SlideShare a Scribd company logo

Scale to 80K TPS with LVS, HAProxy Load Balancing

Download as PPTX, PDF
S
Shrey Agarwal

This PPT is 60 days research on Software loadbalancing tech at scale.

Technology
1 of 19
LOAD IN-DEPTH STUDY TO SCALE @ 80K TPS
REFERENCING 13 YEAR OLD ARTICLE ON LOAD BALANCING WILLY TARREAU : HAPROXY ▸Creator of Haproxy ▸wtarreau.blogspot.com/2006/11/making-applications- scalable-with-load.html ▸The PPT structure is based on the article.
CATEGORIES AND EVALUATION CRITERIA ▸DNS Based ▸Layer 3/4 Based ▸Layer 7 Based ▸Hybrid ▸Hardware and Software L4 Routing/Non- Proxying ▸High Availability ( HA ) : Unaffected service during any predefined number of simultaneous failures ▸Balancing strategies : Round robin, least connection, weighted . ▸Health Checks ▸Extensibility : C/Lua Lib support ▸Monitoring
DNS BASED DNS BASED ▸Multiple IPs : Round Robin ▸No Concept of HA, Monitoring, health checks ▸Health Checks, Routing policies are available via custom solutions E.g. Route53
LAYER 3/4 LOAD BALANCING ▸Hardware Based LBs mostly. ▸Software Based User Space Proxy based LBs examples are Haproxy and Nginx ▸Benchmark : 64 core , 256 Gb Ram Bare Metal Machine could do a 20K TPS with keep-alive off and 100ms backend latency.
HAPROXY LAYER 4 ▸Config and Extensibility ▸Can be extended Via LUA global … nbproc 32 cpu-map 1/all 0-32 stats socket <path>/stats # turn on stats unix socket # tunings tune.ssl.default-dh-param 2048 defaults # timeouts. More than 10 types timeout queue 1m maxconn 200000 listen stats # Define a listen section called "stats" bind :9000 , mode http stats enable # Enable stats page frontend main bind *:80 mode tcp option tcplog default_backend nginx_lb backend nginx_lb mode tcp balance roundrobin server server1 10.0.0.1:443 check server server2 10.0.0.2:443 check
HAPROXY MONITORING ▸Stats Page ▸Socket Output for detailed monitoring having more than 60 params in CSV
LAYER 7 LOAD BALANCING ▸Hardware based Lb are from Vendors like F5 ▸Protocol rigidness ▸Software Based : Nginx and HaProxy are popular ones. ▸a 64 core , 256 Gb Ram Bare Metal Machine could do a 18K TPS with keep-alive off and 100ms backend latency
ROUTING L4 ▸Hardware routers issues are out of scope here. ▸Not easily horizontally scalable ▸Routing scales , less than half resources are required than proxying.
TYPES OF ROUTING ▸Natting : Works like proxy , both incoming and outgoing traffic goes through it. ▸Direct Route : Spoof MAC address and send it back. ▸IP Tunneling : Looks like Direct Route but scales across different DCs
LVS LVS ▸LVS : Linux Virtual server , 20 years old, both Layer 4 and 7 ▸IPVS : IP Virtual Server, merged in Kernel 2.4 ▸KTCPVS : App LB , in dev for last 8 years. ▸Runs in Kernel Space ▸No dart copy in User Space ▸Managed NOT by config but by System Calls :(
LVS IMPLEMENTATION STEPS # SETUP LVS $ yum -y install ipvsadm $ touch /etc/sysconfig/ipvsadm $ systemctl start ipvsadm && systemctl enable ipvsadm $ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf # CONFIGURE LVS $ ipvsadm -C # clear tables # add virtual service [ ipvsadm -A -t (Service IP:Port) -s (Distribution method) ] $ ipvsadm -A -t 10.0.0.0:80 -s wlc # ADD BACKEND SERVERS [ ipvsadm -a -t (Service IP:Port) -r (Real Server's IP:Port) -i ] $ ipvsadm -a -t 10.143.45.105:80 -r 10.0.0.1 -i # confirm tables $ ipvsadm -ln # ON REAL SERVERS $ ip addr add <VIP>/32 dev tunl0 brd <VIP> $ ip link set tunl0 up arp off # TURN RP FILTER OFF ( later ) ‣ LVS Server Setup on Director ‣ Service Setup ‣ Configure LVS ‣ Real Server Setup
CAVEATS PART 1 ▸CPU Affinity of Interrupts ▸Kernel tries to load balance IRQ ( Interrupt Request Line ) across cores. ▸irqbalance service is responsible. ▸cat /proc/interrupts will help see which core will max out. ▸Balance (1) : echo fff > /sys/class/net/eth0/queues/rx-0/rps_cpus ▸Balance (2) : echo 'fff' > /proc/irq/14/smp_affinity ▸Balance (3) : echo '0-3' > /proc/irq/28/smp_affinity_list
CAVEATS PART 2 ▸RP Filter : To Avoid Spoofing and DDOS ▸Kernel checks whether the source of the received packet is reachable through the route it came in. ▸To Disable : net.ipv4.conf.tun.rp_filter = 0 in /etc/sysctl.conf ( and sysctl -p ) ▸Source : https://www.slashroot.in/linux-kernel-rpfilter- settings-reverse-path-filtering
LVS MONITORING AND MANAGEMENT ▸No Logs in user Space ▸3 types of logs ▸Rate Stats : Connection per Host, Bytes, packets transfer per host ▸Cumulative Stats : Rate stats collected forever. ▸Full Tuple of Connections : Source IP, Source Port, Dest IP, Dest Port, State. ▸ipvsadm —list —numeric /—connection /—stats /—rate ▸No concept of HealthChecks ( Use Consul Template ), extensibility.
FINAL
FINAL TEST ▸75 - 80K TPS ▸~20-25K Active connections ▸100ms mocked latency ▸Load generation by GOR ▸Real Servers : Nginx
NOT COVERING THESE ▸LVS Connection synchronisation with Passive server. ▸Multiple IPIP Tunnel model for Advanced HA ▸Security with IPTABLES ▸Packet Routing Details with MAC spoofing. ▸Specs and Decision of Bare Metal machines for PT ▸Consul Template Management of LVS ▸Layer 7 LB config of Haproxy and Nginx.
THANK YOU | REFERENCES ▸http://wtarreau.blogspot.com/2006/11/making-applications-scalable-with-load.html ▸https://opensourceforu.com/2009/05/balancing-traffic-across-data-centres-using-lvs/ ▸http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-Tun.html ▸https://linux.die.net/man/8/ipvsadm ▸https://serverfault.com/questions/723786/udp-packets-seen-on-interface-level-but- not-delivered-to-application-on-redhat ▸https://serverfault.com/questions/163244/linux-kernel-not-passing-through-multicast- udp-packets

Recommended

LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OpenvSwitch
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to HaproxyShaopeng He
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxShihta Kuan
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OpenvSwitch
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 

Recommended

LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OVS_17_OVS Performance on Steroids - Hardware Acceleration Methodologies
LF_OVS_17_OVS Performance on Steroids - Hardware Acceleration MethodologiesLF_OpenvSwitch
 
Introduction to Haproxy
Introduction to HaproxyIntroduction to Haproxy
Introduction to HaproxyShaopeng He
 
COSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxCOSCUP 2019 - CDN in an Edge Box
COSCUP 2019 - CDN in an Edge BoxShihta Kuan
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OpenvSwitch
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OpenvSwitch
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformRedge Technologies
 
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
Ovs perf
Ovs perfOvs perf
Ovs perfMadhu c
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performanceStephen Hemminger
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OpenvSwitch
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsrranjithrajaram
 
Geneve
GeneveGeneve
GeneveMadhu c
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersJim St. Leger
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUTRedge Technologies
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とかkotto_hihihi
 
Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSShrey Agarwal
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisAnkit Singhal
 

More Related Content

What's hot

LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OpenvSwitch
 
Ovs perf
Ovs perfOvs perf
Ovs perfMadhu c
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OpenvSwitch
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKOPNFV
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerNetronome
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrSim Janghoon
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW OffloadsNetronome
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsrranjithrajaram
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersJim St. Leger
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とかkotto_hihihi
 

What's hot (20)

LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
LF_OVS_17_OVS-DPDK: Embracing your NUMA nodes.
 
Ovs perf
Ovs perfOvs perf
Ovs perf
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
 
Accelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDKAccelerate Service Function Chaining Vertical Solution with DPDK
Accelerate Service Function Chaining Vertical Solution with DPDK
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
 
OpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvrOpenStack networking juno l3 h-a, dvr
OpenStack networking juno l3 h-a, dvr
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleet
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pc
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 
Geneve
GeneveGeneve
Geneve
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al Sanders
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUT
 
Openv switchの使い方とか
Openv switchの使い方とかOpenv switchの使い方とか
Openv switchの使い方とか
 

Similar to Scale to 80K TPS with LVS, HAProxy Load Balancing

Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSShrey Agarwal
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisAnkit Singhal
 
Openstack HA
Openstack HAOpenstack HA
Openstack HAYong Luo
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisDataWorks Summit
 
Web Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPWeb Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPAbhishek Singh
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesSagi Brody
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfskJuraj Hantak
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerNopparat Nopkuat
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3David Pasek
 
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdfJunZhao68
 
Open stack ha design & deployment kilo
Open stack ha design & deployment kiloOpen stack ha design & deployment kilo
Open stack ha design & deployment kiloSteven Li
 
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsMake stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsWeaveworks
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesLogan Best
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedredhat9
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3SJakub Hajek
 
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Community
 

Similar to Scale to 80K TPS with LVS, HAProxy Load Balancing (20)

Loadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPSLoadbalancing In-depth study for scale @ 80K TPS
Loadbalancing In-depth study for scale @ 80K TPS
 
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache RatisNoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
NoSql day 2019 - Floating on a Raft - Apache HBase durability with Apache Ratis
 
Openstack HA
Openstack HAOpenstack HA
Openstack HA
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
 
Web Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMPWeb Server Clustering - OSSCAMP
Web Server Clustering - OSSCAMP
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload Scheduler
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
 
Postgres clusters
Postgres clustersPostgres clusters
Postgres clusters
 
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
20160927-tierney-improving-performance-40G-100G-data-transfer-nodes.pdf
 
Open stack ha design & deployment kilo
Open stack ha design & deployment kiloOpen stack ha design & deployment kilo
Open stack ha design & deployment kilo
 
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOpsMake stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
Make stateful apps in Kubernetes a no brainer with Pure Storage and GitOps
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Multi-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3S
 
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store Ceph Day Beijing: Big Data Analytics on Ceph Object Store
Ceph Day Beijing: Big Data Analytics on Ceph Object Store
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Scale to 80K TPS with LVS, HAProxy Load Balancing

  • 1. LOAD IN-DEPTH STUDY TO SCALE @ 80K TPS
  • 2. REFERENCING 13 YEAR OLD ARTICLE ON LOAD BALANCING WILLY TARREAU : HAPROXY ▸Creator of Haproxy ▸wtarreau.blogspot.com/2006/11/making-applications- scalable-with-load.html ▸The PPT structure is based on the article.
  • 3. CATEGORIES AND EVALUATION CRITERIA ▸DNS Based ▸Layer 3/4 Based ▸Layer 7 Based ▸Hybrid ▸Hardware and Software L4 Routing/Non- Proxying ▸High Availability ( HA ) : Unaffected service during any predefined number of simultaneous failures ▸Balancing strategies : Round robin, least connection, weighted . ▸Health Checks ▸Extensibility : C/Lua Lib support ▸Monitoring
  • 4. DNS BASED DNS BASED ▸Multiple IPs : Round Robin ▸No Concept of HA, Monitoring, health checks ▸Health Checks, Routing policies are available via custom solutions E.g. Route53
  • 5. LAYER 3/4 LOAD BALANCING ▸Hardware Based LBs mostly. ▸Software Based User Space Proxy based LBs examples are Haproxy and Nginx ▸Benchmark : 64 core , 256 Gb Ram Bare Metal Machine could do a 20K TPS with keep-alive off and 100ms backend latency.
  • 6. HAPROXY LAYER 4 ▸Config and Extensibility ▸Can be extended Via LUA global … nbproc 32 cpu-map 1/all 0-32 stats socket <path>/stats # turn on stats unix socket # tunings tune.ssl.default-dh-param 2048 defaults # timeouts. More than 10 types timeout queue 1m maxconn 200000 listen stats # Define a listen section called "stats" bind :9000 , mode http stats enable # Enable stats page frontend main bind *:80 mode tcp option tcplog default_backend nginx_lb backend nginx_lb mode tcp balance roundrobin server server1 10.0.0.1:443 check server server2 10.0.0.2:443 check
  • 7. HAPROXY MONITORING ▸Stats Page ▸Socket Output for detailed monitoring having more than 60 params in CSV
  • 8. LAYER 7 LOAD BALANCING ▸Hardware based Lb are from Vendors like F5 ▸Protocol rigidness ▸Software Based : Nginx and HaProxy are popular ones. ▸a 64 core , 256 Gb Ram Bare Metal Machine could do a 18K TPS with keep-alive off and 100ms backend latency
  • 9. ROUTING L4 ▸Hardware routers issues are out of scope here. ▸Not easily horizontally scalable ▸Routing scales , less than half resources are required than proxying.
  • 10. TYPES OF ROUTING ▸Natting : Works like proxy , both incoming and outgoing traffic goes through it. ▸Direct Route : Spoof MAC address and send it back. ▸IP Tunneling : Looks like Direct Route but scales across different DCs
  • 11. LVS LVS ▸LVS : Linux Virtual server , 20 years old, both Layer 4 and 7 ▸IPVS : IP Virtual Server, merged in Kernel 2.4 ▸KTCPVS : App LB , in dev for last 8 years. ▸Runs in Kernel Space ▸No dart copy in User Space ▸Managed NOT by config but by System Calls :(
  • 12. LVS IMPLEMENTATION STEPS # SETUP LVS $ yum -y install ipvsadm $ touch /etc/sysconfig/ipvsadm $ systemctl start ipvsadm && systemctl enable ipvsadm $ echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf # CONFIGURE LVS $ ipvsadm -C # clear tables # add virtual service [ ipvsadm -A -t (Service IP:Port) -s (Distribution method) ] $ ipvsadm -A -t 10.0.0.0:80 -s wlc # ADD BACKEND SERVERS [ ipvsadm -a -t (Service IP:Port) -r (Real Server's IP:Port) -i ] $ ipvsadm -a -t 10.143.45.105:80 -r 10.0.0.1 -i # confirm tables $ ipvsadm -ln # ON REAL SERVERS $ ip addr add <VIP>/32 dev tunl0 brd <VIP> $ ip link set tunl0 up arp off # TURN RP FILTER OFF ( later ) ‣ LVS Server Setup on Director ‣ Service Setup ‣ Configure LVS ‣ Real Server Setup
  • 13. CAVEATS PART 1 ▸CPU Affinity of Interrupts ▸Kernel tries to load balance IRQ ( Interrupt Request Line ) across cores. ▸irqbalance service is responsible. ▸cat /proc/interrupts will help see which core will max out. ▸Balance (1) : echo fff > /sys/class/net/eth0/queues/rx-0/rps_cpus ▸Balance (2) : echo 'fff' > /proc/irq/14/smp_affinity ▸Balance (3) : echo '0-3' > /proc/irq/28/smp_affinity_list
  • 14. CAVEATS PART 2 ▸RP Filter : To Avoid Spoofing and DDOS ▸Kernel checks whether the source of the received packet is reachable through the route it came in. ▸To Disable : net.ipv4.conf.tun.rp_filter = 0 in /etc/sysctl.conf ( and sysctl -p ) ▸Source : https://www.slashroot.in/linux-kernel-rpfilter- settings-reverse-path-filtering
  • 15. LVS MONITORING AND MANAGEMENT ▸No Logs in user Space ▸3 types of logs ▸Rate Stats : Connection per Host, Bytes, packets transfer per host ▸Cumulative Stats : Rate stats collected forever. ▸Full Tuple of Connections : Source IP, Source Port, Dest IP, Dest Port, State. ▸ipvsadm —list —numeric /—connection /—stats /—rate ▸No concept of HealthChecks ( Use Consul Template ), extensibility.
  • 16. FINAL
  • 17. FINAL TEST ▸75 - 80K TPS ▸~20-25K Active connections ▸100ms mocked latency ▸Load generation by GOR ▸Real Servers : Nginx
  • 18. NOT COVERING THESE ▸LVS Connection synchronisation with Passive server. ▸Multiple IPIP Tunnel model for Advanced HA ▸Security with IPTABLES ▸Packet Routing Details with MAC spoofing. ▸Specs and Decision of Bare Metal machines for PT ▸Consul Template Management of LVS ▸Layer 7 LB config of Haproxy and Nginx.
  • 19. THANK YOU | REFERENCES ▸http://wtarreau.blogspot.com/2006/11/making-applications-scalable-with-load.html ▸https://opensourceforu.com/2009/05/balancing-traffic-across-data-centres-using-lvs/ ▸http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-Tun.html ▸https://linux.die.net/man/8/ipvsadm ▸https://serverfault.com/questions/723786/udp-packets-seen-on-interface-level-but- not-delivered-to-application-on-redhat ▸https://serverfault.com/questions/163244/linux-kernel-not-passing-through-multicast- udp-packets