Shulou(Shulou.com)06/01 Report--

The following brings you a case study of LB bypass deployment, hoping to give you some help in practical application. Load balancing involves a lot of things, and there are not many theories. There are many books on the Internet. Today, we will use the accumulated experience in the industry to do an answer.

LB Bypass deployment case

I. demand

In order to achieve the reliability of the service provided by the public network users of the CVM, customers deploy LB devices in the current network, and LB is deployed by bypass, which requires the traffic of the public network host to be polled to the internal CVM through LB. A CVM downmachine does not affect its normal business.

II. Topological environment

3. Configuration ideas: configure ip addresses and routes of each device to ensure ip reachability and detection templates configure ip address pools configure real service groups, call detection templates and ip address pools to configure real services, associate real service groups to configure virtual servers, associate real service groups to test

IV. Configuration steps

The configuration script is as follows:

Export NAT device configuration: sysname NAT#system-working-mode standardxbar load-singlepassword-recovery enablelpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0port link-mode routecombo enable copperip address 192.168.34.4 255.255.255.0#interface GigabitEthernet0/1port link-mode routecombo enable copperip address 100.1.46.4 255.255.255.0nat outboundnat server protocol tcp global 100.1.46.4 2323 inside 192.168.35.5 2323#interface GigabitEthernet0/2port link-mode routecombo enable copper#interface GigabitEthernet5/0port link-mode routecombo enable copper#interface GigabitEthernet5/1port link-mode routecombo enable copper#interface GigabitEthernet6/0port link-mode routecombo enable copper#interface GigabitEthernet6/1port link-mode routecombo enable copper#scheduler logfile size 16#line class auxuser-role network-operator#line class consoleuser-role network-admin#line class ttyuser-role network-operator#line class vtyuser-role network-operator#line aux 0user-role network-operator#line con 0user-role network -admin#line vty 0 63user-role network-operator#ip route-static 0.0.0.0 100.1.46.6ip route-static 192.168.1.0 24 192.168.34.3ip route-static 192.168.2.0 24 192.168.34.3ip route-static 192.168.35.0 24 192.168.34.3#domain system#domain default enable system#role name level-0description Predefined level-0 role#role name level-1description Predefined level-1 role#role name level -2description Predefined level-2 role#role name level-3description Predefined level-3 role#role name level-4description Predefined level-4 role#role name level-5description Predefined level-5 role#role name level-6description Predefined level-6 role#role name level-7description Predefined level-7 role#role name level-8description Predefined level-8 role#role name level-9description Predefined level-9 role#role name level-10description Predefined level-10 role#role name level-11description Predefined level-11 role#role name level-12description Predefined Level-12 role#role name level-13description Predefined level-13 role#role name level-14description Predefined level-14 role#user-group system

LB key configuration:

Interface GigabitEthernet1/0/1 port link-mode route combo enable copper ip address 192.168.0.1 255.255.255.0#interface GigabitEthernet1/0/2 port link-mode route combo enable copper ip address 192.168.35.5 255.255.255.0loadbalance snat-pool pool ip range start 192.168.35.5 end 192.168.35.5#server-farm sf snat-pool pool probe t1#real-server rs1 ip address 192.168.1.1 port 23 weight 150 server-farm sf#real-server Rs2 ip address 192.168.2.2 port 23 weight 120 server-farm sf#virtual-server vs type tcp port 2323 virtual ip address 192.168.35.5 default server-farm sf service enable # ip route-static 0.0.0.0 0 192.168.35.3#acl basic 2000 rule 0 permitsecurity-zone name Trust import interface GigabitEthernet1/0/2#security-zone name DMZ#security-zone name Untrust#security-zone name Management#zone-pair security source Any destination Any packet-filter 2000#return

5. Testing

The address and port of the external network host telnet is mapped to the LB to see if it can access the internal server.

Telnet 100.1.46.4 2323

Trying 100.1.46.4...

Press CTRL+K to abort

Connected to 100.1.46.4...

Dis ip int brief

* down: administratively down

(s): spoofing (l): loopback

Interface Physical Protocol IP Address Description

GE0/0 down down

GE0/1 up up 192.168.1.1--

Server A can be accessed normally after testing.

Log out and try to log in again to see if you can poll to another server.

Quit

The connection was closed by the remote host!

Telnet 100.1.46.4 2323

Trying 100.1.46.4...

Press CTRL+K to abort

Connected to 100.1.46.4...

Dis ip int brief

* down: administratively down

(s): spoofing (l): loopback

Interface Physical Protocol IP Address Description

GE0/0 up up 192.168.2.2--

LB > dis real-server statistics

Slot 1:

Real server: rs1

Total connections: 7

Active connections: 0

Max connections: 1

Connections per second: 0

Max connections per second: 1

Server input: 13601 bytes

Server output: 15872 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 3612 bytes/s

Max inbound throughput: 1359 bytes/s

Max outbound throughput: 2253 bytes/s

Received packets: 252

Sent packets: 238

Dropped packets: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

Real server: rs2

Total connections: 8

Active connections: 1

Max connections: 1

Connections per second: 0

Max connections per second: 1

Server input: 15552 bytes

Server output: 17213 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 5796 bytes/s

Max inbound throughput: 2451 bytes/s

Max outbound throughput: 3345 bytes/s

Received packets: 288

Sent packets: 264

Dropped packets: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

Dis virtual-server statistics

Slot 1:

Virtual server: vs

Total connections: 15

Active connections: 1

Max connections: 2

Connections per second: 0

Max connections per second: 1

Client input: 29257 bytes

Client output: 33165 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 5796 bytes/s

Max inbound throughput: 2451 bytes/s

Max outbound throughput: 3345 bytes/s

Received packets: 542

Sent packets: 504

Dropped packets: 0

VI. points for attention

In the topology diagram, if you simply configure the server load balance and do not snat the source coming in from the external network, you will not be able to access the server. The reason is that the external network terminal initiates an access to the LB, but the reply of the packet is a direct response from the intranet server. When the server returns the packet, the packet is forwarded directly to the core device according to the default route, even if the client receives the packet. Due to the discrepancy between the originating and responding addresses, the packet will be discarded directly. When LB is configured, the real service will be created and associated with the real service group. Finally, when the connection is made under the virtual server, the device will poll according to the detection template to see if it is reachable with the server. If it is reachable, it will be in the active state, and if the detection is unreachable, it will be in Probe-failed.

After reading the above case study of LB bypass deployment, if you have anything else you need to know, you can find what you are interested in in the industry information or find our professional technical engineer to answer, the technical engineer has more than ten years of experience in the industry.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.