LB bypass deployment case
a demand
- To achieve reliable flow rate of the external network server providing services to users, clients deployed in the existing network equipment LB, LB deployed in bypass mode, required to access external host to poll the internal server via LB, a server machine down It does not affect their normal operations.
Second, the topology of the environment
III configuration roadmap - Configuring each ip address and routing equipment to ensure ip up
- Configuring detection template
- Ip address configuration pool
- Configuring a real service group, call detection template and ip address pool
- Configuring a real service, real service group associated
- Configuration of virtual servers, service group associated with the real
- Test
IV Configuration step
configuration script as follows:
outlet NAT device configuration:sysname NAT # system-working-mode standard xbar load-single password-recovery enable lpu-type f-series # vlan 1 # interface Serial1/0 # interface Serial2/0 # interface Serial3/0 # interface Serial4/0 # interface NULL0 # interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 192.168.34.4 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 100.1.46.4 255.255.255.0 nat outbound nat server protocol tcp global 100.1.46.4 2323 inside 192.168.35.5 2323 # interface GigabitEthernet0/2 port link-mode route combo enable copper # interface GigabitEthernet5/0 port link-mode route combo enable copper # interface GigabitEthernet5/1 port link-mode route combo enable copper # interface GigabitEthernet6/0 port link-mode route combo enable copper # interface GigabitEthernet6/1 port link-mode route combo enable copper # scheduler logfile size 16 # line class aux user-role network-operator # line class console user-role network-admin # line class tty user-role network-operator # line class vty user-role network-operator # line aux 0 user-role network-operator # line con 0 user-role network-admin # line vty 0 63 user-role network-operator # ip route-static 0.0.0.0 0 100.1.46.6 ip route-static 192.168.1.0 24 192.168.34.3 ip route-static 192.168.2.0 24 192.168.34.3 ip route-static 192.168.35.0 24 192.168.34.3 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system
LB关键配置:
interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable copper
ip address 192.168.35.5 255.255.255.0
loadbalance snat-pool pool
ip range start 192.168.35.5 end 192.168.35.5
#
server-farm sf
snat-pool pool
probe t1
#
real-server rs1
ip address 192.168.1.1
port 23
weight 150
server-farm sf
#
real-server rs2
ip address 192.168.2.2
port 23
weight 120
server-farm sf
#
virtual-server vs type tcp
port 2323
virtual ip address 192.168.35.5
default server-farm sf
service enable
#
ip route-static 0.0.0.0 0 192.168.35.3
#
acl basic 2000
rule 0 permit
security-zone name Trust
import interface GigabitEthernet1/0/2
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
zone-pair security source Any destination Any
packet-filter 2000
#
return
Fifth, test
external host telnet mapped to the external network address and port LB, see if you can access the internal server
<Client> telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL + K to ABORT
Connected to 100.1.46.4 ...
<ServerA>
<ServerA>
<ServerA> IP DIS Brief int
* Down: Administratively Down
(S): Spoofing (L): Loopback
Interface Protocol the IP the Address the Physical the Description
the GE0 / Down Down 0 - -
the GE0 / 192.168. 1 up up. 1.1 -
after the test can be normal access to the server A
Under Log out and then try to log on, see if you can test the polling to another server
<ServerA> quit
The connection was closed by the remote host!
<Client>telnet 100.1.46.4 2323
Trying 100.1.46.4 ...
Press CTRL+K to abort
Connected to 100.1.46.4 ...
<ServerB>
<ServerB>dis ip int brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 192.168.2.2 --
LB>dis real-server statistics
Slot 1:
Real server: rs1
Total connections: 7
Active connections: 0
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 13601 bytes
Server output: 15872 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 3612 bytes/s
Max inbound throughput: 1359 bytes/s
Max outbound throughput: 2253 bytes/s
Received packets: 252
Sent packets: 238
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0
Real server: rs2
Total connections: 8
Active connections: 1
Max connections: 1
Connections per second: 0
Max connections per second: 1
Server input: 15552 bytes
Server output: 17213 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 288
Sent packets: 264
Dropped packets: 0
Received requests: 0
Dropped requests: 0
Sent responses: 0
Dropped responses: 0
Connection failures: 0
<LB>dis virtual-server statistics
Slot 1:
Virtual server: vs
Total connections: 15
Active connections: 1
Max connections: 2
Connections per second: 0
Max connections per second: 1
Client input: 29257 bytes
Client output: 33165 bytes
Throughput: 0 bytes/s
Inbound throughput: 0 bytes/s
Outbound throughput: 0 bytes/s
Max throughput: 5796 bytes/s
Max inbound throughput: 2451 bytes/s
Max outbound throughput: 3345 bytes/s
Received packets: 542
Sent packets: 504
Dropped packets: 0
六、 注意事项
- The topology map, if simply configure server load balancing, do snat for extranet incoming source, it is not accessible to the server, because the external network terminal initiates access to LB, but the data packet returning Shique within network server to give direct response, the server returned packet, the packet to the core equipment, directly in accordance with the default route forwards to do, even if the client receives the packet, due to inconsistencies initiate and respond to the address, the packet will not believe what you want, directly discards
- When you configure LB, real service, real service group association, and finally in the virtual server do associated equipment will be based on the template to detect and polling to see if the server is accessible, if up, will be in the active state, if it detects unreachable , in the Probe-failed