Server Cluster and LVS based Cluster

Slides:



Advertisements
Similar presentations
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Advertisements

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)
GLBP GLBP: Gateway Load Balancing Protocol. It is a Cisco proprietary protocol. We can Load Balance between the Gateways. The Load can be distributed among.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Dr. Zahid Anwar. Simplified Architecture of Linux Cluster Simplified Architecture of a Single Computer Simplified architecture of an enterprise cluster.
Module 8: Concepts of a Network Load Balancing Cluster
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Security Awareness: Applying Practical Security in Your World
7/9/2001 Edward Chow Content Switch 1 Clients Content Delivery Network (CDN) Host Server Mind Spring PSINet Sprint UUnet Huge Requests.
1 Improving Web Servers performance Objectives:  Scalable Web server System  Locally distributed architectures  Cluster-based Web systems  Distributed.
TCP Splicing for URL-aware Redirection
CS526 Dr.Chow1 HIGH AVAILABILITY LINUX VIRTUAL SERVER By P. Jaya Sunderam and Ankur Deshmukh.
Scaling Service Requests Linux: ipvsadm & iptoip.
Lesson 1: Configuring Network Load Balancing
Computer Network (MASQ/NAT/PROXY)
Copyright © 2002 Wensong Zhang. Page 1 Free Software Symposium 2002 Linux Virtual Server: Linux Server Clusters for Scalable Network Services Wensong Zhang.
CERN DNS Load Balancing Vladimír Bahyl IT-FIO. 26 November 2007WLCG Service Reliability Workshop2 Outline  Problem description and possible solutions.
10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.
Module 1: Reviewing the Suite of TCP/IP Protocols.
Network Address Translation (NAT) CS-480b Dick Steflik.
Web application architecture
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Common Devices Used In Computer Networks
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
IP Forwarding.
Corporate Firewalls and DMZs By Matt Bertram ISQS 6342 (Spring 2003) Professor John Durrett.
Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.
Clustering and Load Balancing. Outline Introduction Linux Virtual Server Microsoft load balancing solution.
Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.
CS433/533 Computer Networks Lecture 12 Load Balancing Networks 2/16/
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.
Security fundamentals Topic 10 Securing the network perimeter.
Clustering Servers Chapter Seven. Exam Objectives in this Chapter:  Plan services for high availability Plan a high availability solution that uses clustering.
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI network layer CCNA Exploration Semester 1 – Chapter 5.
Linux Virtual Server Jim Lawson VAGUE/University of Vermont /
Security fundamentals
NAT、DHCP、Firewall、FTP、Proxy
Layer 3 Redundancy 1. Hot Standby Router Protocol (HSRP)
Lab A: Planning an Installation
REPLICATION & LOAD BALANCING
Network Address Translation (NAT)
High Availability Linux (HA Linux)
F5 BIGIP V 9 Training.
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Network Address Translation
Planning and Troubleshooting Routing and Switching
Lec 2: Protocols.
VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)
Network Address Translation (NAT)
2TCloud - Veeam Cloud Connect
CHAPTER 3 Architectures for Distributed Systems
BOOTP and DHCP Objectives
Enhance Features and Performance of Content Switches
One Upon A Time Computer Networks
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
TCP/IP Networking An Example
Firewalls Purpose of a Firewall Characteristic of a firewall
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Ch 17 - Binding Protocol Addresses
Networking and Network Protocols (Part2)
Computer Networks ARP and RARP
Network Address Translation (NAT)
STATEL an easy way to transfer data
Presentation transcript:

Server Cluster and LVS based Cluster 2/18/2019 8:01 PM Server Cluster and LVS based Cluster C. Edward Chow ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Outline of the Talk Taxonomy of Locally distributed Web Server Systems Linux-based Virtual Server High Available Cluster 2/18/2019 Server Cluster & LVS

Architecture solutions for scalable Web-server systems (Fig. 1) 2/18/2019 Server Cluster & LVS

Model architecture for a Locally Distributed Web system 2/18/2019 Server Cluster & LVS

Cluster-Based Web System 2/18/2019 Server Cluster & LVS

Virtual Web Cluster Architecture 2/18/2019 Server Cluster & LVS

Distributed Web System 2/18/2019 Server Cluster & LVS

Web Server Cluster Load balancer can run at Application Level — Reverse Proxy Kernel level — Linux Virtual Server Real Server Real Server Load Balancer or Content Switch Real Server Load balancer can distribute requests based on Layer 3-4 info — fixe field/fast hash Layer 3-7 info — var. length/slow parsing Real Server 2/18/2019 Server Cluster & LVS

Comparison of Load Balancers Reverse Proxy runs as application process requires more memory/packet copying. Linux Virtual Server runs in kernel  more efficient Name Type Level Layer Info Reverse Proxy/ Apache/Tomcat/Servlet SW Application 3-7 Linux Virtual Server Kernel 3-4 Linux Content Switch Layer4 Switch (narrow def.) HW Embedded OS Content/Web Switch 2/18/2019 Server Cluster & LVS

Linux Virtual Server (LVS) “Virtual server is a highly scalable and highly available server built on a cluster of real servers. The architecture of the cluster is transparent to end users, and the users see only a single virtual server” with Virtual IP address (VIP). Http://www.linuxvirtualserver.org/ RIP1 Real Server1 RIP2 Real Server2 Internet WAN/ LAN VIP RIP3 CIP Load Balancer/Director Linux Box Real Server3 Client CIP: Client IP Address VIP: Virutal IP Address RIP: Real Server IP Address 2/18/2019 Server Cluster & LVS

LVS-NAT Configuration (Network Address Translation) All return traffic go through DirectorSlow Modify IP addr/port #/Checksum at Director Director and real servers at same LAN No modification needed on real-servers Port remapping: real web server can run on 8080 Real Server1 RIP1 RIP2 Real Server2 Internet VIP Director Switch RIP3 CIP Real Server3 Client 2/18/2019 Server Cluster & LVS

LVS-NAT Configuration Step 2. Director routes Pkt Based on CIP, source port#, VIP and dst port#, director selects one of the real servers Change the dst IP addr or port # of pkt. Real Server1 RIP1 CIP VIP 2. Scheduling/ Rewrite packet CIP RIP1 1. request RIP2 Real Server2 Internet VIP Director Switch RIP3 CIP ipvsadm cmd Real Server3 Client LVS Routing Scheduling Rules 2/18/2019 Server Cluster & LVS

LVS-NAT Configuration Step 3. Real Server Replies Real server retrieves response. All real servers set default gateway to Director; like any other NAT or IP masquerade setup Packet will be sent back to Director. 3. Process Request Real Server1 RIP1 CIP VIP 2. Scheduling/ Rewrite packet CIP RIP1 1. request RIP1 CIP RIP2 Real Server2 Internet VIP Director Switch RIP3 CIP Real Server3 Client 2/18/2019 Server Cluster & LVS

LVS-NAT Configuration Step 4. Director rewrites reply Director changes the dst IP addr. (RIP1) of pkt to VIP Modify port # if needed. Modify the checksum; send back pkt. 3. Process Request Real Server1 RIP1 CIP VIP 2. Scheduling/ Rewrite packet CIP RIP1 1. request RIP1 CIP RIP2 Real Server2 Internet VIP CIP VIP Switch RIP3 CIP Director 4. Rewrite reply Real Server3 Client 2/18/2019 Server Cluster & LVS

LVS-NAT Configuration (Network Address Translation) All return traffic go through DirectorSlow Modify IP addr/port #/Checksum at Director. Director and real servers at same LAN 3. Process Request Real Server1 RIP1 CIP VIP 2. Scheduling/ Rewrite packet CIP RIP1 1. request RIP1 CIP RIP2 Real Server2 Internet VIP CIP VIP Director Switch RIP3 CIP Real Server3 Client 4. Rewrite reply 5. Receive reply 2/18/2019 Server Cluster & LVS

LVS-NAT Setup Commands # make the director forward the masquerading packets echo 1 > /proc/sys/net/ipv4/ip_forward ipchains -A forward -j MASQ -s 172.16.0.0/24 -d 0.0.0.0/0 # Add virtual service and link a scheduler to it ipvsadm -A -t 202.103.106.5:80 -s wlc (Weighted Least-Connection scheduling) ipvsadm -A -t 202.103.106.5:21 -s wrr (Weighted Round Robin scheduling ) #Add real servers and select forwarding method and weight ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.2:80 -m ipvsadm -a -t 202.103.106.5:80 -R 172.16.0.3:8000 -m -w 2 ipvsadm -a -t 202.103.106.5:21 -R 172.16.0.2:21 -m 2/18/2019 Server Cluster & LVS

LVS-Tunnel Configuration (IP Tunneling) Real Servers need to handle IP over IP packets. Real Servers can be geographically separated and return traffic go through different routes. Security implication! Real Server1 RIP1 2. Scheduling/ Put packet in IP Tunnel 3. Process Request IP Tunnel 1. request IP Tunnel RIP2 CIP VIP RIP0 Real Server2 Internet RIP0 RIP2 CIP VIP VIP Load Balancer Linux Box CIP RIP3 IP Tunnel Client Real Server3 4. Receive reply VIP CIP 2/18/2019 Server Cluster & LVS

LVS-Tunnel Setup Commands #The load balancer (LinuxDirector), kernel 2.2.14 echo 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 -i #The real server 1, kernel 2.2.14 echo 1 > /proc/sys/net/ipv4/ip_forward # insert it if it is compiled as module insmod ipip ifconfig tunl0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev tunl0 echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/tunl0/hidden 2/18/2019 Server Cluster & LVS

LVS-DR Configuration (Direct Routing) Real servers need to configure a non-arp alias interface with virtual IP address and that interface must share same physical segment with load balancer. Only Director’s interface replies to VIP ARP request. Director only rewrites server MAC address; IP packet not changed Fast! 2. Scheduling/ Rewrite packet VMAC Real Server1 Director GMAC VMAC CIP VIP RMAC1 1. request RMAC2 Real Server2 Internet VMAC RMAC3 CIP VIP RMAC3 CIP Route/Switch Real Server3 Client GMAC: Gateway MAC address 2/18/2019 Server Cluster & LVS

LVS-DR Configuration Step 3. Process Request Real server returns request. Request goes directly through switch/router; not Director. 2. Scheduling/ Rewrite packet Linux Director VMAC Real Server1 GMAC VMAC CIP VIP RMAC1 1. request RMAC2 Real Server2 Internet VIP CIP VMAC RMAC3 CIP VIP RMAC3 CIP Switch 3. Process Request Real Server3 Client RMAC3 GMAC VIP CIP 4. Receive reply GMAC: Gateway MAC address 2/18/2019 Server Cluster & LVS

LVS-DR Configuration (Direct Routing) Real servers need to configure a non-arp alias interface with virtual IP address and that interface must share same physical segment with load balancer. Load balancer only rewrites server MAC address; IP packet not changed Fast! 2. Scheduling/ Rewrite packet Linux Director VMAC Real Server1 GMAC VMAC CIP VIP RMAC1 1. request RMAC2 Real Server2 Internet VIP CIP VMAC RMAC3 CIP VIP RMAC3 CIP Switch 3. Process Request Real Server3 Client RMAC3 GMAC VIP CIP 4. Receive reply GMAC: Gateway MAC address 2/18/2019 Server Cluster & LVS

LVS-DR Setup Commands #The load balancer (LinuxDirector), kernel 2.2.14 or later echo 1 > /proc/sys/net/ipv4/ip_forward ipvsadm -A -t 172.26.20.110:23 -s wlc ipvsadm -a -t 172.26.20.110:23 -r 172.26.20.112 –g #The real server 1, 172.26.20.112, kernel 2.2.14 or later echo 1 > /proc/sys/net/ipv4/ip_forward ifconfig lo:0 172.26.20.110 netmask 255.255.255.255 broadcast 172.26.20.110 up route add -host 172.26.20.110 dev lo:0 echo 1 > /proc/sys/net/ipv4/conf/all/hidden echo 1 > /proc/sys/net/ipv4/conf/lo/hidden 2/18/2019 Server Cluster & LVS

Persistence Handling in LVS Sticky connections Examples: FTP control (port21), data (port20) For passive FTP, the server tells the clients the port that it listens to, the client initiates the data connection connecting to that port. For the LVS/TUN and the LVS/DR, LinuxDirector is only on the client-to-server half connection, so it is imposssible for LinuxDirector to get the port from the packet that goes to the client directly. SSL Session: port 443 for secure Web servers and port 465 for secure mail server, key for connection must be chosen/exchanged. Persistent port solution: First accesses the service, LinuxDirector create a template between the given client and the selected server, then create an entry for the connection in the hash table. The template expires in a configurable time, and the template won't expire until all its connections expire. The connections for any port from the client will send to the server before the template expires. The timeout of persistent templates can be configured by users, and the default is 300 seconds 2/18/2019 Server Cluster & LVS

High Available Cluster Reduce the downtime of the cluster Metrics: e.g. three 9 reliability 99.9% (MTTF); No loss of connections/requests? (Lost of requests) Typical solution Redundant components; Fault-tolerant; Failover Protection. Sources of failures in LVS cluster: Network Failures/DoS Attacks Provide alternate/multiple paths Director Failures Use Master/Slave directors; heartbeat protocol monitoring; graceful takeover Real Server Failure Monitor Server hardware/Server processes; reconfigure cluster/reroute requests 2/18/2019 Server Cluster & LVS

HA-LVS Configuration HA: High Available Client Real Server1 MON Internet CIP Linux Director Heart Beat Real Server2 1. When Backup Director detects Linux Director failure through heart beat protocol, “graciously negotiate” the take-over of VIP  Provide fault-tolerant MON Real Server3 Backup Director 2. Monitor server processes run on real servers  Route requests to server processes that are alive. Initiate restart/repair 2/18/2019 Server Cluster & LVS

Performance of LVS-based Systems “We ran a very simple LVS-DR arrangement with one PII-400 (2.2.14 kernel)directing about 20,000 HTTP requests/second to a bank of about 20 Web servers answering with tiny identical dummy responses for a few minutes. Worked just fine.” Jerry Glomph Black, Director, Internet & Technical Operations, RealNetworks “I had basically (1024) four class-Cs of virtual servers which were loadbalanced through a LinuxDirector (two, actually -- I used redundant directors) onto four real servers which each had the four different class-Cs aliased on them.” "Ted Pavlic" <tpavlic@netwalk.com> 2/18/2019 Server Cluster & LVS

LVS Usage Survey 2/15/2001 Lorn Key # of Cluster 20 1 2 Directors Per Cluster Total Real Servers 170 12 4 15 6 Routing Methods DR/NAT DR NAT Schedule Methods RR/WLC WRR LC WLC Types of Real Servers RH6.2 Linux Win Linux Linux Solaris RH Service Offered WWW WWW/other WWW DB WWW SMTP File System Replication rsync Coda NFS Custom rsync custom Monitoring Software Heartbeat ldirectord Nanny/ Pulse Heartbeat Mon Nanny Pulse Clusters 2/18/2019 Server Cluster & LVS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.