负载均衡开源解决方案.ppt

Layer4 7 Layer4 7Switch Schedule BasicallyHardware GUI CLI Configuremethod HA ConfigSync Loadbalancerelatedvirtualserver node pool poolmemberMonitorsSorryserverMaintenanceModeLoadbalancemethodPersistenceSNAT RNATServerProtectionACL ContentSwitchGSLBPerformance Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB Hardware GUI CLI HA HAProxyHotReconfiguration mv etc haproxy config etc haproxy config oldmv var run haproxy pid var run haproxy pid oldmv etc haproxy config new etc haproxy configkill TTOU cat var run haproxy pid old ifhaproxy p var run haproxy pid f etc haproxy config thenecho Newinstancesuccessfullyloaded stoppingpreviousone kill USR1 cat var run haproxy pid old rm f var run haproxy pid oldexit1elseecho Newinstancefailedtostart resumingpreviousone kill TTIN cat var run haproxy pid old rm f var run haproxy pidmv var run haproxy pid old var run haproxy pidmv etc haproxy config etc haproxy config newmv etc haproxy config old etc haproxy configexit0fi 保存之前状态 停止老的监听 成功 清理老的连接和pid 失败 恢复老的配置 Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB Concepts virtualserver192 168 101 1 80 pool name cgi boxes member server 10 1 1 3 80 member server 10 1 1 2 80 member server 10 1 1 1 80 pool name asp boxes member server 10 1 1 6 80 member server 10 1 1 5 80 member server 10 1 1 4 80 VIP192 168 101 1 virtualserver192 168 101 1 443 pool name ssl boxes member server 10 1 1 6 443 member server 10 1 1 2 443 member server 10 1 1 1 443 VIP192 168 101 2 LoadBalancing IntelligentTrafficControl lookatURL clientIPaddr etc Port basedTrafficDirection IPAddr basedTrafficDirection Incomingrequest MonitorAvailabilityrequirementSNAT NATPriority basedmemberactivationACTIONofservicedownSlowRampTimePool poolmemberstatistics Monitors Monitor类型 自定义monitor HAProxyMonitor listenwebfarm192 168 1 1 80modehttpbalanceroundrobincookieSERVERIDinsertindirectoptionhttpchkHEAD index htmlHTTP 1 0serverwebA192 168 1 11 80cookieAcheckserverwebB192 168 1 12 80cookieBcheckport81inter2000serverwebC192 168 1 13 80cookieCcheckserverwebD192 168 1 14 80cookieDcheck HAProxySorryServer listenwebfarm192 168 1 1 80modehttpbalanceroundrobincookieSERVERIDinsertindirectoptionhttpchkHEAD index htmlHTTP 1 0serverwebA192 168 1 11 80cookieAcheckserverwebB192 168 1 12 80cookieBcheckport81inter2000serverwebC192 168 1 13 80cookieCcheckserverwebD192 168 1 14 80cookieDcheckserverbkpA192 168 1 15 80cookieAcheckbackupserverbkpB192 168 1 16 80cookieBcheckbackup HAProxyMaintenanceMode Updating 503ServiceUnavailableNoserverisavailabletohandlethisrequest Loadbalancingalgorithm RoundRobinWrr Ratio member Ratio Node DynamicRatio 根据对服务器性能的观察来动态设置weight 观察点包括连接数 响应时间等 Fastest node Fastest application 服务器 应用的最快响应时间LC Member LC node Observed member Observed node Predictive member Predictive node SourceURLHASHURLParam Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB Persistence Client ServerA pickserver cookiespecifiesserver Set Cookie SERVERID A Cookie SERVERID A Cookiepersistence1 1HTTPCookieInsert1 2HTTPCookieRewrite1 3HTTPCookiePassive1 4CookieHashDestinationAddressaffinitypersistenceHashpersistenceMSRDPpersistenceSIPpersistence sessionInitiationprotocol SouceaddressaffnitypersistenceSSLpersistenceUniversalpersistence insertrewriteprefix listenwebfarm192 168 1 1 80modehttpbalanceroundrobincookieSERVERIDinsertindirectoptionhttpchkHEAD index htmlHTTP 1 0serverwebA192 168 1 11 80cookieAcheckserverwebB192 168 1 12 80cookieBcheckserverwebC192 168 1 13 80cookieCcheckserverwebD192 168 1 14 80cookieDcheck SNAT RNAT Externalvlan Internalvlan VIP 221 238 249 177 MAPPEDIP 10 10 1 1 eth0 10 10 1 2 eth1 192 168 1 2 SNAT RNAT backendprivate Connecttotheserversusingour192 168 1 200sourceaddresssource192 168 1 200backendtransparent ssl1 ConnecttotheSSLfarmfromtheclient ssourceaddresssource192 168 1 200usesrcclientipserverrailsA192 168 1 11 80source192 168 1 201checkserverrailsB192 168 1 12 80minconn4maxconn12checkserverrailsC192 168 1 13 80minconn4maxconn12check Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB ServerProtection Attack SYNFlood ConnectionLimitTimeoutSurgeQueueSlowStart listenappfarm192 168 1 1 80modehttpmaxconn10000optionhttpcloseoptionabortoncloseoptionforwardforbalanceroundrobinserverrailsA192 168 1 11 80minconn4maxconn12checkserverrailsB192 168 1 12 80minconn4maxconn12checkserverrailsC192 168 1 13 80minconn4maxconn12checkcontimeout60000 weight maxconn Timeout Client proxy server Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB HAProxyACL req lenwait endreq ssl ver Layer4andbelow Layer4Content methodreq verpath url hdr Layer7Content HTTP 1 1METH GET Pre definedACL src dstsrc port dst portdst connnbsrv backend aclmissing clhdr cnt Content length eq0blockifHTTP URL STAR METH OPTIONS METH POSTmissing clblockifMETH GETHTTP CONTENTblockunlessMETH GETorMETH POSTorMETH OPTIONS Toselectadifferentbackendforrequeststostaticcontentsonthe www siteandtoeveryrequestonthe img video download and ftp hosts aclurl staticpath beg static images img cssaclurl staticpath end gif png jpg css jsaclhost wwwhdr beg host iwwwaclhost statichdr beg host iimg video download ftp nowusebackend static forallstatic onlyhosts andforstaticurls ofhost www Usebackend www fortherest use backendstaticifhost staticorhost wwwurl staticuse backendwwwifhost www ContentSwitch UIE iRule ACL frontendpublicreqisetbe Host imgstatic TheURIwilluseaspecifickeywordsoonreqisetbe img css staticreqisetbe admin statsstatsdefault backenddynamic Thestaticbackendbackendfor Host img imgand css backendstatic backenddynamic backendstats if http uriends with gif usepoolimage servers elseif http uristarts with foo usepoolfoo servers elseif http cookie XYZ Type direct usepoolcookie servers elseif findstr http uri type 6 cgi usepoolcgi servers else usepoolweb servers aclurl staticpath beg static images img cssaclurl staticpath end gif png jpg css jsaclhost wwwhdr beg host iwwwaclhost statichdr beg host iimg video download ftp use backendstaticifhost staticorhost wwwurl staticuse backendwwwifhost www Wearehere Basically LBrelated Persistence SNAT RNAT ServerProtection ACL CS GSLB GSLB 如何实现CDN和站点容灾 Illustrated Performance Keep AliveCompressionIn memoryCacheServerOffloadTCPBuffering Logging listenproxy outmodehttpoptionhttplogoptionlogasaplogglobalservercache1192 168 1 1 3128 logthenameofthevirtualservercapturerequestheaderHostlen20 logtheamountofdatauploadedduringaPOSTcapturerequestheaderContent Lengthlen10 logthebeginningofthereferrercapturerequestheaderRefererlen20 servername usefulforoutgoingproxiesonly captureresponseheaderServerlen20 loggingthecontent lengthisusefulwith optionlogasap captureresponseheaderContent Lengthlen10 logtheexpectedcachebehaviourontheresponsecaptureresponseheaderCache Controllen8 HTTPHeaderManipulation reqdelreqdenyreqpassreqtarpitreqsetbereqisetbereqirepreqidelreqidenyreqipassreqiallowreqitarpitreqaddrsp removeX