Single VIP LLB and SLB config
Single VIP LLB and SLB config
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
一、基本配置
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# 配置设备工作模式和开启的功能> enable ns mode FR MBF Edge USNIP L3 PMTUD Done> enable ns feature WL LB CS SSL IPv6PT CH Done>
# 设置设备的管理IP ( 需要重启系统才可生效, 重启系统前请先保存配置. save nsconfig )
> set ns config -IPAddress 192.168.11.15 -netmask 255.255.255.0
Done>
# 设置用于连通内网的SNIP地址 ( enable ns mode usnip )
> add ns ip 192.168.11.5 255.255.255.0 -mgmtAccess ENABLED -restrictAccess ENABLED
Done>
# 设置设备主机名
> set ns hostName vadc-test
Done>
# 添加DNS域名服务器 ( 内网域名服务器: 192.168.11.191 本地ADNS服务器: 192.168.11.5 )> set dns parameter -recursion ENABLED Done
> set dns profile default-dns-profile -cacheRecords DISABLED Done> add dns nameServer 192.168.11.191
Done> add dns nameServer 192.168.11.5 -local Done> show dns nameServer1) 192.168.11.191 - State: UP Protocol: UDP2) 192.168.11.5 LOCAL - State: UP Protocol: UDP Done> flush dns proxyRecords Done>
# 设置时区
> set ns param -cookieversion 1 -timezone "GMT+08:00-CST-Asia/Shanghai"
Done>
# 设置时间, 格式为: YYYYmmddHHMM 注意时区是否正确
> shell date 201812101745
Mon Dec 10 17:45:00 CST 2018
Done
> shell date +'%Y-%m-%d %H:%M:%S'
2018-12-10 17:45:05
Done>
# 添加NTP服务器 ( 非常规操作方式, 直接修改NTP配置文件 )
> shell vi /etc/ntp.common.conf
# Common elements of Netscaler NTP configuration
#
# Do not edit: changes will be lost following reboot.
# For site-specific NTP configuration, see the instructions in /etc/ntp.conf
#
# We won't allow *anything* from hosts not listed in the configuration
# This means you need a restrict line for each server
restrict default ignore
restrict -6 default ignore
# Allow just about anything from localhost, IPv4.
restrict 127.0.0.1 mask 255.255.255.255
driftfile /var/db/ntp.drift
logfile /var/log/ntpd.log
# Log everything, even from ntpd (which otherwise defaults to "all =sync")
logconfig =all +all
~
~
~
:wq!
Done>
> shell vi /etc/ntp.conf
includefile /etc/ntp.common.conf
server 192.168.11.191 minpoll 6 maxpoll 10
restrict 192.168.11.191 nomodify notrap nopeer noquery
~
~
~
:wq!
Done> > shell cp /etc/ntp.conf /flash/nsconfig/ntp.conf Done>
> show ntp server
NTP Server: 192.168.11.191
Minimum Poll Interval: 6 (64secs)
Maximum Poll Interval: 10 (1024secs)
Preferred: NO
Done
# 启动NTP服务器
> enable ntp sync
Done
> show ntp sync
NTP Status: ENABLED
Done
> show ntp status
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.11.191 .LOCL. 1 u 8 64 377 0.462 -935148 7.661
Done
> shell ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.11.191 .LOCL. 1 u 52 64 377 0.462 -935148 7.661
Done>
>
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
二、设备路由配置
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # 添加用于连通ISP的VIP地址 > add ns ip 192.168.10.45 255.255.255.0 -type VIP Done > add ns ip 192.168.20.47 255.255.255.0 -type VIP Done > show ip Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State --------- -------------- ---- ---- --- ---- ------- ------ 1) 192.168.11.15 0 NetScaler IP Active Enabled Enabled NA Enabled 2) 192.168.11.5 0 SNIP|ADNS Active Enabled Enabled NA Enabled 3) 192.168.10.45 0 VIP Active Enabled Enabled Enabled Enabled 4) 192.168.20.47 0 VIP Active Enabled Enabled Enabled Enabled Done > # 设置接口别名 > set interface 0/1 -ifAlias lan_user Done > set interface 1/1 -ifAlias wan_ct Done > set interface 1/2 -ifAlias wan_cnc Done > stat interface Interface Summary ID IntfState IntfAlias Rx Bytes Tx Bytes Rx Pkts Tx Pkts 0/1 UP lan_user 363754k 907334 1292052 14736 1/1 UP wan_ct 359531k 1627642 1341364 23186 1/2 UP wan_cnc 197440k 14500 697170 302 LO/1 UP 802658k 1041M 5502948 10860652 Done > # 添加 VLAN > add vlan 11 Done > add vlan 21 Done > bind vlan 11 -ifnum 1/1 Done > bind vlan 11 -IPAddress 192.168.10.45 255.255.255.0 Done > bind vlan 21 -ifnum 1/2 Done > bind vlan 21 -IPAddress 192.168.20.47 255.255.255.0 Done > show vlan 1) VLAN ID: 1 Link-local IPv6 addr: fe80::20c:29ff:fe60:149c/64 Interfaces : 0/1 LO/1 2) VLAN ID: 11 VLAN Alias Name: Interfaces : 1/1 IPs : 192.168.10.45 Mask: 255.255.255.0 3) VLAN ID: 21 VLAN Alias Name: Interfaces : 1/2 IPs : 192.168.20.47 Mask: 255.255.255.0 Done > # 添加默认路由 > add route 0.0.0.0 0.0.0.0 192.168.10.1 Done > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 192.168.10.1 UP 0 STATIC 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT 5) 192.168.20.0 255.255.255.0 192.168.20.47 UP 0 DIRECT Done > # 设置针对内网的反向NAT > set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.10.45 Done > set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.20.47 Done > show rnat 1) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.10.45 Traffic Domain: 0 UseProxyPort: ENABLED 2) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.20.47 Traffic Domain: 0 UseProxyPort: ENABLED Done > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
》》》》》》》》》》》 NetProfile 绑定外网侧 VIP 进行外部通讯
三、LLB 配置
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # 添加 NetProfile , 绑定 VIP > add netProfile net_pf_ct -srcIP 192.168.10.45 -MBF ENABLED Done > add netProfile net_pf_cnc -srcIP 192.168.20.47 -MBF ENABLED Done > show netProfile 1) Name: net_pf_ct SrcIP: 192.168.10.45 SrcIPPersistency: DISABLED OverrideLSN: DISABLED MBF: ENABLED 2) Name: net_pf_cnc SrcIP: 192.168.20.47 SrcIPPersistency: DISABLED OverrideLSN: DISABLED MBF: ENABLED Done > # 添加ISP网关服务器地址 > add server srv_isp_ct 192.168.10.1 Done > add server srv_isp_cnc 192.168.20.1 Done > # 添加ISP监视器(必须指定 transparent 参数为 YES ),用于绑定ISP服务(ANY * 类型),监视该服务对应的链路状态是否可用。# 提示: 可以添加 transparent 参数为 NO 的ISP监视器,绑定对应的服务(非 ANY * 类型),使该服务状态和ISP链路状态保持同步(注意: llb负载均衡虚拟服务器不能设置llb备份虚拟服务器,否则将导致服务不能正确同步链路状态) 。 > add lb monitor mon_tcp_ct TCP -destIP 192.168.30.191 -destPort 80 -transparent YES -LRTM DISABLED -netProfile net_pf_ct Done > add lb monitor mon_tcp_cnc TCP -destIP 192.168.30.191 -destPort 80 -transparent YES -LRTM DISABLED -netProfile net_pf_cnc Done > add lb monitor mon_tcp_sync_ct TCP -destIP 192.168.30.191 -destPort 80 -transparent NO -LRTM DISABLED -netProfile net_pf_ct Done> add lb monitor mon_tcp_sync_cnc TCP -destIP 192.168.30.191 -destPort 80 -transparent NO -LRTM DISABLED -netProfile net_pf_cnc Done> # 添加ISP服务并绑定对应监视器 > add service svc_isp_ct srv_isp_ct ANY * -netProfile net_pf_ct Done > bind service svc_isp_ct -monitorName mon_tcp_ct Done > > add service svc_isp_cnc srv_isp_cnc ANY * -netProfile net_pf_cnc Done > bind service svc_isp_cnc -monitorName mon_tcp_cnc Done > # 添加ISP负载均衡虚拟服务器并绑定对应服务 # 运营商虚拟服务器必须配置固定的IP地址和端口以及协议 # 协议: ANY IP地址: 0.0.0.0 端口: 0 # 运营商虚拟服务器支持的负载算法和会话保持算法 # 支持的负载算法: DESTINATIONIPHASH LEASTBANDWIDTH LEASTPACKETS LRTM ROUNDROBIN SOURCEIPHASH SRCIPDESTIPHASH # 支持的会话保持算法: SOURCEIP SRCIPDESTIP DESTIP# 提示: 为了链路的冗余,可以为当前LLB负载均衡虚拟服务器设置指定的备份虚拟服务器。 > add lb vserver lb_vsrv_isp_llb_all ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_ct Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_cnc Done > > add lb vserver lb_vsrv_isp_llb_ct ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_ct svc_isp_ct Done> set lb vserver lb_vsrv_isp_llb_ct -backupVServer lb_vsrv_isp_llb_all Done > > add lb vserver lb_vsrv_isp_llb_cnc ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_cnc svc_isp_cnc Done> set lb vserver lb_vsrv_isp_llb_cnc -backupVServer lb_vsrv_isp_llb_all Done > # 添加默认的LB路由项,可选删除默认的普通IP路由项,因为LB的路由的优先级比普通的IP路由高 > rm route 0.0.0.0 0.0.0.0 192.168.10.1 Done > add lb route 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_all Done > # 添加ISP路由项 ( 可根据运营商路由进行设置 ) > add lb route 192.168.30.201 255.255.255.255 lb_vsrv_isp_llb_ct Done > add lb route 192.168.30.51 255.255.255.255 lb_vsrv_isp_llb_cnc Done > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_ UP 0 |LBROUTE all 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT 5) 192.168.20.0 255.255.255.0 192.168.20.47 UP 0 DIRECT 6) 192.168.30.51 255.255.255.255 lb_vsrv_isp_llb_ UP 0 |LBROUTE cnc 7) 192.168.30.201 255.255.255.255 lb_vsrv_isp_llb_ UP 0 |LBROUTE ct Done > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
四、发布设备管理服务
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # 发布本地ssh服务 > add server srv_local_loopback 127.0.0.1 Done > add service svc_local_ssh srv_local_loopback TCP 22 Done > > add lb vserver lb_vsrv_isp_ct_ssh TCP 192.168.10.45 22 -lbMethod ROUNDROBIN -persistenceType SOURCEIP Done > bind lb vserver lb_vsrv_isp_ct_ssh svc_local_ssh Done > add lb vserver lb_vsrv_isp_cnc_ssh TCP 192.168.20.47 22 -lbMethod ROUNDROBIN -persistenceType SOURCEIP Done > bind lb vserver lb_vsrv_isp_cnc_ssh svc_local_ssh Done > # 发布本地webgui服务 > add server srv_local_loopback 127.0.0.1 Done > add service svc_local_webgui srv_local_loopback HTTP 80 Done > > add lb vserver lb_vsrv_isp_ct_webgui HTTP 192.168.10.45 8088 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_isp_ct_webgui svc_local_webgui Done > add lb vserver lb_vsrv_isp_cnc_webgui HTTP 192.168.20.47 8088 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_isp_cnc_webgui svc_local_webgui Done > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
五、发布DNS代理服务
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# 删除设备的DNS服务器
> rm dns nameServer 192.168.11.191
Done
> rm dns nameServer 192.168.11.5
Done
> rm server 192.168.11.5
Done
> show dns nameServer Done
> flush dns proxyRecords
Done
>
# 添加DNS虚拟服务器
> add lb monitor mon_dns_internal DNS -query web1.mtestadp.com -queryType Address -LRTM DISABLED -IPAddress 192.168.11.51 Done> add lb monitor mon_dns_isp_ct DNS -query web1.testadp.com -queryType Address -LRTM DISABLED -IPAddress 192.168.30.51 -netProfile net_pf_ct
Done
> add lb monitor mon_dns_isp_cnc DNS -query web1.testadp.com -queryType Address -LRTM DISABLED -IPAddress 192.168.30.51 -netProfile net_pf_cnc
Done
>
> add server srv_dns_internal 192.168.11.191 Done
> add service svc_dns_internal srv_dns_internal DNS 53 Done
> add service svc_dns_isp_ct srv_isp_ct DNS 53 -netProfile net_pf_ct
Done
> add service svc_dns_isp_cnc srv_isp_cnc DNS 53 -netProfile net_pf_cnc
Done
>
> bind service svc_dns_internal -monitorName mon_dns_internal Done
> bind service svc_dns_isp_ct -monitorName mon_dns_isp_ct
Done
> bind service svc_dns_isp_cnc -monitorName mon_dns_isp_cnc
Done
>
> show service -summary
---------------------------------------------------------------------------------------------
Name State IP Addr Port Protocol MaxClients MaxReqs
---------------------------------------------------------------------------------------------
1 svc_..._ssh UP srv_loc...oopback 22 TCP 256 0
2 svc_...bgui UP srv_loc...oopback 80 HTTP 0 0
3 svc_isp_ct UP srv_isp_ct * ANY 0 0
4 svc_isp_cnc UP srv_isp_cnc * ANY 0 0
5 svc_...rnal UP srv_dns_internal 53 DNS 0 0
6 svc_...p_ct UP srv_isp_ct 53 DNS 0 0
7 svc_..._cnc UP srv_isp_cnc 53 DNS 0 0
Done
>
> add lb vserver lb_vsrv_dns_proxy dns 192.168.11.9 53 -lbMethod ROUNDROBIN -persistenceType SOURCEIP
Done
> bind lb vserver lb_vsrv_dns_proxy svc_dns_internal Done
> bind lb vserver lb_vsrv_dns_proxy svc_dns_isp_ct
Done
> bind lb vserver lb_vsrv_dns_proxy svc_dns_isp_cnc
Done
> > set dns parameter -recursion ENABLEDDone
> set dns profile default-dns-profile -cacheRecords DISABLED Done> add dns nameServer lb_vsrv_dns_proxy
Done
> show dns nameServer
1) lb_vsrv_dns_proxy - State: UP Protocol: UDP
Done
>
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
六、测试内网客户机上网
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<# 内网客户机配置对应的网关和DNS服务器地址,即可正常上网。 >ipconfig /all 以太网适配器 本地连接: 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection 物理地址. . . . . . . . . . . . . : 00-0C-29-D2-FD-A7 DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是 本地链接 IPv6 地址. . . . . . . . : fe80::312b:6b74:628f:92f0%12(首选) IPv4 地址 . . . . . . . . . . . . : 192.168.11.201(首选) 子网掩码 . . . . . . . . . . . . : 255.255.255.0 默认网关. . . . . . . . . . . . . : 192.168.11.5 DHCPv6 IAID . . . . . . . . . . . : 251661353 DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-20-EE-05-78-00-0C-29-D2-FD-A7 DNS 服务器 . . . . . . . . . . . : 192.168.11.9 TCPIP 上的 NetBIOS . . . . . . . : 已启用 >ipconfig /flushdns Windows IP 配置 已成功刷新 DNS 解析缓存。 >nslookup -qt=a web1.mtestadp.com 服务器: UnKnown Address: 192.168.11.9 名称: web1.mtestadp.com Address: 192.168.11.51 >nslookup -qt=a web1.testadp.com 服务器: UnKnown Address: 192.168.11.9 非权威应答: 名称: web1.testadp.com Address: 192.168.30.51 >tracert 192.168.30.191 通过最多 30 个跃点跟踪 到 ADNS-WIN2008R2 [192.168.30.191] 的路由: 1 <1 毫秒 <1 毫秒 <1 毫秒 192.168.11.15 2 <1 毫秒 <1 毫秒 <1 毫秒 192.168.20.1 3 <1 毫秒 <1 毫秒 <1 毫秒 192.168.32.1 4 <1 毫秒 <1 毫秒 <1 毫秒 ADNS-WIN2008R2 [192.168.30.191] 跟踪完成。 >tracert 192.168.30.51 通过最多 30 个跃点跟踪 到 web1.testadp.com [192.168.30.51] 的路由: 1 <1 毫秒 <1 毫秒 <1 毫秒 192.168.11.15 2 <1 毫秒 <1 毫秒 <1 毫秒 192.168.20.1 3 <1 毫秒 <1 毫秒 <1 毫秒 192.168.32.1 4 1 ms <1 毫秒 <1 毫秒 web1.testadp.com [192.168.30.51] 跟踪完成。 >tracert 192.168.30.201 通过最多 30 个跃点跟踪 到 PUBLIC-WIN7 [192.168.30.201] 的路由: 1 <1 毫秒 <1 毫秒 <1 毫秒 192.168.11.15 2 <1 毫秒 <1 毫秒 <1 毫秒 192.168.10.1 3 <1 毫秒 <1 毫秒 <1 毫秒 192.168.31.1 4 <1 毫秒 <1 毫秒 <1 毫秒 PUBLIC-WIN7 [192.168.30.201] 跟踪完成。 > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
七、发布应用服务
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# 发布内网服务 ( 不需要指定 netProfile 选项 )
# 发布外网服务 ( 基于TCP的服务不需要指定 netProfile 选项, 非TCP的服务需要指定 netProfile 选项 )
> add server srv_web1 web1.mtestadp.com
Done
> add server srv_web2 web2.mtestadp.com
Done
> add server srv_web3 web3.mtestadp.com
Done
>
> add service svc_web1 srv_web1 HTTP 80
Done
> add service svc_web2 srv_web2 HTTP 80
Done
> add service svc_web3 srv_web3 HTTP 80
Done
>
> show service -summary
---------------------------------------------------------------------------------------------
Name State IP Addr Port Protocol MaxClients MaxReqs
---------------------------------------------------------------------------------------------
1 svc_..._ssh UP srv_loc...oopback 22 TCP 256 0
2 svc_...bgui UP srv_loc...oopback 80 HTTP 0 0
3 svc_isp_ct UP srv_isp_ct * ANY 0 0
4 svc_isp_cnc UP srv_isp_cnc * ANY 0 0
5 svc_...rnal UP srv_dns_internal 53 DNS 0 0
6 svc_...p_ct UP srv_isp_ct 53 DNS 0 0
7 svc_..._cnc UP srv_isp_cnc 53 DNS 0 0
8 svc_web1 UP srv_web1 80 HTTP 0 0
9 svc_web2 UP srv_web2 80 HTTP 0 0
10 svc_web3 UP srv_web3 80 HTTP 0 0
Done
>
# 添加对外网提供服务的虚拟服务器
> add lb vserver lb_vsrv_ct_web HTTP 192.168.10.45 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_ct_web svc_web1
Done
> bind lb vserver lb_vsrv_ct_web svc_web2
Done
> bind lb vserver lb_vsrv_ct_web svc_web3
Done
>
> add lb vserver lb_vsrv_cnc_web HTTP 192.168.20.47 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT
Done
> bind lb vserver lb_vsrv_cnc_web svc_web1
Done
> bind lb vserver lb_vsrv_cnc_web svc_web2
Done
> bind lb vserver lb_vsrv_cnc_web svc_web3
Done
>
> show lb vserver -summary
------------------------------------------------------------------------------------------------------------------------------------------------------------
Name State Effec State IP Addr Port Prot Method TCPProfName HTTPProfName NetProfName DBProfName DNSProfName Traffic Domain
------------------------------------------------------------------------------------------------------------------------------------------------------------
1 lb_..._ssh UP UP 192.168.10.45 22 TCP LE...ON 0
2 lb_..._ssh UP UP 192.168.20.47 22 TCP LE...ON 0
3 lb_...bgui UP UP 192.168.10.45 8088 HTTP LE...ON 0
4 lb_...bgui UP UP 192.168.20.47 8088 HTTP LE...ON 0
5 lb_..._all UP UP 0.0.0.0 0 ANY RO...IN 0
6 lb_...b_ct UP UP 0.0.0.0 0 ANY RO...IN 0
7 lb_..._cnc UP UP 0.0.0.0 0 ANY RO...IN 0
8 lb_...roxy UP UP 192.168.11.9 53 DNS RO...IN 0
9 lb_..._web UP UP 192.168.10.45 80 HTTP RO...IN 0
10 lb_..._web UP UP 192.168.20.47 80 HTTP RO...IN 0
Done
>
>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
《《《《《《《《《《《 NetProfile 绑定外网侧 VIP 进行外部通讯
》》》》》》》》》》》 NetProfile 绑定内网侧 SNIP 进行外部通讯
注意:此种方式需要配置PBR(策略路由),会导致业务流量路由转发到主机流量路由中,会存一些未知问题,不推荐使用该方式。
三、设置内网侧的路由和RNAT <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # 添加内网侧路由,该操作可选,非必须配置。 > add route 192.168.12.0 255.255.255.0 192.168.11.254 Done > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 192.168.10.1 UP 0 STATIC 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT 5) 192.168.20.0 255.255.255.0 192.168.20.47 UP 0 DIRECT 6) 192.168.12.0 255.255.255.0 192.168.11.254 UP 0 STATIC Done > > set rnat 192.168.12.0 255.255.255.0 -natIP 192.168.10.45 Done > set rnat 192.168.12.0 255.255.255.0 -natIP 192.168.20.47 Done > show rnat 1) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.10.45 Traffic Domain: 0 UseProxyPort: ENABLED 2) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.20.47 Traffic Domain: 0 UseProxyPort: ENABLED 3) Network: 192.168.12.0 Netmask: 255.255.255.0 NatIP: 192.168.10.45 Traffic Domain: 0 UseProxyPort: ENABLED 4) Network: 192.168.12.0 Netmask: 255.255.255.0 NatIP: 192.168.20.47 Traffic Domain: 0 UseProxyPort: ENABLED Done > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
四、LLB 配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< # 添加 NetProfile , 绑定 SNIP > add netProfile net_pf_internal -srcIP 192.168.11.5 -MBF ENABLED Done > show netProfile 1) Name: net_pf_internal SrcIP: 192.168.11.5 SrcIPPersistency: DISABLED OverrideLSN: DISABLED MBF: ENABLED Done > # 添加ISP网关服务器地址 > add server srv_isp_ct 192.168.10.1 Done > add server srv_isp_cnc 192.168.20.1 Done > # 添加ISP监视器 > add lb monitor mon_ping_net_pf PING -LRTM DISABLED -netProfile net_pf_internal Done > # 添加ISP服务并绑定对应监视器 > add service svc_isp_ct srv_isp_ct ANY * Done > bind service svc_isp_ct -monitorName mon_ping_net_pf Done > > add service svc_isp_cnc srv_isp_cnc ANY * Done > bind service svc_isp_cnc -monitorName mon_ping_net_pf Done > # 添加ISP负载均衡虚拟服务器并绑定对应服务 # 运营商虚拟服务器必须配置固定的IP地址和端口以及协议 # 协议: ANY IP地址: 0.0.0.0 端口: 0 # 运营商虚拟服务器支持的负载算法和会话保持算法 # 支持的负载算法: DESTINATIONIPHASH LEASTBANDWIDTH LEASTPACKETS LRTM ROUNDROBIN SOURCEIPHASH SRCIPDESTIPHASH # 支持的会话保持算法: SOURCEIP SRCIPDESTIP DESTIP > add lb vserver lb_vsrv_isp_llb_all ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_ct Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_cnc Done > > add lb vserver lb_vsrv_isp_llb_ct ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_ct svc_isp_ct Done> set lb vserver lb_vsrv_isp_llb_ct -backupVServer lb_vsrv_isp_llb_all Done > > add lb vserver lb_vsrv_isp_llb_cnc ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_cnc svc_isp_cnc Done> set lb vserver lb_vsrv_isp_llb_cnc -backupVServer lb_vsrv_isp_llb_all Done > # 添加默认的LB路由项,可选删除默认的普通IP路由项,因为LB的路由的优先级比普通的IP路由高 > rm route 0.0.0.0 0.0.0.0 192.168.10.1 Done > add lb route 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_all Done > # 添加ISP路由项 ( 可根据运营商路由进行设置 ) > add lb route 192.168.30.201 255.255.255.255 lb_vsrv_isp_llb_ct Done > add lb route 192.168.30.51 255.255.255.255 lb_vsrv_isp_llb_cnc Done > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_ UP 0 |LBROUTE all 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT 5) 192.168.20.0 255.255.255.0 192.168.20.47 UP 0 DIRECT 6) 192.168.30.51 255.255.255.255 lb_vsrv_isp_llb_ UP 0 |LBROUTE cnc 7) 192.168.30.201 255.255.255.255 lb_vsrv_isp_llb_ UP 0 |LBROUTE ct 8) 192.168.12.0 255.255.255.0 192.168.11.254 UP 0 STATIC Done > # 添加并应用 PBR > add ns pbr pbr_isp_ct_internel ALLOW -srcIP = 192.168.11.5 -destIP = 192.168.10.1 -nextHop 127.0.0.1 -priority 1101 -msr ENABLED Done > add ns pbr pbr_isp_cnc_internel ALLOW -srcIP = 192.168.11.5 -destIP = 192.168.20.1 -nextHop 127.0.0.1 -priority 1102 -msr ENABLED Done > apply ns pbrs Done > show ns pbr 1) Name: pbr_isp_ct_internel Action: ALLOW Hits: 0 srcIP = 192.168.11.5 destIP = 192.168.10.1 srcMac: Protocol: Vlan: Interface: Active Status: ENABLED Applied Status: APPLIED Priority: 1101 NextHop: 127.0.0.1 MSR: ENABLED STATE: UP 2) Name: pbr_isp_cnc_internel Action: ALLOW Hits: 0 srcIP = 192.168.11.5 destIP = 192.168.20.1 srcMac: Protocol: Vlan: Interface: Active Status: ENABLED Applied Status: APPLIED Priority: 1102 NextHop: 127.0.0.1 MSR: ENABLED STATE: UP Done > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
《《《《《《《《《《《 NetProfile 绑定内网侧 SNIP 进行外部通讯
====================== End
Single VIP LLB and SLB config的更多相关文章
- ans Single VIP LLB and SLB config
ans Single VIP LLB and SLB config 配置命令: # 配置设备工作模式和开启的功能 > enable ans mode FR MBF Edge USNIP L3 P ...
- 用阿里云ecs部署kubernetes/K8S的坑(VIP、slb、flannel、gw模式)
1 阿里云ecs不支持keepalived vip 1.1 场景描述 本来计划用keepalived配合nginx做VIP漂移,用以反代多台master的apiserver的6443端口,结果部署了v ...
- Eureka 的 Application Client client的执行演示样例
上篇以一个 demo 演示样例介绍了 Eureka 的 Application Service 客户端角色.今天我们继续了解 Eureka 的 Application Client 客 ...
- #Eureka 客户端和服务端间的交互
Eureka 服务器客户端相关配置 1.建立eureka服务器 只需要使用@EnableEurekaServer注解就可以让应用变为Eureka服务器,这是因为spring boot封装了Eureka ...
- springBoot系列教程01:elasticsearch的集成及使用
1.首先安装elasticsearch 集群环境,参考 http://www.cnblogs.com/xiaochangwei/p/8033773.html 注意:由于我的代码采用的是springbo ...
- Spring Cloud:多环境配置、eureka 安全认证、容器宿主机IP注册
记录一下搭建 Spring Cloud 过程中踩过的一些坑,测试的东西断断续续已经弄了好多了,一直没有时间整理搭建过程,时间啊~时间~ Spring 版本 Spring Boot:2.0.6.RELE ...
- oracle_hc.sql
select event,count(1) from gv$session group by event order by 2;exec dbms_workload_repository.create ...
- Spring-Cloud-Config学习笔记(一):使用本地存储
简介 Spring Cloud Config为分布式系统中的外部配置提供服务器和客户端支持.使用Config Server,您可以为所有环境中的应用程序管理其外部属性.它非常适合spring应用,也可 ...
- spring boot微服务改造冲突
1.报错: 13:57:49.959 [main] ERROR org.springframework.boot.SpringApplication - Application startup fai ...
随机推荐
- Convolutional Networks for Images,Speech,and Time-series
Convolutional Networks for Images,Speech,and Time-series Yann LeCun Yoshua Bengio 1995年的 1引言 多层BP网络 ...
- array_reduce()使用
这个函数的作用是,把数组中的值循环放到回调函数里处理,结果返回一个单一的值.(applies iteratively the callback function to the elements of ...
- bat 传递超过10个参数(bat参数遍历)
批处理文件中可引用的参数为%0~%9, %0是指批处理文件的本身,也可以说是一个外部命令:%1~%9是批处理参数,也称形参:而替换形参的实参若超过了批处理文件中所规定数值(9个)且想在批处理文件中应用 ...
- FakeID签名漏洞分析及利用(一)
作者:申迪 转载请注明出处: http://blogs.360.cn/360mobile BlueBox于7月30日宣布安卓从2010年以来一直存在一个apk签名问题[1],并且会在今年Black ...
- WPF save listbox config
UI <Grid x:Class="WzlyTool.ReplyContentUI" xmlns="http://schemas.microsoft.com/win ...
- 实验八 Web基础
实验八 Web基础 1.安装apache sudo apt-get install apache2 2.启动apache service apache2 start 3.使用 netstat -tup ...
- Exp5
实验 实验1 - 直接攻击系统开启的漏洞服务,获取系统控制权 1.选择要使用的模块 在这里我选择的模块是ms08_067 首先我们需要查询一下有关ms08_067所在模块的相关信息 search ms ...
- 连接到win2003的远程桌面,客户端要如何操作
第一步:命令行执行mstsc 第二步:处输入开启了远程桌面功能的计算机IP地址.
- [Deep-Learning-with-Python]计算机视觉中的深度学习
包括: 理解卷积神经网络 使用数据增强缓解过拟合 使用预训练卷积网络做特征提取 微调预训练网络模型 可视化卷积网络学习结果以及分类决策过程 介绍卷积神经网络,convnets,深度学习在计算机视觉方面 ...
- Jq_Js_Js、Jq获取浏览器和屏幕各种高度宽度
$(document).ready(function() {alert($(window).height()); //浏览器当前窗口可视区域高度alert($(document).he ...