CN114363213A - Improved load balancing health check method, system and application - Google Patents
Improved load balancing health check method, system and application Download PDFInfo
- Publication number
- CN114363213A CN114363213A CN202210192676.XA CN202210192676A CN114363213A CN 114363213 A CN114363213 A CN 114363213A CN 202210192676 A CN202210192676 A CN 202210192676A CN 114363213 A CN114363213 A CN 114363213A
- Authority
- CN
- China
- Prior art keywords
- server
- checked
- health check
- load balancer
- health
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention belongs to the technical field of network health management, in particular to an improved load balancing health check method, an improved load balancing health check system and application thereof, the improved load balancing health check method checks the health condition of the checked server through three handshakes of the load balancer and the checked server, and the improved load balancing health check method interrupts the third handshake between the load balancer and the server to be checked, the TCP health check mode is still effective, the application virtual machine in the server to be checked has no perception on the health check of the load balancer, and the application log can not see the health check request sent by the load balancer, thereby not only achieving the purpose of health check, but also avoiding the logging of the server and avoiding a large number of wrong accesses of the logging, and in addition, avoiding delaying the response of the server to the normal request, and prevent data transmission to normal access from being mistaken by the server as being attacked by TCP DDOS.
Description
Technical Field
The invention belongs to the technical field of network health management, and particularly relates to an improved load balancing health check method, an improved load balancing health check system and application of the improved load balancing health check system.
Background
The health check to determine the health conditions of the server and the application system is a very important function of the load balancer, and the load balancer judges the availability of the back-end service through the health check to avoid the influence of the back-end service abnormality on the front-end service, so that the overall availability of the service is improved.
Because some servers may be down, and in addition, sometimes the servers may not be down, but because of software bugs and the like, the application system running on the servers cannot work normally, for example, the Web application system may run normally, but the page returned by the application system is wrong. Without a load balancer, a client may send a request to a server that has been down or a server that has a software bug, resulting in a server response failure and a client not having normal access.
The load balancer may provide basic health checks on the server in several ways: (1) in the Ping mode, a PING packet is sent to the IP address of each real server to confirm whether the host computer operates or not; (2) in the TCP mode, the load balancer tries to connect to a specific TCP port on the server where the application program runs, checks whether a response TCP ACK data packet is received, and if not, the load balancer determines that the service of the corresponding server is faulty; (3) in the HTTP mode, the load balancer may send a request for a specific request, and may check the HTTP response status code, and if the server has an exception, detect an error response such as "404 Object not found".
Although the existing TCP health check method for the server can check whether the TCP can normally establish a connection and transmit data, the method has the following disadvantages: firstly, the application system can be caused to regard the health check message as a normal request, and then a large amount of error information is generated in the log of the application system; and for the forward proxy load, the normal access request can be influenced, or the forward proxy load is identified as TCP DDOS attack by an application system, so that data cannot be transmitted to the normal access request.
Disclosure of Invention
The invention aims to provide an improved load balancing health check system, a method and application thereof, and solves the technical problems that in a TCP health check mechanism of a server in the prior art, an application system in the server takes a health check message as a normal request, so that a large amount of error report information is generated in a log of the application system, and the health check message influences the normal communication request or is identified as TCP DDOS attack by the server, so that data cannot be transmitted.
To solve the above technical problem, a first aspect of the present invention is:
an improved load balancing health check method is provided, comprising:
(1) first handshake of load balancer with inspected server:
the load balancer sets a health check unit, and according to the configuration requirement for health check of the checked server, the health check unit in the load balancer sends a TCP SYN message to the checked server;
(2) second handshake of load balancer with inspected server:
after the checked server receives the TCP SYN message, if the port of the health check unit in the load balancer is monitored normally by the checked server, the checked server returns a SYN + ACK message to the load balancer;
(3) interrupting the third handshake of the load balancer with the server under inspection:
if the load balancer does not receive the SYN + ACK message sent by the server to be checked within the overtime, judging that the health check of the server to be checked fails, and then sending a RST message to the server to be checked by the load balancer to interrupt the TCP connection;
if the load balancer receives SYN + ACK message sent by the server to be checked within the overtime, the load balancer judges that the health check of the server to be checked is successful, and when a health check unit of the load balancer sends ACK message to the server to be checked, on one side of the server to be checked, based on the IP address of the health check unit of the load balancer, the ACK message is discarded through an IP information packet filtering module, and then the load balancer sends RST message to the server to be checked to interrupt TCP connection.
Preferably, the IP packet filtering module is configured in the inspected server, or,
the IP information packet filtering module is configured in a reverse proxy server, and the load balancer is communicated with the server to be checked through the reverse proxy server.
Preferably, the system of the server to be checked is a Linux system, and the IP packet filtering module is iptables software in the Linux system.
The second aspect of the present invention is:
an improved load balancing health check system is provided, comprising:
the load balancer is provided with a health check unit which is used for checking the health condition of the server to be checked;
and the health checking unit in the load balancer establishes a connection TCP connection with the server to be checked, performs health check on the server to be checked in a three-way handshake mode, and if the server to be checked is healthy, the IP information packet filtering module can discard the ACK message sent to the server to be checked by the health checking unit in the third handshake process.
Preferably, the IP packet filtering module is configured in the inspected server, or,
the IP information packet filtering module is configured in a reverse proxy server, and the load balancer is communicated with the server to be checked through the reverse proxy server.
Preferably, the system of the server to be checked is a Linux system, and the IP packet filtering module is iptables software in the Linux system.
The third aspect of the present invention is:
there is provided a use of an improved load balancing health check method in server health check, the improved load balancing health check method being the improved load balancing health check method according to any one of the first aspect of the present invention.
Compared with the prior art, the invention has the beneficial effects that:
1. the improved load balancing health check method checks the health condition of the checked server through three handshakes of the load balancer and the checked server, and the improved load balancing health check method still has an effective TCP health check mode through interrupting the third handshake of the load balancer and the checked server, and the application virtual machine in the checked server has no perception on the health check of the load balancer, so that the health check request sent by the load balancing cannot be seen in the application log, thereby achieving the purpose of health check, preventing the server from logging, avoiding a large number of wrong accesses of logging, avoiding delaying the response of the server to a normal request, and preventing the server from being mistakenly considered to be attacked by TCP DDOS and stopping data transmission of normal accesses.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of an embodiment of the improved load balancing health check method of the present invention.
FIG. 2 is a schematic diagram of an embodiment of the improved load balancing health check system of the present invention.
FIG. 3 is a flowchart illustrating operation of an embodiment of the improved load balancing health check system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Improved load balancing health check method
As shown in fig. 1, the improved load balancing health check method includes the following steps:
s100, first handshake of the load balancer and the server to be checked: the load balancer sets a health check unit, and the health check unit in the load balancer sends a TCP SYN message to the server to be checked according to the configuration requirement of health check on the server to be checked.
In this step, the load balancer may be software, such as an LVS virtual server; the load balancer may also be hardware, i.e., a specially configured computer for load balancing. The health check unit can adopt keepalived service software. The inspected server may be a cloud server or a server hardware device.
The configuration requirements for performing a health check on the server under examination include how often the health check is performed, or in what case the health check is needed, which is to determine the availability of the server under examination.
The load balancer carries out health check by three-way handshake with the server to be checked, the traditional three-way handshake is also a way of establishing connection between the client and the server under a TCP communication protocol, and a TCP SYN message sent to the server to be checked by the health check unit is a handshake signal used when TCP/IP establishes connection.
S200, second handshake of the load balancer and the server to be checked: after the checked server receives the TCP SYN packet, if the port of the health check unit in the load balancer is normally monitored by the checked server, the checked server returns a SYN + ACK packet to the load balancer.
In this step, the SYN + ACK packet is a response message, and if the checked server returns the SYN + ACK packet to the load balancer, it indicates that the checked server receives the TCP SYN packet in step S100, in this case, it indicates that the checked server is healthy, and if the checked server does not return the SYN + ACK packet within a predetermined time, it indicates that the checked server is unhealthy.
S300, interrupting the third handshake of the load balancer and the server to be checked:
s310, if the load balancer does not receive the SYN + ACK message sent by the server to be checked within the overtime, the health check of the server to be checked is judged to be failed, and then the load balancer sends an RST message to the server to be checked to interrupt TCP connection.
S320, if the load balancer receives the SYN + ACK message sent by the server to be checked within the overtime, the load balancer judges that the health check of the server to be checked is successful, and when the health check unit of the load balancer sends the ACK message to the server to be checked, on one side of the server to be checked, based on the IP address of the health check unit of the load balancer, the ACK message is discarded through the IP information packet filtering module, and then the load balancer sends the RST message to the server to be checked to interrupt TCP connection.
In step S320, the IP packet filtering module is configured in the inspected server, the system of the inspected server is a Linux system, and the IP packet filtering module is iptables software in the Linux system. In other embodiments, the IP packet filtering module may be configured in a reverse proxy server, and the load balancer communicates with the inspected server through the reverse proxy server.
Under normal conditions, when TCP/IP establishes connection, the ACK message of the third handshake between the client and the server is a message for confirming the connection, after the message is sent, the client and the server enter a state of successful connection, and meanwhile, the connection state is recorded in the log of the server. The improved load balancing health check method achieves the purpose of health check, avoids logging by the server to cause a large number of wrong accesses to the logging, avoids delaying the response of the server to a normal request and avoids the data transmission which is mistakenly considered by the server to be attacked by TCP DDOS to stop normal access by interrupting the third handshake between the load balancer and the server to be checked.
Improved load balancing health check system
As shown in fig. 2, the improved load balancing health check system includes a load balancer and an IP packet filtering module, the IP packet filtering module is configured in a reverse proxy server, a system of the reverse proxy server is a Linux system, the IP packet filtering module is iptables software in the Linux system, the load balancer communicates with a server to be checked through the reverse proxy server, an application virtual machine is set in the server to be checked, and the application system is set in the application virtual machine.
The load balancer is provided with a health check unit, the load balancer can be an LVS virtual server, the health check unit can adopt keepalive service software, and the health check unit is used for checking the health condition of the checked server.
With reference to fig. 3, the health check unit in the load balancer establishes a TCP connection with the server to be checked, and performs health check on the server to be checked in a three-way handshake manner, if the server to be checked is healthy, the IP packet filtering module can discard the ACK packet sent to the server to be checked by the health check unit in the third handshake process, thereby interrupting the third handshake between the load balancer and the server to be checked, which not only achieves the purpose of health check, but also prevents the application system in the server from logging, resulting in a large number of wrong accesses to the logging of the application system, and in addition, avoids delaying the response of the application system in the server to a normal request, and avoids the server from being mistakenly considered to be attacked by TCP DDOS and stopping data transmission to the normal access.
Application of improved load balancing health check method in server health check
The improved load balance health check method is applied to server health check, the server is subjected to health check in a three-way handshake mode, the third handshake between the load balancer and the checked server can be interrupted in the check process, the purpose of health check is achieved, log recording of the server is avoided, a large number of wrong accesses of the log recording are caused, in addition, the response of the server to a normal request is avoided being delayed, and the phenomenon that the server mistakenly believes that the server is attacked by TCP DDOS and stops data transmission of the normal access is avoided.
It should be noted that, in this document, terms such as "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. An improved load balancing health check method, comprising:
(1) first handshake of load balancer with inspected server:
the load balancer sets a health check unit, and according to the configuration requirement for health check of the checked server, the health check unit in the load balancer sends a TCP SYN message to the checked server;
(2) second handshake of load balancer with inspected server:
after the checked server receives the TCP SYN message, if the port of the health check unit in the load balancer is monitored normally by the checked server, the checked server returns a SYN + ACK message to the load balancer;
(3) interrupting the third handshake of the load balancer with the server under inspection:
if the load balancer does not receive the SYN + ACK message sent by the server to be checked within the overtime, judging that the health check of the server to be checked fails, and then sending a RST message to the server to be checked by the load balancer to interrupt the TCP connection;
if the load balancer receives SYN + ACK message sent by the server to be checked within the overtime, the load balancer judges that the health check of the server to be checked is successful, and when a health check unit of the load balancer sends ACK message to the server to be checked, on one side of the server to be checked, based on the IP address of the health check unit of the load balancer, the ACK message is discarded through an IP information packet filtering module, and then the load balancer sends RST message to the server to be checked to interrupt TCP connection.
2. The improved load balancing health check method of claim 1, wherein: the IP packet filtering module is configured in the inspected server, or,
the IP information packet filtering module is configured in a reverse proxy server, and the load balancer is communicated with the server to be checked through the reverse proxy server.
3. The improved load balancing health check method of claim 1, wherein: the system of the server to be checked is a Linux system, and the IP information packet filtering module is iptables software in the Linux system.
4. An improved load-balancing health check system, comprising:
the load balancer is provided with a health check unit which is used for checking the health condition of the server to be checked;
and the health checking unit in the load balancer establishes a connection TCP connection with the server to be checked, performs health check on the server to be checked in a three-way handshake mode, and if the server to be checked is healthy, the IP information packet filtering module can discard the ACK message sent to the server to be checked by the health checking unit in the third handshake process.
5. The improved load-balancing health check system of claim 4, wherein: the IP packet filtering module is configured in the inspected server, or,
the IP information packet filtering module is configured in a reverse proxy server, and the load balancer is communicated with the server to be checked through the reverse proxy server.
6. The improved load-balancing health check system of claim 4, wherein: the system of the server to be checked is a Linux system, and the IP information packet filtering module is iptables software in the Linux system.
7. Use of the improved load balancing health check method of any of claims 1-3 in server health check.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210192676.XA CN114363213B (en) | 2022-03-01 | 2022-03-01 | Improved load balancing health inspection method, system and application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210192676.XA CN114363213B (en) | 2022-03-01 | 2022-03-01 | Improved load balancing health inspection method, system and application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363213A true CN114363213A (en) | 2022-04-15 |
| CN114363213B CN114363213B (en) | 2023-09-05 |
Family
ID=81094076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210192676.XA Active CN114363213B (en) | 2022-03-01 | 2022-03-01 | Improved load balancing health inspection method, system and application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363213B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010020152A1 (en) * | 2008-08-21 | 2010-02-25 | 腾讯科技(深圳)有限公司 | Method, system and domain name solution server for realizing network server load balance |
| CN103139247A (en) * | 2011-11-28 | 2013-06-05 | 百度在线网络技术(北京)有限公司 | Keep-alive method, system and device for rear-end server in load balancing system |
| CN104301184A (en) * | 2014-10-31 | 2015-01-21 | 北京百度网讯科技有限公司 | Link health checking method and device |
| US9871712B1 (en) * | 2013-04-16 | 2018-01-16 | Amazon Technologies, Inc. | Health checking in a distributed load balancer |
| CN109274707A (en) * | 2017-07-18 | 2019-01-25 | 阿里巴巴集团控股有限公司 | A kind of load dispatching method and device |
| CN110311988A (en) * | 2019-07-30 | 2019-10-08 | 中国工商银行股份有限公司 | Health examination method, load-balancing method and the device of back-end server |
| CN113364660A (en) * | 2021-05-13 | 2021-09-07 | 新浪网技术(中国)有限公司 | Data packet processing method and device in LVS load balancing |
-
2022
- 2022-03-01 CN CN202210192676.XA patent/CN114363213B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010020152A1 (en) * | 2008-08-21 | 2010-02-25 | 腾讯科技(深圳)有限公司 | Method, system and domain name solution server for realizing network server load balance |
| CN103139247A (en) * | 2011-11-28 | 2013-06-05 | 百度在线网络技术(北京)有限公司 | Keep-alive method, system and device for rear-end server in load balancing system |
| US9871712B1 (en) * | 2013-04-16 | 2018-01-16 | Amazon Technologies, Inc. | Health checking in a distributed load balancer |
| CN104301184A (en) * | 2014-10-31 | 2015-01-21 | 北京百度网讯科技有限公司 | Link health checking method and device |
| CN109274707A (en) * | 2017-07-18 | 2019-01-25 | 阿里巴巴集团控股有限公司 | A kind of load dispatching method and device |
| CN110311988A (en) * | 2019-07-30 | 2019-10-08 | 中国工商银行股份有限公司 | Health examination method, load-balancing method and the device of back-end server |
| CN113364660A (en) * | 2021-05-13 | 2021-09-07 | 新浪网技术(中国)有限公司 | Data packet processing method and device in LVS load balancing |
Non-Patent Citations (2)
| Title |
|---|
| AHMED RAMZY SHAABAN; ESSAM ABDELWANESS; MOHAMED HUSSEIN: "TCP and HTTP Flood DDOS Attack Analysis and Detection for space ground Network", 2019 IEEE INTERNATIONAL CONFERENCE ON VEHICULAR ELECTRONICS AND SAFETY (ICVES) * |
| 赵征,马光思: "负载均衡机制在防火墙中的应用", 西安建筑科技大学学报(自然科学版), no. 04 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363213B (en) | 2023-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112866004B (en) | Control plane equipment switching method and device and transfer control separation system | |
| JP2001514773A (en) | Reliable event delivery system | |
| US11307945B2 (en) | Methods and apparatus for detecting, eliminating and/or mitigating split brain occurrences in high availability systems | |
| CN105939201A (en) | Method and device for checking state of server | |
| JP4503934B2 (en) | Server computer protection device, server computer protection method, server computer protection program, and server computer | |
| CN104980524A (en) | Method for monitoring failure of weblogic connection pool | |
| CN111176866A (en) | Data interaction method and electronic equipment | |
| WO2014091663A1 (en) | Detecting and isolating dropped or out-of-order packets in communication networks | |
| CN114363213B (en) | Improved load balancing health inspection method, system and application | |
| JP2014147066A (en) | Method and system for providing redundancy in data network communication | |
| CN103731315A (en) | Server failure detecting method | |
| CN116708129A (en) | Method, device and storage medium for link fault detection and quick recovery | |
| US8111625B2 (en) | Method for detecting a message interface fault in a communication device | |
| CN110521233B (en) | Method for identifying interrupt, access point, method for remote configuration, system and medium | |
| CN112583951B (en) | Application layer double-live method, device, equipment and storage medium | |
| EP3252995A1 (en) | Method for detecting network failures | |
| US20050262379A1 (en) | Forestalling long time-outs in processes | |
| KR100279660B1 (en) | Redundancy Monitoring of Fault Monitoring Devices Using Internet Control Message Protocol (ICMP) | |
| CN116094940B (en) | VRRP brain crack inhibition method, system, equipment and storage medium | |
| CN114884803B (en) | Method, device, equipment and medium for processing multiple redundant states | |
| CN111211926B (en) | Communication fault monitoring method and device, storage medium and equipment | |
| CN117255001A (en) | Barrier removing method and device for service node, load balancer and readable storage medium | |
| KR100623554B1 (en) | Intrusion Tolerant Technologies of DNS and DHCP Server for Survival of Internet Service | |
| CN114697380B (en) | Redirection method, system, device and storage medium for access request | |
| JP4024941B2 (en) | LAN device monitoring device for computers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |