LB服務(wù)器負(fù)載均衡【旁路部署】-創(chuàng)新互聯(lián)

LB旁路部署案例
一、 需求

創(chuàng)新互聯(lián)堅持“要么做到，要么別承諾”的工作理念，服務(wù)領(lǐng)域包括：網(wǎng)站設(shè)計、成都網(wǎng)站建設(shè)、企業(yè)官網(wǎng)、英文網(wǎng)站、手機端網(wǎng)站、網(wǎng)站推廣等服務(wù)，滿足客戶于互聯(lián)網(wǎng)時代的巴宜網(wǎng)站設(shè)計、移動媒體設(shè)計的需求，幫助企業(yè)找到有效的互聯(lián)網(wǎng)解決方案。努力成為您成熟可靠的網(wǎng)絡(luò)建設(shè)合作伙伴！

• 為了實現(xiàn)服務(wù)器對外網(wǎng)用戶提供服務(wù)的可靠性，客戶在現(xiàn)網(wǎng)中部署了LB設(shè)備，LB采用旁路方式部署，要求外網(wǎng)主機訪問時的流量經(jīng)過LB輪詢到內(nèi)部服務(wù)器，一臺服務(wù)器down機不影響其正常業(yè)務(wù)。
  二、 拓?fù)洵h(huán)境
  
  三、 配置思路
• 配置各個設(shè)備ip地址及路由，保證ip可達
• 配置檢測模板
• 配置ip地址池
• 配置實服務(wù)組，調(diào)用檢測模板和ip地址池
• 配置實服務(wù)，關(guān)聯(lián)實服務(wù)組
• 配置虛服務(wù)器，關(guān)聯(lián)實服務(wù)組
• 測試
  四、 配置步驟
  配置腳本如下所示：
  出口NAT設(shè)備配置：

  
  sysname NAT
  #
  system-working-mode standard
  xbar load-single
  password-recovery enable
  lpu-type f-series
  #
  vlan 1
  #
  interface Serial1/0
  #
  interface Serial2/0
  #
  interface Serial3/0
  #
  interface Serial4/0
  #
  interface NULL0
  #
  interface GigabitEthernet0/0
  port link-mode route
  combo enable copper
  ip address 192.168.34.4 255.255.255.0
  #
  interface GigabitEthernet0/1
  port link-mode route
  combo enable copper
  ip address 100.1.46.4 255.255.255.0
  nat outbound
  nat server protocol tcp global 100.1.46.4 2323 inside 192.168.35.5 2323
  #
  interface GigabitEthernet0/2
  port link-mode route
  combo enable copper
  #
  interface GigabitEthernet5/0
  port link-mode route
  combo enable copper
  #
  interface GigabitEthernet5/1
  port link-mode route
  combo enable copper
  #
  interface GigabitEthernet6/0
  port link-mode route
  combo enable copper
  #
  interface GigabitEthernet6/1
  port link-mode route
  combo enable copper
  #
  scheduler logfile size 16
  #
  line class aux
  user-role network-operator
  #
  line class console
  user-role network-admin
  #
  line class tty
  user-role network-operator
  #
  line class vty
  user-role network-operator
  #
  line aux 0
  user-role network-operator
  #
  line con 0
  user-role network-admin
  #
  line vty 0 63
  user-role network-operator
  #
  ip route-static 0.0.0.0 0 100.1.46.6
  ip route-static 192.168.1.0 24 192.168.34.3
  ip route-static 192.168.2.0 24 192.168.34.3
  ip route-static 192.168.35.0 24 192.168.34.3
  #
  domain system
  #
  domain default enable system
  #
  role name level-0
  description Predefined level-0 role
  #
  role name level-1
  description Predefined level-1 role
  #
  role name level-2
  description Predefined level-2 role
  #
  role name level-3
  description Predefined level-3 role
  #
  role name level-4
  description Predefined level-4 role
  #
  role name level-5
  description Predefined level-5 role
  #
  role name level-6
  description Predefined level-6 role
  #
  role name level-7
  description Predefined level-7 role
  #
  role name level-8
  description Predefined level-8 role
  #
  role name level-9
  description Predefined level-9 role
  #              
  role name level-10
  description Predefined level-10 role
  #
  role name level-11
  description Predefined level-11 role
  #
  role name level-12
  description Predefined level-12 role
  #
  role name level-13
  description Predefined level-13 role
  #
  role name level-14
  description Predefined level-14 role
  #
  user-group system

LB關(guān)鍵配置：

interface GigabitEthernet1/0/1
 port link-mode route
 combo enable copper
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/2
 port link-mode route
 combo enable copper
 ip address 192.168.35.5 255.255.255.0

loadbalance snat-pool pool
 ip range start 192.168.35.5 end 192.168.35.5
#
server-farm sf
 snat-pool pool
 probe t1
#
real-server rs1
 ip address 192.168.1.1
 port 23
 weight 150
 server-farm sf
#
real-server rs2
 ip address 192.168.2.2
 port 23
 weight 120    
 server-farm sf
#
virtual-server vs type tcp
 port 2323 
 virtual ip address 192.168.35.5
 default server-farm sf
 service enable
 #
 ip route-static 0.0.0.0 0 192.168.35.3
#
acl basic 2000
 rule 0 permit
security-zone name Trust
 import interface GigabitEthernet1/0/2
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
zone-pair security source Any destination Any
 packet-filter 2000
#
return

五、 測試
外網(wǎng)主機telnet外網(wǎng)映射到LB的地址和端口，看是否可以訪問到內(nèi)部服務(wù)器
<Client>telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...

<ServerA>
<ServerA>
<ServerA>dis ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 down down -- --
GE0/1 up up 192.168.1.1 --
測試后可以正常訪問到服務(wù)器A

退出登錄后再嘗試登錄下，測試看是否可以輪詢到另一個服務(wù)器
<ServerA>quit

The connection was closed by the remote host!
<Client>telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...

<ServerB>
<ServerB>dis ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 192.168.2.2 --

LB>dis real-server statistics
Slot 1:
Real server: rs1
Total connections: 7
Active connections: 0
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 13601 bytes
Server output: 15872 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 3612 bytes/s
Max inbound throughput: 1359 bytes/s
Max outbound throughput: 2253 bytes/s
Received packets: 252
Sent packets: 238
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0

Real server: rs2
Total connections: 8
Active connections: 1
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 15552 bytes
Server output: 17213 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 288
Sent packets: 264
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0

<LB>dis virtual-server statistics
Slot 1:
Virtual server: vs
Total connections: 15
Active connections: 1
Max connections: 2
Connections per second: 0
Max connections per second: 1
Client input: 29257 bytes
Client output: 33165 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 542
Sent packets: 504
Dropped packets: 0
六、 注意事項

• 該拓?fù)鋱D中，如果只是單純配置服務(wù)器負(fù)載均衡，不針對外網(wǎng)進來的源做snat的話，是無法訪問到服務(wù)器的，原因是，外網(wǎng)終端向LB發(fā)起訪問，但是數(shù)據(jù)包回復(fù)時卻是內(nèi)網(wǎng)服務(wù)器直接給予的回應(yīng)，服務(wù)器回包時，數(shù)據(jù)包到核心設(shè)備，直接按照缺省路由去做轉(zhuǎn)發(fā)了，即使客戶端收到數(shù)據(jù)包，由于發(fā)起和回應(yīng)的地址不一致，則會認(rèn)為數(shù)據(jù)包不是自己想要的，會直接丟棄
• 配置LB時，新建實服務(wù)，關(guān)聯(lián)實服務(wù)組，最后在虛服務(wù)器下做關(guān)聯(lián)時，設(shè)備會根據(jù)檢測模板去輪詢看是否和服務(wù)器可達，如果可達，將處于active狀態(tài)，如果檢測不可達，處于Probe-failed

文章題目：LB服務(wù)器負(fù)載均衡【旁路部署】-創(chuàng)新互聯(lián)
網(wǎng)站網(wǎng)址：http://muchs.cn/article0/csgpoo.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供ChatGPT、虛擬主機、標(biāo)簽優(yōu)化、定制開發(fā)、全網(wǎng)營銷推廣、網(wǎng)頁設(shè)計公司

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)