LB旁路部署案例分析
下文给大家带来LB旁路部署案例分析,希望能够给大家在实际运用中带来一定的帮助,负载均衡涉及的东西比较多,理论也不多,网上有很多书籍,今天我们就用在行业内累计的经验来做一个解答。
LB旁路部署案例
一、 需求
- 为了实现云服务器对外网用户提供服务的可靠性,客户在现网中部署了LB设备,LB采用旁路方式部署,要求外网主机访问时的流量经过LB轮询到内部云服务器,一台云服务器down机不影响其正常业务。
二、 拓扑环境
三、 配置思路 - 配置各个设备ip地址及路由,保证ip可达
- 配置检测模板
- 配置ip地址池
- 配置实服务组,调用检测模板和ip地址池
- 配置实服务,关联实服务组
- 配置虚服务器,关联实服务组
- 测试
四、 配置步骤
配置脚本如下所示:
出口NAT设备配置:sysname NAT#system-working-mode standardxbar load-singlepassword-recovery enablelpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 192.168.34.4 255.255.255.0#interface GigabitEthernet0/1port link-mode routecombo enable copperip address 100.1.46.4 255.255.255.0nat outboundnat server protocol tcp global 100.1.46.4 2323 inside 192.168.35.5 2323#interface GigabitEthernet0/2port link-mode routecombo enable copper#interface GigabitEthernet5/0port link-mode routecombo enable copper#interface GigabitEthernet5/1port link-mode routecombo enable copper#interface GigabitEthernet6/0port link-mode routecombo enable copper#interface GigabitEthernet6/1port link-mode routecombo enable copper#scheduler logfile size 16#line class auxuser-role network-operator#line class consoleuser-role network-admin#line class ttyuser-role network-operator#line class vtyuser-role network-operator#line aux 0user-role network-operator#line con 0user-role network-admin#line vty 0 63user-role network-operator#ip route-static 0.0.0.0 0 100.1.46.6ip route-static 192.168.1.0 24 192.168.34.3ip route-static 192.168.2.0 24 192.168.34.3ip route-static 192.168.35.0 24 192.168.34.3#domain system#domain default enable system#role name level-0description Predefined level-0 role#role name level-1description Predefined level-1 role#role name level-2description Predefined level-2 role#role name level-3description Predefined level-3 role#role name level-4description Predefined level-4 role#role name level-5description Predefined level-5 role#role name level-6description Predefined level-6 role#role name level-7description Predefined level-7 role#role name level-8description Predefined level-8 role#role name level-9description Predefined level-9 role# role name level-10description Predefined level-10 role#role name level-11description Predefined level-11 role#role name level-12description Predefined level-12 role#role name level-13description Predefined level-13 role#role name level-14description Predefined level-14 role#user-group system
LB关键配置:
interface GigabitEthernet1/0/1 port link-mode route combo enable copper ip address 192.168.0.1 255.255.255.0#interface GigabitEthernet1/0/2 port link-mode route combo enable copper ip address 192.168.35.5 255.255.255.0loadbalance snat-pool pool ip range start 192.168.35.5 end 192.168.35.5#server-farm sf snat-pool pool probe t1#real-server rs1 ip address 192.168.1.1 port 23 weight 150 server-farm sf#real-server rs2 ip address 192.168.2.2 port 23 weight 120 server-farm sf#virtual-server vs type tcp port 2323 virtual ip address 192.168.35.5 default server-farm sf service enable # ip route-static 0.0.0.0 0 192.168.35.3#acl basic 2000 rule 0 permitsecurity-zone name Trust import interface GigabitEthernet1/0/2#security-zone name DMZ#security-zone name Untrust#security-zone name Management#zone-pair security source Any destination Any packet-filter 2000#return五、 测试
外网主机telnet外网映射到LB的地址和端口,看是否可以访问到内部服务器
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 down down -- --
GE0/1 up up 192.168.1.1 --
测试后可以正常访问到服务器A
退出登录后再尝试登录下,测试看是否可以轮询到另一个服务器
The connection was closed by the remote host!
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 192.168.2.2 --
LB>dis real-server statistics
Slot 1:
Real server: rs1
Total connections: 7
Active connections: 0
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 13601 bytes
Server output: 15872 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 3612 bytes/s
Max inbound throughput: 1359 bytes/s
Max outbound throughput: 2253 bytes/s
Received packets: 252
Sent packets: 238
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0
Real server: rs2
Total connections: 8
Active connections: 1
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 15552 bytes
Server output: 17213 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 288
Sent packets: 264
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0
dis virtual-server statistics
Slot 1:
Virtual server: vs
Total connections: 15
Active connections: 1
Max connections: 2
Connections per second: 0
Max connections per second: 1
Client input: 29257 bytes
Client output: 33165 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 542
Sent packets: 504
Dropped packets: 0
六、 注意事项
- 该拓扑图中,如果只是单纯配置服务器负载均衡,不针对外网进来的源做snat的话,是无法访问到服务器的,原因是,外网终端向LB发起访问,但是数据包回复时却是内网服务器直接给予的回应,服务器回包时,数据包到核心设备,直接按照缺省路由去做转发了,即使客户端收到数据包,由于发起和回应的地址不一致,则会认为数据包不是自己想要的,会直接丢弃
- 配置LB时,新建实服务,关联实服务组,最后在虚服务器下做关联时,设备会根据检测模板去轮询看是否和服务器可达,如果可达,将处于active状态,如果检测不可达,处于Probe-failed
看了以上关于LB旁路部署案例分析,如果大家还有什么地方需要了解的可以在行业资讯里查找自己感兴趣的或者找我们的专业技术工程师解答的,技术工程师在行业内拥有十几年的经验了。
