SlideShare a Scribd company logo

Scale to 80K TPS with LVS, HAProxy Load Balancing

Download as PPTX, PDF
S
Shrey Agarwal

This PPT is 60 days research on Software loadbalancing tech at scale.

Technology
1 of 19
LOAD IN-DEPTH STUDY TO SCALE @ 80K TPS
REFERENCING 13 YEAR OLD ARTICLE ON LOAD BALANCING WILLY TARREAU : HAPROXY ▸Creator of Haproxy ▸wtarreau.blogspot.com/2006/11/making-applications- scalable-with-load.html ▸The PPT structure is based on the article.
CATEGORIES AND EVALUATION CRITERIA ▸DNS Based ▸Layer 3/4 Based ▸Layer 7 Based ▸Hybrid ▸Hardware and Software L4 Routing/Non- Proxying ▸High Availability ( HA ) : Unaffected service during any predefined number of simultaneous failures ▸Balancing strategies : Round robin, least connection, weighted . ▸Health Checks ▸Extensibility : C/Lua Lib support ▸Monitoring
DNS BASED DNS BASED ▸Multiple IPs : Round Robin ▸No Concept of HA, Monitoring, health checks ▸Health Checks, Routing policies are available via custom solutions E.g. Route53
LAYER 3/4 LOAD BALANCING ▸Hardware Based LBs mostly. ▸Software Based User Space Proxy based LBs examples are Haproxy and Nginx ▸Benchmark : 64 core , 256 Gb Ram Bare Metal Machine could do a 20K TPS with keep-alive off and 100ms backend latency.
HAPROXY LAYER 4 ▸Config and Extensibility ▸Can be extended Via LUA global … nbproc 32 cpu-map 1/all 0-32 stats socket <path>/stats # turn on stats unix socket # tunings tune.ssl.default-dh-param 2048 defaults # timeouts. More than 10 types timeout queue 1m maxconn 200000 listen stats # Define a listen section called "stats" bind :9000 , mode http stats enable # Enable stats page frontend main bind *:80 mode tcp option tcplog default_backend nginx_lb backend nginx_lb mode tcp balance roundrobin server server1 10.0.0.1:443 check server server2 10.0.0.2:443 check
HAPROXY MONITORING ▸Stats Page ▸Socket Output for detailed monitoring having more than 60 params in CSV
LAYER 7 LOAD BALANCING ▸Hardware based Lb are from Vendors like F5 ▸Protocol rigidness ▸Software Based : Nginx and HaProxy are popular ones. ▸a 64 core , 256 Gb Ram Bare Metal Machine could do a 18K TPS with keep-alive off and 100ms backend latency
ROUTING L4 ▸Hardware routers issues are out of scope here. ▸Not easily horizontally scalable ▸Routing scales , less than half resources are required than proxying.
TYPES OF ROUTING ▸Natting : Works like proxy , both incoming and outgoing traffic goes through it. ▸Direct Route : Spoof MAC address and send it back. ▸IP Tunneling : Looks like Direct Route but scales across different DCs
LVS LVS ▸LVS : Linux Virtual server , 20 years old, both Layer 4 and 7 ▸IPVS : IP Virtual Server, merged in Kernel 2.4 ▸KTCPVS : App LB , in dev for last 8 years. ▸Runs in Kernel Space ▸No dart copy in User Space ▸Managed NOT by config but by System Calls :(
LVS IMPLEMENTATION STEPS # SETUP LVS $ yum -y install ipvsadm $ touch /etc/sysconfig/ipvsadm $ systemctl start ipvsadm && systemctl enable ipvsadm $ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf # CONFIGURE LVS $ ipvsadm -C # clear tables # add virtual service [ ipvsadm -A -t (Service IP:Port) -s (Distribution method) ] $ ipvsadm -A -t 10.0.0.0:80 -s wlc # ADD BACKEND SERVERS [ ipvsadm -a -t (Service IP:Port) -r (Real Server's IP:Port) -i ] $ ipvsadm -a -t 10.143.45.105:80 -r 10.0.0.1 -i # confirm tables $ ipvsadm -ln # ON REAL SERVERS $ ip addr add <VIP>/32 dev tunl0 brd <VIP> $ ip link set tunl0 up arp off # TURN RP FILTER OFF ( later ) ‣ LVS Server Setup on Director ‣ Service Setup ‣ Configure LVS ‣ Real Server Setup
CAVEATS PART 1 ▸CPU Affinity of Interrupts ▸Kernel tries to load balance IRQ ( Interrupt Request Line ) across cores. ▸irqbalance service is responsible. ▸cat /proc/interrupts will help see which core will max out. ▸Balance (1) : echo fff > /sys/class/net/eth0/queues/rx-0/rps_cpus ▸Balance (2) : echo 'fff' > /proc/irq/14/smp_affinity ▸Balance (3) : echo '0-3' > /proc/irq/28/smp_affinity_list
CAVEATS PART 2 ▸RP Filter : To Avoid Spoofing and DDOS ▸Kernel checks whether the source of the received packet is reachable through the route it came in. ▸To Disable : net.ipv4.conf.tun.rp_filter = 0 in /etc/sysctl.conf ( and sysctl -p ) ▸Source : https://www.slashroot.in/linux-kernel-rpfilter- settings-reverse-path-filtering
LVS MONITORING AND MANAGEMENT ▸No Logs in user Space ▸3 types of logs ▸Rate Stats : Connection per Host, Bytes, packets transfer per host ▸Cumulative Stats : Rate stats collected forever. ▸Full Tuple of Connections : Source IP, Source Port, Dest IP, Dest Port, State. ▸ipvsadm —list —numeric /—connection /—stats /—rate ▸No concept of HealthChecks ( Use Consul Template ), extensibility.
FINAL
FINAL TEST ▸75 - 80K TPS ▸~20-25K Active connections ▸100ms mocked latency ▸Load generation by GOR ▸Real Servers : Nginx
NOT COVERING THESE ▸LVS Connection synchronisation with Passive server. ▸Multiple IPIP Tunnel model for Advanced HA ▸Security with IPTABLES ▸Packet Routing Details with MAC spoofing. ▸Specs and Decision of Bare Metal machines for PT ▸Consul Template Management of LVS ▸Layer 7 LB config of Haproxy and Nginx.
THANK YOU | REFERENCES ▸http://wtarreau.blogspot.com/2006/11/making-applications-scalable-with-load.html ▸https://opensourceforu.com/2009/05/balancing-traffic-across-data-centres-using-lvs/ ▸http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-Tun.html ▸https://linux.die.net/man/8/ipvsadm ▸https://serverfault.com/questions/723786/udp-packets-seen-on-interface-level-but- not-delivered-to-application-on-redhat ▸https://serverfault.com/questions/163244/linux-kernel-not-passing-through-multicast- udp-packets

Recommended

LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OpenvSwitch
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to HaproxyShaopeng He
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxShihta Kuan
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OpenvSwitch
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 

Recommended

LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OpenvSwitch
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to HaproxyShaopeng He
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxShihta Kuan
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OpenvSwitch
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
Ovs perf
Ovs perfOvs perf
Ovs perfMadhu c
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performanceStephen Hemminger
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OpenvSwitch
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsrranjithrajaram
 
Geneve
GeneveGeneve
GeneveMadhu c
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersJim St. Leger
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUTRedge Technologies
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とかkotto_hihihi
 
Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSShrey Agarwal
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisAnkit Singhal
 

More Related Content

What's hot

LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
Ovs perf
Ovs perfOvs perf
Ovs perfMadhu c
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OpenvSwitch
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsrranjithrajaram
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersJim St. Leger
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とかkotto_hihihi
 

What's hot (20)

LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
 
Ovs perf
Ovs perfOvs perf
Ovs perf
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvr
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleet
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pc
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 
Geneve
GeneveGeneve
Geneve
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al Sanders
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUT
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とか
 

Similar to Scale to 80K TPS with LVS, HAProxy Load Balancing

Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSShrey Agarwal
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisAnkit Singhal
 
Openstack HA
Openstack HAOpenstack HA
Openstack HAYong Luo
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisDataWorks Summit
 
Web Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPWeb Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPAbhishek Singh
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfskJuraj Hantak
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerNopparat Nopkuat
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3David Pasek
 
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdfJunZhao68
 
Open stack ha design & deployment kilo
Open stack ha design & deployment kiloOpen stack ha design & deployment kilo
Open stack ha design & deployment kiloSteven Li
 
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsMake stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsWeaveworks
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesLogan Best
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedredhat9
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3SJakub Hajek
 
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Community
 

Similar to Scale to 80K TPS with LVS, HAProxy Load Balancing (20)

Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPS
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
 
Openstack HA
Openstack HAOpenstack HA
Openstack HA
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
 
Web Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPWeb Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMP
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload Scheduler
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
 
Postgres clusters
Postgres clustersPostgres clusters
Postgres clusters
 
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
 
Open stack ha design & deployment kilo
Open stack ha design & deployment kiloOpen stack ha design & deployment kilo
Open stack ha design & deployment kilo
 
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsMake stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3S
 
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
 

Recently uploaded

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Scale to 80K TPS with LVS, HAProxy Load Balancing

  • 1. LOAD IN-DEPTH STUDY TO SCALE @ 80K TPS
  • 2. REFERENCING 13 YEAR OLD ARTICLE ON LOAD BALANCING WILLY TARREAU : HAPROXY ▸Creator of Haproxy ▸wtarreau.blogspot.com/2006/11/making-applications- scalable-with-load.html ▸The PPT structure is based on the article.
  • 3. CATEGORIES AND EVALUATION CRITERIA ▸DNS Based ▸Layer 3/4 Based ▸Layer 7 Based ▸Hybrid ▸Hardware and Software L4 Routing/Non- Proxying ▸High Availability ( HA ) : Unaffected service during any predefined number of simultaneous failures ▸Balancing strategies : Round robin, least connection, weighted . ▸Health Checks ▸Extensibility : C/Lua Lib support ▸Monitoring
  • 4. DNS BASED DNS BASED ▸Multiple IPs : Round Robin ▸No Concept of HA, Monitoring, health checks ▸Health Checks, Routing policies are available via custom solutions E.g. Route53
  • 5. LAYER 3/4 LOAD BALANCING ▸Hardware Based LBs mostly. ▸Software Based User Space Proxy based LBs examples are Haproxy and Nginx ▸Benchmark : 64 core , 256 Gb Ram Bare Metal Machine could do a 20K TPS with keep-alive off and 100ms backend latency.
  • 6. HAPROXY LAYER 4 ▸Config and Extensibility ▸Can be extended Via LUA global … nbproc 32 cpu-map 1/all 0-32 stats socket <path>/stats # turn on stats unix socket # tunings tune.ssl.default-dh-param 2048 defaults # timeouts. More than 10 types timeout queue 1m maxconn 200000 listen stats # Define a listen section called "stats" bind :9000 , mode http stats enable # Enable stats page frontend main bind *:80 mode tcp option tcplog default_backend nginx_lb backend nginx_lb mode tcp balance roundrobin server server1 10.0.0.1:443 check server server2 10.0.0.2:443 check
  • 7. HAPROXY MONITORING ▸Stats Page ▸Socket Output for detailed monitoring having more than 60 params in CSV
  • 8. LAYER 7 LOAD BALANCING ▸Hardware based Lb are from Vendors like F5 ▸Protocol rigidness ▸Software Based : Nginx and HaProxy are popular ones. ▸a 64 core , 256 Gb Ram Bare Metal Machine could do a 18K TPS with keep-alive off and 100ms backend latency
  • 9. ROUTING L4 ▸Hardware routers issues are out of scope here. ▸Not easily horizontally scalable ▸Routing scales , less than half resources are required than proxying.
  • 10. TYPES OF ROUTING ▸Natting : Works like proxy , both incoming and outgoing traffic goes through it. ▸Direct Route : Spoof MAC address and send it back. ▸IP Tunneling : Looks like Direct Route but scales across different DCs
  • 11. LVS LVS ▸LVS : Linux Virtual server , 20 years old, both Layer 4 and 7 ▸IPVS : IP Virtual Server, merged in Kernel 2.4 ▸KTCPVS : App LB , in dev for last 8 years. ▸Runs in Kernel Space ▸No dart copy in User Space ▸Managed NOT by config but by System Calls :(
  • 12. LVS IMPLEMENTATION STEPS # SETUP LVS $ yum -y install ipvsadm $ touch /etc/sysconfig/ipvsadm $ systemctl start ipvsadm && systemctl enable ipvsadm $ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf # CONFIGURE LVS $ ipvsadm -C # clear tables # add virtual service [ ipvsadm -A -t (Service IP:Port) -s (Distribution method) ] $ ipvsadm -A -t 10.0.0.0:80 -s wlc # ADD BACKEND SERVERS [ ipvsadm -a -t (Service IP:Port) -r (Real Server's IP:Port) -i ] $ ipvsadm -a -t 10.143.45.105:80 -r 10.0.0.1 -i # confirm tables $ ipvsadm -ln # ON REAL SERVERS $ ip addr add <VIP>/32 dev tunl0 brd <VIP> $ ip link set tunl0 up arp off # TURN RP FILTER OFF ( later ) ‣ LVS Server Setup on Director ‣ Service Setup ‣ Configure LVS ‣ Real Server Setup
  • 13. CAVEATS PART 1 ▸CPU Affinity of Interrupts ▸Kernel tries to load balance IRQ ( Interrupt Request Line ) across cores. ▸irqbalance service is responsible. ▸cat /proc/interrupts will help see which core will max out. ▸Balance (1) : echo fff > /sys/class/net/eth0/queues/rx-0/rps_cpus ▸Balance (2) : echo 'fff' > /proc/irq/14/smp_affinity ▸Balance (3) : echo '0-3' > /proc/irq/28/smp_affinity_list
  • 14. CAVEATS PART 2 ▸RP Filter : To Avoid Spoofing and DDOS ▸Kernel checks whether the source of the received packet is reachable through the route it came in. ▸To Disable : net.ipv4.conf.tun.rp_filter = 0 in /etc/sysctl.conf ( and sysctl -p ) ▸Source : https://www.slashroot.in/linux-kernel-rpfilter- settings-reverse-path-filtering
  • 15. LVS MONITORING AND MANAGEMENT ▸No Logs in user Space ▸3 types of logs ▸Rate Stats : Connection per Host, Bytes, packets transfer per host ▸Cumulative Stats : Rate stats collected forever. ▸Full Tuple of Connections : Source IP, Source Port, Dest IP, Dest Port, State. ▸ipvsadm —list —numeric /—connection /—stats /—rate ▸No concept of HealthChecks ( Use Consul Template ), extensibility.
  • 16. FINAL
  • 17. FINAL TEST ▸75 - 80K TPS ▸~20-25K Active connections ▸100ms mocked latency ▸Load generation by GOR ▸Real Servers : Nginx
  • 18. NOT COVERING THESE ▸LVS Connection synchronisation with Passive server. ▸Multiple IPIP Tunnel model for Advanced HA ▸Security with IPTABLES ▸Packet Routing Details with MAC spoofing. ▸Specs and Decision of Bare Metal machines for PT ▸Consul Template Management of LVS ▸Layer 7 LB config of Haproxy and Nginx.
  • 19. THANK YOU | REFERENCES ▸http://wtarreau.blogspot.com/2006/11/making-applications-scalable-with-load.html ▸https://opensourceforu.com/2009/05/balancing-traffic-across-data-centres-using-lvs/ ▸http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-Tun.html ▸https://linux.die.net/man/8/ipvsadm ▸https://serverfault.com/questions/723786/udp-packets-seen-on-interface-level-but- not-delivered-to-application-on-redhat ▸https://serverfault.com/questions/163244/linux-kernel-not-passing-through-multicast- udp-packets