*****************************************************************************************************************************
LVS-DR工作原理详解
为了阐述方便,我根据官方原理图另外制作了一幅图,如下图所示:VS/DR的体系结构:
我将结合这幅原理图及具体的实例来讲解一下LVS-DR的原理,包括数据包、数据帧的走向和转换过程。
官方的原理说明:Director接收用户的请求,然后根据负载均衡算法选取一台realserver,将包转发过去,最后由realserver直接回复给用户。
实例场景设备清单:
说明:我这里为了方便,client是与vip同一网段的机器。如果是外部的用户访问,将client替换成gateway即可,因为IP包头是不变的,变的只是源mac地址。
① client向目标vip发出请求,Director接收。此时IP包头及数据帧头信息如下:
② VS根据负载均衡算法选择一台active的realserver(假设是192.168.57.122),将此RIP所在网卡的mac地址作为目标mac地址,发送到局域网里。此时IP包头及数据帧头信息如下:
③ realserver(192.168.57.122)在局域网中收到这个帧,拆开后发现目标IP(VIP)与本地匹配,于是处理这个报文。随后重新封装报文,发送到局域网。此时IP包头及数据帧头信息如下:
④ 如果client与VS同一网段,那么client(192.168.57.135)将收到这个回复报文。如果跨了网段,那么报文通过gateway/路由器经由Internet返回给用户。
******************************************************************************************************************************
TUN:
集群节点可以跨越Internet; RIP必须是公网地址;
director仅负责处理入站请求,响应报文则由realserver直接发往客户端; realserver网关不能指向director;
只有支持隧道功能的OS才能用于realserver; 不支持端口映射;
? ? ? ?
? ?
The cluster nodes do not need to be on the same physical network segment as the
Director.
The RIP addresses must not be private IP addresses.
The Director can normally only intercept inbound communication between the client and
the cluster nodes.
The return packets from the real server to the client must not go through the Director.
(The default gateway can't be the DIP; it must be a router or another machine separate from the Director.)
The Director cannot remap network port numbers.
Only operating systems that support the IP tunneling protocol can be servers inside the
cluster.
session affility
四种静态: rr: wrr: dh: sh:
Destination hashing
This method always sends requests for the same IP address to the same server in the cluster.
Like the locality-based least-connection (LBLC) scheduling method, this method is useful when the servers inside the cluster are really cache or proxy servers. Source hashing
Can be used when the Director needs to be sure the reply packets are sent back to the same router or firewall that the requests came from.
This scheduling method is normally only used when the
Director has more than one physical network connection, so that the Director knows which firewall or router to send the reply packet back through to reach the proper client computer.
动态调度方法: lc: 最少连接
active*256+inactive 谁的小,挑谁
wlc: 加权最少连接
(active*256+inactive)/weight sed: 最短期望延迟
(active+1)*256/weight nq: never queue
LBLC: 基于本地的最少连接 DH:
LBLCR: 基于本地的带复制功能的最少连接
LVS: ipvsadm/ipvs INPUT: -->POSTRUTING ipvsadm: 管理服务: -A -E -D
管理RS: -a -e