LVS-DR模式:每个Real Server上都有两个IP:VIP和RIP,但是VIP是隐藏的,就是不能提供解析等功能,只是用来做请求回复的源IP的,Director上只需要一个网卡,然后利用别名来配置两个IP:VIP和DIP,在DIR接收到客户端的请求后,DIR根据负载算法选择一台rs sever的网卡mac作为客户端请求包中的目标mac,通过arp转交给后端rs serve处理,后端再通过自己的路由网关回复给客户端。
LVS-DR mode: Each Real Server has two IPs: VIPs and RIPs, but VIPs are hidden and cannot provide functions such as parsing. Only one web card is needed on Director to make the request, and then two IPs are configured using aliases: VIPs and DIPs. After DIR receives the request from the client, DIR selects a rs sever web card, mac, as the target in the client's request package, and transmits it to the backend, rsserve, and the backend returns to the client via its own routing gateway.
CIP:192.168.1.13
VIP:192.168.1.100
DIR: 192.168.1.2
RS :192.168.1.10、192.168.1.11和192.168.1.12(提供http服务)
CIP: 192.168.1.13
VIP: 192.168.1.100
DIR: 192.168.1.2
RS: 192.168.1.10, 192.168.1.11 and 192.168.1.12 (Providing http services)
整个请求过程示意:
The entire request process suggests that:
这里假设CIP的mac地址为:00-50-56-C0-00-08 ,DIR的Eth0的mac地址为:00-50-56-C0-00-01, RIP1的mac地址为: D0-50-99-18-18-15。CIP在请求之前会发一个arp广播包,即请求“谁是VIP”,由于所有的DIR和RIP都在一个物理网络中,而DIR和RIP都有VIP地址,为了让请求发送到DIR上,所以必须让RIP不能响应CIP发出的arp请求(这也是为什么RIP上要把VIP配置在lo口以及要仰制arp查询和响应)这时客户端就会将请求包发送给DIR,接下来就是DIR的事情了:
This assumes that CIP's mac address is 00-50-56-C0-00-08, DIR's Eth0's mac's address is 00-50-56-C0-00-01, RIP1's mac's address is D0-50-99-18-18-15. CIP sends an arp radio package prior to the request, i.e., who's the VIP? Since all DIR and RIP are in a physical network, and DIR and RIP have a VIP address, and in order for the request to be sent to DIR, RIP must not be able to respond to the RIP's request (which is why the RIP's client will send the request to DIR when it's placed on the lo port and when it's looking and responding to the arp query), which is what the DIR does:
① client向目标vip发出请求,DiR接收。此时IP包头及数据帧头信息如下:
1 client sends a request to target vip, which is received by DiR. The information on the IP bag and the data frame is as follows:
② DIR根据负载均衡算法选择一台active的RS(RIP1),将此RIP1所在网卡的mac地址作为目标mac地址,发送到局域网里。此时IP包头及数据帧头信息如下:
2 DIR selects an active RS (RIP1) based on the load equilibrium algorithm and sends the Mac address of the RIP1 network card as the target mac address to the local area network. The information on the IP bag and the data frame is as follows:
[图片上传中...(image-5b420e-1637652520601-1)]
[photo uploading... (image-5b420e-1637652520601-1]
③RIP1(192.168.1.10)在局域网中收到这个帧,拆开后发现目标IP(VIP)与本地匹配,于是处理这个报文。随后重新封装报文,发送到局域网。此时IP包头及数据帧头信息如下:
3RIP1 (192.168.1.10) receives this frame in the local area network and untangles it and discovers that the target IP (VIP) matches it locally. The message is then repackaged and sent to the local area network. The information on the IP package and the data frame is as follows:
如果client与VS同一网段,那么client(192.168.10.13)将收到这个回复报文。如果跨了网段,那么报文通过gateway/路由器经由Internet返回给用户。在实际情况下,可能只有一个公网,其他都是内网,这时VIP绑定地址应该是公网那个ip,或者利用路由器静态NAT映射将公网与内网vip绑定也行。
If the client shares the same segment as the VS, the reply will be received. If you cross the section, the message returns to the user via the Gateway/ Router via the Internet. In practical terms, there may be only one public network, the rest being the intranet, where the VIP is supposed to be the public one, or where the router's static NAT map binds the public network to the inner web.
LVS负载均衡模式—DR模式特点:
LVS Load Balance Mode - DR Mode Characteristics:
各RIP 必须与 DIP 在同一个网络中(相同的广播域);
RS 的 RIP 可以使用私有地址,也可以使用公网地址,以方便配置;
不支持支持端口映射;
RS可以使用必须为uninx操作系统(OS);且RS需要仰制arp,需要在loopback配置vip;
Director 仅负责处理入站请求,响应报文由 Realserver 直接发往客户端;
Realserver 不能将网关指向 DIP,而直接使用前端网关响应请求报文;
优点:负载均衡器只负责将请求包分发给物理服务器,而物理服务器将应答包直接发给用户。所以,负载均衡器能处理很巨大的请求量,这种方式,一台负载均衡能为 超过100台的物理服务器服务,负载均衡器不再是系统的瓶颈。使用VS-DR方式,如果你的负载均衡器拥有100M的全双工网卡的话,就能使得整个 Virtual Server能达到1G的吞吐量。甚至更高;
RIPs must be available in the same network as DIPs (the same broadcast domain);
RS RIPs can use private addresses or public network addresses for ease of configuration;
do not support port mapping;
RS can use uninx operating systems (OS); RSs need to hold an arp, which needs to be equipped with vip on the loopback;
Director only handles station requests and responds to reports sent directly to clients by Realserver;
Realservers cannot point gateways to DIPs and load equalizers can use the front gateway directly to respond to requests;
Advantages: The load equalizer is responsible only for distributing the request package to the physical server, whereas the physical server should be equipped to the user directly.
Director only handles the large number of requests, in this way, a load equal can be directed to more than 100 physical server services, and the load equaler is no longer a bottle to the system.
不足:但是,这种方式需要所有的DIR和RIP都在同一广播域;不支持异地容灾。
Not enough: however, this approach requires that all DIRs and RIPs are in the same broadcasting area; there is no support for off-site accommodation.
总结:LVS-DR是三种模式中性能最高的一种模式,比LVS-NAT模式下负载的RS serve更多,通常在100台左右,对网络环境要求更高,也是日常应用的最多的一种工作模式。
Summing up: LVS-DR is one of the three models with the highest performance, more than RS service loads carried under the LVS-NAT model, usually around 100, more demanding of the network environment and the most commonly used mode of work.
关于lvs-dr模式下一些疑问:
There are some questions about the lvs-dr model:
1、LVS/DR如何处理请求报文的,会修改IP包内容吗?
1. Would the content of the IP package be modified if LVS/DR dealt with the request?
vs/dr本身不会关心IP层以上的信息,即使是端口号也是tcp/ip协议栈去判断是否正确,vs/dr本身主要做这么几个事:
vs/dr itself does not care about information above the IP level, and even the port number is the tcp/ip agreement counter to determine whether or not it is correct, vs/dr itself does a few things:
①接收client的请求,根据你设定的负载均衡算法选取一台realserver的ip;
②以选取的这个ip对应的mac地址作为目标mac,然后重新将IP包封装成帧转发给这台RS;
③在hash table中记录连接信息。
1 Receives the request of clieent to select a realserver's ip based on the load balance algorithm you set;
2 with the selected pi corresponding mac address as the target Mac, and then reassembles the IP package into frame to this RS;
3 records connection information in hash table.
vs/dr做的事情很少,也很简单,所以它的效率很高,不比硬件负载均衡设备差多少,数据包、数据帧的大致流向是这样的:client –> VS –> RS –> client
Vs/dr does very little and very simple, so it's very efficient, no less than hardware load balancing equipment, and the general flow of data packages and frames is as follows: clit – & gt; VS – & gt; RS – & gt; clit
2、RealServer为什么要在lo接口上配置VIP?在出口网卡上配置VIP可以吗?
2. Why would RealServer configure VIPs on the lo interface? Can you configure VIPs on the export network card?
既然要让RS能够处理目标地址为vip的IP包,首先必须要让RS能接收到这个包。在lo上配置vip能够完成接收包并将结果返回client。不可以将VIP设置在出口网卡上,否则会响应客户端的arp request,造成client/gateway arp table紊乱,以至于整个load balance都不能正常工作。
If RS is to be able to handle the IP package with the target address vip, it must first be able to receive the package. If you are to be able to complete the package and return the results to Client on lo, you cannot place the VIP on the export network card, otherwise it will respond to the client's arp recuest, causing a clit/gateway arptable disorder, so that the whole load barance is not working properly.
3、RealServer为什么要抑制arp帧?
Three. Why would RealServer suppress the arp frame?
我们知道仰制arp帧需要在server上执行以下命令,如下:
We know that the building of the Arp frame requires the following orders to be carried out on the server, as follows:
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
1
2
3
4
因为arp对逻辑口没有意义。实际上起作用的只有以下两条:
& gt;/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" & gt;/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
1
2
3
4
because arp does not actually make sense to logic.
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
1
2
即对所有的物理网卡设置arp仰制。对仰制所有的物理网卡设置arp仰制是为了让CIP发送的请求顺利转交给DIR以及防止整个LVS环境arp表混乱,不然容易导致整个lvs不能工作。
& gt;/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
1
2
for all physical network cards is an arp-backing system for all physical network cards.
4、LVS/DR load balancer(director)与RS为什么要在同一网段中?
4; LVS/DRload baller (director) and RS why are they in the same online segment?
lvs/dr它是在数据链路层来实现的,即RIP必须能够接受到DIR的arp请求,如果不在同一网段则会隔离arp,这样arp请求就不能转发到指定的RIP上,所以director必须和RS在同一网段里面。
Ivs/dr was achieved on the data chain level, i.e. RIP must be able to accept DIR arp requests, which would be isolated if they were not in the same section, so that the arp requests could not be forwarded to the designated RIPs, so that director would have to be in the same section as RS.
5、为什么director上eth0接口除了VIP另外还要配一个ip(即DIP)?
5. Why does the director Eth0 interface have to be accompanied by an ip (i.e. DIP) in addition to VIP?
如果是用了keepalived等工具做HA或者Load Balance,则在健康检查时需要用到DIP。 没有健康检查机制的HA或者Load Balance则没有存在的实际意义。
If you use tools like keepalived for HA or Load Balance, you need to use DIP for a health check.
6、LVS/DR ip_forward需要开启吗?
Does LVS/DR ip_forward need to be turned on?
不需要。因为director跟realserver是同一个网段,无需开启转发。
No need. Because Director and Realserver are the same segments of the network, there is no need to turn them on.
7、director的vip的netmask一定要是255.255.255.255吗?
Does the netmask of seven, director's vip be 255.255.255.255?
lvs/dr里,director的vip的netmask 没必要设置为255.255.255.255,director的vip本来就是要像正常的ip地址一样对外通告的,不要搞得这么特殊。
Ivs/drri, the netmask of director's vip need not be set at 255.255.255.255, and director's vip was intended to be communicated to the public like the normal ip address, so don't be so special.
原文:https://blog.csdn.net/liupeifeng3514/article/details/79038577
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论