中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

LB旁路部署案例分析

發布時間:2020-04-16 16:55:50 來源:億速云 閱讀:338 作者:三月 欄目:安全技術

下文給大家帶來LB旁路部署案例分析,希望能夠給大家在實際運用中帶來一定的幫助,負載均衡涉及的東西比較多,理論也不多,網上有很多書籍,今天我們就用億速云在行業內累計的經驗來做一個解答。

LB旁路部署案例
一、  需求

  • 為了實現云服務器對外網用戶提供服務的可靠性,客戶在現網中部署了LB設備,LB采用旁路方式部署,要求外網主機訪問時的流量經過LB輪詢到內部云服務器,一臺云服務器down機不影響其正常業務。
    二、  拓撲環境
    LB旁路部署案例分析
    三、  配置思路
  • 配置各個設備ip地址及路由,保證ip可達
  • 配置檢測模板
  • 配置ip地址池
  • 配置實服務組,調用檢測模板和ip地址池
  • 配置實服務,關聯實服務組
  • 配置虛服務器,關聯實服務組
  • 測試
    四、  配置步驟
    配置腳本如下所示:
    出口NAT設備配置:
    sysname NAT
    #
    system-working-mode standard
    xbar load-single
    password-recovery enable
    lpu-type f-series
    #
    vlan 1
    #
    interface Serial1/0
    #
    interface Serial2/0
    #
    interface Serial3/0
    #
    interface Serial4/0
    #
    interface NULL0
    #
    interface GigabitEthernet0/0
    port link-mode route
    combo enable copper
    ip address 192.168.34.4 255.255.255.0
    #
    interface GigabitEthernet0/1
    port link-mode route
    combo enable copper
    ip address 100.1.46.4 255.255.255.0
    nat outbound
    nat server protocol tcp global 100.1.46.4 2323 inside 192.168.35.5 2323
    #
    interface GigabitEthernet0/2
    port link-mode route
    combo enable copper
    #
    interface GigabitEthernet5/0
    port link-mode route
    combo enable copper
    #
    interface GigabitEthernet5/1
    port link-mode route
    combo enable copper
    #
    interface GigabitEthernet6/0
    port link-mode route
    combo enable copper
    #
    interface GigabitEthernet6/1
    port link-mode route
    combo enable copper
    #
    scheduler logfile size 16
    #
    line class aux
    user-role network-operator
    #
    line class console
    user-role network-admin
    #
    line class tty
    user-role network-operator
    #
    line class vty
    user-role network-operator
    #
    line aux 0
    user-role network-operator
    #
    line con 0
    user-role network-admin
    #
    line vty 0 63
    user-role network-operator
    #
    ip route-static 0.0.0.0 0 100.1.46.6
    ip route-static 192.168.1.0 24 192.168.34.3
    ip route-static 192.168.2.0 24 192.168.34.3
    ip route-static 192.168.35.0 24 192.168.34.3
    #
    domain system
    #
    domain default enable system
    #
    role name level-0
    description Predefined level-0 role
    #
    role name level-1
    description Predefined level-1 role
    #
    role name level-2
    description Predefined level-2 role
    #
    role name level-3
    description Predefined level-3 role
    #
    role name level-4
    description Predefined level-4 role
    #
    role name level-5
    description Predefined level-5 role
    #
    role name level-6
    description Predefined level-6 role
    #
    role name level-7
    description Predefined level-7 role
    #
    role name level-8
    description Predefined level-8 role
    #
    role name level-9
    description Predefined level-9 role
    #              
    role name level-10
    description Predefined level-10 role
    #
    role name level-11
    description Predefined level-11 role
    #
    role name level-12
    description Predefined level-12 role
    #
    role name level-13
    description Predefined level-13 role
    #
    role name level-14
    description Predefined level-14 role
    #
    user-group system

LB關鍵配置:

interface GigabitEthernet1/0/1
 port link-mode route
 combo enable copper
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/2
 port link-mode route
 combo enable copper
 ip address 192.168.35.5 255.255.255.0

loadbalance snat-pool pool
 ip range start 192.168.35.5 end 192.168.35.5
#
server-farm sf
 snat-pool pool
 probe t1
#
real-server rs1
 ip address 192.168.1.1
 port 23
 weight 150
 server-farm sf
#
real-server rs2
 ip address 192.168.2.2
 port 23
 weight 120    
 server-farm sf
#
virtual-server vs type tcp
 port 2323 
 virtual ip address 192.168.35.5
 default server-farm sf
 service enable
 #
 ip route-static 0.0.0.0 0 192.168.35.3
#
acl basic 2000
 rule 0 permit
security-zone name Trust
 import interface GigabitEthernet1/0/2
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
zone-pair security source Any destination Any
 packet-filter 2000
#
return

五、  測試
外網主機telnet外網映射到LB的地址和端口,看是否可以訪問到內部服務器
<Client>telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...

<ServerA>
<ServerA>
<ServerA>dis ip int brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    down     down     --              --
GE0/1                    up       up       192.168.1.1     --
測試后可以正常訪問到服務器A

退出登錄后再嘗試登錄下,測試看是否可以輪詢到另一個服務器
<ServerA>quit

The connection was closed by the remote host!
<Client>telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...

<ServerB>
<ServerB>dis ip int brief
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    up       up       192.168.2.2     --

LB>dis real-server statistics
Slot 1:
Real server: rs1
Total connections: 7
Active connections: 0
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 13601 bytes
Server output: 15872 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 3612 bytes/s
Max inbound throughput: 1359 bytes/s
Max outbound throughput: 2253 bytes/s
Received packets: 252
Sent packets: 238
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0

Real server: rs2
Total connections: 8
Active connections: 1
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 15552 bytes
Server output: 17213 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 288
Sent packets: 264
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0

<LB>dis virtual-server statistics
Slot 1:
Virtual server: vs
Total connections: 15
Active connections: 1
Max connections: 2
Connections per second: 0
Max connections per second: 1
Client input: 29257 bytes
Client output: 33165 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 542
Sent packets: 504
Dropped packets: 0
六、  注意事項

  • 該拓撲圖中,如果只是單純配置服務器負載均衡,不針對外網進來的源做snat的話,是無法訪問到服務器的,原因是,外網終端向LB發起訪問,但是數據包回復時卻是內網服務器直接給予的回應,服務器回包時,數據包到核心設備,直接按照缺省路由去做轉發了,即使客戶端收到數據包,由于發起和回應的地址不一致,則會認為數據包不是自己想要的,會直接丟棄
  • 配置LB時,新建實服務,關聯實服務組,最后在虛服務器下做關聯時,設備會根據檢測模板去輪詢看是否和服務器可達,如果可達,將處于active狀態,如果檢測不可達,處于Probe-failed
  • 看了以上關于LB旁路部署案例分析,如果大家還有什么地方需要了解的可以在億速云行業資訊里查找自己感興趣的或者找我們的專業技術工程師解答的,億速云技術工程師在行業內擁有十幾年的經驗了。

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

岳西县| 漳州市| 沙洋县| 丹江口市| 新疆| 科尔| 天柱县| 徐汇区| 龙里县| 明光市| 泸水县| 沙湾县| 唐河县| 九龙坡区| 建德市| 乳山市| 禄劝| 密山市| 微山县| 峡江县| 博爱县| 连江县| 延吉市| 霍山县| 高平市| 喜德县| 鹤山市| 高邮市| 丁青县| 沭阳县| 轮台县| 建平县| 定边县| 昌图县| 内江市| 黔东| 虞城县| 玉屏| 安新县| 华安县| 博客|