LVS four layer load balancing cluster (6) LVS working mode

NAT Forwarding mode

Network Address Translation, Network address translation

• CIP： client IP Address / Initiator / Source IP Address
• VIP： fictitious IP/lvs colony IP
• RIP： Real server IP/WEB colony IP/web The server

working principle

①. The client sends the request to the load balancer at the forward end , The requested source address is CIP( client IP), Hereinafter collectively referred to as CIP), The target address is VIP( Load balancer front end address , Hereinafter collectively referred to as VIP).

②. The load balancer receives the message , The requested address is found in the rule , Then it will the target of the client request message IP Change the address to that of the back-end server RIP Address and send the message according to the algorithm .

③. The message is sent to Real Server after , Since the destination address of the message is itself , So it will respond to the request , And return the response message to LVS.

④. then lvs Modify the source address of this message to the local machine and send it to the client .

Pay attention to NAT In the pattern ,Real Server The gateway of must point to LVS, Otherwise, the message cannot be delivered to the client

advantage

Network isolation is more secure

save IP Address

shortcoming

director It is likely to become a bottleneck of system performance , All requests director All need to process the response

DR Direct routing mode

working principle

①. The client sends the request to the load balancer at the forward end , The requested source address is CIP, The target address is VIP.

②. The load balancer receives the message , The requested address is found in the rule , Then it will request the source of the message from the client MAC Change the address to yourself DIP Of MAC Address , The goal is MAC Change it to RIP Of MAC Address , And send the package to RS.

③.RS Find the purpose in the request message MAC Is your own , Will receive this message , After processing the request message , Pass the response message lo Interface to eth0 The network card is sent directly to the client .

characteristic

• Cluster nodes and director Must be within a physical network
• RIP You can use public or private addresses
• director Only inbound requests are processed ,director The pressure on the server is relatively small
• Cluster node gateway does not point to director, Therefore, the exit does not pass director
• Port mapping is not supported
• Most operating systems can be used as realserver, Support isolation arp radio broadcast

 ARP problem

Usually ,DR The pattern needs to be in Real-server On the configuration VIP, The configuration method is ：

/sbin/ifconfig lo:0 inet VIP netmask 255.255.255.255

i) The reason lies in , When LVS hold client Forward the packet of to Real-server when , Because the purpose of the package IP The address is VIP, So if Real-server After receiving this bag , The purpose of the discovery package IP Not your own system IP, Then you will think that this package was not sent to you , Will discard this bag , So you need to put this IP The address is bound to the network card ; When sending a reply packet to client when ,Real-server The source and destination addresses of the packets will be swapped , Reply directly to client.

ii) About ARP radio broadcast ：

* Bound above VIP The mask of is ”255.255.255.255″, Explain that the broadcast address is itself , Then he will not ARP It is sent to the actual broadcast domain to which it belongs , This prevents LVS On VIP Conflict , And lead to IP Conflict .

* In addition to Linux Of Real-server On , Need to set up ARP Of sysctl Options :

TUN-IP Tunnel model

working principle

①. The client sends the request to the load balancer at the forward end , The requested source address is CIP, The target address is VIP.

②. The load balancer receives the message , The requested address is found in the rule , It then encapsulates another layer at the beginning of the client request message IP message , Change the source address to DIP, Target address changed to RIP, And send the package to RS.

③.RS After receiving the request message , The first layer of packaging is broken down , And then there's another layer IP The target address of the header is itself lo On the interface VIP, So it's going to process the sub-request packet , And pass the response message lo Interface to eth0 The network card is sent directly to the client .

characteristic

advantage ：

The load balancer is only responsible for distributing the request package to the back-end node server , and RS Send the response package directly to the user . therefore , Reduce the large data flow of load balancer , Load balancer is no longer the bottleneck of the system , Can handle a huge amount of requests , This way, , A load balancer can be a lot of RS distributed . And running on the public network can be distributed in different regions .

shortcoming ：

Tunnel mode RS Nodes need to be legal IP, This approach requires all server support ”IP Tunneling”(IP Encapsulation) agreement , The server may be limited to a few Linux On the system .

Pattern contrast

FULL-NAT

Full-NAT Hence the raw , The solution is LVS and RS Span VLAN The problem of , And cross VLAN After the problem is solved ,LVS and RS No longer exist VLAN The subordination on the Internet , You can do multiple LVS Corresponding multiple RS, Solve the problem of horizontal expansion .