负载均衡开源解决方案_第1页
负载均衡开源解决方案_第2页
负载均衡开源解决方案_第3页
负载均衡开源解决方案_第4页
负载均衡开源解决方案_第5页
已阅读5页,还剩24页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、负载均衡开源解决方案负载均衡开源解决方案Load Balancing Using Open Source SoftwaresMSN: MAIL: CUID: FinalBSD2/29Layer 4-7Layer4-7Switch软件工作层F54-7NetScaler4-7LVS4HAProxy4-73/29ScheduleBasicallyHardware/GUI/CLI (Configure method)/HA (Config Sync)Load balance relatedvirtual server/node/pool/pool memberMonitorsSorry serverM

2、aintenance ModeLoad balance methodPersistenceSNAT/RNATSNAT/RNATServer ProtectionServer ProtectionACL/Content SwitchACL/Content SwitchGSLBGSLBPerformancePerformance4/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB5/29Hardware/GUI/CLI/HACommercialOpen SourceF5NetScalerL

3、VSHAProxyHardwareGUICLIHA6/29HAProxy Hot Reconfiguration mv /etc/haproxy/config /etc/haproxy/config.old mv /var/run/haproxy.pid /var/run/haproxy.pid.old mv /etc/haproxy/config.new /etc/haproxy/config kill -TTOU $(cat /var/run/haproxy.pid.old) if haproxy -p /var/run/haproxy.pid -f /etc/haproxy/config

4、; then echo New instance successfully loaded, stopping previous one. kill -USR1 $(cat /var/run/haproxy.pid.old) rm -f /var/run/haproxy.pid.old exit 1 else echo New instance failed to start, resuming previous one. kill -TTIN $(cat /var/run/haproxy.pid.old) rm -f /var/run/haproxy.pid mv /var/run/hapro

5、xy.pid.old /var/run/haproxy.pid mv /etc/haproxy/config /etc/haproxy/config.new mv /etc/haproxy/config.old /etc/haproxy/config exit 0 fi保存之前状态停止老的监听成功,清理老的连接和pid失败,恢复老的配置7/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB8/29Conceptsvirtual server:80pool(nam

6、e=cgi_boxes)member(server=:80)member(server=:80)member(server=:80)pool(name=asp_boxes)member(server=:80)member(server=:80)member(server=:80)VIPvirtual server:443pool(name=ssl_boxes)member(server=:443)member(server=10.1

7、.1.2:443)member(server=:443)VIPLoadBalancingIntelligent Traffic Control(look at URL, client IP addr., etc.)Port-basedTraffic DirectionIP Addr.-basedTraffic DirectionIncoming requestMonitorAvailability requirementSNAT/NATPriority-based member activationACTION of servicedownSlow R

8、amp TimePool/pool member statistics9/29MonitorsMonitor类型SimpleECVEAVICMP/GW ICMP/TCP ECHOTCP/HTTP/HTTPS外部程序/FTP下载一个文件到LTM系统上,看是否下载成功/IMAP/LDAP/MSSQL/NNTP/Oracle/POP3/RADIUS/Real Server/SIP/SMTP/SOAP/WMI自定义monitor10/29HAProxy Monitor listen webfarm :80 mode http balance roundrobin cookie S

9、ERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check port 81 inter 2000 server webC 3:80 cookie C check server webD 4:80 cookie D checkhttp:/11/29HAProxy Sorry Serverlisten webfarm

10、 :80 mode http balance roundrobin cookie SERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check port 81 inter 2000 server webC 3:80 cookie C check server webD 4:80 cookie

11、 D check server bkpA 5:80 cookie A check backup server bkpB 6:80 cookie B check backuphttp:/12/29HAProxy Maintenance Modehttp:/Updating.Updating.503 Service UnavailableNo server is available to handle this request. 13/29Load balancing algorithm Round RobinWrr(Ratio(member), Rat

12、io(Node)Dynamic Ratio:根据对服务器性能的观察来动态设置weight,观察点包括连接数、响应时间等。Fastest(node) & Fastest(application): 服务器/应用的最快响应时间LC(Member) & LC(node)Observed(member) & Observed(node)Predictive(member) & Predictive(node)SourceURL HASHURL Param14/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL

13、/CSGSLB15/29PersistenceClientServer AGET /URI1 HTTP/1.1HTTP request (no cookie)TCP handshakeTCP handshakeGET /URI1 HTTP/1.1HTTP request (no cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OKHTTP reply (with inserted cookie)pickserver GET /URI2 HTTP/1.1HTTP request (with same cookie)TCP hand

14、shakeTCP handshakeGET /URI2 HTTP/1.1HTTP request (with same cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OKHTTP reply (updated cookie)cookiespecifiesserver First HitSecond HitSet-Cookie: SERVERID=A Cookie: SERVERID=A Cookie persistence 1.1 HTTP Cookie Insert 1.2 HTTP Cookie Rewrite 1.3 H

15、TTP Cookie Passive 1.4 Cookie HashDestination Address affinity persistenceHash persistenceMSRDP persistenceSIP persistence(session Initiation protocol)Souce address affnity persistenceSSL persistenceUniversal persistenceinsertrewriteprefixlisten webfarm :80 mode http balance roundrobin co

16、okie SERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check server webC 3:80 cookie C check server webD 4:80 cookie D check16/29SNAT & RNATExternal vlanInternal vlanVIP:221.238.249.

17、177MAPPED IP: eth0: eth1: SNATRNATbackend private # Connect to the servers using our 00 source address source 00backend transparent_ssl1 # Connect to the SSL farm from the clients source address source 00 usesrc clientip server railsA 192

18、.168.1.11:80 source 01 check server railsB 2:80 minconn 4 maxconn 12 check server railsC 3:80 minconn 4 maxconn 12 check17/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB18/29Server ProtectionAttack (SYN Flood)Connection LimitTimeoutSu

19、rge QueueSlow StartF5Syn ProxyACL/iControl/iRulesNetScalerSyn Cookie/TCP offload/Content Filter/ACLLVSIptables?HAProxyACLlisten appfarm :80 mode http maxconn 10000 option httpclose option abortonclose option forwardfor balance roundrobin server railsA 1:80 minconn 4 maxconn 12

20、check server railsB 2:80 minconn 4 maxconn 12 check server railsC 3:80 minconn 4 maxconn 12 check contimeout 60000weightmaxconn19/29TimeoutTimeout client客户端连接的闲置时间timeout clitimeout同上、已废弃timeout connect服务器端连接的超时时间(尝试连接)timeout contimeout同上、已废弃timeout http-request一个完整的HTTP请求的超时时

21、间(仅针对header,降低DDoS风险,连接堆积危险)timeout queue队列中等待的超时时间,当服务器连接满时,多余的请求会放到服务器或者proxy实例的queue里面。返回503timeout server服务器端连接的闲置时间timeout srvtimeout同上、已废弃timeout tarpit使用reqtarpit后,连接保持打开的时间,超时则关闭Clientproxyserver20/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB21/29HAProxy AC

22、Lreq_lenwait_endreq_ssl_verLayer 4 and belowLayer 4 Contentmethodreq_verpath_*url_*hdr_*Layer 7 ContentHTTP_1.1METH_GETPre-defined ACLsrc/dst src_port/dst_port dst_connnbsrv(backend) acl missing_cl hdr_cnt(Content-length) eq 0 block if HTTP_URL_STAR !METH_OPTIONS | METH_POST missing_cl block if METH

23、_GET HTTP_CONTENT block unless METH_GET or METH_POST or METH_OPTIONSTo select a different backend for requests to static contents on the www siteand to every request on the img, video, download and ftp hosts : acl url_static path_beg /static /images /img /css acl url_static path_end .gif .png .jpg .

24、css .js acl host_www hdr_beg(host) -i www acl host_static hdr_beg(host) -i img. video. download. ftp. # now use backend static for all static-only hosts, and for static urls # of host www. Use backend www for the rest. use_backend static if host_static or host_www url_static use_backend www if host_

25、www22/29Content Switch (UIE/iRule/ACL)frontend public reqisetbe Host: img static # The URI will use a specific keyword soon reqisetbe * /(img|css)/ static reqisetbe * /admin/stats stats default_backend dynamic# The static backend backend for Host: img, /img and /css.backend static backend dynamic ba

26、ckend stats if (http_uri ends_with “.gif”) use pool image_serverselse if (http_uri starts_with “/foo”) use pool foo_serverselse if (http_cookie(“XYZ-Type”) = “direct”) use pool cookie_serverselse if (findstr(http_uri, “?type=”, 6, “&”) = “cgi”) use pool cgi_serverselse use pool web_servers acl url_s

27、tatic path_beg /static /images /img /css acl url_static path_end .gif .png .jpg .css .js acl host_www hdr_beg(host) -i www acl host_static hdr_beg(host) -i img. video. download. ftp. use_backend static if host_static or host_www url_static use_backend www if host_www23/29We are hereBasicallyLB relat

28、edPersistenceSNAT/RNATServer ProtectionACL/CSGSLB24/29GSLB如何实现如何实现CDN和站点容灾?!和站点容灾?!Illustrated25/29PerformanceKeep-AliveCompressionIn-memory CacheServer OffloadTCP Buffering26/29Logging listen proxy-out mode http option httplog option logasap log global server cache1 :3128 # log the name

29、of the virtual server capture request header Host len 20 # log the amount of data uploaded during a POST capture request header Content-Length len 10 # log the beginning of the referrer capture request header Referer len 20 # server name (useful for outgoing proxies only) capture response header Server len 20 # logging the content-length is useful with option logasap capture response header Content-Length len 10 # log the expected cache behaviour on the response capture response header Cache-Control len 827/29HTTP Header Manipulation reqdel reqdenyreqpassreqtarp

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

评论

0/150

提交评论