Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to understand the principle of load balancing". In daily operation, I believe many people have doubts about how to understand the principle of load balancing. The editor consulted all kinds of data and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubt of "how to understand the principle of load balancing"! Next, please follow the editor to study!

The Origin of load balancing

At the beginning of our business, we usually use a single server to provide services. With the increasing business traffic, no matter how optimized a single server is, no matter how good the hardware is, there will always be a performance ceiling. When the performance of a single server can not meet the business needs, it is necessary to compose multiple servers into a cluster system to improve the overall processing performance.

Based on the above requirements, we need to use a unified traffic entry to provide services, in essence, we need a traffic scheduler, through a balanced algorithm, a large number of user requests are evenly distributed to different servers in the cluster. This is actually the load balancing we are going to talk about today.

Several benefits that can be brought to us by using load balancing:

Improve the overall performance of the system.

The expansibility of the system is improved.

Improve the availability of the system

Load balancing type

In a broad sense, load balancers can be divided into three categories, including: DNS load balancing, hardware load balancing, software load balancing.

(1) DNS to achieve load balancing

DNS is the most basic and simple way to achieve load balancing. A domain name is resolved to multiple IP via DNS, and each IP corresponds to a different server instance, thus completing the scheduling of traffic. Although no conventional load balancer is used, a simple load balancing function is achieved.

The biggest advantage of implementing load balancer through DNS is that it is easy to implement, low cost, and there is no need to develop or maintain load balancer equipment by yourself, but there are some disadvantages:

The server failover delay is large, and the server upgrade is not convenient. We know that there are layers of caching between DNS and users. Even if the failed server is modified or removed through DNS in time when a failure occurs, it passes through the operator's DNS cache, and the cache probably does not follow the TTL rules, resulting in a very slow effective time of DNS, and sometimes a little request traffic after a day.

The traffic scheduling is not balanced and the granularity is too coarse. The balance of DNS scheduling is related to the policy that regional operator LocalDNS returns IP list. Some operators do not poll and return multiple different IP addresses. In addition, the number of users served by an operator LocalDNS will also constitute an important factor in uneven traffic scheduling.

The traffic allocation strategy is too simple and too few algorithms are supported. DNS generally only supports rr polling, and the traffic allocation strategy is relatively simple, and does not support scheduling algorithms such as weight, Hash and so on.

The list of IP supported by DNS is limited. We know that DNS uses UDP messages for information transmission, and the size of each UDP message is limited by the MTU of the link, so the number of IP addresses stored in the message is also very limited. Ali DNS system supports the configuration of 10 different IP addresses for the same domain name.

In fact, this approach is rarely used to achieve load balancing in a production environment. After all, the disadvantage is obvious. The reason why DNS load balancing is described in this paper is to explain the concept of load balancing more clearly.

Companies like BAT generally use DNS to achieve global load balancing at the geographical level, achieve local access, and improve access speed. This method is generally the basic load balancing of ingress traffic, and the lower layer will have a load architecture implemented by more professional load balancing devices.

(2) hardware load balancing

Hardware load balancing is through special hardware equipment to achieve load balancing function, is a special load balancing equipment. At present, there are two typical hardware load balancing devices in the industry: F5 and A10.

This kind of equipment is powerful and powerful, but the price is very expensive, generally only Tuhao companies will use such equipment, small and medium-sized companies generally can not afford, the volume of business is not so large, using these devices is also quite wasteful.

Advantages of hardware load balancing:

Powerful: fully support all levels of load balancing, support comprehensive load balancing algorithm.

Powerful performance: performance far exceeds that of common software load balancers.

High stability: commercial hardware load balancing, after a good strict test, after large-scale use, high stability.

Security protection: it also has security functions such as firewall and anti-DDoS attacks, as well as supporting SNAT functions.

The disadvantages of hardware load balancing are also obvious:

High price

Poor scalability, unable to extend and customize

Debugging and maintenance are troublesome and professionals are needed.

(3) Software load balancing

Software load balancing, you can run load balancing software on ordinary servers to achieve load balancing function. At present, Nginx, HAproxy and LVS are common. The difference is:

Nginx: layer 7 load balancer, supporting HTTP and E-mail protocols, as well as layer 4 load balancing

HAproxy: support for seven-tier rules, performance is also very good. The default load balancing software used by OpenStack is HAproxy

LVS: running in kernel mode, the performance is the highest in software load balancing. strictly speaking, it works in three layers, so it is more general and suitable for a variety of application services.

Advantages of software load balancing:

Easy to operate: both deployment and maintenance are relatively simple

Cheap: only need the cost of the server, the software is free

Flexibility: layer 4 and layer 7 load balancers can be selected according to business characteristics, making it easy to expand and customize functions.

Load balancing LVS

Software load balancing mainly includes: Nginx, HAproxy and LVS, three kinds of software are more commonly used. Basically, layer-4 load balancers use LVS. It is understood that big companies such as BAT are heavy users of LVS. It is because of the excellent performance of LVS that it can save companies huge costs.

LVS, full name Linux Virtual Server is an open source project initiated by Chinese Dr. Zhang Wensong, which has a great popularity in the community. It is a four-tier-based reverse proxy server with strong performance.

It is now part of the standard kernel, which has the characteristics of reliability, high performance, scalability and maneuverability, so as to achieve optimal performance at low cost.

Basic principles of Netfilter

LVS is based on the load balancing function implemented by the netfilter framework in the Linux kernel, so you must briefly understand the basic working principles of netfilter before learning LVS. Netfilter is actually very complicated, what we usually call Linux firewall is netfilter, but what we usually operate is iptables,iptables, which is just a tool for writing and transmitting rules in user space, and what we really do is netfilter. You can easily understand how netfilter works through the following figure:

Netfilter is a kernel Linux firewall mechanism. As a general and abstract framework, it provides a set of hook function management mechanisms, such as packet filtering, network address translation, and connection tracking based on protocol types.

Generally speaking, netfilter provides a mechanism to set several levels (hook functions) according to the rules to perform related operations during the flow of packets. Netfilter sets a total of 5 points, including: PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING

PREROUTING: packets that have just entered the network layer and have not yet been routed through here

INPUT: determine the packets destined for the machine through route lookup, and pass here

FORWARD: the packet to be forwarded after route lookup, before POST_ROUTING

OUTPUT: the package just sent from the native process, through here

POSTROUTING: packets that have entered the network layer and have been routed and forwarded, and are about to leave this device, pass here

When a packet enters the network card, it passes through the link layer and then enters the network layer to reach the PREROUTING, and then carries on the route lookup according to the destination IP address. If the destination IP is local, the packet continues to be delivered to the INPUT, and after passing through the protocol stack, the data is sent to the corresponding application program according to the port.

After processing the request, the application sends the response packet to the OUTPUT, and finally sends out the network card through the POSTROUTING.

If the target IP is not native, and the forward parameter is enabled on the server, the packet will be delivered to the FORWARD, and the network card will be sent through POSTROUTING.

Basic principles of LVS

LVS is based on the netfilter framework, mainly works on the INPUT chain, registers the ip_vs_in HOOK function on INPUT, and carries out the main process of IPVS. The principle is as shown in the figure:

When the user accesses the www.sina.com.cn, the user data passes through the layers of the network, and finally enters the LVS server network card through the switch and enters the kernel network layer.

After entering the PREROUTING, the route lookup determines that the destination VIP is the native IP address, so the packet enters the INPUT chain.

LVS works on the INPUT chain, and determines whether the request is a LVS service according to the visited IP:Port. If so, it carries out the LVS main process, forcibly modifies the relevant data of the packet, and sends the packet to the POSTROUTING chain.

After receiving the packet on the POSTROUTING, the packet is routed according to the destination IP address (the real back-end server), and the packet is finally sent to the back-end server.

The open source LVS version has three working modes, each of which works differently. Each mode has its own advantages and disadvantages and different application scenarios, including the following three modes:

DR mode

NAT mode

Tunnel mode

Another pattern must be mentioned here is FullNAT, which is not available in the open source version. This model originated from Baidu and later carried forward in Ali, which is open source by the Ali team. The code address is as follows:

Https://github.com/alibaba/lvs

There is also a download address on LVS's official website, but it is not integrated into the kernel mainline version.

There will be a special section that describes the FullNAT pattern in detail later. Below, the principles of DR, NAT and Tunnel modes are introduced in detail.

Principle of DR pattern implementation

The description in the basic schematic diagram of LVS is relatively simple and represents a more general process. The following will explain in detail how the DR pattern works according to the specific implementation principle of the DR pattern.

In fact, DR is the most commonly used working mode because of its powerful performance. The following attempts to describe how the DR pattern works in terms of a process of request and response data flow

(1) the process of realizing the principle

① when the client requests the www.sina.com.cn home page, the request packet traverses the network to reach the LVS server network card of Sina: the source IP is the client IP address CIP, and the destination IP is the external server IP address of Sina, that is, VIP;. At this time, the source MAC address is CMAC, which is actually the MAC address of the router connected to LVS (CMAC for easy understanding), and the destination MAC address is the MAC corresponding to VIP and marked as VMAC.

② packets go through the link layer and arrive at the PREROUTING location (just entering the network layer). The lookup route discovers that the destination IP is the VIP of LVS, and then it is delivered to the INPUT chain. At this time, the packets MAC, IP, and Port are not modified.

The ③ packet arrives at the INPUT chain, and INPUT is the main location where LVS works. At this point, LVS will confirm whether it is a service defined by LVS according to the destination IP and Port. If it is a defined VIP service, it will select one from the list of real servers as RS1 according to the configuration information, and then use RS1 as the destination to find the route in the direction of Out to determine the hop information and the network card through which the packet is to be sent. Finally, the packet is delivered to the OUTPUT chain.

After passing through the POSTROUTING chain, the ④ data packet is transferred from the network layer to the link layer, and the destination MAC address is modified to the RealServer server MAC address, which is recorded as RMAC;, while the source MAC address is modified to the MAC address corresponding to the selfIP of the same network segment of LVS and RS, which is marked as DMAC. At this point, the packet is forwarded to the RealServer server through the switch (note: for simplicity, the switch is not drawn).

After the ⑤ request packet arrives at the real back-end server, the link layer checks that the destination MAC is the address of its own network card. When you get to the network layer, look for the route. The destination IP is VIP (VIP is configured on lo), and the packet that is determined to be the local host is copied to the application program (such as nginx server) through the protocol stack. After nginx responds to the request, the response packet is generated.

Then use CIP to find out the direction of the route, determine the next hop information and send network card device information. At this point, the source and destination IP of the packet are VIP and CIP, respectively, and the source MAC address is the RMAC of RS1, and the destination MAC is the MAC address of the next hop (router), marked as CMAC (CMAC for ease of understanding). Then the packet is forwarded to the real client through the router connected to RS, which completes the whole process of request response.

From the whole process, we can see that the DR mode LVS logic is relatively simple, the packet is forwarded to the back-end server by direct routing, and the response packet is sent directly to the client by the RS server without going through LVS.

We know that the request packet is usually small, the response message is large, and the packets passing through LVS are basically small packets, so this is the main reason for the powerful performance of LVS's DR mode.

(2) advantages and disadvantages and usage scenarios

Advantages of DR mode

The response data does not pass through lvs and has high performance.

The modification to the packet is small, and the information is kept intact (carrying the client source IP)

Disadvantages of DR mode

Lvs and rs must be on the same physical network (cross-room is not supported)

Lo and other kernel parameters must be configured on the server

Port mapping is not supported

Usage scenarios of DR mode

If the performance requirements are very high, DR mode can be preferred, and the client source IP address can be passed through.

Principle of NAT pattern implementation

The second working mode of lvs is NAT mode. The following figure details the whole process that the packet is forwarded to rs after entering lvs from the client, and then the response data is forwarded to lvs again through rs, and the packet is replied to the client by lvs.

(1) the principle and process of realization

The ① user request packet passes through layers of networks and arrives at the lvs network card. In this case, the source IP of the packet is CIP and the destination IP is VIP.

② enters the prerouting location of the network layer through the network card, looks up the route according to the destination IP, confirms that it is the native IP, and forwards the packet to the INPUT. At this time, the source and destination IP are not changed.

After ③ arrives at lvs, it uses the destination IP and destination port to find out whether it is an IPVS service. If it is an IPVS service, a RS is selected as the back-end server, and the destination IP of the packet is modified to RIP. For the purpose of RIP, IP looks up routing information, determines the next hop and egress information, and forwards the packet to output.

After being processed by postrouting and link layer, the modified packet of ④ arrives at the RS server, where the source IP of the packet is CIP and the destination IP is RIP.

The data packets that ⑤ arrives at the RS server are checked by the link layer and network layer, and are sent to the user space nginx program. The nginx program finishes processing and sends the response packet. Because the default gateway on the RS is configured as the lvs device IP, the nginx server forwards the packet to the next hop, that is, the lvs server. At this point, the packet source IP is RIP and the destination IP is CIP.

After receiving the RS response packet, the ⑥ lvs server finds that the destination IP is not the native IP according to the route lookup, and the lvs server turns on the forwarding mode, so the packet is forwarded to the forward chain without modification.

After receiving the response packet, ⑦ lvs changes the source IP to VIP according to the destination IP and destination port lookup service and connection table, determines the next hop and exit information through route lookup, sends the packet to the gateway, reaches the user client through the complex network, and finally completes an interaction between request and response.

Two-way traffic in NAT mode passes through LVS, so there will be some bottlenecks in the performance of NAT mode. However, unlike other modes, NAT supports port mapping and supports the windows operating system.

(2) advantages, disadvantages and usage scenarios

Advantages of NAT mode

Able to support windows operating system

Port mapping is supported. If the rs port is inconsistent with the vport, lvs modifies the dport to support port mapping in addition to the destination IP.

Shortcomings of NAT mode

The backend RS needs to configure the gateway.

Two-way flow has great pressure on lvs load.

Usage scenarios of NAT mode

If you are a windows system and use lvs, you must choose NAT mode.

Principle of Tunnel pattern implementation

Tunnel mode is rarely used in China, but it is said that Tencent uses a lot of Tunnel mode. It is also an one-arm mode. Only the request data will go through the lvs, and the response data will be sent directly from the back-end server to the client. The performance is also very powerful, while supporting cross-server rooms. Next, we will continue to look at the diagram and analyze the principle.

(1) the principle and process of realization

The ① user request packet passes through the multi-layer network and arrives at the lvs network card. In this case, the source IP of the packet is cip and the destination ip is vip.

② enters the prerouting location of the network layer through the network card, looks up the route according to the destination ip, confirms that it is the native ip, and forwards the packet to the input chain to reach the lvs. At this time, the source and destination ip remain unchanged.

After ③ arrives at lvs, it uses the destination ip and destination port to find out whether it is an IPVS service. If it is an IPVS service, a rs will be selected as the back-end server. Ip will look up routing information for rip and determine the next hop, dev and other information. Then an additional IP header (with dip as the source and rip as the destination ip) is added in front of the IP header to forward the packet to the output.

According to the routing information, the ④ packet finally passes through the lvs network card, sends it to the router gateway, and then reaches the back-end server through the network.

After the ⑤ backend server receives the data packet, the ipip module uninstalls the Tunnel header. The normal source ip is cip and the destination ip is vip. Because vip is configured on tunl0, it is determined to be native ip after route lookup and sent to the application. After the application nginx responds to the data normally, the ip packet is sent to the network card with vip as the source ip,cip, and finally reaches the client.

Tunnel mode not only has the high performance of DR mode, but also supports cross-room access, which sounds perfect. However, domestic operators have certain characteristics. For example, the source IP of RS response packets is VIP,VIP and the back-end server may be cross-operator, which may be blocked by the operator's policy. Tunnel has not been used in the production environment, so it may be difficult to implement Tunnel in China.

(2) advantages, disadvantages and usage scenarios

Advantages of Tunnel mode

Single arm mode, low pressure on lvs load

The modification to the packet is small, and the information is preserved completely.

It can be across computer rooms (but it is difficult to achieve it in China)

Disadvantages of Tunnel mode

You need to install and configure the ipip module on the back-end server

You need to configure vip on the backend server tunl0

The addition of the tunnel header may lead to fragmentation, which affects the performance of the server.

The IP address of the tunnel header is fixed, and the back-end server network card hash may be uneven.

Port mapping is not supported

Usage scenarios of Tunnel mode

In theory, if there is a high requirement for forwarding performance and cross-room requirements, Tunnel may be a better choice.

At this point, the study of "how to understand the principle of load balancing" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.