Here are some basics of linux virtual Server
This is only for a start
1 LVS Basics
This section will cover the basics of how LVS works. How to obtain and install LVS, and how
to configure for its main modes of operation. In short it will cover how to set up LVS to load
balance TCP and UDP services.
Terminology
Linux Director: Host with Linux and LVS installed which receives packets from end users and
forwards them to real servers.
End User: Host that originates a connection.
Real Server: Host that terminates a connection. This will be running some sort of daemon
such as Apache.
A single host may be act in more than one of the above roles at the same time.
Virtual IP Address (VIP): The IP address assigned to a service that a Linux Director will
handle.
Real IP Address (RIP): The IP address of a Real Server.
Layer 4 Switching
Figure 1: LVS NAT
Layer 4 Switching works by multiplexing incoming TCP/IP connections and UDP/IP datagrams
to real servers. Packets are received by a Linux Director and a decision is made as to which
real server to foward the packet to. Once this decision is made subsequent packets to for the
same connection will be sent to the same real server. Thus, the integrity of the connection is
maintained.
2
Forwarding Packets
The Linux Virtual Server has three different ways of forwarding packets; network address
translation (NAT), IP-IP encapsulation (tunnelling) and direct routing.
• Network Address Translation (NAT): A method of manipulating the source and/or destination
port and/or address of a packet. The most common use of this is IP masquerading
which is often used to enable RFC 1918[2] private networks to access the Internet. In
the context of layer 4 switching, packets are received from end users and the destination
port and IP address are changed to that of the chosen real server. Return packets pass
through the linux director at which time the mapping is undone so the end user sees
replies from the expected source.
• Direct Routing: Packets from end users are forwarded directly to the real server. The IP
packet is not modified, so the real servers must be configured to accept traffic for the
virtual server’s IP address. This can be done using a dummy interface or packet filtering
to redirect traffic addressed to the virtual server’s IP address to a local port. The real
server may send replies directly back to the end user. Thus, the linux director does not
need to be in the return path.
• IP-IP Encapsulation (Tunnelling): Allows packets addressed to an IP address to be
redirected to another address, possibly on a different network. In the context of layer 4
switching the behaviour is very similar to that of direct routing, except that when packets
are forwarded they are encapsulated in an IP packet, rather than just manipulating the
ethernet frame. The main advantage of using tunnelling is that real servers can be on
a different networks.
Internet
1
3
2
End User
Real Servers
|