loadbalancing负载均衡开源解决方案

1、Layer4-7Layer4-7Switch软件工作层F54-7NetScaler4-7LVS4HAProxy4-7ScheduleBasicallyHardware/GUI/CLI (Configuremethod)/HA(Config Sync)Load balancerelatedvirtual server/node/pool/poolmemberMonitorsSorryserverMaintenanceModeLoad balancemethodPersistenceSNAT/RNATServerProtectionACL/ContentSwitchGSLBPerformanceW

2、earehereBasicallyLBrelatedPersistenceSNAT/RNATServerProtectionACL/CSGSLBHardware/GUI/CLI/HACommercialOpen SourceF5NetScalerLVSHAProxyHardwareGUICLIHAHAProxy HotReconfigurationmv/etc/haproxy/config /etc/haproxy/config.oldmv/var/run/haproxy.pid/var/run/haproxy.pid.oldmv/etc/haproxy/config.new/etc/hapr

3、oxy/configkill -TTOU $(cat /var/run/haproxy.pid.old)ifhaproxy -p /var/run/haproxy.pid -f /etc/haproxy/config; thenecho Newinstancesuccessfully loaded,stoppingpreviousone.kill -USR1 $(cat /var/run/haproxy.pid.old)rm-f/var/run/haproxy.pid.oldexit 1elseecho Newinstancefailed to start,resumingpreviouson

4、e.kill -TTIN $(cat /var/run/haproxy.pid.old)rm-f/var/run/haproxy.pidmv/var/run/haproxy.pid.old/var/run/haproxy.pidmv/etc/haproxy/config /etc/haproxy/config.newmv/etc/haproxy/config.old/etc/haproxy/configexit 0fi保存之前前状态停止老的的监听成功，清清理老的的连接和和pid失败，恢恢复老的的配置WearehereBasicallyLBrelatedPersistenceSNAT/RNATS

5、erverProtectionACL/CSGSLBConceptsvirtual server:80pool(name=cgi_boxes)member(server=:80)member(server=:80)member(server=:80)pool(name=asp_boxes)member(server=:80)member(server=:80)member(server=:80)VIPvirtual server192.168.101

6、.1:443pool(name=ssl_boxes)member(server=:443)member(server=:443)member(server=:443)VIPLoadBalancingIntelligentTraffic Control(lookatURL, clientIPaddr.,etc.)Port-basedTraffic DirectionIPAddr.-basedTraffic DirectionIncomingrequestMonitorAvailabilityrequirementSNAT/

7、NATPriority-basedmemberactivationACTIONofservicedownSlow RampTimePool/poolmemberstatisticsMonitorsMonitor类型SimpleECVEAVICMP/GW ICMP/TCP ECHOTCP/HTTP/HTTPS外部程序/FTP下载一个文件到LTM系统上，看是否下载成功/IMAP/LDAP/MSSQL/NNTP/Oracle/POP3/RADIUS/Real Server/SIP/SMTP/SOAP/WMI自定义monitorHAProxy Monitorlistenwebfarm192.168.1

8、.1:80mode httpbalance roundrobincookieSERVERIDinsert indirectoptionhttpchkHEAD /index.html HTTP/1.0serverwebA1:80cookie AcheckserverwebB2:80cookie Bcheckport 81 inter 2000serverwebC3:80cookie CcheckserverwebD4:80cookie DcheckHAProxy Sorry Serverlistenwebfa

9、rm:80mode httpbalance roundrobincookieSERVERIDinsert indirectoptionhttpchkHEAD /index.html HTTP/1.0serverwebA1:80cookie AcheckserverwebB2:80cookie Bcheckport81inter2000serverwebC3:80cookie CcheckserverwebD4:80cookie DcheckserverbkpA5:80 cookieA

10、checkbackupserverbkpB6:80 cookieB checkbackupHAProxy Maintenance ModeUpdating.503ServiceUnavailableNoserverisavailable to handlethis request.Load balancingalgorithmRoundRobinWrr(Ratio(member),Ratio(Node)Dynamic Ratio：根据对对服务器器性能的的观察来来动态设设置weight，观察点点包括连连接数、响应时时间等。Fastest(node) &Fastest(application):服

11、务器/应用的最最快响应应时间LC(Member)& LC(node)Observed(member) &Observed(node)Predictive(member)&Predictive(node)SourceURLHASHURLParamWearehereBasicallyLBrelatedPersistenceSNAT/RNATServerProtectionACL/CSGSLBPersistenceClientServerAGET /URI1 HTTP/1.1HTTP request (no cookie)TCP handshakeTCP handshakeGET /URI1 HTT

12、P/1.1HTTP request (no cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OKHTTP reply (with inserted cookie)pickserverGET /URI2 HTTP/1.1HTTP request (with same cookie)TCP handshakeTCP handshakeGET /URI2 HTTP/1.1HTTP request (with same cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OK

13、HTTP reply (updated cookie)cookiespecifiesserverFirst HitSecond HitSet-Cookie:SERVERID=ACookie: SERVERID=ACookiepersistence1.1HTTPCookieInsert1.2HTTPCookieRewrite1.3HTTPCookiePassive1.4Cookie HashDestinationAddress affinity persistenceHash persistenceMSRDPpersistenceSIPpersistence(sessionInitiation

14、protocol)Souceaddress affnitypersistenceSSLpersistenceUniversalpersistenceinsertrewriteprefixlistenwebfarm:80mode httpbalance roundrobincookieSERVERIDinsert indirectoptionhttpchkHEAD /index.html HTTP/1.0serverwebA1:80cookieAcheckserverwebB2:80cookieBcheckserverwebC19

15、3:80cookieCcheckserverwebD4:80cookieDcheckSNAT &RNATExternalvlanInternalvlanVIP:77MAPPEDIP: eth0:eth1:SNATRNATbackend private# Connecttothe serversusingour 00source addresssource00backend transparent_ssl1# Connecttothe SSLfarm fromthe c

16、lients sourceaddresssource00usesrcclientipserverrailsA 1:80source01checkserverrailsB 2:80minconn 4maxconn12checkserverrailsC 3:80minconn 4maxconn12checkWearehereBasicallyLBrelatedPersistenceSNAT/RNATServerProtectionACL/CSGSLBServerProtectionAttack(SYNFlood)Connection

17、 LimitTimeoutSurgeQueueSlow StartF5Syn ProxyACL/iControl/iRulesNetScalerSyn Cookie/TCP offload/Content Filter/ACLLVSIptables?HAProxyACLlistenappfarm:80mode httpmaxconn 10000optionhttpcloseoptionabortoncloseoptionforwardforbalance roundrobinserverrailsA 1:80minconn 4maxconn12che

18、ckserverrailsB 2:80minconn 4maxconn12checkserverrailsC 3:80minconn 4maxconn12checkcontimeout 60000weightmaxconnTimeoutTimeout client客户端连接的闲置时间timeout clitimeout同上、已废弃timeout connect服务器端连接的超时时间(尝试连接)timeout contimeout同上、已废弃timeout http-request一个完整的HTTP请求的超时时间(仅针对header，降低DDoS风险，

19、连接堆积危险)timeout queue队列中等待的超时时间，当服务器连接满时，多余的请求会放到服务器或者proxy实例的queue里面。返回503timeout server服务器端连接的闲置时间timeout srvtimeout同上、已废弃timeout tarpit使用reqtarpit后，连接保持打开的时间，超时则关闭ClientproxyserverWearehereBasicallyLBrelatedPersistenceSNAT/RNATServerProtectionACL/CSGSLBHAProxy ACLreq_lenwait_endreq_ssl_verLayer4 a

20、ndbelowLayer4 Contentmethodreq_verpath_*url_*hdr_*Layer7 ContentHTTP_1.1METH_GETPre-definedACLsrc/dstsrc_port/dst_portdst_connnbsrv(backend)aclmissing_clhdr_cnt(Content-length)eq0blockifHTTP_URL_STAR !METH_OPTIONS|METH_POST missing_clblockifMETH_GETHTTP_CONTENTblockunlessMETH_GETorMETH_POST or METH_

21、OPTIONSContent Switch(UIE/iRule/ACL)frontendpublicreqisetbeHost:imgstatic# TheURIwilluseaspecifickeyword soonreqisetbe*/(img|css)/staticreqisetbe*/admin/statsstatsdefault_backenddynamic# Thestaticbackendbackend forHost:img,/imgand/css.backend staticbackend dynamicbackend statsif(http_uriends_with“.g

22、if”) usepoolimage_serverselse if (http_uristarts_with“/foo”) usepoolfoo_serverselse if (http_cookie(“XYZ-Type”)=“direct”)usepoolcookie_serverselse if (findstr(http_uri,“?type=”,6,“&”)=“cgi”)usepoolcgi_serverselse usepoolweb_serversWearehereBasicallyLBrelatedPersistenceSNAT/RNATServerProtectionACL/CS

23、GSLBGSLB如何实现现CDN和站点容容灾？！IllustratedPerformanceKeep-AliveCompressionIn-memoryCacheServerOffloadTCPBufferingLogginglistenproxy-outmode httpoptionhttplogoptionlogasaplogglobalservercache1 :3128# logthenameofthevirtualservercapture requestheaderHost len20# logtheamount of datauploadedduring a

24、POSTcapture requestheaderContent-Lengthlen10# logthebeginning of thereferrercapture requestheaderReferer len20# servername (usefulfor outgoing proxiesonly)capture response headerServerlen 20# loggingthe content-length is usefulwith optionlogasapcapture response headerContent-Lengthlen10# logtheexpectedcachebehaviour