使用负载均衡技术建设高负载的网络站点

Internet的快速增长使多媒体网络服务器,特别是Web服务器,面对的访问者数量快速增加,网络服务器需要具备提供大量并发访问服务的能力。例如 Yahoo每天会收到数百万次的访问请求,因此对于提供大负载Web服务的服务器来讲,CPU、 I/O处理能力很快会成为瓶颈。

简单的提高硬件性能并不能真正解决这个问题,因为单台服务器的性能总是有限的,一般来讲,一台PC服务器所能提供的并发访问处理能力大约为1000个,更 为高档的专用服务器能够支持3000-5000个并发访问,这样的能力还是无法满足负载较大的网站的要求。尤其是网络请求具有突发性,当某些重大事件发生 时,网络访问就会急剧上升,从而造成网络瓶颈,例如在网上发布的克林顿弹劾书就是很明显的例子。必须采用多台服务器提供网络服务,并将网络请 求分配给这些服务器分担,才能提供处理大量并发服务的能力。

当使用多台服务器来分担负载的时候,最简单的办法是将不同的服务器用在不同的方面。按提供的内容进行分割时,可以将一台服务器用于提供新闻页面,而另一台 用于提供游戏页面;或者可以按服务器的功能进行分割,将一台服务器用于提供静态页面访问,而另一些用于提供CGI等需要大量消耗资源的动态页面访问。然而 由于网络访问的突发性,使得很难确定那些页面造成的负载太大,如果将服务的页面分割的过细就会造成很大浪费。事实上造成负载过大的页面常常是在变化中的, 如果要经常按照负载变化来调整页面所在的服务器,那么势必对管理和维护造成极大的问题。因此这种分割方法只能是大方向的调整,对于大负载的网站,根本的解 决办法还需要应用负载均衡技术。

负载均衡的思路下多台服务器为对称方式,每台服务器都具备等价的地位,都可以单独对外提供服务而无须其他服务器的辅助。然后通过某种负载分担技术,将外部 发送来的请求均匀分配到对称结构中的某一台服务器上,而接收到请求的服务器都独立回应客户机的请求。由于建立内容完全一致的Web服务器并不复杂,可以使 用服务器同步更新或者共享存储空间等方法来完成,因此负载均衡技术就成为建立一个高负载Web站点的关键性技术。 Continue reading 使用负载均衡技术建设高负载的网络站点

Minicom的配置和使用

Minicom是一款类unix操作系统下串口通讯工具,功能和超级终端,或者说putty的COM通信类似,我们可以用它来配置通信modem,思科产品,以及其它需要串口通信配置的硬件,以下以FreeBSD为例,首先我们看下系统里面有没有串口信息,如果有以下的信息呢就代表串口硬件是存在的,正常~下图中的机器是有两个串口,一个uart0,一个uart2。

接下来我们安装minicom软件,这种常用软件直接用ports安装就可以了,make install,第一次运行我们需要初始化配置文件,使用参数启动:minicom -s

可以看到,最重要的配置自然是设备和端口了~我们稍加配置即可,需要说明的是,在FreeBSD中,虽然内核中的设备名称是uart0和uart2,但实际的设备名称分为呼出和呼入设备,呼出设备为cuau,呼入设备就是我们熟悉的tty了,在以Linux为内核的操作系统中,设备就不是这样命名的鸟……例如上面我们说到的uart0和uart2,对应的call out device分别是cuau0和cuau2,所以我们设置如图:(通信速率显然也需要设置一下)

由于Minicom本意是设计为modem通信使用的,所以在modem & dialing设置项中有很多的初始化设置,如果不需要的话,可以把它们删掉~最后当然是Save setup as default,以后就不用每次更改设置了,设置完成之后exit,就进入了通信界面,我们可以sh ver一下。

二十四口思科c2950交换机

网上买了一只二手的二十四口铁盒子2950交换机,成色还不错,拆开看了下(太好拆了,我本来以为会很难拆的),出厂日期是二零零六年,线路板完好,电源模块成色也很新,就是灰尘多了点,风扇声音巨~~~大,看样子风扇是快要坏了,相当幸运的是,这个风扇的型号和以前公司遗留下来的服务器风扇一模一样,于是我很简单的就把新的风扇换了上去,运作顺畅,清理了一下灰尘,嗯,这一转手卖个七八百应该不成问题,接下来就是升级交换机的操作系统,也就是著名的IOS(Internetwork Operating System),铁盒子公司一直声称他们是卖软件的,我觉得好像也是,交换机里面的芯片不是英特尔就是博通,接口不是安普就是欧姆龙,除了铁盒子外面写了个cisco systems,就木有哪里有标志了。


下面我们来升级2950的IOS,准备工作:在我得电脑上开启tftpd服务,下载最新版本的2950IOS。

铁盒子屁股上写了个出厂IOS版本号EA1B,登录进去系统看看,果然是c2950-i6q4l2-mz.121-22.EA1b.Bin,说明这个铁盒子从来没有升级过,首先我们需要备份一下原来的IOS,万一升级失败了也好恢复,在CLI里面命令如下:

copy flash:/c2950-i6q4l2-mz.121-22.EA1b.Bin tftp

然后输入你电脑的IP地址就可以了,在几十秒钟后,电脑上tftpd的目录就可以看到传输过来的旧版IOS了。

如果配置文件中加了很多选项,那么最好也备份下config.Txt,步骤雷同。
接下来删除html管理器的目录,如果你不需要通过http来进行管理的话,也是要删除的,因为要删除了才能不通过它来管理嘛,如果不删除,那就是旧版本的html管理器配上新版本的IOS,那可不一定会发生什么神奇的事情,在CLI里面命令如下:

delete /r flash:/html

然后确认就可以了。

接下来检查一下剩余的flash空间,一般来说2950交换机的flash空间都比较小,只有八个MB,而新的IOS最小也有四个MB,我下载带加密功能的新版IOS(c2950-i6k2l2q4-tar.121-22.EA13.tar)有五点六个MB,所以,我们必须要删除原有IOS才能安装新的IOS,你看像现在新的2960交换机,flash有两百五十六个MB,可以放好多个不同的IOS哦~那么,删除旧版IOS的命令如下:

delete flash:/c2950-i6q4l2-mz.121-22.EA1b.Bin

到这一步,你就千万不能断电了,要是断电了,嘿嘿,哈哈,该贝斯。
接下来我们把新的IOS通过tftp协议传输到交换机上,例如我开启tftpd电脑的IP地址是192.168.1.99,然后在CLI里面命令如下:

archive tar /xtract tftp://192.168.1.99/c2950-i6k2l2q4-tar.121-22.EA13.tar flash:

接下来交换机会解压缩tar包,将bin文件放到根目录,将html管理器解压缩到根目录,直到重新出现#号提示符,IOS升级完成,然后我们需要重启一下交换机,看是否真正升级成功,在命令行下输入reload即可。

再次登录进入交换机,我们输入命令查看一下系统版本信息,可以看到,操作系统已经成功升级为Version 12.1(22)EA13带cryptographic功能的IOS。

c2950>sh ver
Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA13, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by cisco Systems, Inc.
Compiled Fri 27-Feb-09 22:20 by amvarma
Image text-base: 0×80010000, data-base: 0×80680000

ROM: Bootstrap program is C2950 boot loader

c2950 uptime is 3 hours, 44 minutes
System returned to ROM by power-on
System restarted at 11:31:18 Taipei Wed Apr 14 2010
System image file is “flash:/c2950-i6k2l2q4-mz.121-22.EA13.bin”

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

cisco WS-C2950-24 (RC32300) processor (revision R0) with 19912K bytes of memory.
Processor board ID FOC0903T099
Last reset from system-reset
Running Standard Image
24 FastEthernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:13:1A:50:2B:00
Motherboard assembly number: 73-5781-13
Power supply part number: 34-0965-01
Motherboard serial number: FOC0902454E
Power supply serial number: DAB0851NHZ0
Model revision number: R0
Motherboard revision number: A0
Model number: WS-C2950-24
System serial number: FOC0903T099
Configuration register is 0xF

总的来说,铁盒子的效率比TP-LINK这样的家用产品要高,一百个MB的网络,传输速度一度可以达到20M/s,完全不符合规律。

Cisco Switch Portfast

我早就发现了局域网自动分配地址的速度很慢,只是问题不够明显。虽然问题不明显,但我一直在思考这个问题,经过我英明的分析和搜索,原来这个问题是早有案例的……

Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800b1500.shtml#cnf2k

—高科技分隔线—
Introduction
This document addresses initial connectivity delays that occur when workstations that are connected to switches have one of these two issues:
*Unable to log in to a network domain, either Microsoft Windows NT or Novell
*Unable to obtain a DHCP address
The steps in this document are easy to implement and address the most common causes of workstation connectivity delays that you encounter during the workstation initialization/startup phase.
—高科技分隔线—

Spanning Tree
If you have recently migrated from a hub environment to a switch environment, startup connectivity delays can appear because a switch works much differently than a hub. A switch provides connectivity at the data link layer, not at the physical layer. The switch uses a bridging algorithm in order to decide if packets that are received on a port need to be transmitted out other ports. The bridging algorithm is susceptible to physical loops in the network topology. Because of this susceptibility to loops, switches run the protocol STP that causes loops to be eliminated in the topology. When you run STP, all ports that are included in the spanning tree process become active much slower than they otherwise become active as STP detects and blocks loops. A bridged network that has physical loops, without STP, breaks. Despite the time that the process involves, STP is beneficial. STP that runs on Catalyst switches is an industry-standard specification (IEEE 802.1D).

After a port on the switch has linked and joined the bridge group, STP runs on that port. A port that runs STP can be in one of five states:

*blocking
*listening
*learning
*forwarding
*disabled

STP dictates that the port starts out blocking, and then immediately moves through the listening and learning phases. By default, the port spends approximately 15 seconds listening and 15 seconds learning. During the listening state, the switch tries to determine where the port fits in the spanning tree topology. The switch especially wants to know whether this port is part of a physical loop. If the port is part of a loop, the port can be chosen to go into blocking mode. The blocking mode means that the port does not send or receive user data in order to eliminate loops. If the port is not part of a loop, the port proceeds to the learning state, in which the port learns which MAC addresses live off this port. This entire STP initialization process takes about 30 seconds.

If you connect a workstation or a server with a single NIC card or an IP phone to a switch port, the connection cannot create a physical loop. These connections are considered leaf nodes. There is no reason to make the workstation wait 30 seconds while the switch checks for loops if the workstation cannot cause a loop. Cisco added the PortFast or fast-start feature. With this feature, the STP for this port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go through the blocking, listening, or learning states. This command does not turn STP off. This command makes STP skip a few initial steps (unnecessary steps, in this circumstance) on the selected port.
—高科技分隔线—

用中文来说,上面这一段话可以解读为:处于OSI二层的STP协议定义了一个交换机的端口的五种状态,你看上面有blocking,listening,learning,forwarding,disabled这么些状态,显然只有forwarding状态才是工作状态,而一个交换机端口从加电开始,先要经过listening,learning,forwarding这么个顺序来启动,主要是为了检测端口上有木有环路,以免造成网络风暴而致堵塞,看看需不需要blocking。

遗憾的是,这每个过程至少需要十五秒的时间,于是就造成了dhcp超时,以致于电脑获取不到IP地址,而电脑重启之后问题就解决了,是因为这个端口已经进入了forwarding状态,那莫这个问题应该怎么来解决呢?

这篇文档中说到,Cisco added the PortFast or fast-start feature,思科添加了一个portfast功能,跳过listening,learning,直接进入forwarding状态。

那莫,如何开启portfast呢?这就太简单了,如图所示:

conf t
interface fastEthernet 0/1
spanning-tree portfast

那莫,为什么原有的STP协议中没有把这么方便的一个功能加进去呢?看上面那么大一段Warning就知道了~啊,原来是loops的后果很坏很严重……开启了portfast的端口只能接一个网络设备,也就是说,在开启了portfast得端口上,如果出现了环路,哇,居然可以network cannot recover,不过对于我们这种小型办公网络而言,最多也就是个网速超慢……总之呢,就是开启了portfast的端口,是不能接交换机,路由器,集线器等等设备的,也就是说,只能有一个NIC,一个MAC地址(当然是同时)。

—还是高科技分隔线—
Caution: Never use the PortFast feature on switch ports that connect to other switches, hubs, or routers. These connections can cause physical loops, and spanning tree must go through the full initialization procedure in these situations. A spanning tree loop can bring your network down. If you turn on PortFast for a port that is part of a physical loop, there can be a window of time when packets are continuously forwarded (and can even multiply) in such a way that the network cannot recover.
—还是高科技分隔线—

这篇文档居然还无聊地对端口up时间做了个benchmark(请参考原文中Timing Tests on the Catalyst 2900XL段落),结果是可以把三十秒的时间缩短为一秒……效果还是很明显的,等于是把网线插入电脑就可以上网了,零等待~

于是我把办公室那个交换机的portfast功能也打开了,明天上班看下效果……当然,连服务器和无线AP以及上行防火墙的端口显然是不能打开的……