network segment as Rs.

5. Why director on the LO interface in addition to the VIP in addition to the eth0 with an IP (ie dip)?

5.1 If the use of keepalived and other tools to do ha or load Balance, you need to use a dip in health screening.

5.2 ha or Load balance without a health screening mechanism has no practical significance.

6. Does lvs/dr Ip_forward need to be opened?

No need. Because director and Realserver are the same network segment, you do not need to turn on forwarding.

7. Director's VIP netmask must be 255.255.255.255?

In Lvs/dr, director's VIP netmask need not be set to 255.255.255.255.

Route add-host $VIP Dev Eth0:0director VIP is to be like normal IP address as an external notice, do not make so special.

8. How do I lvs/dr tcp three times?

#####################################################################

Advantages of Nginx:
1, working in the OSI layer 7th, you can do some streaming strategy for HTTP applications. For example, for domain names, directory structure. It is more powerful and flexible than haproxy;
2, Nginx dependence on the network is very small, theoretically can ping the load function, this is its advantage;
3, Nginx installation and configuration is relatively simple, testing more convenient;
4, can bear high load pressure and stability, generally can support more than tens of thousands of times the concurrent volume;
5, Nginx can detect the server's internal faults through the port, such as the status code returned by the server processing page, timeout, and so on, and will return the wrong request resubmitted to another node;
6, Nginx is not only a good load balancer/reverse proxy software, it is also a powerful Web application server. LNMP is now also a very popular web environment, and the lamp environment, nginx in dealing with static pages, especially against high concurrency relative to Apache advantages;
7, Nginx now as a web reverse acceleration cache more and more mature, faster than the traditional squid server, the need for friends can consider using it as a reverse agent accelerator;
Disadvantages of Nginx:
1, Nginx does not support the URL to detect.
2, Nginx can only support HTTP and email, this is its weakness.
3, the nginx of the session to maintain the ability to guide the cookie is relatively deficient.

Advantages of Haproxy:
1, Haproxy is to support the virtual host, you can work in 4, 7 layer (support multiple network segment);
2, can supplement nginx some shortcomings such as the maintenance of the session, cookies, such as the guidance of work;
3, support the URL detection backend server;
4, it is just like the LVS, itself is only a load-balancing software, simply from the efficiency of haproxy more than nginx have a better load balancing speed, in the concurrent processing is also superior to nginx;
5, Haproxy can be read to the MySQL load balance, the back-end of the MySQL node detection and load balancing, but in the back-end of the MySQL slaves number of more than 10 when the performance is less than LVS;
6, the Haproxy algorithm is more, achieves 8 kinds;

Iv. Summary

Specific current network application can choose the best load mode according to the actual situation of the body. Among the three, LVS stability is the best, configurable least; Nginx for the domain name, directory structure of the matching is the strongest, while its dependence on the network is relatively small, but the performance and LVs and haproxy a little bit worse; Haproxy support Virtual host, Especially in the session to maintain the best, and its three algorithms can realize session sharing ———— IP identification (source), cookie recognition, session recognition three kinds of, in addition to the MySQL to do the HA program is often used in the software.