什麼是 ( ) 適用于 SDN 的軟體 Load Balancer SLB?What is Software Load Balancer (SLB) for SDN?

適用于: Azure Stack HCI、版本 20H2;Windows Server 2019Applies to: Azure Stack HCI, version 20H2; Windows Server 2019

雲端服務提供者 (Csp) 和 在 Azure Stack HCI 中部署軟體定義網路 (SDN) 的企業可以使用軟體 LOAD BALANCER (SLB) ,將租使用者和租使用者客戶網路流量平均分散到虛擬網路資源之間。Cloud Service Providers (CSPs) and enterprises that are deploying Software Defined Networking (SDN) in Azure Stack HCI can use Software Load Balancer (SLB) to evenly distribute tenant and tenant customer network traffic among virtual network resources. SLB 可讓多部伺服器裝載相同的工作負載,並提供高度可用性及延展性。SLB enables multiple servers to host the same workload, providing high availability and scalability.

軟體 Load Balancer 包含下列功能:Software Load Balancer includes the following capabilities:

  • 第4層 (L4) 適用于北/南部和東部/西部 TCP/UDP 流量的負載平衡服務。Layer 4 (L4) load balancing services for north/south and east/west TCP/UDP traffic.

  • 公用網路和內部網路流量負載平衡。Public network and Internal network traffic load balancing.

  • 動態 IP 位址 (Dip) 支援虛擬區域網路絡 (Vlan) 以及您使用 Hyper-v 網路虛擬化建立的虛擬網路。Dynamic IP addresses (DIPs) support on virtual Local Area Networks (VLANs) and on virtual networks that you create by using Hyper-V Network Virtualization.

  • 健康情況探查支援。Health probe support.

  • 準備好進行雲端擴充,包括 multiplexers 和主機代理程式的向外延展功能和擴充功能。Ready for cloud scale, including scale-out capability and scale-up capability for multiplexers and host agents.

  • 使用多租使用者整合的邊緣,並與 SDN 技術(例如 RAS 閘道、資料中心防火牆和路由反映)緊密整合。A multitenant unified edge by seamlessly integrating with SDN technologies such as the RAS Gateway, Datacenter Firewall, and Route Reflector.

如需詳細資訊,請參閱本主題中的 軟體 Load Balancer 功能For more information, see Software Load Balancer Features in this topic.

注意

網路控制站不支援 Vlan 的多租使用者。Multitenancy for VLANs is not supported by Network Controller. 不過,您可以針對服務提供者管理的工作負載使用具有 SLB 的 Vlan,例如資料中心基礎結構和高密度 Web 服務器。However, you can use VLANs with SLB for service provider managed workloads, such as the datacenter infrastructure and high density Web servers.

使用軟體 Load Balancer 時,您可以在用於其他 VM 工作負載的相同 Hyper-v 計算伺服器上,使用 SLB 虛擬機器 (Vm) 來擴充負載平衡功能。Using Software Load Balancer, you can scale out your load balancing capabilities using SLB virtual machines (VMs) on the same Hyper-V compute servers that you use for your other VM workloads. 因此,軟體負載平衡支援快速建立和刪除 CSP 作業所需的負載平衡端點。Because of this, Software Load Balancing supports the rapid creation and deletion of load balancing endpoints that is required for CSP operations. 此外,軟體負載平衡支援每個叢集數萬 gb、提供簡單的布建模型,而且很容易相應放大和縮小。In addition, Software Load Balancing supports tens of gigabytes per cluster, provides a simple provisioning model, and is easy to scale out and in.

軟體 Load Balancer 的運作方式How Software Load Balancer works

軟體 Load Balancer 的運作方式是將虛擬 IP 位址 (Vip) 對應到資料中心內屬於雲端服務資源集的 Dip。Software Load Balancer works by mapping virtual IP addresses (VIPs) to DIPs that are part of a cloud service set of resources in the datacenter.

Vip 是單一 IP 位址,可讓您公開存取負載平衡的 Vm 集區。VIPs are single IP addresses that provide public access to a pool of load balanced VMs. 例如,Vip 是在網際網路上公開的 IP 位址,讓租使用者和租使用者客戶可以連線到雲端資料中心內的租使用者資源。For example, VIPs are IP addresses that are exposed on the internet so that tenants and tenant customers can connect to tenant resources in the cloud datacenter.

Dip 是在 VIP 後方的負載平衡集區之成員 Vm 的 IP 位址。DIPs are the IP addresses of the member VMs of a load balanced pool behind the VIP. Dip 會在雲端基礎結構內指派給租使用者資源。DIPs are assigned within the cloud infrastructure to the tenant resources.

Vip 位於 SLB 多工器 (MUX) 。VIPs are located in the SLB Multiplexer (MUX). MUX 是由一或多個 Vm 所組成。The MUX consists of one or more VMs. 網路控制站會提供每個 VIP 各有 VIP,而每個 MUX 接著會使用邊界閘道協定 (BGP) 將實體網路上的路由器公告為/32 路由。Network Controller provides each MUX with each VIP, and each MUX in turn uses Border Gateway Protocol (BGP) to advertise each VIP to routers on the physical network as a /32 route. BGP 允許實體網路路由器:BGP allows the physical network routers to:

  • 瞭解每個 MUX 都有可用的 VIP,即使 Mux 是在第3層網路的不同子網中。Learn that a VIP is available on each MUX, even if the MUXes are on different subnets in a Layer 3 network.

  • 使用相等的成本多重路徑 (ECMP) 路由,將每個 VIP 的負載分散到所有可用的 Mux。Spread the load for each VIP across all available MUXes using Equal Cost Multi-Path (ECMP) routing.

  • 自動偵測 MUX 失敗或移除,並停止將流量傳送至失敗的 MUX。Automatically detect a MUX failure or removal and stop sending traffic to the failed MUX.

  • 在狀況良好的 Mux 上將負載從失敗或移除的 MUX 分散。Spread the load from the failed or removed MUX across the healthy MUXes.

當公用流量從網際網路抵達時,SLB MUX 會檢查包含 VIP 做為目的地的流量,並對應和重寫流量,使其抵達個別 DIP。When public traffic arrives from the internet, the SLB MUX examines the traffic, which contains the VIP as a destination, and maps and rewrites the traffic so that it will arrive at an individual DIP. 針對輸入網路流量,此交易是在兩個步驟的程式中執行,此程式會在 MUX Vm 和目的地 DIP 所在的 Hyper-v 主機之間進行分割:For inbound network traffic, this transaction is performed in a two-step process that is split between the MUX VMs and the Hyper-V host where the destination DIP is located:

  1. 負載平衡-MUX 使用 VIP 來選取 DIP、封裝封包,然後將流量轉送到 DIP 所在的 Hyper-v 主機。Load balance - the MUX uses the VIP to select a DIP, encapsulates the packet, and forwards the traffic to the Hyper-V host where the DIP is located.

  2. 網路位址轉譯 (NAT) -Hyper-v 主機會從封包移除封裝、將 VIP 轉譯為 DIP、重新對應埠,然後將封包轉送到 DIP VM。Network Address Translation (NAT) - the Hyper-V host removes encapsulation from the packet, translates the VIP to a DIP, remaps the ports, and forwards the packet to the DIP VM.

因為您使用網路控制站定義了負載平衡原則,所以 MUX 知道如何將 Vip 對應到正確的 Dip。The MUX knows how to map VIPs to the correct DIPs because of load balancing policies that you define by using Network Controller. 這些規則包括通訊協定、前端埠、後端埠,以及散發演算法 (5、3或2元組) 。These rules include Protocol, Front-end Port, Back-end Port, and distribution algorithm (5, 3, or 2 tuples).

當租使用者 Vm 回應並將輸出網路流量傳送回網際網路或遠端租使用者位置,因為 NAT 是由 Hyper-v 主機執行,流量會略過 MUX,並直接從 Hyper-v 主機移至邊緣路由器。When tenant VMs respond and send outbound network traffic back to the internet or remote tenant locations, because the NAT is performed by the Hyper-V host, the traffic bypasses the MUX and goes directly to the edge router from the Hyper-V host. 這個 MUX 略過程式稱為「伺服器直接回傳」 (DSR) 。This MUX bypass process is called Direct Server Return (DSR).

在建立初始網路流量流程之後,輸入的網路流量會完全略過 SLB MUX。And after the initial network traffic flow is established, the inbound network traffic bypasses the SLB MUX completely.

在下圖中,用戶端電腦會對公司 SharePoint 網站的 IP 位址執行 DNS 查詢-在此案例中,是名為 Contoso 的虛構公司。In the following illustration, a client computer performs a DNS query for the IP address of a company SharePoint site - in this case, a fictional company named Contoso. 將會發生下列進程:The following process occurs:

  1. DNS 伺服器會將 VIP 107.105.47.60 傳回到用戶端。The DNS server returns the VIP 107.105.47.60 to the client.

  2. 用戶端會將 HTTP 要求傳送至 VIP。The client sends an HTTP request to the VIP.

  3. 實體網路有多個路徑可連接到位於任何 MUX 的 VIP。The physical network has multiple paths available to reach the VIP located on any MUX. 在這種情況下,每個路由器都會使用 ECMP 來挑選路徑的下一個區段,直到要求抵達 MUX 為止。Each router along the way uses ECMP to pick the next segment of the path until the request arrives at a MUX.

  4. 接收要求的 MUX 會檢查已設定的原則,並看到虛擬網路上有兩個可用的 Dip (10.10.10.5 和10.10.20.5)可處理 VIP 的要求107.105.47.60The MUX that receives the request checks configured policies, and sees that there are two DIPs available, 10.10.10.5 and 10.10.20.5, on a virtual network to handle the request to the VIP 107.105.47.60

  5. MUX 會選取 DIP 10.10.10.5 並使用 VXLAN 封裝封包,讓它可以使用主機的實體網路位址,將封包傳送至包含 DIP 的主機。The MUX selects DIP 10.10.10.5 and encapsulates the packets using VXLAN so that it can send it to the host containing the DIP using the host's physical network address.

  6. 主機會接收封裝的封包,並檢查它。The host receives the encapsulated packet and inspects it. 它會移除封裝並重寫封包,讓目的地現在是 DIP 10.10.10.5,而不是 VIP,然後將流量傳送到 DIP VM。It removes the encapsulation and rewrites the packet so that the destination is now DIP 10.10.10.5 instead of the VIP, and then sends the traffic to DIP VM.

  7. 要求到達伺服器陣列2中的 Contoso SharePoint 網站。The request reaches the Contoso SharePoint site in Server Farm 2. 伺服器會產生回應並將其傳送至用戶端,並使用自己的 IP 位址做為來源。The server generates a response and sends it to the client, using its own IP address as the source.

  8. 主機會攔截虛擬交換器中的傳出封包,這會記住用戶端(現在是目的地)對 VIP 提出原始要求。The host intercepts the outgoing packet in the virtual switch which remembers that the client, now the destination, made the original request to the VIP. 主機會將封包的來源重寫為 VIP,讓用戶端看不到 DIP 位址。The host rewrites the source of the packet to be the VIP so that the client does not see the DIP address.

  9. 主機會將封包直接轉送到實體網路的預設閘道,其使用其標準路由表,將封包轉送至用戶端,最後接收回應。The host forwards the packet directly to the default gateway for the physical network which uses its standard routing table to forward the packet on to the client, which eventually receives the response.

軟體負載平衡流程

內部資料中心流量的負載平衡Load balancing internal datacenter traffic

當負載平衡資料中心內部的網路流量(例如,在不同伺服器上執行的租使用者資源,以及相同虛擬網路的成員)時,Vm 所連線的 Hyper-v 虛擬交換器會執行 NAT。When load balancing network traffic internal to the datacenter, such as between tenant resources that are running on different servers and are members of the same virtual network, the Hyper-V virtual switch to which the VMs are connected performs NAT.

使用內部流量負載平衡時,會將第一個要求傳送至 MUX 並進行處理,以選取適當的 DIP,然後將流量路由傳送至 DIP。With internal traffic load balancing, the first request is sent to and processed by the MUX, which selects the appropriate DIP, and then routes the traffic to the DIP. 從該時間點開始,已建立的流量流程會略過 MUX,並直接從 VM 移至 VM。From that point forward, the established traffic flow bypasses the MUX and goes directly from VM to VM.

健康狀態探查Health probes

軟體 Load Balancer 包含健康情況探查,可驗證網路基礎結構的健康情況,包括下列各項:Software Load Balancer includes health probes to validate the health of the network infrastructure, including the following:

  • TCP 探查至埠TCP probe to port

  • HTTP 探查至埠和 URLHTTP probe to port and URL

不同于傳統負載平衡器設備,其中探查是源自于設備,並透過網路傳送到 DIP,SLB 探查是源自 DIP 所在的主機,然後直接從 SLB 主機代理程式移至 DIP,將工作進一步分散到主機上。Unlike a traditional load balancer appliance where the probe originates on the appliance and travels across the wire to the DIP, the SLB probe originates on the host where the DIP is located and goes directly from the SLB host agent to the DIP, further distributing the work across the hosts.

軟體 Load Balancer 基礎結構Software Load Balancer Infrastructure

您必須先部署網路控制站和一或多個 SLB MUX Vm,才可以設定軟體 Load Balancer。Before you can configure Software Load Balancer, you must first deploy Network Controller and one or more SLB MUX VMs.

此外,您必須使用已啟用 SDN 的 Hyper-v 虛擬交換器來設定 Azure Stack HCI 主機,並確定 SLB 主機代理程式正在執行。In addition, you must configure the Azure Stack HCI hosts with the SDN-enabled Hyper-V virtual switch and ensure that the SLB Host Agent is running. 服務主機的路由器必須支援 ECMP 路由及邊界閘道協定 (BGP) ,且必須設定為接受來自 SLB Mux 的 BGP 對等互連要求。The routers that serve the hosts must support ECMP routing and Border Gateway Protocol (BGP), and they must be configured to accept BGP peering requests from the SLB MUXes.

下圖提供 SLB 基礎結構的總覽。The following figure provides an overview of the SLB infrastructure.

軟體 Load Balancer 基礎結構

下列各節提供軟體 Load Balancer 基礎結構中這些元素的詳細資訊。The following sections provide more information about these elements of the Software Load Balancer infrastructure.

網路控制站Network Controller

網路控制站會裝載 SLB 管理員,並執行下列軟體 Load Balancer 動作:Network Controller hosts the SLB Manager and performs the following actions for Software Load Balancer:

  • 處理從 Windows Admin Center、System Center、Windows PowerShell 或其他網路管理應用程式透過 Northbound API 傳入的 SLB 命令。Processes SLB commands that come in through the Northbound API from Windows Admin Center, System Center, Windows PowerShell, or another network management application.

  • 計算散發至 Azure Stack HCI 主機和 SLB Mux 的原則。Calculates policy for distribution to Azure Stack HCI hosts and SLB MUXes.

  • 提供軟體 Load Balancer 基礎結構的健康情況狀態。Provides the health status of the Software Load Balancer infrastructure.

您可以使用 Windows Admin Center 或 Windows PowerShell 來安裝和設定網路控制站和其他 SLB 基礎結構。You can use Windows Admin Center or Windows PowerShell to install and configure Network Controller and other SLB infrastructure.

SLB MUXSLB MUX

SLB MUX 會處理輸入的網路流量,並將 Vip 對應到 Dip,然後將流量轉送到正確的 DIP。The SLB MUX processes inbound network traffic and maps VIPs to DIPs, then forwards the traffic to the correct DIP. 每個 MUX 也會使用 BGP 將 VIP 路由發佈至邊緣路由器。Each MUX also uses BGP to publish VIP routes to edge routers. 當 MUX 失敗時,BGP Keep-alive 會通知 Mux,這可讓使用中的 Mux 在發生 MUX 失敗時重新發佈負載。BGP Keep Alive notifies MUXes when a MUX fails, which allows active MUXes to redistribute the load in case of a MUX failure. 這基本上會提供負載平衡器的負載平衡。This essentially provides load balancing for the load balancers.

SLB 主機代理程式SLB Host Agent

當您部署軟體 Load Balancer 時,您必須使用 Windows Admin Center、System Center、Windows PowerShell 或其他管理應用程式,在每部主機伺服器上部署 SLB 主機代理程式。When you deploy Software Load Balancer, you must use Windows Admin Center, System Center, Windows PowerShell, or another management application to deploy the SLB Host Agent on every host server.

SLB 主機代理程式會從網路控制卡接聽 SLB 原則更新。The SLB Host Agent listens for SLB policy updates from Network Controller. 此外,「主機代理程式」會在本機電腦上設定的適用于 SDN 的 Hyper-v 虛擬交換器中,設定 SLB 的規則。In addition, the host agent programs rules for SLB into the SDN-enabled Hyper-V virtual switches that are configured on the local computer.

啟用 SDN 的 Hyper-v 虛擬交換器SDN-enabled Hyper-V virtual switch

虛擬交換器必須在虛擬交換器上啟用 (VFP) 擴充功能,虛擬交換器才能與 SLB 相容。For a virtual switch to be compatible with SLB, the Virtual Filtering Platform (VFP) extension must be enabled on the virtual switch. 這會由 SDN 部署 PowerShell 腳本、Windows Admin Center 部署嚮導,以及 System Center Virtual Machine Manager (SCVMM) 部署自動完成。This is done automatically by the SDN deployment PowerShell scripts, Windows Admin Center deployment wizard, and System Center Virtual Machine Manager (SCVMM) deployment.

如需有關在虛擬交換器上啟用 VFP 的詳細資訊,請參閱 Windows PowerShell 命令 get-vmsystemswitchextensiondisable-vmswitchextensionFor information on enabling VFP on virtual switches, see the Windows PowerShell commands Get-VMSystemSwitchExtension and Enable-VMSwitchExtension.

啟用 SDN 的 Hyper-v 虛擬交換器會針對 SLB 執行下列動作:The SDN-enabled Hyper-V virtual switch performs the following actions for SLB:

  • 處理 SLB 的資料路徑。Processes the data path for SLB.

  • 接收來自 MUX 的輸入網路流量。Receives inbound network traffic from the MUX.

  • 略過 MUX 輸出網路流量,並使用 DSR 將其傳送到路由器。Bypasses the MUX for outbound network traffic, sending it to the router using DSR.

BGP 路由器BGP router

BGP 路由器會執行下列軟體 Load Balancer 動作:The BGP router performs the following actions for Software Load Balancer:

  • 使用 ECMP 將輸入流量路由傳送至 MUX。Routes inbound traffic to the MUX using ECMP.

  • 針對輸出網路流量,會使用主機所提供的路由。For outbound network traffic, uses the route provided by the host.

  • 從 SLB MUX 接聽 Vip 的路由更新。Listens for route updates for VIPs from SLB MUX.

  • 如果保持運作失敗,則從 SLB 輪替移除 SLB Mux。Removes SLB MUXes from the SLB rotation if Keep Alive fails.

軟體 Load Balancer 功能Software Load Balancer Features

下列各節說明軟體 Load Balancer 的一些特性和功能。The following sections describe some of the features and capabilities of Software Load Balancer.

核心功能Core functionality

  • SLB 提供第4層負載平衡服務,適用于北/南部和東部/西部 TCP/UDP 流量。SLB provides Layer 4 load balancing services for north/south and east/west TCP/UDP traffic.

  • 您可以在 Hyper-v 網路虛擬化的網路上使用 SLB。You can use SLB on a Hyper-V Network Virtualization-based network.

  • 您可以針對連線到已啟用 SDN 的 Hyper-v 虛擬交換器的 DIP Vm,使用 SLB 搭配 VLAN 型網路。You can use SLB with a VLAN-based network for DIP VMs connected to a SDN Enabled Hyper-V virtual switch.

  • 一個 SLB 實例可以處理多個租使用者。One SLB instance can handle multiple tenants.

  • SLB 和 DIP 支援可調整且低延遲的傳回路徑,如同 DSR 所執行。SLB and DIP support a scalable and low-latency return path, as implemented by DSR.

  • SLB 函式(當您也使用 Switch Embedded 組合 (設定) 或單一根輸入/輸出虛擬化 (SR-IOV) 時。SLB functions when you are also using Switch Embedded Teaming (SET) or Single Root Input/Output Virtualization (SR-IOV).

  • SLB 包含網際網路通訊協定第6版 (IPv6) 和第4版 (IPv4) 支援。SLB includes Internet Protocol version 6 (IPv6) and version 4 (IPv4) support.

  • 針對站對站閘道案例,SLB 提供 NAT 功能,讓所有的站對站連線都能利用單一公用 IP。For site-to-site gateway scenarios, SLB provides NAT functionality to enable all site-to-site connections to utilize a single public IP.

規模和效能Scale and performance

  • 適用于雲端規模,包括 Mux 和主機代理程式的向外延展和擴大功能。Ready for cloud scale, including scale-out and scale-up capability for MUXes and Host Agents.

  • 一個有效的 SLB 管理員網路控制站模組可支援八個 MUX 實例。One active SLB Manager Network Controller module can support eight MUX instances.

高可用性High availability

  • 您可以在主動/主動設定中,將 SLB 部署至兩個以上的節點。You can deploy SLB to more than two nodes in an active/active configuration.

  • Mux 可在 MUX 集區中新增和移除,而不會影響 SLB 服務。MUXes can be added and removed from the MUX pool without impacting the SLB service. 這可在修補個別 Mux 時維持 SLB 可用性。This maintains SLB availability when individual MUXes are being patched.

  • 個別 MUX 實例的執行時間為99%。Individual MUX instances have an uptime of 99 percent.

  • 健康情況監視資料適用于管理實體。Health monitoring data is available to management entities.

後續步驟Next steps

如需相關資訊,另請參閱:For related information, see also: