Technology Sharing

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

LVS-DR (Linux Virtual Server - Direct Routing) is a working mode of Linux virtual server, which is often used to implement load balancing cluster.
Working principle of LVS-DR:
The Director Server (load balancer) serves as the access entrance of the cluster, but is not used as a gateway. In order to respond to the access to the entire cluster, both the Director Server and the Real Server (real server) need to be configured with VIP (virtual IP address), and they need to be in the same network. The data returned to the client does not need to pass through the Director Server. The client sends a request to the target VIP. After receiving it, the load balancer selects the backend real server according to the load balancing algorithm. It does not modify or encapsulate the IP message, but changes the MAC address of the data frame to the MAC address of the backend real server and then sends it to the LAN. The backend real server receives this frame, decapsulates it and finds that the target IP matches the local machine (VIP is bound in advance), so it processes this message, then re-encapsulates the message, transmits the response message to the physical network card through the lo interface and then sends it out. The client will receive the reply message, and the client believes that it has received normal service, but will not know which server processed it. If it crosses the network segment, the message is returned to the user through the router via the Internet.

Features of LVS-DR include:
1. Director Server and Real Server must be in the same physical network.
2. Real Server can use private address or public network address. If using public network address, RIP can be directly accessed through the Internet.
3. Director Server serves as the access point for the cluster but not as a gateway.
4. All request messages pass through the Director Server, but reply response messages cannot pass through the Director Server.
5. The gateway of the Real Server is not allowed to point to the Director Server IP, that is, the data packets sent by the Real Server are not allowed to pass through the Director Server.
6. Configure the VIP IP address on the lo interface of the Real Server.

ARP problems and solutions in LVS-DR:
In an LVS-DR load balancing cluster, the load balancer and the node server are configured with the same VIP address, which will cause ARP communication disorder. When an ARP broadcast is sent to the cluster, both the load balancer and the node server will receive it. To solve this problem:
Process the node server so that it does not respond to ARP requests for VIP. You can use the virtual interface lo:0 to carry the VIP address and set the kernel parameter arp_ignore=1 so that the system only responds to ARP requests with the destination IP as the local IP.
When the Real Server returns a message (source IP is VIP) and is forwarded by the router, Linux uses the source IP address of the IP packet (i.e. VIP) as the source IP address in the ARP request packet by default, instead of using the IP address of the sending interface. This may cause the router to update the ARP table entry, making the Director's VIP invalid. The solution is to process the node server and set the kernel parameter arp_announce=2 so that the system does not use the source address of the IP packet to set the source address of the ARP request, but selects the IP address of the sending interface.