2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
LVS three modes: NAT address translation DR direct routing mode tun tunnel mode
Features of DR mode:
The scheduler is the most important in the entire LVS cluster. In NAT mode, it is responsible for receiving requests, forwarding traffic according to the load balancing algorithm, and sending responses to clients.
DR mode: The scheduler is still responsible for receiving requests and forwarding traffic to the RS according to the load balancing algorithm. The response is directly sent by the RS to the client.
Direct Routing: DirectRouting is a Layer 2 forwarding mode. Layer 2 forwarding is data frames. Forwarding is based on the source MAC address and the destination MAC address.
The source and destination IP addresses of the data packets will not be modified. The packets will be forwarded based on their MAC addresses.
In DR mode, lvs is also a virtual IP address. All requests are forwarded to the entire vip through layer 2 forwarding. When the client's request reaches the scheduler, an RS is selected according to the load balancing algorithm, and the destination mac of the vip server is modified to the mac address of the RS. After the RS processes the request, it directly sends the response to the client based on the source mac address of the client in the message, without the need for a scheduler.
1. The scheduler is configured with VIP and the VIP address is also configured on RS
Who will respond? VIP address conflicts, the scheduler and RS are in the same network segment, ARP communication is disordered, because it is broadcasted by the entire LAN, all devices receive it, how to block the response of the loopback address lo and let the local physical IP address respond.
Modify kernel parameters:
arp_ignore=1
The system's physical IP address will respond to ARP requests, lo will not respond to ARP requests
2. When the message is returned, the VIP address is still there. How can the client receive the response?
arp_announce=2
The system does not use the source address of the IP packet to respond to the ARP request, but directly sends the IP address of the physical interface.
nginx1 RS1 192.168.233.61
nginx2 RS2 192.168.233.62
vip 192.168.233.100
test1 scheduler 192.168.233.10
test2 client 192.168.233.20
route add -host 192.168.233.100 dev lo:0
Set the IP address to 192.168.233.100 and add it to the loopback interface as the VIP of Ivs. Forward to RS through the routing mode
Allows VIP to identify the real server
| NAT | DR | TUN | |
|---|---|---|---|
| advantage | Address translation, simple configuration | Best performance | WAN enables data packet forwarding over longer distances |
| shortcoming | Performance bottleneck | Does not support cross-segment | Dedicated channel requires VPN (cost) |
| RS Requirements | No restrictions | ARP responses on non-physical interfaces must be disabled | Support tunnel mode |
| Number of RS | 10-20 units | 100 units | 100 units |
Split-brain with keepalive
The high availability architecture in the Ivs cluster is only for the high availability of the scheduler.
The master and backup schedulers are implemented based on VRRP.
Highly available HA architecture.
Main scheduler and backup scheduler (multiple)
When the main scheduler is working normally, the backup is in a completely redundant state (on standby). It does not participate in the operation of the cluster. Only when the main scheduler fails, the backup will take over the work of the main scheduler. After the main scheduler resumes function, the main scheduler continues to serve as the entrance to the cluster, and the backup continues to be in a redundant state (depending on the priority)
Keepalive implements the LVS high availability solution based on the VRRP protocol.
1. Multicast address:
224.0.0.18 communicates based on the multicast address, and the master and backup send messages to each other to confirm that the other party is alive.
2. Determine the position of the primary and backup nodes based on their priority
3. Failure switching: if the master fails, the backup continues to work; if the master recovers, the backup continues to wait. 4. The switch between the master and the backup is the switch of the VIP address.
Keepalive is specifically for IVS, but it is not exclusive to IVS.
The difference between Ivs and nginx for load balancing:
Ivs is a four-layer forwarding kernel-mode ip+port four-layer proxy
Nginx can be a layer 4 proxy or a layer 7 proxy.
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
