CN102255932B - Load-balancing method and load equalizer - Google Patents
Load-balancing method and load equalizer Download PDFInfo
- Publication number
- CN102255932B CN102255932B CN201010184118.6A CN201010184118A CN102255932B CN 102255932 B CN102255932 B CN 102255932B CN 201010184118 A CN201010184118 A CN 201010184118A CN 102255932 B CN102255932 B CN 102255932B
- Authority
- CN
- China
- Prior art keywords
- port
- data stream
- unit
- incoming data
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012986 modification Methods 0.000 claims abstract description 19
- 230000004048 modification Effects 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims description 23
- 230000001960 triggered effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000013519 translation Methods 0.000 description 5
- 230000014616 translation Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005111 flow chemistry technique Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of load-balancing method and load equalizer.Load-balancing method of the present invention uses conversational list to store client ip/port and empty IP/ port, the item storing rear end IP/ port is increased in described conversational list, for entering data flow, enter datastream source IP/ port if can not find in described conversational list and enter the entry that the IP/ port of data stream destination is index, then select real server, rear end IP and back-end ports, and in conversational list, set up an entry, this entry comprises empty IP/ port, client ip/port, real server ip/port and rear end IP/ port, then according to the respective entries in conversational list, be real server ip/port the described IP/ port modifications entering data stream destination entering packet, and be rear end IP/ port the described datastream source IP/ port modifications that enters entering packet, namely twice NAT conversion is carried out, for going out, data flow carries out twice NAT conversion too.Therefore, technical scheme of the present invention is adopted to realize cross-network segment interconnected.
Description
Technical Field
The present invention relates generally to computer networks, and more particularly to a load balancing method and load balancer.
Background
With the development of computer technologies, networks have spread throughout the corners of people's lives. With the increase of traffic, the access amount and data traffic of each core part of the existing network are rapidly increased, and the demands on the processing capacity and the computing capacity of each core part are correspondingly increased, so that a single server cannot bear the demands at all.
To address this problem, one approach is to throw away the existing equipment and make extensive hardware upgrades. Therefore, on one hand, the existing resources are wasted, and on the other hand, if the existing resources are difficult to process when the traffic volume is increased again, the user knows that even equipment with excellent performance cannot meet the service requirement which is infinitely increased, so that when the traffic volume is increased again, a large amount of high cost investment for hardware upgrading is needed, and therefore, the method is high in cost, and the cost investment is increased continuously along with the increase of the traffic volume. Another approach is to share traffic using multiple servers, i.e., multiple servers. A plurality of physical servers at the back end can be grouped, each group of servers supports a certain application, a virtual IP/port (v _ IP: v _ port) is set for the group of servers to provide services for the outside, and each application server address stored in a Domain Name Server (DNS) is the virtual IP/port, but not a real server address. When a client wants to access a server, a data packet can be sent by taking v _ IP: v _ port as a destination IP/port, a real server is selected from the group of servers with the addresses of v _ IP: v _ port according to the destination IP/port in the data packet, and then a connection request is sent to the real server. The method selects a real server from a plurality of servers, namely performs load balancing among the servers, and aims to expand the bandwidth of the existing network and servers, increase the throughput, strengthen the network data processing capacity and improve the flexibility and the availability of the network.
Currently, a method for load balancing a network data stream between servers is a 4-layer load balancing method and a 7-layer load balancing method, which are commonly used.
A method for balancing a 4-layer load in a NAT (Network Address translation) mode is described below, as shown in fig. 1, where the method includes:
step 1) using a source IP/port (c _ IP: c _ port) and a destination IP/port (v _ IP: v _ port) of a data packet received from a client as an index lookup Session table (Session), wherein the Session refers to a data structure for recording client connection information, v _ IP: v _ port refers to a virtual IP/port, and c _ IP: c _ port refers to a client IP/port;
if so, go to step 4);
if not, performing the step 2) to select an actual server as a target server;
step 3) establishing an entry (v _ IP: v _ port/c _ IP: c _ port/r _ IP: r _ port) in the Session, wherein r _ IP: r _ port refers to the real server IP/port;
step 4) modifying the target IP/port of the data packet into an IP and a server port of the real server according to the IP and the server port (r _ IP: r _ port) of the real server corresponding to v _ IP: v _ port/c _ IP: c _ port in the Session;
step 5) calculating the checksum of the data packet;
and 6) sending the data packet to the real server.
The above is a method of handling incoming data streams, i.e. data streams from a client to a server.
As shown in fig. 2, the processing of an outgoing data flow, i.e. a data flow from a server to a client, is as follows:
step 1') searching Session by using a source IP/port (r _ IP: r _ port) and a destination IP/port (c _ IP: c _ port) of a data packet sent from an actual server as indexes;
if not, discarding the data packet, otherwise, step 2') modifying the source IP/port of the data packet into a virtual IP and a port (v _ IP: v _ port) according to the corresponding entry in the Session;
step 3') calculating the checksum of the data packet;
step 4') sending the data packet to the client.
As can be seen from the above description, since the destination IP of the outgoing data stream is the client IP, it is not possible to configure the host or segment routing at the client (this is because the client IP address includes the IP address of each segment of the internet, it is necessary to set the host or segment routing to specify a specific IP address or a segment matching source IP address, it is not possible to cover all client IPs with a few routes), but it is only possible to handle the default routing (this is because the default routing does not need to specify a specific IP address or a segment matching source IP address, it is possible to cover all clients with a default routing), so the default routing of the real server must point to the load balancer. Because the server IP address and the load balancer rear end IP address need to be set to be the same network segment through the default route, the route information can be obtained only according to the layer 2 MAC address, and therefore the server IP address and the load balancer rear end IP address need to be communicated with the layer 2 of the load balancer.
Layer 2 interworking, i.e., data link layer interworking in the OSI network model, results in all real servers being in one broadcast domain, and if all real servers are not in one broadcast domain, e.g., in VLANs (Virtual LANs) of different switches, then VLAN Trunk (which is a technique for interworking 2 layers of hosts in the same VLAN connected to different switches) is required, and also layer 3 interworking with load balancers is performed by binding multiple IP addresses on the same network card of the back-end real server through policy routing. This will complicate the network topology and RS configuration of the room, leading to maintenance difficulties.
The current solution to the above problem is to use 7-layer load balancing techniques. However, the method modifies the IP address of the client, that is, the IP address of the client is modified to the back-end IP address of the 7-layer load balancer, so that the back-end RS can only see the back-end IP address of the 7-layer load balancer, and since the behavior of the client needs to be analyzed frequently, the behavior of the client is analyzed based on the log, but by adopting the method, the RS cannot see the IP address of the client at all, that is, the shadow of the IP address of the client does not exist in the log, so that the analysis of the behavior of the client is difficult. Other solutions For this problem in 7-layer load balancing are to put the client IP address into the HTTP header X-Forwarded-For option, requiring the application on the backend RS to parse the HTTP header, thus requiring the application to be modified and resulting in increased complexity.
Disclosure of Invention
The invention aims to provide a load balancing method and a load balancer which can realize cross-network segment interconnection.
In order to solve the above problems, the technical scheme of the load balancing method of the present invention is as follows:
it uses session table to store client IP/port and virtual IP/port, and adds the entry of storing back end IP/port in the session table, and the processing steps for the incoming data stream include:
a step (10) of searching the session table by using an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from a client as indexes in the step (10);
if not, executing step (20), and selecting an actual server as a target server in the step (20); otherwise, executing step (50);
performing step (30) after step (20), selecting a backend IP and a backend port in step (30);
step (40), an entry is established in the session table according to the selected target server, the back-end IP and the back-end port in the step (40), wherein the entry comprises a virtual IP/port, a client IP/port, a real server IP/port and the back-end IP/port;
step (50), in the step (50), according to the corresponding entry in the conversation table, modifying the IP/port of the incoming data stream destination of the incoming data packet into the real server IP/port, and modifying the IP/port of the incoming data stream source of the incoming data packet into the back end IP/port;
a step (60) of calculating a checksum of the incoming data packet in the step (60);
a step (70) of sending the incoming data packet with the calculated checksum to the real server in the step (70).
The processing steps for the outgoing data stream include:
a step (10 ') in which (10') said session table is looked up with the outgoing data stream source IP/port and the outgoing data stream destination IP/port of the outgoing data packet received from said real server as indices;
if not, discarding the outgoing packet; otherwise, executing step (20 '), in which step (20') the outgoing data stream source IP/port of said outgoing data packet is modified to a virtual IP/port and the outgoing data stream destination IP/port of said outgoing data packet is modified to a client IP/port, according to the corresponding entry in said session table;
a step (30') in which a checksum of said outgoing data packet is calculated;
a step (40 ') of sending the outgoing data packet, for which the checksum has been calculated, to the client in this step (40').
Wherein the step (20) further comprises:
a step (201) of organizing the IP addresses and ports of all real servers and the current load by a list in the step (201);
a step (202) in which the real server IP address and port are sequentially selected in the list using a polling algorithm (202).
Further, the step (30) further comprises:
step (301), a polling algorithm is adopted in step (301) to select a back-end IP;
step (302), a polling algorithm is adopted in the step (302) to select a back-end port;
step (303), the selected backend IP/port is looked up in the session table in step (303), if found, step (302) is passed to.
Preferably, after the step (50), the method further comprises:
and (51) adding the client IP/port in the corresponding entry as a new TCP option entry in the data packet TCP header in the step (51).
The checksum includes an IP header checksum and a TCP header checksum.
The session table also includes flow statistics, spin locks, and flag bits.
Correspondingly, the technical scheme of the load balancer comprises the following steps:
a session table storing client IP/ports and virtual IP/ports, said session table further comprising entries storing back-end IP/ports, said load balancer further comprising the following means for processing incoming data streams:
the incoming data stream searching unit searches the session table by taking an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from the client as indexes;
a real server selecting unit for selecting a real server as a target server;
selecting a back-end IP and back-end port unit for selecting a back-end IP and a back-end port;
an item establishing unit, configured to establish an item in a session table according to the selected target server, the backend IP, and the backend port, where the item includes a virtual IP/port, a client IP/port, a real server IP/port, and a backend IP/port;
an incoming data stream modification unit, configured to modify an incoming data stream destination IP/port of the incoming data packet into an actual server IP/port and modify an incoming data stream source IP/port of the incoming data packet into a back-end IP/port according to a corresponding entry in a session table;
an incoming data stream checking unit for calculating a checksum of the incoming data packet;
an incoming data stream sending unit, configured to send the incoming data packet with the calculated checksum to the real server; wherein,
if the result of the data stream entering searching unit is negative, triggering the real server selecting unit, otherwise triggering the data stream entering modifying unit;
the real server selecting unit is connected with the rear-end IP selecting unit and the rear-end port selecting unit, and further connected with the item establishing unit;
the item establishing unit is connected with the incoming data stream modifying unit, and is further connected with the incoming data stream checking unit and then connected with the incoming data stream sending unit.
Furthermore, the load balancer of the present invention further comprises the following units for processing outgoing data streams:
an outgoing data flow searching unit, configured to search the session table by using an outgoing data flow source IP/port and an outgoing data flow destination IP/port of an outgoing data packet received from the real server as indexes;
an outgoing data stream modification unit, configured to modify an outgoing data stream source IP/port of the outgoing data packet into a virtual IP/port and modify an outgoing data stream destination IP/port of the outgoing data packet into a client IP/port according to a corresponding entry in the session table;
an outgoing data stream checking unit, configured to calculate a checksum of the outgoing data packet;
an outgoing data stream sending unit, configured to send the outgoing data packet to a client; wherein,
if the result of the outgoing data flow searching unit is negative, the data packet is discarded, otherwise, the outgoing data flow modifying unit is triggered;
the outgoing data stream modification unit is connected to the outgoing data stream check unit, which in turn is connected to the outgoing data stream sending unit.
In addition, the load balancer of the invention also includes a TCP option adding unit, which is used to add the client IP/port in the corresponding entry as a new TCP option entry in the data packet TCP header.
Compared with the prior art, the load balancing method and the load balancer have the beneficial effects that:
firstly, because the invention adopts two times of NAT conversion, namely SNAT and DNAT, the cross-network segment interconnection is realized, thereby the expensive 7-layer load balancing equipment is not needed, the prior equipment is thrown away for hardware upgrade, and the network data flow processing capability can be improved without designing complex network topology.
Secondly, because the invention adds the client IP/port as a new TCP option item to the data packet TCP header, the application program can obtain the client IP address without modification, thereby being convenient for large-scale application program migration.
Drawings
For a more complete understanding of the present disclosure, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow diagram of the processing of an incoming data stream by a prior art load balancing method;
FIG. 2 is a flow diagram of the processing of an outgoing data flow by a prior art load balancing method;
FIG. 3 is a flow chart of the processing of an incoming data stream by the load balancing method of the present invention;
FIG. 4 is a flow chart of the processing of outgoing data streams by the load balancing method of the present invention;
FIG. 5 is a block diagram of the processing of an incoming data stream by the load balancer of the present invention;
FIG. 6 is a schematic diagram of the structure of the load balancer for processing the outgoing data stream according to the present invention;
fig. 7 is a schematic diagram of an example including two load balancers.
Detailed Description
Specific examples of the present invention will be described in detail below, but the present invention is not limited to the following specific examples.
As shown in fig. 3, in the load balancing method of the present invention, a session table is used to store client IP/ports and virtual IP/ports, and an entry for storing backend IP/ports is added to the session table, for example, as shown in table 1 below:
| c_ip:c_port | v_ip:v_port | b_ip:b_port | r_ip:r_port |
TABLE 1
As can be seen from the session table, it includes (v _ IP: v _ port/c _ IP: c _ port/r _ IP: r _ port/b _ IP: b _ port), where v _ IP: v _ port refers to a virtual IP/port, c _ IP: c _ port refers to a client IP/port, r _ IP: r _ port refers to a real server IP/port, and b _ IP: b _ port refers to a back end IP/port.
The processing step for the incoming data stream includes:
step 10) searching the session table by taking an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from a client as indexes;
if not, executing step 20) to select an actual server as a target server; otherwise, executing step 50);
step 30) selecting a back-end IP and a back-end port;
step 40) establishing an entry in a session table according to the selected target server, the back-end IP and the back-end port, wherein the entry comprises a virtual IP/port, a client IP/port, a real server IP/port and the back-end IP/port;
step 50) modifying the IP/port of the incoming data stream of the incoming data packet into an IP/port of a real server according to the corresponding entry in the session table, and modifying the IP/port of the incoming data stream source of the incoming data packet into a back-end IP/port;
step 60) calculating a checksum of the incoming data packet;
step 70) sending the incoming data packet with the calculated checksum to the real server.
As shown in fig. 4, the processing steps for an outgoing data stream include:
step 10') looking up the session table with the outgoing data stream source IP/port and the outgoing data stream destination IP/port of the outgoing data packet sent from the real server as indexes;
if not, discarding the outgoing data packet, otherwise, step 20') modifying the outgoing data stream source IP/port of the outgoing data packet to a virtual IP/port and modifying the outgoing data stream destination IP/port of the outgoing data packet to a client IP/port according to the corresponding entry in the session table;
step 30') calculating a checksum of the outgoing data packet;
step 40') sends the outgoing data packet with the checksum calculated to the client.
It can be seen from the above that, the load balancing method of the present invention adds an entry in the Session table for storing the back-end IP/port, and for the incoming data stream, looks up the Session table by using the incoming data stream source IP/port and the incoming data stream destination IP/port of the incoming data packet received from the client as indexes, where the incoming data stream source IP/port refers to the client IP/port (c _ IP: c _ port), and the incoming data stream destination IP/port refers to the virtual IP/port (v _ IP: v _ port), and if a corresponding entry is found in the Session table, it indicates that the connection already exists, and then directly performs NAT (Network Address translation) conversion twice according to the corresponding entry; otherwise, that is, a corresponding entry is not found in the Session, a real server is selected as a target server for the incoming packet, then a back-end IP and a back-end port are selected, and (client IP/port, virtual IP/port, real IP/port, back-end IP/port) is stored in the Session table as an entry. Next, according to the entry in the Session table, the Source IP/port of the incoming data flow of the incoming data packet is modified to be the back-end IP/port, that is, SNAT (Source Network Address translation) is performed once, and the Destination IP/port of the incoming data flow of the incoming data packet is also modified to be the real IP/port, that is, DNAT (Destination Network Address translation) is performed once, so that NAT is performed twice. At this time, the ingress data stream source IP/port of the ingress data packet is a backend IP/port, the ingress data stream destination IP/port is a real IP/port, and for the backend real server, it considers that the ingress data packet is sent from the backend IP/port, and it does not see the client, but the client IP/port is not found everywhere but exists in the Session table. The invention can also add the IP/port information to the TCP option so that the application on the back-end real server sees the client information.
For an outgoing data flow, firstly, using an outgoing data flow source IP/port and an outgoing data flow destination IP/port of an outgoing data packet sent from the real server as indexes to search the session table, wherein the outgoing data flow source IP/port of the outgoing data packet sent from the real server is a real IP/port, and the outgoing data flow destination IP/port is a back-end IP/port; if not found, the outgoing packet is discarded (which may improve the security to some extent), otherwise, according to the corresponding entry in the session table, the source IP/port of the outgoing data stream of the outgoing packet is modified to be the virtual IP/port and the destination IP/port of the outgoing data stream of the outgoing packet is modified to be the client IP/port (for example, 4 bytes of source IP address data in the IP header of the outgoing packet is replaced by v _ IP, 2 bytes of source port data in the TCP header is replaced by v _ port, and 4 bytes of destination IP address data in the IP header of the outgoing packet is replaced by c _ IP and 2 bytes of destination port data is modified to be c _ port), which performs SNAT + DNAT, so that the client considers that it is the packet sent to it from the virtual IP/port.
Further, the step 20) includes:
step 201) organizing the IP addresses and ports of all real servers and the current load through a list;
step 202) selecting the real server IP addresses and ports in sequence in the list using a polling algorithm.
In addition, the step 30) further comprises:
step 301) selecting a back-end IP by adopting a polling algorithm;
step 302) selecting a back-end port by adopting a polling algorithm;
step 303) look up the selected backend IP/port in the session table, if found, go to step 302).
The above steps are to avoid the problem of back-end port conflict, and also to check whether the selected back-end port is occupied, and if so, to reselect.
As shown in fig. 3, the method further includes, after the step 50):
step 51) adds the client IP/port in the corresponding entry as a new TCP option entry in the datagram TCP header.
For the checksum, IP header checksum and TCP header checksum may be included, and its calculation method is referred to in standards RFC 791 and RFC 793.
In addition, the session table may further include traffic statistics, spin locks, flag bits, and the like, where the traffic statistics are used for client behavior analysis and access control; the spin lock and the flag bit are used for maintaining a session table.
In addition, the real server side can analyze the client IP address and the port in the TCP option from the data packet.
Correspondingly, the present invention also discloses a load balancer, which comprises a session table storing client IP/port and virtual IP/port, the session table further comprises an item storing backend IP/port, the load balancer further comprises the following units for processing incoming data stream, as shown in fig. 5:
the incoming data stream searching unit 1 searches the session table by using an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from a client as indexes;
a real server selecting unit 2 for selecting a real server as a target server;
a back-end IP and back-end port unit 3 is selected for selecting a back-end IP and a back-end port;
an item establishing unit 4, configured to establish an item (v _ IP: v _ port/c _ IP: c _ port/r _ IP: r _ port/b _ IP: b _ port) in the session table according to the selected target server, the backend IP, and the backend port, where v _ IP: v _ port refers to a virtual IP/port, c _ IP: c _ port refers to a client IP/port, r _ IP: r _ port refers to a real server IP/port, b _ IP: b _ port refers to a backend IP/port;
an incoming data stream modification unit 5, configured to modify an incoming data stream destination IP/port of the incoming data packet into an actual server IP/port according to a corresponding entry in a session table, and modify an incoming data stream source IP/port of the incoming data packet into a back-end IP/port;
an incoming data stream checking unit 6 for calculating a checksum of the incoming data packet;
an incoming data stream sending unit 7, configured to send the incoming data packet with the calculated checksum to the real server; wherein,
if the result of the incoming data stream searching unit 1 is negative, the selected real server unit 2 is triggered, otherwise, the incoming data stream modifying unit 5 is triggered;
the selection real server unit 2 is connected with the selection back end IP and the back end port unit 3, and further connected with the item establishing unit 4;
the entry establishing unit 4 is connected to the incoming data stream modification unit 1, and further connected to the incoming data stream verification unit 6 and then connected to the incoming data stream transmission unit 7.
As can be seen from the above, the incoming data stream lookup unit 1 of the load balancer searches the session table by using the incoming data stream source IP/port and the incoming data stream destination IP/port of the incoming data packet received from the client as indexes, where the incoming data stream source IP/port is the client IP/port, and the incoming data stream destination IP/port is the virtual IP/port. If the entry data stream is found, triggering the entry data stream modification unit 5 to perform NAT conversion twice according to corresponding entries found in the session table, if the entry data stream is not found, triggering the selection of the real server unit 2, selecting a real server as a target server by the selection of the real server unit 2, selecting a back-end IP and a back-end port by the selection of the back-end IP and the back-end port unit 3, after determining the back-end IP/port, establishing an entry (v _ IP: v _ port/c _ IP: c _ port/r _ IP: r _ port/b _ IP: b _ port) in the session table by the entry establishment unit 4, modifying the entry data stream destination IP/port (virtual IP/port at this time) of the entry data packet to the real server IP/port by the entry data stream modification unit 5, and modifying the entry data stream source IP/port (IP/port at this time) of the entry data packet to the client/port (client/port at this time) Two NAT (SNAT + DNAT) translations are performed for the back-end IP/port, where it is assumed to the real server that the incoming packet was sent from the back-end IP/port. Then, the incoming data stream check unit 6 calculates the check sum and the incoming data stream transmission unit 7 transmits the incoming data packet to the real server.
As shown in fig. 6, the load balancer of the present invention further includes the following units for processing outgoing data streams:
an outgoing data flow searching unit 8, configured to search the session table by using an outgoing data flow source IP/port and an outgoing data flow destination IP/port of the outgoing data packet received from the real server as indexes;
an outgoing data stream modification unit 9, configured to modify a source IP/port of the outgoing data packet into a virtual IP/port and modify an outgoing data stream destination IP/port of the outgoing data packet into a client IP/port according to a corresponding entry in the session table;
an outgoing data stream checking unit 10, configured to calculate a checksum of the outgoing data packet;
an outgoing data stream sending unit 11, configured to send the outgoing data packet with the checksum calculated to the client; wherein,
if the result of the outgoing data stream searching unit 8 is no, the outgoing data packet is discarded, otherwise the outgoing data stream modifying unit 9 is triggered;
the outgoing data stream modification unit 9 is connected to the outgoing data stream check unit 10, which in turn is connected to the outgoing data stream sending unit 11.
As can be seen from the above, for an outgoing data stream, the outgoing data stream lookup unit 8 looks up the session table by using the outgoing data stream source IP/port (in this case, r _ IP: r _ port) and the outgoing data stream destination IP/port (b _ IP: b _ port) of the outgoing data packet received from the real server as indexes; if not, discarding the outgoing data packet, otherwise, the outgoing data stream modification unit 9 modifies the outgoing data stream source IP/port of the outgoing data packet into a virtual IP/port and modifies the outgoing data stream destination IP/port of the outgoing data packet into a client IP/port according to the corresponding entry in the found session table, that is, performing NAT (SNAT + DNAT) conversion twice; at this point, the returned packet is sent from its intended destination (virtual IP/port) to the client. Then, the outgoing data flow check unit 10 calculates a checksum of the outgoing data packet, and finally, the outgoing data flow transmission unit 11 transmits the outgoing data packet to the client.
As further shown in fig. 6, the load balancer of the present invention further includes a TCP option adding unit 12, configured to add the client IP/port in the corresponding entry as a new TCP option entry in the datagram TCP header.
Correspondingly, a TCP option parsing unit may be inserted at the real server, where the TCT option parsing unit is configured to parse the client IP address and the port in the TCP option from the data packet, and deliver the client IP address and the port to the application program on the real server.
The following describes the technical solution of the present invention by taking two load balancer deployments as examples.
As shown in FIG. 7, the system comprises two load balancers (LB _ A and LB _ B), a virtual address VIP 210.77.19.23 is maintained through heartbeat (VRRP protocol), the back-end network cards of the two LBs are respectively connected with different internal network segments 10.13.65.x/24 and 10.13.66.x/24, the configured interfaces IP are 10.13.65.1 and 10.13.66.1, and the two LBs are provided with back-end address pools 10.13.65.128-10.13.65.254 and 10.13.66.128-10.13.66.254. Real Servers (RS) at the back end, also called Web servers, are in redundancy consideration and are all configured with two network cards, interface IPs (simultaneously also service IPs) of the two network cards are respectively in two network segments of 10.13.65.X/24 and 10.13.65.X/24, and interface IP addresses of 4 real servers shown in the figure are 10.13.65.2-10.13.65.5 and 10.13.66.2-10.13.66.5 respectively (4 servers are configured with double network cards for redundancy). Assume in this example that LB _ a is working (VIP on LB _ a), its service port is 80, and the service port of the back end real server is 8080.
In the figure, Switch refers to a network device for realizing the interconnection functions of layer 2 and layer 3, and the function in the network topology is to connect a server and an LB for realizing the intercommunication.
As shown in the table 2 below, the following examples,
| c_ip:c_port | v_ip:v_port | b_ip:b_port | r_ip:r_port | flow statistics | Others |
| 66.249.89.105:236 | 210.77.19.23:80 | 10.13.65.128:2000 | 10.13.65.2.8080 | _ | _ |
TABLE 2
The Session table of the load balancer at least comprises four items of client IP/port, virtual IP/port, back end IP/port and real server IP/port. Flow statistics and other items are also included. Only one entry is shown in this table 2, but of course there may be multiple entries.
The processing for the incoming data stream is as follows:
first, a packet is received from a client, the source IP/port of the packet is 66.249.89.105:236, and the destination IP/port is 210.77.19.23: 80. If the connection is the initial connection, the data packet is a connection request packet with a SYN (Synchronize) mark; if the data packet is a common data packet, an ACK (acknowledgement) mark is carried; if the request is a connection close request, a FIN (Finish done) flag is carried. In this example, an initial connection is assumed, i.e., the packet carries the SYN flag.
Assuming that the Session table is empty at this time, the Session table is looked up as 210.77.19.23:80 and 66.249.89.105: 236. For the example, if the entry is not found, an RR (Round Robin) algorithm is used to select a real server as the target server, but other selection strategies may be used to select the target server, assuming that the real server RS1, 10.13.65.2:8080 is selected. A backend IP may then be selected from the pool of backend IPs using the RR algorithm, assuming the selected backend IP address is 10.13.65.128. After the back-end IP is selected, the back-end port is selected, and in order to avoid port collision (occupation) with the minimum probability, the ports 2000 are selected in turn by using the RR algorithm. If the Session table is looked up, entries 10.13.65.128:2000 and 10.13.65.2:8080 can be found, indicating that the back end port is occupied, requiring a port change, and that the back end port needs to be reselected. It is assumed that this is not found in the Session table in this example, i.e. port 2000 is available for use.
Next, entries (210.77.19.23:80, 66.249.89.105:236, 10.13.65.2:8080, 10.13.65.128:2000) are inserted in the Session table, as shown in table 2. Then according to the entry in the Session table, the destination IP/port of the data packet is modified to the service IP and the service port of RS1, and the source IP/port is modified to the back-end IP/port. In this example the destination IP/port 210.77.19.23:80 of the packet is modified to 10.13.65.2:8080 and the source IP/address 66.249.89.105:236 is modified to 10.13.65.128: 2000.
The checksum is calculated below, including the IP header checksum and the TCP header checksum.
Finally, the data packet is sent to the selected real server RS 1. The real server RS1 has received the connection request packet with the SYN flag and the real server RS1 will return a reply packet with the SYN/ACK flag.
For outgoing data flows, the load balancer of the invention processes as follows:
suppose that the real server RS1 sends out a reply packet with a source IP/port of 10.13.65.2:8080 and a destination IP/port of 10.13.65.128: 2000. The Session table is indexed with 10.13.65.2:8080 and 10.13.65.128:2000 and if not found the packet is discarded. In this example, the corresponding entry is found, as shown in table 2. Then, according to the found entry, the source IP/port of the data packet is modified into the virtual IP/port of the virtual server, and the destination IP/port is modified into the client IP/port. In this example the source IP/port is modified to 210.77.19.23:80 and the destination IP/port is modified to 66.249.89.105: 236. A checksum is then calculated, including an IP header checksum and a TCP header checksum. And finally, sending the data packet to the client.
In summary, the present invention realizes 4-layer load balancing by using two NAT conversions, i.e., SNAT and DNAT, so that the network data stream processing capability can be improved without discarding the existing devices and performing a large amount of hardware upgrade.
Secondly, because the invention adds the client IP/port as a new TCP option item to the datagram TCP option, the client IP/port can be analyzed by the TCP/IP protocol stack on the back end RS, thereby avoiding the complexity of modifying the application program and supporting the application layer protocol except HTTP.
In addition, the invention utilizes the TCP option to carry the client IP/port, so that the application program running on the real server can still obtain the connection information of the client without modification after NAT twice.
While the invention has been described with reference to specific embodiments thereof, it will be understood by those skilled in the art that various changes, modifications and equivalents may be made therein without departing from the spirit and scope of the invention. Such changes, modifications, and equivalents are intended to be within the spirit and scope as defined by the appended claims.
Claims (10)
1. A load balancing method, using a session table to store client IP/port and virtual IP/port, characterized in that, adding an entry for storing back-end IP/port in the session table, the processing step for incoming data stream includes:
step 10, in the step 10, an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from a client are used as indexes to search the session table;
if not, executing step 20, and selecting an actual server as a target server in the step 20; otherwise, executing step 50;
after step 20, a step 30 is performed, in which step 30 a backend IP and a backend port are selected;
step 40, establishing an entry in the session table according to the selected target server, the back-end IP and the back-end port in the step 40, wherein the entry comprises a virtual IP/port, a client IP/port, a real server IP/port and the back-end IP/port;
step 50, in the step 50, according to the corresponding entry in the session table, modifying the incoming data stream destination IP/port of the incoming data packet into a real server IP/port, and modifying the incoming data stream source IP/port of the incoming data packet into a back end IP/port;
step 60, calculating the checksum of the incoming data packet in step 60;
step 70, in which step 70 the incoming data packet with the calculated checksum is sent to the real server.
2. The method of load balancing according to claim 1, wherein the step of processing for outgoing data streams comprises:
step 10 ', in which step 10' the session table is looked up with the outgoing data stream source IP/port and the outgoing data stream destination IP/port of the outgoing data packet received from the real server as indexes;
if not, discarding the outgoing packet; otherwise, executing step 20 ', in which step 20', according to the corresponding entry in the session table, the outgoing data stream source IP/port of the outgoing data packet is modified to be a virtual IP/port and the outgoing data stream destination IP/port of the outgoing data packet is modified to be a client IP/port;
step 30 ', in which step 30' a checksum of said outgoing data packet is calculated;
step 40 ', in which step 40' the outgoing data packet with the calculated checksum is sent to the client.
3. The method for load balancing according to claim 2, wherein said step 20 further comprises:
step 201, in the step 201, the IP addresses and ports of all real servers and the current load are organized by a list;
step 202, in which step 202 a polling algorithm is used to select the real server IP address and port in the list in sequence.
4. The method for load balancing according to claim 3, wherein said step 30 further comprises:
step 301, selecting a back-end IP by adopting a polling algorithm in step 301;
step 302, selecting a back end port by adopting a polling algorithm in the step 302;
step 303, in step 303, the selected backend IP/port is looked up in the session table, and if found, the process goes to step 302.
5. A method for load balancing according to any one of claims 1 to 3, further comprising, after said step 50:
step 51, the client IP/port in the corresponding entry is added as a new TCP option entry in the datagram TCP header in step 51.
6. The method of load balancing according to claim 5, wherein the checksum comprises an IP header checksum and a TCP header checksum.
7. The method of load balancing according to claim 6, wherein the session table further includes traffic statistics, spin locks, and flag bits.
8. A load balancer comprising a session table storing client IP/ports and virtual IP/ports, wherein the session table further comprises entries storing backend IP/ports, the load balancer further comprising means for processing incoming data streams as follows:
the incoming data stream searching unit searches the session table by taking an incoming data stream source IP/port and an incoming data stream destination IP/port of an incoming data packet received from the client as indexes;
a real server selecting unit for selecting a real server as a target server;
selecting a back-end IP and back-end port unit for selecting a back-end IP and a back-end port;
an item establishing unit, configured to establish an item in a session table according to the selected target server, the backend IP, and the backend port, where the item includes a virtual IP/port, a client IP/port, a real server IP/port, and a backend IP/port;
an incoming data stream modification unit, configured to modify an incoming data stream destination IP/port of the incoming data packet into an actual server IP/port and modify an incoming data stream source IP/port of the incoming data packet into a back-end IP/port according to a corresponding entry in a session table;
an incoming data stream checking unit for calculating a checksum of the incoming data packet;
an incoming data stream sending unit, configured to send the incoming data packet with the calculated checksum to the real server; wherein,
if the result of the data stream entering searching unit is negative, triggering the real server selecting unit, otherwise triggering the data stream entering modifying unit;
the real server selecting unit is connected with the rear-end IP selecting unit and the rear-end port selecting unit, and further connected with the item establishing unit;
the item establishing unit is connected with the incoming data stream modifying unit, and is further connected with the incoming data stream checking unit and then connected with the incoming data stream sending unit.
9. The load balancer of claim 8, further comprising means for processing an outgoing data stream:
an outgoing data flow searching unit, configured to search the session table by using an outgoing data flow source IP/port and an outgoing data flow destination IP/port of an outgoing data packet received from the real server as indexes;
an outgoing data stream modification unit, configured to modify an outgoing data stream source IP/port of the outgoing data packet into a virtual IP/port and modify an outgoing data stream destination IP/port of the outgoing data packet into a client IP/port according to a corresponding entry in the session table;
an outgoing data stream checking unit, configured to calculate a checksum of the outgoing data packet;
the outgoing data stream sending unit is used for sending the outgoing data packet of which the checksum is calculated to the client; wherein,
if the result of the outgoing data flow searching unit is negative, the data packet is discarded, otherwise, the outgoing data flow modifying unit is triggered;
the outgoing data stream modification unit is connected to the outgoing data stream check unit, which in turn is connected to the outgoing data stream sending unit.
10. The load balancer of claim 9, further comprising a TCP option adding unit to add the client IP/port in the corresponding entry as a new TCP option entry in a datagram TCP header.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010184118.6A CN102255932B (en) | 2010-05-20 | 2010-05-20 | Load-balancing method and load equalizer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010184118.6A CN102255932B (en) | 2010-05-20 | 2010-05-20 | Load-balancing method and load equalizer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102255932A CN102255932A (en) | 2011-11-23 |
| CN102255932B true CN102255932B (en) | 2015-09-09 |
Family
ID=44982926
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010184118.6A Active CN102255932B (en) | 2010-05-20 | 2010-05-20 | Load-balancing method and load equalizer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102255932B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023942B (en) * | 2011-09-27 | 2016-08-03 | 北京奇虎科技有限公司 | A kind of server load balancing method, Apparatus and system |
| CN103297407B (en) * | 2012-03-02 | 2016-05-25 | 百度在线网络技术(北京)有限公司 | Transmit client ip v6 address and port method and the device to back-end server |
| CN103297552B (en) * | 2012-03-02 | 2016-05-25 | 百度在线网络技术(北京)有限公司 | Transmit client ip v4 address and port method and the device to back-end server |
| CN103368841B (en) * | 2012-03-29 | 2016-08-17 | 深圳市腾讯计算机系统有限公司 | Message forwarding method and device |
| CN103491053A (en) * | 2012-06-08 | 2014-01-01 | 北京百度网讯科技有限公司 | UDP load balancing method, UDP load balancing system and UDP load balancing device |
| CN103491016B (en) * | 2012-06-08 | 2017-11-17 | 百度在线网络技术(北京)有限公司 | Source address transmission method, system and device in UDP SiteServer LBSs |
| CN103491065B (en) * | 2012-06-14 | 2018-08-14 | 南京中兴软件有限责任公司 | A kind of Transparent Proxy and its implementation |
| CN107786669B (en) * | 2017-11-10 | 2021-06-22 | 华为技术有限公司 | Method, server, device and storage medium for load balancing processing |
| CN108156040A (en) * | 2018-01-30 | 2018-06-12 | 北京交通大学 | A kind of central control node in distribution cloud storage system |
| CN108769291A (en) * | 2018-06-22 | 2018-11-06 | 北京云枢网络科技有限公司 | A kind of message processing method, device and electronic equipment |
| CN109729104B (en) * | 2019-03-19 | 2021-08-17 | 北京百度网讯科技有限公司 | Client source address acquisition method, device, server and computer readable medium |
| CN110166570B (en) * | 2019-06-04 | 2022-06-28 | 杭州迪普科技股份有限公司 | Service session management method and device, and electronic device |
| CN113923202B (en) * | 2021-10-18 | 2023-10-13 | 成都安恒信息技术有限公司 | Load balancing method based on HTTP cluster server |
| CN115118638A (en) * | 2022-06-29 | 2022-09-27 | 济南浪潮数据技术有限公司 | Method, device and medium for monitoring back-end network card |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040268358A1 (en) * | 2003-06-30 | 2004-12-30 | Microsoft Corporation | Network load balancing with host status information |
| CN101018206A (en) * | 2007-02-14 | 2007-08-15 | 华为技术有限公司 | Packet message processing method and device |
| CN101136929A (en) * | 2007-10-19 | 2008-03-05 | 杭州华三通信技术有限公司 | Internet small computer system interface data transmission method and apparatus |
| CN101136851A (en) * | 2007-09-29 | 2008-03-05 | 华为技术有限公司 | A stream forwarding method and device |
-
2010
- 2010-05-20 CN CN201010184118.6A patent/CN102255932B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040268358A1 (en) * | 2003-06-30 | 2004-12-30 | Microsoft Corporation | Network load balancing with host status information |
| CN101018206A (en) * | 2007-02-14 | 2007-08-15 | 华为技术有限公司 | Packet message processing method and device |
| CN101136851A (en) * | 2007-09-29 | 2008-03-05 | 华为技术有限公司 | A stream forwarding method and device |
| CN101136929A (en) * | 2007-10-19 | 2008-03-05 | 杭州华三通信技术有限公司 | Internet small computer system interface data transmission method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102255932A (en) | 2011-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255932B (en) | Load-balancing method and load equalizer | |
| US20220393974A1 (en) | Packet Processing System and Method, Machine-Readable Storage Medium, and Program Product | |
| JP7004405B2 (en) | Systems and methods for distributed flow state P2P configuration in virtual networks | |
| US10917351B2 (en) | Reliable load-balancer using segment routing and real-time application monitoring | |
| US8059562B2 (en) | Listener mechanism in a distributed network system | |
| US7697536B2 (en) | Network communications for operating system partitions | |
| EP3522457A1 (en) | Dedicated virtual local area network for peer-to-peer traffic transmitted between switches | |
| US10079897B2 (en) | Control of a chain of services | |
| CN103023797B (en) | The method of data center systems and device and offer service | |
| CN101601232B (en) | Triple-tier anycast addressing | |
| US20120246637A1 (en) | Distributed load balancer in a virtual machine environment | |
| US9722923B2 (en) | Method operating in a fixed access network and UEs | |
| CN103201989B (en) | The methods, devices and systems of control data transmission | |
| CN109547354B (en) | Load balancing method, device, system, core layer switch and storage medium | |
| EP2466822A1 (en) | Methods and apparatus for managing next hop identifiers in a distributed switch fabric system | |
| WO2009052668A1 (en) | A nat-pt device and a load-sharing method for nat-pt device | |
| CN101442493A (en) | Method for distributing IP message, cluster system and load equalizer | |
| US9401865B2 (en) | Network appliance redundancy system, control apparatus, network appliance redundancy method and program | |
| CN101827039B (en) | Method and equipment for load sharing | |
| CN111371920A (en) | DNS front-end analysis method and system | |
| WO2021008591A1 (en) | Data transmission method, device, and system | |
| CN101409669A (en) | Four-layer load-equalizing switch base on hardware and exchanging method thereof | |
| EP3026851B1 (en) | Apparatus, network gateway, method and computer program for providing information related to a specific route to a service in a network | |
| CN117651023A (en) | High-performance NAT (network Address translation) mode load balancing device based on ebpf | |
| CN201252567Y (en) | Hardware-based four-layer load balance exchange |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |