Mastering IPVS: A Deep Dive into Linux Load Balancing and Scheduling Algorithms

Concept

ipvs (IP Virtual Server) implements transport‑layer (layer‑4) load balancing on a LAN as part of the Linux kernel. It runs on the host in front of a real‑server cluster, forwarding TCP and UDP service requests to the back‑end servers and presenting them as a virtual service on a single IP address.

ipvs vs. iptables

kube‑proxy supports both iptables and ipvs modes. ipvs mode was introduced in Kubernetes v1.8 (beta in v1.9, GA in v1.11), while iptables has been the default since v1.2. Both rely on netfilter. Key differences include:

ipvs provides better scalability and performance for large clusters.

ipvs supports more complex scheduling algorithms (least load, least connections, weighted, etc.).

ipvs offers server health checks and connection retry features.

ipvs depends on iptables

ipvs uses iptables for packet filtering, SNAT, and masquerading. Specifically, ipvs stores addresses that need to be DROP or MASQUERADE in an ipset, keeping the number of iptables rules constant regardless of how many services exist.

LVS scheduling algorithms

1. Round‑Robin (rr) The simplest algorithm, distributing requests cyclically across servers, assuming equal processing capacity.

2. Weighted Round‑Robin (wrr) Adds a weight (0‑100) to each real server; higher weight receives proportionally more requests.

3. Least Connections (lc) Selects the server with the fewest active connections.

4. Weighted Least Connections (wlc) Combines least‑connections with server weights.

5. Locality‑Based Least Connections (lblc) Chooses the nearest server to the destination IP that is still available.

6. Locality‑Based Least Connections with Replication (lblcr) Maintains a mapping of destination IP to a set of servers to avoid single‑point overload.

7. Destination Hash (dh) Hashes the destination IP to map it to a specific server; the mapping persists unless the server becomes unavailable.

8. Source Hash (sh) Similar to destination hash but based on the source IP, providing a static server assignment.

ipvsadm parameters

添加虚拟服务器
    语法: ipvsadm -A [-t|u|f] [vip_addr:port] [-s:指定算法]
    -A: 添加
    -t: TCP协议
    -u: UDP协议
    -f: 防火墙标记
    -D: 删除虚拟服务器记录
    -E: 修改虚拟服务器记录
    -C: 清空所有记录
    -L: 查看
添加后端 RealServer
    语法: ipvsadm -a [-t|u|f] [vip_addr:port] -r ip_addr [-g|i|m] [-w 指定权重]
    -a: 添加
    -t: TCP协议
    -u: UDP协议
    -f: 防火墙标记
    -r: 指定后端 realserver 的 IP
    -g: DR 模式
    -i: TUN 模式
    -m: NAT 模式
    -w: 指定权重
    -d: 删除 realserver 记录
    -e: 修改 realserver 记录
    -l: 查看
通用:
    ipvsadm -ln: 查看规则
    service ipvsadm save: 保存规则

Load balancer side

安装 LVS
    yum -y install ipvsadm
    ipvsadm
添加绑定 VIP
    ip addr add 192.168.0.89/24 dev eth0 label eth0:1
配置 LVS‑DR 模式
    ipvsadm -A -t 192.168.0.89:80 -s rr   # 创建 DR 并使用 rr 调度
    ipvsadm -a -t 192.168.0.89:80 -r 192.168.0.93 -g   # 添加第一个 RealServer
    ipvsadm -a -t 192.168.0.89:80 -r 192.168.0.94 -g   # 添加第二个 RealServer

Real‑Server side

# 配置测试后端 realserver（httpd 配置略）
curl 192.168.0.93   # 测试 realserver‑1 是否正常
curl 192.168.0.94   # 测试 realserver‑2 是否正常
# 为 DR 模式绑定 VIP 到 lo 接口
ip addr add 192.168.0.89/32 dev lo label lo:1
# 抑制 ARP
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore

Client test

# 从客户端访问 VIP
curl 192.168.0.89   # 返回 192.168.0.93
curl 192.168.0.89   # 返回 192.168.0.94

Source: https://www.cnblogs.com/hongdada/p/9758939.html (© original author)