What is load balancing?
In the early days of the Internet, the business flow was small and the business logic was simple, so a single server could meet the basic needs. However, with the development of the Internet, more and more business traffic and more and more complex business logic, the performance problems of a single machine and a single point of failure have become prominent, so multiple machines are needed to carry out the horizontal expansion of performance and avoid single point of failure. But how do you distribute traffic from different users to different servers?
The early approach was to use DNS as a payload, allowing clients to direct their traffic to each server by resolving different IP addresses for them. However, this method has a big disadvantage of delay. After the scheduling policy is changed, the cache of DNS nodes at all levels does not take effect on the client in time, and the SCHEDULING policy of DNS load is relatively simple, which cannot meet service requirements, so load balancing occurs.
Client traffic will first reach the load balancing server, through certain by the load balancing server scheduling algorithm will flow distributed to different application servers, and load balancing server can do periodic health examination on the application server, when found fault nodes and the dynamic of the nodes from the application server in the cluster, to ensure that the application of high availability.
Load balancing is divided into four – layer load balancing and seven – layer load balancing. Layer-4 load balancing works at the transport layer of the OSI model and forwards traffic to the application server by modifying the address information of the packets received from the client.
Layer-7 load balancing works at the application layer of the OSI model. Because it needs to parse application layer traffic, layer-7 load balancing also needs a complete TCP/IP protocol stack after receiving client traffic. Layer-7 load balancer establishes a complete connection with the client and resolves the request traffic of the application layer. Then, it selects an application server according to the scheduling algorithm and establishes another connection with the application server to send the request. Therefore, the main work of Layer-7 load balancer is proxy.
What is the difference between Layer 2, layer 4 and Layer 7 load balancing?
2.1 – Differences in technical principles.
Layer 4 load balancing determines the internal server to be selected based on the destination IP address and port in the packet and the server selection mode set by the load balancing device.
Taking TCP as an example, when receiving the first SYN request from the client, the load balancing device selects an optimal server in the preceding manner, changes the destination IP address of the packet to the IP address of the back-end server, and directly forwards the packet to the server. The TCP connection, namely the three-way handshake, is directly established between the client and the server. The load balancer only performs a forwarding action similar to that of a router. In some deployment scenarios, the original source IP address of the packet may be changed during packet forwarding to ensure that the packet can be correctly returned to the load balancer.
The so-called seven-layer load balancing, also known as “content exchange”, mainly determines the internal server selected by the meaningful application layer content in packets and the server selection mode set by the load balancing device.
Take TCP as an example. If the load balancing device wants to select a server based on the actual application layer content, it can only receive the actual application layer content packet sent by the client after the connection is established between the final server and the client (three-way handshake). Then, the load balancing device can select a server based on the actual application layer content. Together with the server selection method set by the load balancing device, the final internal server is selected.
A load balancer in this case is more like a proxy server. TCP connections are established between load balancers and front-end clients and back-end servers respectively. Therefore, the layer-7 load balancing has higher requirements on load balancing devices, and the layer-7 capacity is inevitably lower than that of the layer-4 deployment mode. So why do you need seven layers of load balancing?
2.2 – Requirements for application scenarios.
The benefit of the seven-layer application load is that it makes the entire network more “intelligent “, and we can get a general idea of the advantages of this approach by referring to our previous article on optimization for HTTP applications. For example, the user traffic of visiting a website can be forwarded to a specific picture server in a seven-layer way and can use caching technology; Requests for literal classes can be forwarded to a specific literal server and compression techniques can be used.
Of course, this is only a small case of the seven-layer application. From the technical principle, this way can modify the client request and the server response in any sense, which greatly improves the flexibility of the application system in the network layer. Many functions deployed in the background (such as Nginx or Apache) can be moved forward to load balancing devices, such as Header rewriting in customer requests, keyword filtering or content insertion in server responses.
Another feature that is often mentioned is security. In the most common SYN Flood attack, hackers control multiple source clients and use false IP addresses to launch SYN attacks against the same target. In this attack, the Denial of Service(DoS) is achieved by sending SYN packets in large numbers and exhausting the resources on the server.
From the technical principle, these SYN attacks are forwarded to the back-end server in Layer 4 mode. In Layer 7 mode, these SYN attacks automatically stop on the load balancer and do not affect the normal operation of the background server. In addition, the load balancing device can set multiple policies at seven layers to filter specific packets, such as SQL Injection and other specific attack methods at the application layer, so as to further improve the overall system security at the application layer.
At present, the 7-layer load balancing mainly focuses on the widely used HTTP protocol, so its application scope is mainly a large number of websites or internal information platforms based on B/S development system. Layer-4 load balancers correspond to other TCP applications, such as C/ S-BASED ERP systems.
2.3 – Issues to be considered for layer 7 applications.
• If necessary, tier 7 applications can improve traffic intelligence, while inevitably introducing complex device configurations, increased load balancing pressure, and complexity in troubleshooting. When designing the system, it is necessary to consider the hybrid situation of applying four layers and seven layers simultaneously.
• Whether security can actually be improved. For example, in layer 7 mode, SYN Flood attacks are shielded from the server. However, the load balancer must have strong anti-ddos capabilities. Otherwise, the failure of the load balancer as the central scheduling device will cause the entire application to crash even if the server is normal.
• Is there enough flexibility? The advantage of layer 7 applications is that the traffic of the entire application can be intelligentized. However, the load balancing device needs to provide complete layer 7 functions to meet customers’ requirements for application-based scheduling. One of the simplest tests is whether it can replace the scheduling function on backend Nginx or Apache servers. Load balancing devices that can provide a seven-layer application development interface and allow customers to customize their functions according to their needs are likely to provide great flexibility and intelligence.
Third, load balancing algorithm?
• Random Random, set the Random probability according to the weight. The probability of collision on a section is high, but the distribution is more uniform with the increase of adjustment dosage, and the distribution is more uniform after using weight according to the probability, which is conducive to dynamic adjustment of provider weight.
2. Polling and weighted polling
• Round Robbin This algorithm is best used when all servers in a server cluster have the same processing capability and the amount of each service processed is not different. Round-robin, the round-robin ratio is set according to the weight after the convention. There is the problem of slow provider accumulation of requests, such as: the second machine is slow, but not hung up, gets stuck when the request is switched to the second machine, and over time all the requests get stuck to the second machine.
• Weighted Round Robbin An algorithm that assigns a certain weight to each server in the poll. For example, if server 1 has the weight 1, server 2 has the weight 2, and server 3 has the weight 3, the order is 1-2-2-3-3-3-1-2-2-3-3-3-……
3. Minimum connection and weighted minimum connection
• Least Connections An algorithm that communicates with the server that processes the Least number of Connections (sessions) among multiple servers. Even if the processing capacity of each server is different and the amount of each business is not the same, the load of the server can be reduced to a certain extent.
• Weighted Least Connections are algorithms that attach weight to each server in the Least number of connections algorithm. This algorithm allocates the number of connections to each server in advance and forwards client requests to the server with the Least number of connections.
4. Hash algorithm
• Plain hashing
• Consistent Hash Consistent Hash, where requests with the same parameters are always sent to the same provider. When a provider hangs, requests originally sent to that provider are spread over other providers based on virtual nodes without drastic changes.
5. IP address hash
• An algorithm that uniformly forwards packets from the same sender (or packets sent to the same destination) to the same server by managing the hash of the sender and destination IP addresses. When the client has a series of services to be processed and must communicate with a server repeatedly, the algorithm can ensure that the communication from the same client can always be processed in the same server in the unit of flow (session).
URL hashes
• An algorithm that forwards requests to the same URL to the same server by managing hashes of URL information requested by clients.
Implementation of load balancing (DNS > Data link layer > IP layer > Http layer)?
1 – DNS Domain name Resolution Load Balancing (delay)
Each domain name resolution request returns A different IP address based on the load balancing algorithm. In this way, multiple servers configured in record A form A cluster and load balancing can be implemented.
The advantage of DNS domain name resolution load balancing is that the LOAD balancing work is handed over to DNS, which avoids the trouble of network management. The disadvantage is that DNS may cache A records, which is not controlled by websites. In fact, large sites always partially use DNS resolution as a first-level load balancing tool, and then do second-level load balancing internally.
2 – Data Link Layer Load Balancing (LVS)
Data link layer load balancing refers to load balancing by changing MAC addresses on the data link layer of communication protocols.
This way of data transmission and transmission mode, called triangle load balance data distribution process do not change the IP address, MAC address, only change the purpose of all machines by configuring real physical server cluster virtual IP and load balancing server IP address, so as to achieve load balancing, this way of load balancing is also called direct routing (DR).
In the figure above, after the user request reaches the load balancing server, the load balancing server changes the destination MAC address of the requested data to the MAC address of the real WEB server without changing the destination IP address of the data packet. Therefore, the data can normally reach the target WEB server. After processing data, the server can go through the ISM server instead of the load balancing server to the user’s browser.
Link layer load balancing using triangle transmission mode is the most widely used load balancing method for large websites. The best open source link-layer load balancing product on Linux platform is LVS(Linux Virtual Server).
3-IP Load Balancing (SNAT)
IP load balancing: Load balancing is performed at the network layer by modifying the destination IP address of the request.
User request packet arriving at the load balancing server, the load balancing server access to network packets in the operating system kernel, according to the calculation of load balancing algorithm is a real WEB server address, and then amend the packet’s IP address to the real WEB server address, don’t need to pass the user process. After the WEB server processes the data packet, the load balancing server changes the source IP address of the data packet to its own IP address and sends the data packet to the user’s browser.
The key is how the corresponding data packets from the real WEB server are returned to the load balancing server. One method is that the load balancing server changes the source IP address of the data packet to its own IP address at the same time as the destination IP address. Another option is to use the load balancer server as a gateway server to the real physical server, so that all data will reach the load balancer server.
IP load balancing performs better than reverse proxy balancing when distributing data in the kernel process. However, all the packets of request and response need to pass through the load balancing server, so the network card bandwidth of load balancing becomes the bottleneck of the system.
4 – HTTP Redirected load balancing (rare)
The HTTP redirect server is an ordinary application server. Its only function is to calculate a real server address according to the user’s HTTP request, and write the real server address in the HTTP redirect response (response status 302) back to the browser, and then the browser automatically requests the real server.
The advantage of this load balancing scheme is that it is relatively simple, but the disadvantage is that the browser needs to request the server twice each time to complete a visit, so the performance is poor. Use HTTP302 response code redirection, which may be judged by the search engine as SEO cheating and lower the search ranking. The redirection server’s own processing power can be a bottleneck. So this kind of scheme is not used much in practice.
5 – Reverse Proxy Load Balancing (NGINx)
A traditional proxy server sits on one side of a browser that sends HTTP requests to the Internet. The reverse proxy server is located in the equipment room of the web site. The web server of the proxy web site receives HTTP requests.
The purpose of a reverse proxy is to protect web sites. All Internet requests must pass through a proxy server, which acts as a barrier between the Web server and possible network attacks.
In addition, proxy servers can also be configured to cache accelerated Web requests. When a user accesses the static content for the first time, the static memory is cached on the reverse proxy server. In this way, when other users access the static content, the memory is directly returned from the reverse proxy server, speeding up the response to web requests and reducing the load on the Web server.
In addition, the reverse proxy server can also implement load balancing.
Because the reverse proxy server forwards requests at the HTTP protocol level, it is also called application layer load balancing. The advantage is that the deployment is simple, but the disadvantage is that the system may become a bottleneck.
Transfer code tips
Link: blog.csdn.net/tTU1EvLDe