Shulou(Shulou.com)06/03 Report--

The following brings you how LVS realizes the load balancing of web services. I hope it can bring some help to you in practical application. Load balancing involves many things, and there are not many theories. There are many books on the Internet. Today, we use the accumulated experience in the industry to do an answer.

We know that the LVS project has provided a Linux Virtual Server framework for implementing scalable network services. In the LVS framework, IP virtual cloud server software "IPVS", "kernel Layer-7 switch machine KTCPVS based on content request distribution" and "cluster management software" are provided with three "IP load balancing technologies". Here we mainly talk about "IP load balancing technology". His management tool is ipvsadm.

1) ipvsadm syntax

Ipvsadm-A | E-t | u | f service-address [- s scheduler] [- p [timeout]] [- M netmask] [- b sched-flags] ipvsadm-D-t | u | f service-addressipvsadm-Cipvsadm-Ripvsadm-S [- n] ipvsadm-a | e-t | u | f service-address-r server-address [- g | I | m] [- w weight] [- y lower] ipvsadm-d-t | u | f service-address-r server-addressipvsadm-L | l [options] ipvsadm-Z [- t | u | f service-address] ipvsadm-set Tcp tcpfin udpipvsadm-start-daemon state [--mcast-interface interface] [--syncid syncid] ipvsadm-- stop-daemon stateipvsadm-h

2) introduction to Ipvsadm options

Option

Description

-A (--add-service) adds a new virtual IP record to the list of virtual servers in the kernel. That is to add a new virtual server. The virtual IP is the IP address of the virtual server. -E (--edit-service) Editing a virtual server record in the kernel virtual server list-D (--delete-service) deleting a virtual server record in the kernel virtual server list-C (--clear) clearing all rules in the kernel virtual server list-R (--restore) restoring virtual server rules-S (--save) saving virtual server rules The output in the readable format of the-R option-a (--add-server) adds a new Real Server record to a record in the kernel virtual server list. That is, to add a new Real Server-e (--edit-server) to a virtual server to edit a Real Server record in a virtual server record-d (--delete-server) to delete a Real Server record in a virtual server record-L |-l-list shows the virtual server column in the kernel-t indicates that the virtual server provides tcp services. This option is followed by the following format: [virtual-service-address:port] or [real-server-ip:port]-u indicates that the virtual server provides udp services, and this option is followed by the following format: [virtual-service-address:port] or [real-server-ip:port]-f fwmar description is the type of service marked by iptables-s this option is followed by the scheduling algorithm used by LVS There are several options: rr | wrr | lc | wlc | lblc | lblcr | dh | sh. The default scheduling algorithm is: wlc-p [timeout] duration of service on a Real Server. That is, multiple requests from the same user will be processed by the same Real Server. This parameter is generally used in operations with dynamic requests, and the default value of timeout is 360s (the help document is 300s). For example:-p 100, indicating that the service duration is 00s. -r specify the IP address of the Real Server This option is followed by the following format: [real-server-ip:port]-g (--gatewaying) specifies that the working mode of the LVS is the direct routing mode (this mode is the LVS default operating mode)-I (- ipip) specifies the working mode of the LVS as the tunnel mode-m (--masquerading) specifies the working mode of the LVS as the NAT mode-w (--weight) weight specifies the weight of the Real Server-c (--connection) displays the current LVS Connection information for example: ipvsadm-L-Cmurl-- timeout displays the timeout value of "tcp tcpfin udp" For example, ipvsadm-L-- timeout-L-- daemon displays the status of synchronous daemons, for example: ipvsadm-L-daemon-L-- stats displays statistics, for example: ipvsadm-L-stats-L-- rate displays rate information, for example: ipvsadm-L-- rate

3) Note: the rules for saving added virtual ip records and ipvsadm can use service ipvsadm save, or-S or-- save. Clear all records and rules except using-C to use-- clear.

2 load balancing of web services

1) Experimental preparation: prepare 4 virtual machines

@ @ one as a VS server

@ @ one as a client

@ @ two hosts act as web servers, not just web servers, of course. This is just for experimental convenience. Web services are the most common.

2) Network topology and address planning

3) Environment configuration

In order for the experiment to be implemented smoothly, turn off the firewall and selinux;. Note that this is only in the experimental environment.

[root@vin ~] # iptables-F # clear firewall rules [root@vin ~] # setenforce 0 # temporarily disable selinux [root @ vin ~] #

4) web server configuration

In order to show us how LVS is scheduled, we deliberately set up the index.html pages of the two web servers differently.

@ @ install the service:

[root@vin ~] # yum install httpd-y [root@vin ~] # echo "Linux web1" > / var/www/html/index.html # modify the home page, and change the content of the web2 home page to Linux web2

@ @ set routing: leave only one network card and point the gateway to Director

[root@vin] # route-nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.14.0 0.0.0.0 255.255.255.0 U 000 ens330.0.0.0 192.168.14.77 0.0.0 UG 000 ens33

5) VS Scheduler Settings

@ @ install the ipvsadm tool

[root@vin ~] # yum install ipvsadm-y # yum installation But I have installed Loaded plugins: fastestmirrorLoading mirror speeds from cached hostfilePackage ipvsadm-1.27-7.el7.x86_64 already installed and latest versionNothing to do [root@vin] # mount / dev/sr0 / mnt # Mount CD mount: / dev/sr0 is write-protected, mounting read-only [root@vin ~] # rpm-ivh / mnt/Packages/ipvsadm-1.27-7.el7.x86_64.rpm # rpm install [root@vin ~] #

@ @ enable core forwarding function

[root@vin ~] # echo 1 > / proc/sys/net/ipv4/ip_forword

@ @ define cluster service

[root@vin ~] # ipvsadm-A-t 172.18.14.100 wrr 80-s wrr [root@vin ~] # ipvsadm-a-t 172.18.14.100 wrr 80-r 192.168.14.55-m-w 3 # defines the weight of web1 as 3 [root@vin ~] # ipvsadm-a-t 172.18.14.10080-r 192.168.14.66-m-w 1 # defines the weight of web2 as 1 (default is also 1) Can be omitted) [root@vin ~] # ipvsadm-Ln # View IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.14.100 Masq 80 wrr-> 192.168.14.55 Ln 80 Ln 300-> 192.168.21.66 Ln 80 Masq 1 0 0

6) testing

Use for loop to initiate http access request to VIP on the client side

[root@vint ~] # for i in {1.. 10}; do curl Linux web1Linux web1Linux web2Linux web2Linux web2Linux web1Linux web2Linux web2Linux web2Linux web1Linux web2

7) result analysis

Observing the results of the visit, we find that LVS schedules according to our algorithm WRR (weighted polling) and the corresponding weight (3Magne1).

3 realize simultaneous scheduling of http and https

Solution 1: add two cluster services for http and https access

1) principle analysis:

To implement the scheduling of http (which we have implemented above) and https, the first step we need to do is to provide CA certificates for two services, and the CA certificates on the two servers must be exactly the same (you can give an authorization first and copy to another server), here we can use Director as the root CA authority to issue certificates, or you can use the web server's self-signed certificate. Then we add a cluster service for https scheduling on the VS server to achieve scheduling.

2) implement https service on web server

@ @ generate certificates: instead of talking about how to implement CA here, please refer to the blog: http://vinsent.blog.51cto.com/13116656/1964034

3) add cluster services to VS

[root@vin ~] # ipvsadm-A-t 172.18.14.100pur443-s wrr [root@vin ~] # ipvsadm-a-t 172.18.14.100wrr 443-r 192.168.14.55-m-w 3 # defines the weight of web1 as 3 [root@vin ~] # ipvsadm-a-t 172.18.14.100purl 443-r 192.168.14.66-m-w 1 # defines the weight of web2 as 1 (the default is also 1) Can be omitted) [root@vin ~] # ipvsadm-Ln # View several cluster services IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 172.18.14.100 Masq 80 wrr-> 192.168.14.55 Ln 80 Ln 300-> 192.168. 21.66 Masq 80 0TCP 10 0TCP 172.18.14.100 wrr-> 192.168.14.55 Masq 3 00-> 192.168.21.66 Masq 100

4) Test

[root@vint] # for i in {1... 10}; do curl http://172.18.14.100

The second scheme is to use firewall marking to realize the unified scheduling of http and https.

1) clear train of thought

It is realized above that http and https are respectively scheduled according to the corresponding algorithm through LVS scheduling, but their scheduling is still separate. How can we let the VS service schedule http and https as a service? when we think of the MANGLE table in Netfilter, we can make a policy on the firewall to mark the requests for access to my https and http services with MARK, so that when scheduling We only need to schedule according to MARK, but we don't care whether it is http or https.

2) configure iptables rules on VS

[root@vint] # iptables-F [root@vint] # iptables-F-t nat # ensures that there is no other regular interference on the wall; note: this is only the experimental environment [root@vint] # iptables-A-t mangle PREROUTING-p tcp-m multiport-- dport 80443\ >-d 172.18.14.100-j MARK-- set-mark 10

3) set LVS cluster service

Since we schedule the two together, in Director's view, both http access and https access are the same service, so we want to clear the original cluster service and re-add the cluster service.

[root@vint ~] # ipvsadm-C [root@vint ~] # ipvsadm-Ln # ensure that the rule clears IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn [root@vint ~] # ipvsadm-Z # empty counter [root@vin ~] # ipvsadm-A-t-f 10-s wrr [root@vin ~] # ipvsadm-a-t- F-r 192.168.14.55-m-w 3 # defines the weight of web1 as 3 [root@vin ~] # ipvsadm-a-t-f-r 192.168.14.66-m-w 1 # defines the weight of web2 as 1 (default is also 1 Can be omitted)

4) Test

[root@vint] # for i in {1... 10}; do curl http://172.18.14.100

After reading the above about how LVS implements the load balancing of web services, if there is anything else you need to know, you can find out what you are interested in in the industry information or find our professional and technical engineers for answers. Technical engineers have more than ten years of experience in the industry.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.