负载均衡开源解决方案.ppt

1、Layer 4-7,Layer4-7 Switch,Schedule,Basically Hardware/GUI/CLI (Configure method)/HA (Config Sync) Load balance related virtual server/node/pool/pool member Monitors Sorry server Maintenance Mode Load balance method Persistence SNAT/RNAT Server Protection ACL/Content Switch GSLB Performance,We are he

2、re,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Hardware/GUI/CLI/HA,HAProxy Hot Reconfiguration,mv /etc/haproxy/config /etc/haproxy/config.oldmv /var/run/haproxy.pid /var/run/haproxy.pid.oldmv /etc/haproxy/config.new /etc/haproxy/configkill -TTOU $(cat /var/run/haproxy.pi

3、d.old)if haproxy -p /var/run/haproxy.pid -f /etc/haproxy/config; thenecho “New instance successfully loaded, stopping previous one.“kill -USR1 $(cat /var/run/haproxy.pid.old)rm -f /var/run/haproxy.pid.oldexit 1elseecho “New instance failed to start, resuming previous one.“kill -TTIN $(cat /var/run/h

4、aproxy.pid.old)rm -f /var/run/haproxy.pidmv /var/run/haproxy.pid.old /var/run/haproxy.pidmv /etc/haproxy/config /etc/haproxy/config.newmv /etc/haproxy/config.old /etc/haproxy/configexit 0fi,保存之前状态,停止老的监听,成功，清理老的连接和pid,失败，恢复老的配置,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection

5、,ACL/CS,GSLB,Concepts,virtual server 192.168.101.1:80,pool (name= cgi_boxes),member (server= 10.1.1.3:80),member (server= 10.1.1.2:80),member (server= 10.1.1.1:80),pool (name= asp_boxes),member (server= 10.1.1.6:80),member (server= 10.1.1.5:80),member (server= 10.1.1.4:80),VIP 192.168.101.1,virtual

6、server 192.168.101.1:443,pool (name= ssl_boxes),member (server= 10.1.1.6:443),member (server= 10.1.1.2:443),member (server= 10.1.1.1:443),VIP 192.168.101.2,Load Balancing,Intelligent Traffic Control (look at URL, client IP addr., etc.),Port-based Traffic Direction,IP Addr.-based Traffic Direction,In

7、coming request,Monitor Availability requirement SNAT/NAT Priority-based member activation ACTION of service down Slow Ramp Time Pool/pool member statistics,Monitors,Monitor类型,自定义monitor,HAProxy Monitor,listen webfarm 192.168.1.1:80mode httpbalance roundrobincookie SERVERID insert indirectoption http

8、chk HEAD /index.html HTTP/1.0server webA 192.168.1.11:80 cookie A checkserver webB 192.168.1.12:80 cookie B check port 81 inter 2000server webC 192.168.1.13:80 cookie C checkserver webD 192.168.1.14:80 cookie D check,http:/,HAProxy Sorry Server,listen webfarm 192.168.1.1:80mode httpbalance roundrobi

9、ncookie SERVERID insert indirectoption httpchk HEAD /index.html HTTP/1.0server webA 192.168.1.11:80 cookie A checkserver webB 192.168.1.12:80 cookie B check port 81 inter 2000server webC 192.168.1.13:80 cookie C checkserver webD 192.168.1.14:80 cookie D checkserver bkpA 192.168.1.15:80 cookie A chec

10、k backupserver bkpB 192.168.1.16:80 cookie B check backup,http:/,HAProxy Maintenance Mode,http:/,Updating.,503 Service Unavailable No server is available to handle this request.,Load balancing algorithm,Round Robin Wrr(Ratio(member), Ratio(Node) Dynamic Ratio：根据对服务器性能的观察来动态设置weight，观察点包括连接数、响应时间等。 F

11、astest(node) & Fastest(application): 服务器/应用的最快响应时间 LC(Member) & LC(node) Observed(member) & Observed(node) Predictive(member) & Predictive(node) Source URL HASH URL Param,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Persistence,Client,Server A,pick server,cook

12、ie specifies server,Set-Cookie: SERVERID=A,Cookie: SERVERID=A,Cookie persistence1.1 HTTP Cookie Insert1.2 HTTP Cookie Rewrite1.3 HTTP Cookie Passive1.4 Cookie Hash Destination Address affinity persistence Hash persistence MSRDP persistence SIP persistence(session Initiation protocol) Souce address a

13、ffnity persistence SSL persistence Universal persistence,insert rewrite prefix,listen webfarm 192.168.1.1:80mode httpbalance roundrobincookie SERVERID insert indirectoption httpchk HEAD /index.html HTTP/1.0server webA 192.168.1.11:80 cookie A checkserver webB 192.168.1.12:80 cookie B checkserver web

14、C 192.168.1.13:80 cookie C checkserver webD 192.168.1.14:80 cookie D check,SNAT & RNAT,External vlan,Internal vlan,VIP:221.238.249.177,MAPPED IP: 10.10.1.1,eth0: 10.10.1.2,eth1: 192.168.1.2,SNAT,RNAT,backend private# Connect to the servers using our 192.168.1.200 source addresssource 192.168.1.200ba

15、ckend transparent_ssl1# Connect to the SSL farm from the clients source addresssource 192.168.1.200 usesrc clientipserver railsA 192.168.1.11:80 source 192.168.1.201 checkserver railsB 192.168.1.12:80 minconn 4 maxconn 12 checkserver railsC 192.168.1.13:80 minconn 4 maxconn 12 check,We are here,Basi

16、cally,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Server Protection,Attack (SYN Flood) Connection Limit Timeout Surge Queue Slow Start,listen appfarm 192.168.1.1:80mode httpmaxconn 10000option httpcloseoption abortoncloseoption forwardforbalance roundrobinserver railsA 192.168.1.1

17、1:80 minconn 4 maxconn 12 checkserver railsB 192.168.1.12:80 minconn 4 maxconn 12 checkserver railsC 192.168.1.13:80 minconn 4 maxconn 12 checkcontimeout 60000,weight,maxconn,Timeout,Client,proxy,server,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,HAProxy ACL,

18、req_len wait_end req_ssl_ver,Layer 4 and below,Layer 4 Content,method req_ver path_* url_* hdr_*,Layer 7 Content,HTTP_1.1 METH_GET ,Pre-defined ACL,src/dst src_port/dst_port dst_conn nbsrv(backend),acl missing_cl hdr_cnt(Content-length) eq 0block if HTTP_URL_STAR !METH_OPTIONS | METH_POST missing_cl

19、block if METH_GET HTTP_CONTENTblock unless METH_GET or METH_POST or METH_OPTIONS,To select a different backend for requests to static contents on the “www“ site and to every request on the “img“, “video“, “download“ and “ftp“ hosts :acl url_static path_beg /static /images /img /cssacl url_static pat

20、h_end .gif .png .jpg .css .jsacl host_www hdr_beg(host) -i wwwacl host_static hdr_beg(host) -i img. video. download. ftp.# now use backend “static“ for all static-only hosts, and for static urls# of host “www“. Use backend “www“ for the rest.use_backend static if host_static or host_www url_staticus

21、e_backend www if host_www,Content Switch (UIE/iRule/ACL),frontend public reqisetbe Host: img static# The URI will use a specific keyword soonreqisetbe * /(img|css)/ staticreqisetbe * /admin/stats statsdefault_backend dynamic# The static backend backend for Host: img, /img and /css. backend static ba

22、ckend dynamic backend stats,if (http_uri ends_with “.gif”) use pool image_servers else if (http_uri starts_with “/foo”) use pool foo_servers else if (http_cookie(“XYZ-Type”) = “direct”) use pool cookie_servers else if (findstr(http_uri, “?type=”, 6, “&”) = “cgi”) use pool cgi_servers else use pool w

23、eb_servers ,acl url_static path_beg /static /images /img /cssacl url_static path_end .gif .png .jpg .css .jsacl host_www hdr_beg(host) -i wwwacl host_static hdr_beg(host) -i img. video. download. ftp.use_backend static if host_static or host_www url_staticuse_backend www if host_www,We are here,Basi

24、cally,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,GSLB,如何实现CDN和站点容灾？！,Illustrated,Performance,Keep-Alive Compression In-memory Cache Server Offload TCP Buffering,Logging,listen proxy-outmode httpoption httplogoption logasaplog globalserver cache1 192.168.1.1:3128# log the name of

25、the virtual servercapture request header Host len 20# log the amount of data uploaded during a POSTcapture request header Content-Length len 10# log the beginning of the referrercapture request header Referer len 20# server name (useful for outgoing proxies only)capture response header Server len 20

26、# logging the content-length is useful with “option logasap“capture response header Content-Length len 10# log the expected cache behaviour on the responsecapture response header Cache-Control len 8,HTTP Header Manipulation,reqdel reqdeny reqpass reqtarpit reqsetbe reqisetbe reqirep reqidel reqideny

27、 reqipass reqiallow reqitarpit reqaddrsp*,# remove X-Forwarded-For header and SERVER cookiereqidel X-Forwarded-For:.*reqidel Cookie:.*SERVER=,# refuse *.local, then allow www.*reqideny Host: .*.localreqiallow Host: www.,# refuse *.local, then allow www.*, but ignore #www.private.local“ reqipass Host

28、: www.private.local reqideny Host: .*.local reqiallow Host: www.,# replace “/static/“ with “/“ at the beginning of any request path. reqrep ( *) /static/(.*) 1 /2 # replace ““ with “www“ in the host name. reqirep Host: Host: www,HAProxy The Reliable, High Performance TCP/HTTP Load Balancer,简介 功能 性能

29、 安全,Bibliography,1 HAProxy Official Site: http:/haproxy.1wt.eu 2 Willy TARREAU: HAProxy Configuration Manual (English) 3 Willy TARREAU: HAProxy Architecture Guide (English) 4 Willy TARREAU: HAProxy Reference Manual 5 F5 Networks: Configuration Guide for Local Traffic Management(v9.2.2) 6 Citrix: NetScaler Installation and Configuration Guide - Vol. 1(2),THE END,