This is the 19th day of my participation in the August More Text Challenge

One, foreword

Load balancing architecture, the mainstream isLVS+KeepAlived+NginxThis set of structures.

Java engineers can understand.

LVS is a load-balancing technology. Deployed on a Linux server, the LVS server gets 100 requests and distributes them evenly to two Tomcat (Web servers) deployed on Linux servers. Each Web server gets 50 requests.

LVSPrinciple:

  1. First, the user dispatches the load balancer (Director Server), and the load balancer sends the request to the kernel space for inspection by the kernel module.
  2. In the kernel modulePREROUTINGThe chain first receives a user request and determines whether the destination address belongs to the load balancerIPIf yes, the packet is sent toINPUTChain.
  3. IPVSModules are working inINPUTOn-chain, when the user request arrivesINPUTOn the chain,IPVSThe user’s request is compared to the cluster service defined by the user, if the user is requesting the defined cluster service, thenIPVAThe target in the packet is forcibly modifiedIPAddress and destination port, and send a new packet toPOSTROUTINGChain.
  4. POSTROUTINGThe link receives the packet to discover the targetIPIf the address happens to be the backend server, the packet will be sent to the backend server through route selection.

LVSConsists of two parts:

  • ipvs (ip virtual server) :ipVirtual service, is a piece of code working in the kernel space, is mainly the implementation of scheduling code.
  • ipvsadm: Works in user space and is responsible foripvsThe kernel framework writes rules that define who is a cluster service and who is a back-end real server.

LVSTerms:

  • DS(Director Server) : The target server, the load balancer.
  • RS(Real Server) : Real server, that is, back-end server.
  • VIP(virtual IP) : is externally directed to the user as the target of the user’s requestIPAddress.
  • DIP(Director Server IP) : Mainly used for communication with internal hostsIPAddress.
  • RIP(Real Server IP) : true serverIP
  • CIP(Client IP) : ClientIP




Second,LVSarchitecture

Let’s start with a simple user request, as shown below:

  1. When a user visits a web site in a browser and sends a request, a domain name is assignedDNSDo the analysis intoIPAddress (can beLVSThe server’sIPAddress)
  2. LVSThe server, as a load balancing scheduler, is directly based onLinuxThere are some underlying mechanisms within the kernel for request forwarding, mainly based onLinuxSome underlying mechanism at the kernel level does request forwarding
  3. WebThe server receives requests: Generally yesTomcatThe 4-core 8-GIGAByte server has less than 1000 requests per second

Linux Virtual Server (LVS) : A Linux Virtual Server is a group of Web servers unified into a Virtual machine (VM) Server to provide external services. LVS is used for access, just like a Server.

LVM performs request forwarding based on some underlying mechanisms at the Linux kernel level, so it is highly efficient and can withstand hundreds of thousands or even millions of throughput per second on a single machine.


1) Multiple computer rooms and more activities in different placesLVSCluster Deployment Architecture

For example, the computer room of the company’s system is in China, Beijing.

So somebody in the United States or Europe comes to the site, does a domain name resolution through DNS, gets an IP, and goes to a server in the machine room. At this time, his network request may be forwarded to a server in the computer room in China through various networks from abroad, which is usually relatively slow. If you visit a foreign site directly, it will be faster.

At this time, LVS cluster deployment is usually performed in remote multiple computer rooms.

For example, if the site is an international site, one room is deployed in China, one room in the United States, and one room in Germany. The same data stores are deployed in these rooms, and data exchange and synchronization are required between them.

That is, all core data must be synchronized between equipment rooms in different regions to ensure that users in different regions can see the same content.

The site then shares a virtual IP address: Chinese users resolve the virtual IP address and route requests to a computer room in China, while foreign users route requests to a computer room closer to them.


(2) Based onNATTechnically realizedLVSPrinciple of Request Forwarding

Keep in mind:LVSIs a load balancing technology that works on layer 4 network protocols,NginxIt is a load balancing technology that works on layer 7 network protocol.

The layer 4 network protocol is TCP/IP and the layer 7 network protocol is HTTP.

Here’s what you might expect:

  1. The client andLVS TCPAfter three handshakes, establish a connection
  2. theHTTPThe request packet is sent toLVS
  3. LVSThe request packet is then forwarded asWebThe server

In fact, this is wrong. LVS works on a four-tier protocol (transport layer), whereas HTTP works on a seven-tier protocol (application layer).

The actual process is as follows:

  1. The client andLVS TCPAfter three handshakes, establish a connection
  2. The client sends the request,LinuxThe server receives the packet
  3. byLinuxThe kernel is transferred toLVSThe core code module
  4. LVSThe core code module is transferred from the back end according to the load balancing algorithmWebSelect a machine in the server cluster to forward packets toWebThe server

LVS load balancing system core code is mounted in the Linux kernel layer.

  1. withNATTechnology overwrite the target address and port in the packetWebAddress and port of the server
  2. At this timeLVSWill put this (clientSocketThe connection,WebServer)Hashtable

In this way, the next time the same Socket connection sends a packet, the packet is directly forwarded to the corresponding Web server

  1. Send a message

And one last little point,WebWhat the server reads is completeHTTPThe request.

For example, Tomcat itself is the HTTP protocol for the application layer of the seven-layer network protocol.

A quick summary:

The client establishes a TCP connection with the LVS cluster (including LVS and Real Server). However, the LVS server does not establish a TCP connection with the Real Server again, but forwards TCP packets:

  • NATmodel: The principle is modificationIPPacket address andTCPPort of the packet, and then forward the packet, noTCPConnect behavior, but the customer believes they connect to oneIPAddress, but differentIPServer groups of addresses also assume that they are directly connected to the client.
  • FULLNATmodel: The principle is also modifiedIPPacket address andTCPPort of the packet, and then forward the packet, noTCPConnection behavior, but when forwarding, both the source address and the destination address have been changed, so from the client view is andLVSThe established connection, viewed from the back end, is also andLVSEstablish a connection
  • DRmodel: The principle is to modify the requestmacAddress (layer 2) and then forward the packet, noTCPThe connection
  • IPTunnel model: LVSreal serverIs take theIPTunneling technology, no connectionreal serverTo establishTCPThe connection


3) based onIPtunnellingLVSPrinciple of request and response separation

Question: How does the Web server respond to requests? How do I return data?

The easiest thing to think of is, how to come, then how to go back, just go back to LVS, however:

The LVS was first implemented under pressure if all the response packets still went through the LVS. If the number of Web servers reaches more than 20, the overall QPS per second often reaches tens of thousands. At this time, the throughput of THE LVS scheduling server will reach its limit and become a bottleneck. The LVS server has to process requests and obtain response returns, and at least its network bandwidth may be overwhelmed.

In fact, most requests have less data and more data in response.

How about having the LVS server handle the request, but having the Web server return the response directly to the client? That is IP Tunneling: IP Tunneling, also known as IP Encapsulation.

After receiving the request, LVS encapsulates the REQUEST packet of the VIP whose destination address is the Web server into another IP packet and forwards the packet to a Web server. When the Web server parses the packet, the Web server finds that the destination address is VIP and the VIP is configured on its own IP tunnel device. The request can be processed at this point.