版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、负载均衡开源解决方案负载均衡开源解决方案Load Balancing Using Open Source SoftwaresMSN: MAIL: CUID: FinalBSD2/29Layer 4-7Layer4-7Switch软件工作层F54-7NetScaler4-7LVS4HAProxy4-73/29ScheduleBasicallyHardware/GUI/CLI (Configure method)/HA (Config Sync)Load balance relatedvirtual server/node/pool/pool memberMonitorsSorry serverM
2、aintenance ModeLoad balance methodPersistenceSNAT/RNATSNAT/RNATServer ProtectionServer ProtectionACL/Content SwitchACL/Content SwitchGSLBGSLBPerformancePerformance4/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB5/29Hardware/GUI/CLI/HACommercialOpen SourceF5NetScalerL
3、VSHAProxyHardwareGUICLIHA6/29HAProxy Hot Reconfiguration mv /etc/haproxy/config /etc/haproxy/config.old mv /var/run/haproxy.pid /var/run/haproxy.pid.old mv /etc/haproxy/config.new /etc/haproxy/config kill -TTOU $(cat /var/run/haproxy.pid.old) if haproxy -p /var/run/haproxy.pid -f /etc/haproxy/config
4、; then echo New instance successfully loaded, stopping previous one. kill -USR1 $(cat /var/run/haproxy.pid.old) rm -f /var/run/haproxy.pid.old exit 1 else echo New instance failed to start, resuming previous one. kill -TTIN $(cat /var/run/haproxy.pid.old) rm -f /var/run/haproxy.pid mv /var/run/hapro
5、xy.pid.old /var/run/haproxy.pid mv /etc/haproxy/config /etc/haproxy/config.new mv /etc/haproxy/config.old /etc/haproxy/config exit 0 fi保存之前状态停止老的监听成功,清理老的连接和pid失败,恢复老的配置7/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB8/29Conceptsvirtual server:80pool(nam
6、e=cgi_boxes)member(server=:80)member(server=:80)member(server=:80)pool(name=asp_boxes)member(server=:80)member(server=:80)member(server=:80)VIPvirtual server:443pool(name=ssl_boxes)member(server=:443)member(server=10.1
7、.1.2:443)member(server=:443)VIPLoadBalancingIntelligent Traffic Control(look at URL, client IP addr., etc.)Port-basedTraffic DirectionIP Addr.-basedTraffic DirectionIncoming requestMonitorAvailability requirementSNAT/NATPriority-based member activationACTION of servicedownSlow R
8、amp TimePool/pool member statistics9/29MonitorsMonitor类型SimpleECVEAVICMP/GW ICMP/TCP ECHOTCP/HTTP/HTTPS外部程序/FTP下载一个文件到LTM系统上,看是否下载成功/IMAP/LDAP/MSSQL/NNTP/Oracle/POP3/RADIUS/Real Server/SIP/SMTP/SOAP/WMI自定义monitor10/29HAProxy Monitor listen webfarm :80 mode http balance roundrobin cookie S
9、ERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check port 81 inter 2000 server webC 3:80 cookie C check server webD 4:80 cookie D checkhttp:/11/29HAProxy Sorry Serverlisten webfarm
10、 :80 mode http balance roundrobin cookie SERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check port 81 inter 2000 server webC 3:80 cookie C check server webD 4:80 cookie
11、 D check server bkpA 5:80 cookie A check backup server bkpB 6:80 cookie B check backuphttp:/12/29HAProxy Maintenance Modehttp:/Updating.Updating.503 Service UnavailableNo server is available to handle this request. 13/29Load balancing algorithm Round RobinWrr(Ratio(member), Rat
12、io(Node)Dynamic Ratio:根据对服务器性能的观察来动态设置weight,观察点包括连接数、响应时间等。Fastest(node) & Fastest(application): 服务器/应用的最快响应时间LC(Member) & LC(node)Observed(member) & Observed(node)Predictive(member) & Predictive(node)SourceURL HASHURL Param14/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL
13、/CSGSLB15/29PersistenceClientServer AGET /URI1 HTTP/1.1HTTP request (no cookie)TCP handshakeTCP handshakeGET /URI1 HTTP/1.1HTTP request (no cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OKHTTP reply (with inserted cookie)pickserver GET /URI2 HTTP/1.1HTTP request (with same cookie)TCP hand
14、shakeTCP handshakeGET /URI2 HTTP/1.1HTTP request (with same cookie)HTTP/1.1 200 OKHTTP reply (no cookie)HTTP/1.1 200 OKHTTP reply (updated cookie)cookiespecifiesserver First HitSecond HitSet-Cookie: SERVERID=A Cookie: SERVERID=A Cookie persistence 1.1 HTTP Cookie Insert 1.2 HTTP Cookie Rewrite 1.3 H
15、TTP Cookie Passive 1.4 Cookie HashDestination Address affinity persistenceHash persistenceMSRDP persistenceSIP persistence(session Initiation protocol)Souce address affnity persistenceSSL persistenceUniversal persistenceinsertrewriteprefixlisten webfarm :80 mode http balance roundrobin co
16、okie SERVERID insert indirect option httpchk HEAD /index.html HTTP/1.0 server webA 1:80 cookie A check server webB 2:80 cookie B check server webC 3:80 cookie C check server webD 4:80 cookie D check16/29SNAT & RNATExternal vlanInternal vlanVIP:221.238.249.
17、177MAPPED IP: eth0: eth1: SNATRNATbackend private # Connect to the servers using our 00 source address source 00backend transparent_ssl1 # Connect to the SSL farm from the clients source address source 00 usesrc clientip server railsA 192
18、.168.1.11:80 source 01 check server railsB 2:80 minconn 4 maxconn 12 check server railsC 3:80 minconn 4 maxconn 12 check17/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB18/29Server ProtectionAttack (SYN Flood)Connection LimitTimeoutSu
19、rge QueueSlow StartF5Syn ProxyACL/iControl/iRulesNetScalerSyn Cookie/TCP offload/Content Filter/ACLLVSIptables?HAProxyACLlisten appfarm :80 mode http maxconn 10000 option httpclose option abortonclose option forwardfor balance roundrobin server railsA 1:80 minconn 4 maxconn 12
20、check server railsB 2:80 minconn 4 maxconn 12 check server railsC 3:80 minconn 4 maxconn 12 check contimeout 60000weightmaxconn19/29TimeoutTimeout client客户端连接的闲置时间timeout clitimeout同上、已废弃timeout connect服务器端连接的超时时间(尝试连接)timeout contimeout同上、已废弃timeout http-request一个完整的HTTP请求的超时时
21、间(仅针对header,降低DDoS风险,连接堆积危险)timeout queue队列中等待的超时时间,当服务器连接满时,多余的请求会放到服务器或者proxy实例的queue里面。返回503timeout server服务器端连接的闲置时间timeout srvtimeout同上、已废弃timeout tarpit使用reqtarpit后,连接保持打开的时间,超时则关闭Clientproxyserver20/29We are hereBasicallyLB relatedPersistenceSNAT/RNATServer ProtectionACL/CSGSLB21/29HAProxy AC
22、Lreq_lenwait_endreq_ssl_verLayer 4 and belowLayer 4 Contentmethodreq_verpath_*url_*hdr_*Layer 7 ContentHTTP_1.1METH_GETPre-defined ACLsrc/dst src_port/dst_port dst_connnbsrv(backend) acl missing_cl hdr_cnt(Content-length) eq 0 block if HTTP_URL_STAR !METH_OPTIONS | METH_POST missing_cl block if METH
23、_GET HTTP_CONTENT block unless METH_GET or METH_POST or METH_OPTIONSTo select a different backend for requests to static contents on the www siteand to every request on the img, video, download and ftp hosts : acl url_static path_beg /static /images /img /css acl url_static path_end .gif .png .jpg .
24、css .js acl host_www hdr_beg(host) -i www acl host_static hdr_beg(host) -i img. video. download. ftp. # now use backend static for all static-only hosts, and for static urls # of host www. Use backend www for the rest. use_backend static if host_static or host_www url_static use_backend www if host_
25、www22/29Content Switch (UIE/iRule/ACL)frontend public reqisetbe Host: img static # The URI will use a specific keyword soon reqisetbe * /(img|css)/ static reqisetbe * /admin/stats stats default_backend dynamic# The static backend backend for Host: img, /img and /css.backend static backend dynamic ba
26、ckend stats if (http_uri ends_with “.gif”) use pool image_serverselse if (http_uri starts_with “/foo”) use pool foo_serverselse if (http_cookie(“XYZ-Type”) = “direct”) use pool cookie_serverselse if (findstr(http_uri, “?type=”, 6, “&”) = “cgi”) use pool cgi_serverselse use pool web_servers acl url_s
27、tatic path_beg /static /images /img /css acl url_static path_end .gif .png .jpg .css .js acl host_www hdr_beg(host) -i www acl host_static hdr_beg(host) -i img. video. download. ftp. use_backend static if host_static or host_www url_static use_backend www if host_www23/29We are hereBasicallyLB relat
28、edPersistenceSNAT/RNATServer ProtectionACL/CSGSLB24/29GSLB如何实现如何实现CDN和站点容灾?!和站点容灾?!Illustrated25/29PerformanceKeep-AliveCompressionIn-memory CacheServer OffloadTCP Buffering26/29Logging listen proxy-out mode http option httplog option logasap log global server cache1 :3128 # log the name
29、of the virtual server capture request header Host len 20 # log the amount of data uploaded during a POST capture request header Content-Length len 10 # log the beginning of the referrer capture request header Referer len 20 # server name (useful for outgoing proxies only) capture response header Server len 20 # logging the content-length is useful with option logasap capture response header Content-Length len 10 # log the expected cache behaviour on the response capture response header Cache-Control len 827/29HTTP Header Manipulation reqdel reqdenyreqpassreqtarp
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 女性职场权益保障策略共促发展
- 酒店建设项目授权委托书模板
- 小型挖掘机租赁协议
- 矿山隧道钻孔施工协议
- 戏剧学校厨师岗位招聘简章
- 体育赛事二手房直接交易
- 乐器行业节能减排资源管理办法
- 水利工程非招投标采购管理方案
- 宁波环保工程公司租赁合同模板
- 矿山开采备案委托协议
- 植物种群及其基本特征
- 男性早泄的治疗专家讲座
- 药物性肝损伤指南
- 《生物化学》重点讲解及习题(含答案详解)
- 【企业招聘管理研究国内外文献综述】
- 农药生产企业安全生产检查表
- A4横线稿纸模板(课程作业专用纸)
- 住宅楼施工组织设计毕业论文
- 大学生劳动教育(高职版)智慧树知到答案章节测试2023年
- 《等比数列的通项公式》示范课教案【高中数学苏教版教学设计】
- 爱国主义主题班会
评论
0/150
提交评论