The principle and implementation of LVS

I. Introduction of LVS

LVs is a shorthand for Linux virtual server, that is, a virtualized server cluster system. Founded in May 1998 by Dr. Zhangwensong, this project is one of the earliest free software projects in China. In Linux memory 2.6, it has become a part of the kernel, before which the kernel version needs to be recompiled.

LVS is primarily used for load balancing of multiple servers. It works on the network layer and can achieve high performance, highly available server clustering technology. A number of low-performance servers can be combined to form a super-server for capacity expansion and scaling. The configuration is simple and has multiple load balancing methods. Stable and reliable, even if a server in the cluster does not work properly, it does not affect the overall effect.

Ii.. LVS Components

Ipvs: is a framework that works in the kernel, combining the input hook function on the NetFilter code to complete forwarding based on user-defined Ipvs rules, so that the request does not enter the user space.

Once a user requests access to the user space, it means that each user requests a link to maintain a socket file, with a maximum of 65,535 single-host socket files. Because LVS works in kernel space, there is no need to enter user space, so you can break the socket limit.

Ipvsadm: is a user space manager that is used to generate rules for IPVS in the input hook function.

Third, LVS IP address naming specification

in the LVS cluster, we must differentiate different kinds of IP addresses based on the roles of the nodes within the cluster, and there are four basic types of IP addresses within a cluster.

①, virtual IP address (VIP)

IP address that Director uses to provide services to client computers

The IP address used by the client computer to connect the services provided by the cluster is called the Virtual IP address (VIP), which is the IP alias or the subordinate IP address on the NIC that connects the director to the regular public network. The LVS VIP is important because it is used when the client computer connects to the cluster, the client computer sends packets from their IP address to the VIP address to access the Cluster service, and then you tell the client computer to use the service name of this VIP address (such as DNS, DDNS, WINS, LDAP or NIS), which is a unique name or address that a client computer often needs to know to use the Cluster service. (Client computers do not know the remaining IP addresses in the cluster)

②, real IP address (RIP)

The IP address used on the cluster node

In LVS terminology, the node that provides services to the outside world is called a real server, so the IP address used on the real server is called the real IP address (RIP).

A RIP address is a permanent IP address assigned to a network card that connects a real server to a director on the same web, which is a clustered network or director/Real server network (D/rip Network), and director uses RIP addresses in D/ Normal network traffic on the RIP network, but only the director needs to know how to talk to the IP address.

③, Director's IP address (DIP)

The IP address that the director uses to connect to the D/rip network

The director's IP address (DIP) is used on the NIC connecting the director to the D/rip network, receiving requests for access to the Cluster service on the director's VIP, which are forwarded through the dip to each cluster node, and the dip and VIP can be on the same NIC.

④, client computer's IP address (CIP)

The IP address assigned to the client computer, which is used as the source IP address for sending requests to the cluster

The IP address of the client computer (CIP) may be a local, private IP address on the same network as the VIP, or a public IP address on the Internet.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/74/4D/wKiom1YYpE_gVpcsAAK5eMOeYNQ841.jpg "title=" Qq20151010122510.png "alt=" Wkiom1yype_gvpcsaak5emoeynq841.jpg "/>

LVS cluster and an IP distribution diagram (click to enlarge View)

Four, Types of LVs

. Using the Vs/nat method

When a customer accesses a network service through the virtual IP address (the IP addresses of the VPN), the request message arrives at the scheduler, and the scheduler selects a server from a set of real servers based on the connection scheduling algorithm (mentioned below), and the destination address of the message is virtual Overwrite the address of the selected server, the destination port of the message is rewritten as the corresponding port of the selected server, and the modified message is sent to the selected server. At the same time, the dispatcher records this connection in the connection hash table, when the next message arrives, the address and port of the original selected server can be obtained from the connection hash table, and the same rewrite operation will be sent to the original selected server. When the response message from the real server passes through the scheduler, the dispatcher changes the source address and the source port of the message to the virtual IP address and the corresponding port, then sends the message to the user.

When using the Vs/nat method, if there is a large number of response data through the scheduler, the scheduler will become the bottleneck of the whole cluster

This is like Nginx 7-level dispatch, so the back-end machine can support only 10 units. Because this dispatcher is a bottleneck.

2. Using the Vs/tun method

Vs/tun's connection scheduling and management is the same as in Vs/nat, except that its message forwarding method is different. According to the load situation of each server, the scheduler chooses a server dynamically, encapsulates the request message in another IP packet, forwards the encapsulated IP message to the selected server, and the server receives the message, the message is first unpacked to obtain the original target address of the VIP message, The server discovers that the VIP address is configured on the local IP tunneling device, so it processes the request and then returns the response message directly to the client based on the routing table.

3. Using the Vs/dr method

Both the scheduler and the server group must physically have a network card connected via a disconnected LAN, such as through a switch or a high-speed hub. VIP address for Dispatcher and server group sharing, dispatcher configuration VIP address is externally visible, used to receive virtual service request message; All servers configure VIP addresses on their non-arp network devices, which are not visible to the outside, but only for the purpose of handling network requests with the VIP address. In Vs/dr, the scheduler dynamically chooses a server based on the load of each server, does not modify or encapsulate IP packets, but instead converts the MAC address of the data frame to the MAC address of the server and sends the modified data frame to the local area network of the server group. Because the MAC address of the data frame is the selected server, the server is sure to receive the data frame from which the IP message can be obtained. When the server discovers that the destination address of the message is on the local network device, the server processes the message and then returns the response message directly to the client based on the routing table.

This article is from the "Ma Gao" blog, please make sure to keep this source http://kgdbfmwfn.blog.51cto.com/5062471/1701501

The principle and implementation of LVS