Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of link load balancing configuration in RADWARE. The editor finds it very practical, so I share it with you for reference. I hope you can get something after reading this article.

Network description:

There are three public network lines connected to the network egress. One RADWARE is directly connected to three egress ISP for link load balancing to achieve multi-link load balancing for internal server access and internal and external access traffic.

Design proposal:

1. The RADWARE LINKPROOF device is deployed outside the firewall and directly connects to the exit ISP.

2. All firewalls are modified to private IP addresses, and RADWARE LINKPROOF is responsible for translating private IP addresses into public network IP addresses.

3. The DMZ zone running routing mode of the firewall to ensure the normal access of the server in DMZ zone.

4. RADWARE LINKPROOF uses SmartNAT technology to configure NAT addresses on each link to ensure the networking of internal servers.

Network Topology:

Implementation process (key steps):

1. Configure the public network interface address

Gmur1: 218.28.63.163Universe 255.255.255.240 China Unicom

Gmur2: 211.98.192.12 Universe 255.255.255.128 TieTong

Gmur3: 222.88.11.82Universe 255.255.255.240 Telecom

Gmur4: 3.3.3.2Compact 255.255.255.0 inline interface address, connect to the firewall

2. Configure the default route

There are 3 ISP links in the current network. You need to add gateways for each link as follows:

Command line configuration

LP-Master#

Lp route add 0.0.0.0 0.0.0.0 218.28.63.161

Lp route add 0.0.0.0 0.0.0.0 211.98.192.11

Lp route add 0.0.0.0 0.0.0.0 222.88.11.81

3. Configure private network callback route

Net route table create 192.168.5.0 255.255.255.0 3.3.3.1-I 14

Net route table create 192.168.6.0 255.255.255.0 3.3.3.1-I 14

Net route table create 192.168.7.0 255.255.255.0 3.3.3.1-I 14

Net route table create 192.168.0 255.255.255.0 3.3.3.1-I 14

Net route table create 192.168.9.0 255.255.255.0 3.3.3.1-I 14

4. Configure address translation

Address translation mainly includes two parts: the networking of internal users and the access of the server. these two parts are implemented by two kinds of NAT, Dynamic NAT and Static PAT, respectively, which translate the internal IP address and the server IP address into the corresponding public network IP address corresponding to each ISP.

Dynamic NAT is a many-to-one mapping, and changes the user's source port, and is one-way, can only go out, can not enter.

LinkProof > Smart NAT > Dynamic NAT Table > Create

From local IP: the starting address of the translated address

To local IP: the end address of the translated address

Server IP: gateway of the corresponding ISP

Dynamic NAT IP: the translated public network address.

Command line configuration

LP-Master#

Lp smartnat dynamic-nat create 0.0.0.1 255.255.255.255 211.98.192.11 218.28.134.12

Lp smartnat dynamic-nat create 0.0.0.1 255.255.255.255 222.88.11.81 222.88.11.82

Lp smartnat dynamic-nat create 0.0.0.1 255.255.255.255 218.28.63.161 218.28.63.162

Static PAT is an one-to-many mapping from outside to inside, which is used to map different ports of the same public network IP to different private network servers. It is unidirectional and can only enter, not exit.

LinkProof > Smart NAT > Static PAT Table > Create

Proximity Mode: Full Proximity Both

Proximity Aging Period (min): 1440 / / this is configured as 1 day, and the default is 2880 minutes, 2 days.

Proximity Subnet Mask: 255.255.248.0 / / the smallest unit of the network address of the nearest table entry

6. Static nearest table configuration

Sometimes, when the link is stable, we prefer to use the static nearest table, that is, the IP that accesses the telecom is only accessed from the link of the telecom, and the website of China Unicom is accessed only from the link of Unicom. At this point, we can set the static proximity table. If the contents of the static nearest table are found, it is accessed according to the rules of the static table. If it is not found, a dynamic proximity check is initiated if Full Proximity,radware linkproof is configured; if Static Proximity is configured, radware linkproof is used as a load balancer with no proximity.

LinkProof > Proximity > Static Proximity

The command line configuration is as follows:

LP-Master# lp global client-table application-aging-time create-at

Lp global client-table application-aging-time create 4000-at 1800

Lp global client-table application-aging-time create 8000-at 1800

Lp global client-table application-aging-time create 443-at 600

Lp global client-table application-aging-time create 5555-at

Lp global client-table application-aging-time create 7005-at

Lp global client-table application-aging-time create 7206-at

Lp global client-table application-aging-time create 7207-at

Lp global client-table application-aging-time create 7208-at

Lp global client-table application-aging-time create 7209-at

Lp global client-table application-aging-time create 7210-at

Summary: while ensuring the full availability of the network, Radware LinkProof will also provide flexible and scalable technology solutions according to the growth of network demand. For networks with multiple ISP links needed in its important business applications, it also provides a better traffic management solution based on content selection.

This is the end of the article on "example analysis of link load balancing configuration in RADWARE". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.