Shulou(Shulou.com)06/01 Report--

lvs basics:

Developed by Zhang Wensong: Taobao Ming Zhengming

lvs:linux Virtual Server

L4:Layer 4, Layer 4 switching, Layer 4 routing

lvs management tools:

ipvsadm/ipvs(let user define rules)

ipvsadm: user-space command-line tool for managing cluster services;(i.e., adding, deleting, checking, and modifying rules)

Support TCP,UDP,AH,EST,AH_EST,SCTP and many other protocols

Lvs several concepts:

Dispatcher: director,dispatcher,balancer

RS:Real Server

Client IP:CIP

Director Virtual IP:VIP (Virtual IP providing external network access)

Director IP:DIP (real IP on virtual IP host)

Real Server IP:RIP

lvs mode of operation:

Lvs-nat: Commonly known as MASQUERADE

Lvs-dr(direct routing):GATEWAY

Lvs-tun(ip tunneling):IPIP

Lvs-fullnat:

lvs-nat mode:

Both request and response messages pass through director, and DIP and RIP must be on the same segment;

DNAT(iptables) for multiple destinations: It modifies the destination IP address (and possibly the destination port) of the request packet to RIP that picks out a RS for forwarding;

(1) RS and DIP should use private network addresses, and RS gateways should point to DIP;

(2) Request and response messages are forwarded via director; in extremely high load scenarios, director may become a system bottleneck;

(3) Support port mapping;

(4) RS can use any OS;

(5) RIP of RS and DIP of Director must be on the same IP network;

(6) Since packets need to pass through the altimeter back and forth, the kernel forwarding function should be enabled. Of course, the firewall Iptables should also enable the forward function.

lvs-dr mode (most commonly used mode in production):

How dr works:

a.direct routing, client request message via director;

b. direct forwards by modifying the target MAC address of the request message, changing the MAC to the MAC of the backend RS, and then sends the request to the RS corresponding to the modified MAC;

c. the response message directly responds to the client via the RS via the gateway;

In the above process, the only modification is the target MAC

All nodes and LVS should be in a local area network, which can be different network segments;

How does the backend RS implement direct response to requests:

a. Binding VIP to lo of RS

b. suppression of arp broadcast response

Note: Modify the parameters of RS host kernel (suppress arp broadcast, because RS will configure VIP on lo, arp broadcast will be sent when client requests, if not suppressed, two hosts will respond, LVS function will be invalid; there is no broadcast between LVS and RS, LVS is directly closed information, RS is found through Director algorithm, so RS directly forwards)

(1) Ensure that the front-end router sends the request message with the target IP as VIP to the director;

(2) RIP of RS can use private address, but it can also use public network address;

(3) RS and Director must be in the same physical network; they can be different segments;

(4) Request messages are dispatched via Director, but response messages must not be dispatched via Director;

(5) Port mapping is not supported;

(6) RS can be most OS;

(7) RS gateway cannot point to DIP;

(8) Theoretically, as long as RS can go out of the network, it is not necessary to configure the external network IP. Of course, the response speed of configuring the external network will be faster (otherwise it is easy to cause gateway bottleneck).

(9) In general, DR mode is very efficient, but the configuration is troublesome. It is recommended to use haproxy/nginx model for daily PV of 1000-2000WPV or concurrent requests below 10,000.

(10) Direct external access services, for example: web services as RS nodes, RS is best to use public network IP address, if not direct external services, for example: mysql, storage system RS nodes, preferably only internal IP address

Lvs-tun mode: (ipip tunnel)

the IP header of the request message is not modified, but an IP header (DIP-RIP) is encapsulated in addition to the original IP header (CIP-VIP);

(1)RIP,DIP,VIP must all be public network addresses;

(2)RS The gateway cannot point to DIP;

(3)Request messages must be dispatched via director, but response messages must not be dispatched via director;

(4)Port mapping is not supported;

(5)RS The OS must support tunneling;

Basically the same as dr mode, except that an IP header pointing to RS is added to the header when requested by the client.

Lvs-fullnat: both source and destination addresses change;

director forwards by modifying both the superscript address and the source address of the request message;

(1)VIP is a public network address;RIP and DIP are private network addresses, and they do not need to be in the same network:

(2)RS The source address of the received request message is DIP, so the response should be sent to DIP;

(3)Both request and response messages must be routed through Director;

(4)Support port mapping mechanism;

(5)RS The OS can be any OS;

Official: Advantages and disadvantages of three IP Load Balancer technologies are summarized:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.