• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Linux Virtual Server for Scalable Network Services
Wensong Zhang
 National Laboratory for Parallel & Distributed ProcessingChangsha, Hunan 410073, China
wensong@linuxvirtualserver.org,http://www.LinuxVirtualServer.org/ 
Abstract
This paper describes the motivation, design, internal im-plementationof Linux Virtual Server. The goal of LinuxVirtual Server is to provide a basic framework to buildhighlyscalableandhighlyavailablenetworkservicesus-ing a large cluster of commodity servers. The TCP/IPstackofLinuxkernelis extendedtosupportthreeIPloadbalancing techniques, which can make parallel servicesof different kinds of server clusters to appear as a ser-vice on a single IP address. Scalability is achieved bytransparently adding or removing a node in the cluster,and high availability is provided by detecting node ordaemon failures and reconfiguring the system appropri-ately.
1 Introduction
With the explosive growth of the Internet, Internetservers must cope with greater demands than ever. Thepotential number of clients that a server must supporthas dramatically increased, some hot sites have alreadyreceived hundreds of thousands of simultaneous clientconnections. With the increasing number of users andthe increasing workload, companies often worry abouthow their systems grow over time. Furthermore, rapidresponse and 24x7 availability are mandatory require-ments for the mission-critical business applications, assites compete for offering users the best access expe-rience. Therefore, the requirements for hardware andsoftware solution to support highly scalable and highlyavailable services can be summarized as follows:
 
Scalability
, when the load offeredto the service in-creases, system can be scaled to meet the require-ment.
 
24x7 availability
, the service as a whole must beavailable24x7,despiteoftransientpartialhardwareand software failures.
 
Manageability
, although the whole system may bephysically large, it should be easy to manage.
 
Cost-effectiveness
, the whole system must be eco-nomical to afford and expand.A single server is usually not sufficient to handle thisaggressively increasing load. The server upgrading pro-cess is complex, and the server is a single point of fail-ure. The higher end the server is upgraded to, the muchhigher cost we have to pay.Clusters of servers, connected by a fast network, areemerging as a viable architecture for building highlyscalable and highly available services. This type of looselycoupledarchitectureis morescalable, morecost-effective and more reliable than a tightly coupled mul-tiprocessor system. However, a number of challengesmust be addressed to make a cluster of servers functioneffectively for scalable network services.Linux Virtual Server [22] is our solution to the require-ments. Linux Virtual Server is a software tool that di-rects network connections to multiple servers that sharetheir workload, which can be used to build highly scal-able and highly available services. Prototypes of LinuxVirtual Server have already been used to build manysites of heavy load on the Internet, such as Linux por-tal www.linux.com, sourceforge.net and UK NationalJANET Web Cache Services.Linux Virtual Server directs network connections to thedifferent servers according to scheduling algorithms andmakes parallel services of the cluster to appear as a vir-tual service on a single IP address. Client applicationsinteract with the cluster as if it were a single server. Theclients are not affected by interaction with the clusterand do not need modification. Scalability is achieved bytransparently adding or removing a node in the cluster.High availability is provided by detecting node or dae-monfailures and reconfiguringthe system appropriately.
 
2 System Architecture Overview
Inthis sectionwepresentasystemarchitectureforbuild-ing highly scalable and highly available network ser-vices on clusters. The three-tier architecture of LVS il-lustrated in Figure 1 includes:
 
Load balancer
, is the front end to the service asseen by the outside world. The load balancer di-rects network connections from clients who knowa single IP address for services, to a set of serversthat actually perform the work.
 
Server pool
, consits of a cluster of servers that im-plement the autual services, such as web, ftp, mail,dns, and so on.
 
Backend storage
, provides the shared storage forthe servers, so that it is easy for servers to keep thesame content and provide the same services.Figure1: The3-tierArchitectureofLinuxVirtualServerThe load balancer handles incoming connections usingIP load balancing techniques, it selects servers from theserver pool, maintains the state of concurrent connec-tions and forwards packets, and all the work is per-formed inside the kernel, so that the handling overheadof the load balancer is low. Therefore, the load balancercan handle much larger number of connections than ageneral server, thus a load balancer can schedule a largenumber of servers and it will not be a bottleneck of thewhole system soon.The server nodes in the above architecture may be repli-catedforeitherscalabilityorhighavailablity. Scalabilityis achieved by transparently adding or removing a nodein the cluster. When the load to the system saturates thecapacity of existing server nodes, more server nodes canbe added to handle the increasing workload. Since thedependence of most network services is often not high,the aggregateperformanceshould scale linearly with thenumber of nodes in the system, before the load balancerbecomes a new bottleneckof the system. Since the com-modity servers are used as building blocks, the perfor-mance/cost ratio of the whole systemis as high as that of commodity servers.One of the advantages of a clustered system is that ithas hardware and software redundancy. High availabil-ity can be provided by detecting node or daemon fail-ures and reconfiguring the system appropriately so thatthe workload can be taken over by the remaining nodesin the cluster. We usually have cluster monitor dae-mons running on the load balancer to monitor the healthof server nodes, if a server node cannot be reached byICMP ping or there is no response of the service in thespecified period, the monitor will remove or disable theserver in the scheduling table of the load balancer, sothat the load balancer will not schedule new connectionsto the failed one and the failure of server nodes can bemasked.Now, the load balancer may become a single failurepoint of the whole system. In order to preventthe failureof the load balancer, we need setup a backup of the loadbalancer. Twoheartbeatdaemonsrunontheprimaryandthe backup, they heartbeat the health message throughheartbeat channels such as serial line and UDP periodi-cally. When the heartbeat daemon on the backup cannothearthehealthmessagefromtheprimaryinthespecifiedtime, it will use ARP spoofing (gratutious ARP) to takeover the virtual IP address to provide the load-balancingservice. When the primary recovers from its failure,there are two methods. One is that the primary becomesto the backup of the functioning load balancer; the otheris that the daemon receives the health message from theprimary and releases the virtual IP address, and the pri-mary will take over the virtual IP address. However, thefailover or the takeover of the primary will cause the es-tablished connection in the state table lost in the currentimplementation, which will require the clients to sendtheir requests again.
 
Thebackendstorageis usuallyprovidedbyis distributedfault-tolerant file systems, such as GFS [16], Coda [1]or Intermezzo[5]. These systems also take care of avail-ability and scalability issue of file system accesses. Theserver nodes access the distributed file system like a lo-cal file system. However, multiple identical applicationsrunning on different server nodes may access a sharedresource concurrently, any conflitcing action by the ap-plications must be reconciled so that the resource re-mains in a consistent state. Thus, there needs a dis-tributedlockmanager(internalofthedistributedfilesys-tem or external)so that applicationdeveloperscaneasilyprogram to coordinate concurrent access of applicationsrunning on different nodes.
3 IP Load Balancing Techniques
Since the IP load balancing techniques have good scal-ability, we patch the Linux kernel (2.0 and 2.2) tosupport three IP load balancing techniques, LVS/NAT,LVS/TUN and LVS/DR. The box running Linux Vir-tual Serveract as a load balancerof networkconnectionsfrom clients who know a single IP address for a service,to a set of serversthat actually performthe work. Ingen-eral, real servers are idential, they run the same serviceand they have the same set of contents. The contentsare either replicated on each server’s local disk, sharedon a network file system, or served by a distributed filesystem. We call data communication between a client’ssocket and a server’s socket
connection
, no matter ittalks TCP or UDP protocol. The following subsectionsdescribe the working principles of three techniques andtheir advantages and disadvantages.
3.1 Linux Virtual Server via NAT
Due to the shortage of IP address in IPv4 and some se-curity reasons, more and more networks use private IPaddresses which cannot be used on the Internet. Theneed for network address translation arises when hostsin internal networks want to access or to be accessed onthe Internet. Network address translation relies on thefact that the headers of packets can be adjusted appro-priately so that clients believe they are contacting one IPaddress, butserversat differentIP addresses believetheyare contacted directly by the clients. This feature can beused to build a virtual server, i.e. parallel services at thedifferent IP addresses can appear as a virtual service ona single IP address.Figure 2: Architecture of LVS/NATThe architecture of Linux Virtual Server via NAT is il-lustrated in Figure 2. The load balancer and real serversareinterconnectedbya switchorahub. Theworkflowof LVS/NAT is as follows: When a user accesses a virtualservice provided by the server cluster, a request packetdestined for virtual IP address (the IP address to acceptrequests for virtual service) arrives at the load balancer.The load balancer examines the packet’s destination ad-dress and port number, if they are matched for a virtualservice according to the virtual server rule table, a realserver is selected from the cluster by a scheduling algo-rithm, and the connection is added into the hash tablewhich records connections. Then, the destination ad-dress and the port of the packet are rewritten to those of the selected server, and the packet is forwarded to theserver. When an incoming packet belongs to an estab-lished connection, the connection can be found in thehashtableandthepacketwillberewrittenandforwardedto the right server. When response packets come back,the load balancer rewrites the source address and portof the packets to those of the virtual service. When aconnectionterminatesortimeouts,theconnectionrecordwill be removed in the hash table.
3.2 Linux Virtual Server via IP Tunneling
IP tunneling (IP encapsulation) is a technique to encap-sulate IP datagram within IP datagram, which allowsdatagramsdestinedforoneIP addressto bewrappedandredirected to another IP address. This technique can beused to build a virtual server that the load balancer tun-
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...