[go: up one dir, main page]
Scribd
Upload
283 views29 pages

Load Balancing

This document summarizes several load balancing solutions including both commercial and open source options. It discusses key concepts such as virtual servers, pools, monitors, persistence, SNAT/RNAT configurations, server protection methods, and content switching using features like ACLs. It also covers logging, performance tuning, and HTTP header manipulation capabilities of solutions like HAProxy.

Uploaded by

Kishore Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
283 views29 pages

Load Balancing

This document summarizes several load balancing solutions including both commercial and open source options. It discusses key concepts such as virtual servers, pools, monitors, persistence, SNAT/RNAT configurations, server protection methods, and content switching using features like ACLs. It also covers logging, performance tuning, and HTTP header manipulation capabilities of solutions like HAProxy.

Uploaded by

Kishore Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 29

Load Balancing Using

Open Source Softwares


MSN: finalbsd@hotmail.com
MAIL: finalbsd@gmail.com
CUID: FinalBSD
www.sanotes.net

Layer 4-7

F5

Layer4-7
Switch

4-7

NetScale 4-7
r
LVS

HAProxy 4-7

2/29

Schedule
Basically

Hardware/GUI/CLI (Configure method)/HA (Config Sync)

Load balance related

virtual server/node/pool/pool member


Monitors
Sorry server
Maintenance Mode
Load balance method

Persistence
SNAT/RNAT
Server Protection
ACL/Content Switch
GSLB
Performance
3/29

We are here

LB related
Persistence

Basically
SNAT/RNAT
Server Protection
GSLB
ACL/CS

4/29

Hardware/GUI/CLI/HA

Commercial
F5
NetScaler
Hardware
GUI
CLI
HA

5/29

Open Source
LVS
HAProxy

HAProxy Hot Reconfiguration


mv /etc/haproxy/config /etc/haproxy/config.old
mv /var/run/haproxy.pid /var/run/haproxy.pid.old
mv /etc/haproxy/config.new /etc/haproxy/config
kill -TTOU $(cat /var/run/haproxy.pid.old)
if haproxy -p /var/run/haproxy.pid -f /etc/haproxy/config; then
echo "New instance successfully loaded, stopping previous
one."
kill -USR1 $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid.old
exit 1
else
echo "New instance failed to start, resuming previous one."
kill -TTIN $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid
mv /var/run/haproxy.pid.old /var/run/haproxy.pid
mv /etc/haproxy/config /etc/haproxy/config.new
mv /etc/haproxy/config.old /etc/haproxy/config
exit 0
fi

6/29

pid

We are here

LB related
Persistence
Basically

SNAT/RNAT
Server Protection
GSLB
ACL/CS

7/29

Concepts
Monitor

Incoming
request

Availability requirement
SNAT/NAT

VIP

VIP

192.168.101.1

192.168.101.2

Priority-based member
activation virtual server

192.168.101.1:443

ACTION of service
down

Intelligent
Traffic
Control

pool

pool

(name= Time (name=


Slow Ramp
cgi_boxes)
asp_boxes)

Pool/pool
member member member
member
(server=
(server=
(server=
(server=
member
statistics
10.1.1.1:80) 10.1.1.2:80) 10.1.1.3:80)
10.1.1.4:80)

(name=
ssl_boxes)

member

member

(server=
(server=
10.1.1.5:80) 10.1.1.6:80)

8/29

member

member

(look at URL,
client IP addr.,
etc.)

member

(server=
(server=
(server=
10.1.1.1:443) 10.1.1.2:443) 10.1.1.6:443)

Load
Balancing

pool

Port-based
Traffic
Direction

virtual server

192.168.101.1:80

IP Addr.based
Traffic
Direction

Monitors
Monitor

Simple

ECV

EAV

ICMP/GW
ICMP/TCP
ECHO

TCP/HTTP/HTT /FTP
PS

LTM

/IMAP/LDAP/M
SSQL/NNTP/O
racle/POP3/R
ADIUS/Real
Server/SIP/SM
TP/SOAP/WMI

monitor

9/29

HAProxy Monitor
http://www.chinaunix.net

listen webfarm 192.168.1.1:80


mode http
balance roundrobin
cookie SERVERID insert indirect
option httpchk HEAD /index.html HTTP/1.0
server webA 192.168.1.11:80 cookie A check
server webB 192.168.1.12:80 cookie B check port 81 inter 2000
server webC 192.168.1.13:80 cookie C check
server webD 192.168.1.14:80 cookie D check

10/29

HAProxy Sorry Server


http://www.chinaunix.net

listen webfarm 192.168.1.1:80


mode http
balance roundrobin
cookie SERVERID insert indirect
option httpchk HEAD /index.html HTTP/1.0
server webA 192.168.1.11:80 cookie A check
server webB 192.168.1.12:80 cookie B check port 81 inter 2000
server webC 192.168.1.13:80 cookie C check
server webD 192.168.1.14:80 cookie D check
server bkpA 192.168.1.15:80 cookie A check backup
server bkpB 192.168.1.16:80 cookie B check backup
11/29

HAProxy Maintenance Mode


http://www.chinaunix.net
503 Service Unavailable
No server is available to
handle this request.

Updating...

12/29

Load balancing algorithm


Round Robin
Wrr(Ratio(member), Ratio(Node))
Dynamic Ratio weight

Fastest(node) & Fastest(application): /


LC(Member) & LC(node)
Observed(member) & Observed(node)
Predictive(member) & Predictive(node)
Source
URL HASH
URL Param
13/29

We are here

LB related

Persistence
Basically

SNAT/RNAT
Server Protection
GSLB
ACL/CS

14/29

Persistence

TCP handshake

First Hit

GET /URI1 HTTP/1.1


HTTP request (no cookie)

pick
server

TCP handshake

Second Hit

GET /URI1 HTTP/1.1


listen webfarm
192.168.1.1:80
Cookie persistence
HTTP request (no cookie)
mode http1.1 HTTP Cookie Insert
HTTP/1.1 200 OK
HTTP/1.1
insert
balance
roundrobin
1.2 HTTP
200 OK Cookie Rewrite
HTTP reply (no cookie)
reply
rewrite
cookie
HTTP
SERVERID
(withHTTP
insertedinsert
cookie)
indirect
1.3
Cookie
Passive
Set-Cookie:
httpchk
prefix
option
HEAD Hash
/index.html HTTP/1.0
1.4SERVERID=A
Cookie
Client server webA 192.168.1.11:80 cookie A check

Destination Address affinity persistence


TCP
handshake
server webB
192.168.1.12:80

Hash persistencecookie B check


cookie
GET
/URI2
HTTP/1.1 persistence
server webC
192.168.1.13:80
cookie C check

specifies
MSRDP
TCP handshake
HTTP request (with same cookie)
server
server webD
192.168.1.14:80
cookie
D
check

SIP persistence(session Initiation


protocol)
GET /URI2
HTTP/1.1
Cookie: SERVERID=A

Souce address affnity persistence


HTTP request (with same cookie)

SSL persistence
HTTP/1.1 200 OK

Universal persistence
HTTP reply (no cookie)
HTTP/1.1 200 OK
HTTP reply (updated cookie)

15/29

Server A

SNAT & RNAT


backend private
# Connect to the servers using our 192.168.1.200 source address
source 192.168.1.200
VIP:221.238.249.177

RNAT

External vlan

backend transparent_ssl1
# Connect to the
SSL
farm from the client's source address
MAPPED
IP: 10.10.1.1
source 192.168.1.200 usesrc clientip
SNAT
server railsA 192.168.1.11:80
sourceInternal
192.168.1.201
check
vlan
eth0: 10.10.1.2
server railsB 192.168.1.12:80 minconn 4 maxconn 12 check
server railsC 192.168.1.13:80 minconn 4 maxconn 12 check
eth1: 192.168.1.2

16/29

We are here

LB related
Persistence
Basically

SNAT/RNAT

Server Protection
GSLB
ACL/CS

17/29

Server Protection
Attack (SYN Flood)listen appfarm 192.168.1.1:80
Syn Proxy
mode http
F5
Connection Limit maxconn 10000ACL/iControl/iRules
option httpclose
Timeout
Surge Queue
Slow Start

option abortonclose
NetScal Syn Cookie/TCP
option forwardfor
er
offload/Content
balance roundrobin
Filter/ACL
server railsA 192.168.1.11:80
minconn 4 maxconn 12 check
server
LVSrailsB 192.168.1.12:80
Iptables?minconn 4 maxconn 12 check
server railsC 192.168.1.13:80 minconn 4 maxconn 12 check
contimeout
HAProx60000
ACL

weight
maxconn

18/29

Timeout

Timeout client

Client

timeout clitimeout

timeout connect

( )

timeout contimeout

timeout http-request

timeout server

HTTP (
header DDoS
)

proxy queue 503

timeout srvtimeout

timeout tarpit

19/29

reqtarpit

proxy

timeout queue

server

We are here

LB related
Persistence
Basically

SNAT/RNAT
Server Protection

ACL/CS

20/29

GSLB

HAProxy ACL
Layer 4 and below

Layer 7 Content

eq 0
src/dst acl missing_cl hdr_cnt(Content-length)
method

block if HTTP_URL_STAR !METH_OPTIONS || METH_POST missing_cl

src_port/dst_port
block if METH_GET HTTP_CONTENT
req_ver

block unless METH_GET or METH_POST or METH_OPTIONS


dst_conn
path_*
To select a different backend for requests to static contents on the "www" site

nbsrv(backend)
and to every request on the "img", "video",url_*
"download" and "ftp" hosts :
url_static path_beg
Layer 4aclContent
acl url_static path_end

req_lenacl host_www

hdr_*

/static /images /img /css


.gif .png .jpg .css .js

hdr_beg(host) -i www

Pre-defined ACL

acl host_static hdr_beg(host) -i img. video. download. ftp.

HTTP_1.1

wait_end

# now use backend "static" for all static-only hosts, and for static urls

# of host "www". Use backend "www" for METH_GET


the rest.
req_ssl_ver
use_backend static if host_static or host_www url_static
use_backend www

if host_www

21/29

Content Switch (UIE/iRule/ACL)


iffrontend
(http_uripublic
ends_with .gif) {
usereqisetbe
pool image_servers
^Host:\ img
static
} url_static path_beg
acl
/static /images /img /css
else if#
(http_uri
starts_with
/foo)keyword
{
The URI
will use a specific
soon
acl url_static
path_end
.gif .png
.jpg .css
.js
use reqisetbe
pool foo_servers
^[^\ ]*\ /(img|css)/ static
acl
} host_www
-i www
reqisetbe hdr_beg(host)
^[^\ ]*\ /admin/stats
stats
else if (http_cookie(XYZ-Type) == direct) {
acl host_static hdr_beg(host) -i img. video. download. ftp.
use default_backend
pool cookie_servers
dynamic
}
else if (findstr(http_uri, ?type=, 6, &) == cgi) {
cgi_servers
#use
Thepool
static
backend backend for 'Host: img', /img and /css.
use_backend
static if host_static or host_www url_static
}backend static
else {
use_backend
www if host_www
use
pool
web_servers
backend dynamic
}

backend stats

22/29

We are here

LB related
Persistence
Basically

SNAT/RNAT
Server Protection
ACL/CS

23/29

GSLB

Illu
s

GSLB

CDN

24/29

tra

te

Performance
Keep-Alive
Compression
In-memory Cache
Server Offload
TCP Buffering

25/29

Logging
listen proxy-out
mode http
option httplog
option logasap
log global
server cache1 192.168.1.1:3128
# log the name of the virtual server
capture request header Host len 20
# log the amount of data uploaded during a POST
capture request header Content-Length len 10
# log the beginning of the referrer
capture request header Referer len 20
# server name (useful for outgoing proxies only)
capture response header Server len 20
# logging the content-length is useful with "option logasap"
capture response header Content-Length len 10
# log the expected cache behaviour on the response
capture response header Cache-Control 26/29
len 8

HTTP Header Manipulation

reqdel
reqdeny
reqpass
reqtarpit
reqsetbe
reqisetbe
reqirep
reqidel
reqideny
reqipass
reqiallow
reqitarpit
reqadd
rsp*

# remove X-Forwarded-For header and SERVER cookie


reqidel ^X-Forwarded-For:.*
reqidel ^Cookie:.*SERVER=
# refuse *.local, then allow www.*
reqideny ^Host:\ .*\.local
reqiallow ^Host:\ www\.
# refuse *.local, then allow www.*, but ignore #www.private.local"

reqipass ^Host:\ www.private\.local


reqideny ^Host:\ .*\.local
reqiallow ^Host:\ www\.
# replace "/static/" with "/" at the beginning of any request path.

reqrep ^([^\ ]*)\ /static/(.*) \1\ /\2


# replace "www.mydomain.com" with "www" in the host name.

reqirep ^Host:\ www.mydomain.com Host:\ www

27/29

HAProxy The Reliable, High Performance


TCP/HTTP Load Balancer

28/29

Bibliography

[1] HAProxy Official Site: http://haproxy.1wt.eu


[2] Willy TARREAU:

HAProxy Configuration Manual (English)

[3] Willy TARREAU:

HAProxy Architecture Guide (English)

[4] Willy TARREAU:

HAProxy Reference Manual

[5] F5 Networks:

Configuration Guide for Local Traffic Management(v9.2.2)

[6] Citrix:

THE END

NetScaler Installation and Configuration Guide - Vol. 1(2)

29/29

You might also like