K8s — ipvs Mode Introduction

K8s ipvs mode detailed introduction

What is ipvs

ipvs stands for IP Virtual Server, it is built on top of Netfilter and acts like a layer 4 (Transport) Linux connection load balancer.

ipvs is incorporated into the LVS (Linux Virtual Server) and it can direct requests for TCP and UDP-based services to the real servers, and make services of the real servers appear as virtual services on a single IP address.

ipvs Load balancing mode

ipvs mode uses IPVS instead of iptables, for connection load balancing. ipvs supports six load balancing modes, specified with --ipvs-scheduler:

• rr: Round-robin, send request to next host in the cycle
• lc: Least connection, send request to least open connections server
• dh: Destination hashing, send request based on connections’ destination addresses.
• sh: Source hashing, send request based on connections’ dsource addresses.
• sed: Shortest expected delay, send request to the host with the lowest connections to weight ratio.
• nq: Never queue, send connection to any host with no existing connections
  Round-robin (rr) is the default load balancing mode.

The following diagram shows IPVS’s role in Linux packet routing:

Pic from James Strong

ipvs Packet Forwarding mode

IPVS supports the following three packet forwarding modes:

• NAT rewrites source and destination addresses.
• DR encapsulates IP datagrams within IP datagrams.
• IP tunneling directly routes packets to the backend server by rewriting the MAC address of the data frame with the MAC address of the selected backend server.

Why use ipvs instead of iptables?

There are three reasons that you may consider switching from default iptables mode to ipvs mode:

• Scalability: kube-proxy with iptables is a…