ans Single VIP LLB and SLB config
ans Single VIP LLB and SLB config
配置命令:
# 配置设备工作模式和开启的功能
> enable ans mode FR MBF Edge USNIP L3 PMTUD
Done
> enable ans feature WL LB CS SSL IPv6PT CH
Done
> # 设置设备的管理IP ( 需要重启系统才可生效, 重启系统前请先保存配置. save ansconfig )
> set ans config -IPAddress 192.168.11.11 -netmask 255.255.255.0
Done
> # 设置用于连通内网的SNIP地址 ( enable ans mode usnip )
> add ans ip 192.168.11.1 255.255.255.0 -mgmtAccess ENABLED -restrictAccess ENABLED
Done
> # 设置设备主机名
> set ans hostName SURFILTER
Done
> # 设置时区
> set ans param -cookieversion -timezone "GMT+08:00-CST-Asia/Shanghai"
Done
> set audit syslogparams -timeZone LOCAL_TIME
Done
> set audit anslogParams -timeZone LoCAL_TIME
Done
> # 设置时间, 格式为: YYYYmmddHHMM 注意时区是否正确
> shell date
Mon Dec :: CST
Done
> shell date +'%Y-%m-%d %H:%M:%S'
-- ::
Done
> # 添加NTP服务器 ( 非常规操作方式, 直接修改NTP配置文件 )
> shell vi /etc/ntp.conf
# Common elements of NTP configuration
#
# Do not edit: changes will be lost following reboot.
# For site-specific NTP configuration, see the instructions in /etc/ntp.conf
# # We won't allow *anything* from hosts not listed in the configuration
# This means you need a restrict line for each server
restrict default ignore
restrict - default ignore # Allow just about anything from localhost, IPv4.
restrict 127.0.0.1 mask 255.255.255.255 driftfile /var/db/ntp.drift
logfile /var/log/ntpd.log # Log everything, even from ntpd (which otherwise defaults to "all =sync")
logconfig =all +all ####################### server 218.75.4.130 minpoll maxpoll
restrict 218.75.4.130 nomodify notrap nopeer noquery ~
~
~
:wq!
Done
>
> shell cp /etc/ntp.conf /flash/anscfg/ntp.conf
Done
> # 设置DNS服务器解析配置文件
> shell vi /etc/resolv.conf
# Do not change this entry, use the 'add nameserver'
nameserver 127.0.0.2 ~
~
~
:wq!
> shell cp /etc/resolv.conf /flash/anscfg/resolv.conf
Done
>
# 启动NTP服务器
> enable ntp sync
Done
>
# 添加DNS服务器
> add dns nameServer 8.8.4.4
Done
> # 设置默认证书链接关系
> add ssl certKey hg-root-certificate -cert hg-root.cert -inform PEM
Done
> add ssl certKey hg-server-certificate -cert hg-server.cert -key hg-server.key -inform PEM
Done
> link ssl certKey hg-server-certificate hg-root-certificate
Done
>
# 添加用于连通ISP的VIP地址
> add ans ip 192.168.110.41 255.255.255.0 -type VIP
Done
> add ans ip 192.168.120.45 255.255.255.0 -type VIP
Done
> # 添加 VLAN
> add vlan
Done
> add vlan
Done
> bind vlan -ifnum /
Done
> bind vlan -IPAddress 192.168.110.41 255.255.255.0
Done
> bind vlan -ifnum /
Done
> bind vlan -IPAddress 192.168.120.45 255.255.255.0
Done
> # 设置针对内网的反向NAT
> set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.110.41
Done
> set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.120.45
Done
> # 添加 NetProfile , 绑定 SNIP
> add netProfile net_pf_internal -srcIP 192.168.11.1
Done
> # 添加ISP网关服务器地址
> add server srv_isp_ct 192.168.110.1
Done
> add server srv_isp_cnc 192.168.210.1
Done
> # 添加ISP监视器
> add lb monitor mon_ping_net_pf PING -LRTM DISABLED -netProfile net_pf_internal
Done
>
# 添加ISP服务并绑定对应监视器
> add service svc_isp_ct srv_isp_ct ANY *
Done
> bind service svc_isp_ct -monitorName mon_ping_net_pf
Done
>
> add service svc_isp_cnc srv_isp_cnc ANY *
Done
> bind service svc_isp_cnc -monitorName mon_ping_net_pf
Done
> # 添加ISP负载均衡虚拟服务器并绑定对应服务
> add lb vserver lb_vsrv_isp_llb_all ANY 0.0.0.0 -lbMethod ROUNDROBIN -persistenceType DESTIP
Done
> bind lb vserver lb_vsrv_isp_llb_all svc_isp_ct
Done
> bind lb vserver lb_vsrv_isp_llb_all svc_isp_cnc
Done
>
> add lb vserver lb_vsrv_isp_llb_ct ANY 0.0.0.0 -lbMethod ROUNDROBIN -persistenceType DESTIP
Done
> bind lb vserver lb_vsrv_isp_llb_ct svc_isp_ct
Done
> set lb vserver lb_vsrv_isp_llb_ct -backupVServer lb_vsrv_isp_llb_all
Done
>
> add lb vserver lb_vsrv_isp_llb_cnc ANY 0.0.0.0 -lbMethod ROUNDROBIN -persistenceType DESTIP
Done
> bind lb vserver lb_vsrv_isp_llb_cnc svc_isp_cnc
Done
> set lb vserver lb_vsrv_isp_llb_cnc -backupVServer lb_vsrv_isp_llb_all
Done
> # 添加默认的LB路由项
> add lb route 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_all
Done
> # 添加并应用 PBR
> add ans pbr pbr_isp_ct_internel ALLOW -srcIP = 192.168.11.1 -destIP = 192.168.110.1 -nextHop 127.0.0.1 -priority -msr ENABLED
Done
> add ans pbr pbr_isp_cnc_internel ALLOW -srcIP = 192.168.11.1 -destIP = 192.168.120.1 -nextHop 127.0.0.1 -priority -msr ENABLED
Done
> apply ans pbrs
Done
> # 发布本地ssh服务
> add server srv_local_loopback 127.0.0.1
Done
> add service svc_local_ssh srv_local_loopback TCP
Done
>
> add lb vserver lb_vsrv_isp_ct_ssh TCP 192.168.110.41 -lbMethod ROUNDROBIN -persistenceType SOURCEIP
Done
> bind lb vserver lb_vsrv_isp_ct_ssh svc_local_ssh
Done
> add lb vserver lb_vsrv_isp_cnc_ssh TCP 192.168.120.45 -lbMethod ROUNDROBIN -persistenceType SOURCEIP
Done
> bind lb vserver lb_vsrv_isp_cnc_ssh svc_local_ssh
Done
> # 发布本地webgui服务
> add server srv_local_loopback 127.0.0.1
Done
> add service svc_local_webgui srv_local_loopback HTTP
Done
>
> add lb vserver lb_vsrv_isp_ct_webgui HTTP 192.168.110.41 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_isp_ct_webgui svc_local_webgui
Done
> add lb vserver lb_vsrv_isp_cnc_webgui HTTP 192.168.120.45 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_isp_cnc_webgui svc_local_webgui
Done
> # 发布内网web服务
> add server srv_web_hfs 192.168.11.249
Done
> add service svc_web_hfs srv_web_hfs HTTP
Done
>
> add lb vserver lb_vsrv_web_hfs_ct HTTP 192.168.110.41 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_web_hfs_ct svc_web_hfs
Done
> add lb vserver lb_vsrv_web_hfs_cnc HTTP 192.168.120.45 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_web_hfs_cnc svc_web_hfs
Done
>
查看状态:
> stat interface Interface Summary
ID IntfState IntfAlias Rx Bytes Tx Bytes Rx Pkts Tx Pkts
/ DOWN
/ UP
/ UP
/ DOWN
/ UP
/ DOWN
/ UP
/ DOWN
/ DOWN
/ DOWN
/ DOWN
/ DOWN
/ DOWN
LO/ UP 403220k 527085k
Done
>
> show ip
Ipaddress TD Type Mode Arp Icmp Vserver State
--------- -- ---- ---- --- ---- ------- ------
) 192.168.11.11 HGANS IP Active Enabled Enabled NA Enabled
) 192.168.11.1 SNIP Active Enabled Enabled NA Enabled
) 192.168.110.41 VIP Active Enabled Enabled Enabled Enabled
) 192.168.120.45 VIP Active Enabled Enabled Enabled Enabled
Done
>
> show route
Network Netmask Gateway/OwnedIP State TD Type
------- ------- --------------- ----- -- ----
) 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_ UP |LBROUTE
all
) 127.0.0.0 255.0.0.0 127.0.0.1 UP PERMANENT
) 192.168.11.0 255.255.255.0 192.168.11.11 UP DIRECT
) 192.168.110.0 255.255.255.0 192.168.110.41 UP DIRECT
) 192.168.120.0 255.255.255.0 192.168.120.45 UP DIRECT
Done
>
> show vlan ) VLAN ID:
Link-local IPv6 addr: fe80::20b:abff:fef3:87bf/
Interfaces : / / / / / / / / / / / / LO/ ) VLAN ID: VLAN Alias Name:
Interfaces : /
IPs :
192.168.110.41 Mask: 255.255.255.0 ) VLAN ID: VLAN Alias Name:
Interfaces : /
IPs :
192.168.120.45 Mask: 255.255.255.0
Done
>
> show rnat
) Network: 192.168.11.0 Netmask: 255.255.255.0
NatIP: 192.168.110.41 Td: ) Network: 192.168.11.0 Netmask: 255.255.255.0
NatIP: 192.168.120.45 Td: Done
>
> show ans pbr
) Name: pbr_isp_ct_internel
Action: ALLOW Hits:
srcIP = 192.168.11.1
destIP = 192.168.110.1
srcMac: Protocol:
Vlan: Interface:
Active Status: ENABLED Applied Status: APPLIED
Priority:
NextHop: 127.0.0.1
MSR: ENABLED STATE: UP ) Name: pbr_isp_cnc_internel
Action: ALLOW Hits:
srcIP = 192.168.11.1
destIP = 192.168.120.1
srcMac: Protocol:
Vlan: Interface:
Active Status: ENABLED Applied Status: APPLIED
Priority:
NextHop: 127.0.0.1
MSR: ENABLED STATE: UP Done
>
> show server
) Name: srv_isp_ct State:ENABLED
IPAddress: 192.168.110.1
) Name: srv_isp_cnc State:ENABLED
IPAddress: 192.168.120.1
) Name: srv_local_loopback State:ENABLED
IPAddress: 127.0.0.1
) Name: srv_web_hfs State:ENABLED
IPAddress: 192.168.11.249
Done
>
> show service -summary
---------------------------------------------------------------------------------------------
Name State IP Addr Port Protocol MaxClients MaxReqs
---------------------------------------------------------------------------------------------
svc_isp_ct UP srv_isp_ct * ANY
svc_isp_cnc UP srv_isp_cnc * ANY
svc_..._ssh UP srv_loc...oopback TCP
svc_...bgui UP srv_loc...oopback HTTP
svc_web_hfs UP srv_web_hfs HTTP
Done
>
> show lb vserver -summary
--------------------------------------------------------------------------------------------------------------------------------------
Name State Effec State Td IP Addr Port Prot Method TCPProfName HTTPProfName NetProfName DBProfName
--------------------------------------------------------------------------------------------------------------------------------------
lb_..._all UP UP 0.0.0.0 ANY RO...IN
lb_...b_ct UP UP 0.0.0.0 ANY RO...IN
lb_..._cnc UP UP 0.0.0.0 ANY RO...IN
lb_..._ssh UP UP 192.168.110.41 TCP RO...IN
lb_..._ssh UP UP 192.168.120.45 TCP RO...IN
lb_...bgui UP UP 192.168.110.41 HTTP RO...IN
lb_...bgui UP UP 192.168.120.45 HTTP RO...IN
lb_...s_ct UP UP 192.168.110.41 HTTP LE...ON
lb_..._cnc UP UP 192.168.120.45 HTTP LE...ON
Done
>
============= End
ans Single VIP LLB and SLB config的更多相关文章
- Single VIP LLB and SLB config
Single VIP LLB and SLB config >>>>>>>>>>>>>>>>>&g ...
- 用阿里云ecs部署kubernetes/K8S的坑(VIP、slb、flannel、gw模式)
1 阿里云ecs不支持keepalived vip 1.1 场景描述 本来计划用keepalived配合nginx做VIP漂移,用以反代多台master的apiserver的6443端口,结果部署了v ...
- Eureka 的 Application Client client的执行演示样例
上篇以一个 demo 演示样例介绍了 Eureka 的 Application Service 客户端角色.今天我们继续了解 Eureka 的 Application Client 客 ...
- #Eureka 客户端和服务端间的交互
Eureka 服务器客户端相关配置 1.建立eureka服务器 只需要使用@EnableEurekaServer注解就可以让应用变为Eureka服务器,这是因为spring boot封装了Eureka ...
- springBoot系列教程01:elasticsearch的集成及使用
1.首先安装elasticsearch 集群环境,参考 http://www.cnblogs.com/xiaochangwei/p/8033773.html 注意:由于我的代码采用的是springbo ...
- Spring Cloud:多环境配置、eureka 安全认证、容器宿主机IP注册
记录一下搭建 Spring Cloud 过程中踩过的一些坑,测试的东西断断续续已经弄了好多了,一直没有时间整理搭建过程,时间啊~时间~ Spring 版本 Spring Boot:2.0.6.RELE ...
- oracle_hc.sql
select event,count(1) from gv$session group by event order by 2;exec dbms_workload_repository.create ...
- Spring-Cloud-Config学习笔记(一):使用本地存储
简介 Spring Cloud Config为分布式系统中的外部配置提供服务器和客户端支持.使用Config Server,您可以为所有环境中的应用程序管理其外部属性.它非常适合spring应用,也可 ...
- spring boot微服务改造冲突
1.报错: 13:57:49.959 [main] ERROR org.springframework.boot.SpringApplication - Application startup fai ...
随机推荐
- iOS 图像处理(一):获取某一点位置的像素
2018.08.04 22:09 字数 671 阅读 203评论 0喜欢 0 通过LAContext evaluatedPolicyDomainState属性可以获取到当前data类型的指纹信息数据, ...
- p9半幺群
如何不理解划红线的地方?第二个划红线地方,请举一个例子 1.0不是幺元 2.f(1)=2, f(2)=1, f(3)=3, g(1)=2, g(2)=3, g(3)=1 fg不等于gf
- debian中完全删除mysql
参考自:http://www.jb51.net/article/50884.htm 之前实验室的人说找不到完全删除已安装的mysql-cluster的方法,我当时没在意,今天不得不删除他之前安装的my ...
- html问题汇总
1.textarea换行 textarea中无法使用<br/>换行,需要使用\n 2.textarea无法提交 我们知道表单中的元素需要设置name属性才能够提交,但是如果设置了disab ...
- 【Python3练习题 014】 一个数如果恰好等于它的因子之和,这个数就称为“完数”。例如6=1+2+3。编程找出1000以内的所有完数。
a.b只要数字a能被数字b整除,不论b是不是质数,都算是a的因子.比如:8的质因子是 2, 2, 2,但8的因子就包括 1,2,4. import math for i in range(2, 1 ...
- [转帖] SS, SP, BP 三个寄存器
SS, SP, BP 三个寄存器 https://blog.csdn.net/vspiders/article/details/55669265 这么看 计算机组成原理 还有 考试的很多题目非常有用啊 ...
- syncthing 多主机同步文件工具
周五看了下阮一峰的blog 看到有一个 syncthing的小工具挺好用的 进行了简单的尝试: 1. 下载文件位置: https://syncthing.net 2. 下载文件后的简单安装 绿色版直接 ...
- [转帖]nginx服务器安装及配置文件详解
nginx服务器安装及配置文件详解 http://seanlook.com/2015/05/17/nginx-install-and-config/ 发表于 2015-05-17 | 更新于: 2 ...
- python爬虫之git的团队协作
一.Git实践: commit,push,pull,status,add基本是最常用的几个命令. 1.首先我在github上创建了一个项目,然后我在本地的文件建立了一个普通的目录(git_data). ...
- Window上安装—Docker 笔记
本文转自:http://cnodejs.org/topic/55a24267419f1e8a23a64367 需求 想玩nodeClub 源码跑起来,结果window 上各种报错,各种依赖软件要装的感 ...