ProHoster > Blog > internet nhau > Kuburitswa kweHTTP/TCP balancer HAProxy 2.0

Kuburitswa kweHTTP/TCP balancer HAProxy 2.0

rakabudiswa load balancer release HA Proxy 2.0, iyo inokubvumira kugovera HTTP traffic uye zvikumbiro zveTCP zvakapokana pakati peboka remaseva, uchifunga nezvezvinhu zvakawanda (somuenzaniso, inotarisa kuwanikwa kwemaseva, inoongorora huwandu hwekutakura, ine DDoS countermeasures) uye inoita yekutanga data kusefa ( semuenzaniso, unogona kupatsanura misoro yeHTTP, kusefa kutapurirana zvisizvo query parameters, block SQL uye XSS substitution, batanidza zvigadziriso zvemukati). HAProxy inogona zvakare shandisa kurongedza kupindirana kwezvikamu mumasisitimu akavakirwa pane microservices architecture. Iyo kodhi yeprojekiti yakanyorwa muC uye zvakapihwa ine rezinesi pasi peGPLv2. Iyo purojekiti inoshandiswa panzvimbo dzakawanda dzakakura, kusanganisira Airbnb, Alibaba, GitHub, Imgur, Instagram, Reddit, StackOverflow, Tumblr, Twitter uye Vimeo.

Key kuburitsa zvinhu:

  • New API yakaunzwa Dhata Dhata, iyo inokutendera iwe kuti utore HAProxy marongero pane nhunzi kuburikidza neREST Web API. Kusanganisira, iwe unogona kuwedzera nesimba uye kubvisa backends uye maseva, kugadzira ACLs, shandura chikumbiro routing, shandura handler bindings kuIP;
  • Yakawedzera iyo nbthread dhairekitori, iyo inokutendera kuti ugadzirise huwandu hwetambo dzinoshandiswa muHAProxy kukwidziridza mashandiro pane akawanda-core CPUs. Nekumisikidza, huwandu hwetambo dzevashandi hunosarudzwa zvichienderana neCPU cores inowanikwa munharaunda yazvino, uye munzvimbo dzemakore kusarudzika ishinda imwe. Kuisa miganho yakaoma, sarudzo dzemagungano MAX_THREADS uye MAX_PROCS dzawedzerwa, kudzikamisa muganho wepamusoro pahuwandu hwetambo uye maitiro;
  • Kushandiswa kweiyo bind rairo yekubatanidza vanobata kunetiweki kero kwakareruka. Pakumisikidza, hazvichadiwi kutsanangura maitiro paramita - nekukasira, zvibatanidzo zvichagoverwa pakati petambo zvichienderana nehuwandu hwehukama hunoshanda.
  • Kumisikidza matanda kana uchimhanya mumidziyo yakareruka - irogi ikozvino rinogona kutumirwa kune stdout uye stderr, pamwe nekune chero iripo faira descriptor (semuenzaniso, "log fd@1 local0");
  • Tsigiro yeHTX (Native HTTP Representation) inogoneswa nekusarudzika, ichibvumira kuenzanirana kana uchishandisa maficha epamberi senge kupera-kusvika-kumagumo HTTP/2, Layer 7 Retries uye gRPC. HTX haitsivi misoro panzvimbo, asi inoderedza kushanda kwekushandura kubvisa nekuwedzera musoro mutsva kusvika kumagumo echinyorwa, izvo zvinokutendera kuti ushandise chero misiyano yakawedzerwa yeHTTP protocol, kuchengetedza semantics yepakutanga yemisoro uye kukubvumira. kuwana kuita kwepamusoro paunenge uchishandura HTTP/2 kuenda kuHTTP/1.1 uye zvichipesana;
  • Yakawedzera tsigiro yepamutemo yeEnd-to-End HTTP/2 modhi (kugadziriswa kwematanho ese muHTTP/2, kusanganisira mafoni kubackend, uye kwete kungopindirana pakati peproxy nemutengi);
  • Tsigiro yakazara yebidirectional proxying yegRPC protocol yaitwa nekugona kusiyanisa gRPC hova, kuratidza yega mameseji, kuratidza gRPC traffic murogi uye kusefa mameseji uchishandisa ACLs. gRPC inokutendera kuti uronge basa remamicroservices mumitauro yakasiyana-siyana yekuronga inodyidzana nemumwe uchishandisa universal API. Kukurukurirana kwenetiweki mugRPC kunoitwa pamusoro peHTTP/2 protocol uye kunoenderana nekushandiswa kweProtocol Buffers yedata serialization.
  • Yakawedzera tsigiro ye "Layer 7 Retries" modhi, iyo inokutendera kuti utumire zvakadzokororwa zvikumbiro zveHTTP muchiitiko chekutadza kwesoftware izvo zvisingaenderane nematambudziko ekutanga network yekubatanidza (semuenzaniso, kana pasina mhinduro kana mhinduro isina chinhu kune a POST chikumbiro). Kudzima iyo modhi, iyo "disable-l7-retry" mureza wakawedzerwa kune "http-chikumbiro" sarudzo, uye iyo "try-on" sarudzo yakawedzerwa kuti igadzirise zvakanaka mune zvakasara, teerera uye backend zvikamu. Aya anotevera zviratidzo aripo kuti atumirezve: zvese-zvekudzokororwa-zvikanganiso, hapana, conn-kutadza, isina-mhinduro, junk-response, mhinduro-timeout, 0rtt-yakarambwa, pamwe nekusunga kudzorera mamiriro macode (404, nezvimwewo) ;
  • Iyo itsva process maneja yaitwa, iyo inokutendera iwe kuti ugadzirise kufona ekunze mafaera eexecutable nevatambi veHAProxy.
    Semuyenzaniso, iyo Data Plan API (/ usr/sbin/dataplaneapi), pamwe chete neakasiyana-siyana Offload stream processing engines, anoitwa muchimiro cheakadaro ekunze anobata;

  • Zvisungo zvawedzerwa zve.NET Core, Go, Lua nePython yekugadzira SPOE (Stream Processing Offload Engine) uye SPOP (Stream Processing Offload Protocol) ekuwedzera. Kare, budiriro yekuwedzera yaitsigirwa chete muC;
  • Yakawedzera imwe yekunze spoa-mirror handler (/usr/sbin/spoa-mirror) yekumisikidza zvikumbiro kune imwe sevha (somuenzaniso, yekukopa chikamu chekugadzira traffic yekuyedza mamiriro ekuyedza pasi pemutoro chaiwo);
  • Introduced HAProxy Kubernetes Ingress Controller kuve nechokwadi chekubatanidzwa neKubernetes chikuva;
  • Yakawedzerwa-yakavakirwa-mukati rutsigiro rwekutumira manhamba kune yekutarisa sisitimu Prometheus;
  • Iyo Peers Protocol, inoshandiswa kuchinjana ruzivo nemamwe ma node anomhanya HAProxy, yawedzerwa. Kusanganisira yakawedzerwa rutsigiro rweKurova kweMwoyo uye encrypted data kutapurirana;
  • Iyo "sample" parameter yakawedzerwa kune "log" rairo, iyo inokutendera iwe kuti urase chikamu chezvikumbiro mugiyoni, semuenzaniso 1 kubva ku10, kugadzira sampuli yekuongorora;
  • Yakawedzera otomatiki profiling modhi (profiling.tasks dhairekitori, iyo inogona kutora kukosha otomatiki, kuvhura nekudzima). Automatic profiling inogoneswa kana avhareji latency inopfuura 1000 ms. Kuti utarise data yeprofiling, iyo "show profiling" murairo wakawedzerwa kuRuntime API kana zvinokwanisika kugadzirisa zvakare manhamba kurogi;
  • Yakawedzerwa rutsigiro rwekuwana backend maseva uchishandisa iyo SOCKS4 protocol;
  • Yakawedzerwa kumagumo-ku-kumagumo rutsigiro rwechigadziriso chekukurumidza kuvhura TCP yekubatanidza (TFO - TCP Fast Open, RFC 7413), iyo inokutendera iwe kudzikisa huwandu hwekubatanidza nhanho dzekuseta nekubatanidza yekutanga kuita chikumbiro chimwe uye nhanho yechipiri ye iyo yekirasi 3-nhanho yekubatanidza kutaurirana maitiro uye inoita kuti zvikwanise kutumira data padanho rekutanga rekutanga chinongedzo;
  • Zviito zvitsva zvakawedzerwa:
    • "http-kukumbira kutsiva-uri" kutsiva URL uchishandisa chirevo chenguva dzose;
    • "tcp-chikumbiro chemukati do-resolve" uye "http-chikumbiro do-resolve" yekugadzirisa zita remuenzi;
    • "tcp-chikumbiro chemukati set-dst" uye "tcp-chikumbiro chemukati set-dst-port" kutsiva iyo yakananga IP kero uye chiteshi.
  • Yakawedzera mamodule matsva ekushandura:
    • aes_gcm_dev yekudzima hova uchishandisa AES128-GCM, AES192-GCM uye AES256-GCM algorithms;
    • protobuf kubvisa minda kubva kuProtocol Buffers meseji;
    • ungrpc kubvisa minda kubva kugRPC mameseji.

    Source: opennet.ru

Voeg