LB 服务器负载均衡【旁路部署】

网友投稿 366 2022-10-08


LB 服务器负载均衡【旁路部署】

LB旁路部署案例一、 需求

LB关键配置:

interface GigabitEthernet1/0/1 port link-mode route combo enable copper ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-mode route combo enable copper ip address 192.168.35.5 255.255.255.0 loadbalance snat-pool pool ip range start 192.168.35.5 end 192.168.35.5 # server-farm sf snat-pool pool probe t1 # real-server rs1 ip address 192.168.1.1 port 23 weight 150 server-farm sf # real-server rs2 ip address 192.168.2.2 port 23 weight 120 server-farm sf # virtual-server vs type tcp port 2323 virtual ip address 192.168.35.5 default server-farm sf service enable # ip route-static 0.0.0.0 0 192.168.35.3 # acl basic 2000 rule 0 permit security-zone name Trust import interface GigabitEthernet1/0/2 # security-zone name DMZ # security-zone name Untrust # security-zone name Management # zone-pair security source Any destination Any packet-filter 2000 # return

五、 测试外网主机telnet外网映射到LB的地址和端口,看是否可以访问到内部服务器telnet 100.1.46.4 2323Trying 100.1.46.4 ...Press CTRL+K to abortConnected to 100.1.46.4 ...

dis ip int brief *down: administratively down(s): spoofing (l): loopbackInterface Physical Protocol IP Address Description GE0/0 down down -- --GE0/1 up up 192.168.1.1 --测试后可以正常访问到服务器A

退出登录后再尝试登录下,测试看是否可以轮询到另一个服务器quit

The connection was closed by the remote host!telnet 100.1.46.4 2323Trying 100.1.46.4 ...Press CTRL+K to abortConnected to 100.1.46.4 ...

dis ip int brief *down: administratively down(s): spoofing (l): loopbackInterface Physical Protocol IP Address Description GE0/0 up up 192.168.2.2 --

LB>dis real-server statistics Slot 1:Real server: rs1Total connections: 7Active connections: 0Max connections: 1Connections per second: 0Max connections per second: 1Server input: 13601 bytesServer output: 15872 bytesThroughput: 0 bytes/sInbound throughput: 0 bytes/sOutbound throughput: 0 bytes/sMax throughput: 3612 bytes/sMax inbound throughput: 1359 bytes/sMax outbound throughput: 2253 bytes/sReceived packets: 252Sent packets: 238Dropped packets: 0Received requests: 0 Dropped requests: 0 Sent responses: 0 Dropped responses: 0 Connection failures: 0

Real server: rs2Total connections: 8Active connections: 1Max connections: 1Connections per second: 0Max connections per second: 1Server input: 15552 bytesServer output: 17213 bytesThroughput: 0 bytes/sInbound throughput: 0 bytes/sOutbound throughput: 0 bytes/sMax throughput: 5796 bytes/sMax inbound throughput: 2451 bytes/sMax outbound throughput: 3345 bytes/sReceived packets: 288Sent packets: 264Dropped packets: 0Received requests: 0 Dropped requests: 0 Sent responses: 0 Dropped responses: 0 Connection failures: 0

dis virtual-server statistics Slot 1:Virtual server: vsTotal connections: 15Active connections: 1Max connections: 2Connections per second: 0Max connections per second: 1Client input: 29257 bytesClient output: 33165 bytesThroughput: 0 bytes/sInbound throughput: 0 bytes/sOutbound throughput: 0 bytes/sMax throughput: 5796 bytes/sMax inbound throughput: 2451 bytes/sMax outbound throughput: 3345 bytes/sReceived packets: 542Sent packets: 504Dropped packets: 0六、 注意事项

该拓扑图中,如果只是单纯配置服务器负载均衡,不针对外网进来的源做snat的话,是无法访问到服务器的,原因是,外网终端向LB发起访问,但是数据包回复时却是内网服务器直接给予的回应,服务器回包时,数据包到核心设备,直接按照缺省路由去做转发了,即使客户端收到数据包,由于发起和回应的地址不一致,则会认为数据包不是自己想要的,会直接丢弃 配置LB时,新建实服务,关联实服务组,最后在虚服务器下做关联时,设备会根据检测模板去轮询看是否和服务器可达,如果可达,将处于active状态,如果检测不可达,处于Probe-failed


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:CSRF Minefield 1靶场渗透(csrf和ssrf的区别)
下一篇:如何使用spring ResponseEntity处理http响应
相关文章

 发表评论

暂时没有评论,来抢沙发吧~