H3C LB设备配置案例(V7)-5W101

手册下载

H3C LB设备配置案例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

H3C_彩色.emf

 



简介

本文档介绍4-7层服务器负载均衡的配置案例。

配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档假设您已了解LBLoad Balance,负载均衡)特性。

服务器负载均衡功能特性

服务器负载均衡包括多种类型协议:包括IPTCPUDPHTTP四种类型,其中IPTCPUDP类型统称为四层服务器负载均衡,HTTP类型称为七层服务器负载均衡:

·     四层服务器负载均衡:是基于流的负载均衡,通过对报文进行逐流分发,将同一条流的报文分发给同一台服务器。四层服务器负载均衡对基于HTTP的七层业务无法做到按内容分发,从而限制了负载均衡的业务适用范围。

·     七层服务器负载均衡:是基于内容的负载均衡,通过对报文承载的内容进行深度解析,根据其中的内容进行逐包分发,按既定策略将连接导向指定的服务器,从而实现了业务范围更广泛的服务器负载均衡。

服务器负载均衡支持IPv4IPv6,但不支持IPv4流量与IPv6流量的互转。

服务器负载均衡在网络中的部署模式有直连和旁路两种。

四层服务器负载均衡配置举例

4.1  直连模式

4.1.1  组网需求

1所示,Host通过LB设备对3台服务器进行访问,三台服务器Server AServer BServer C均可提供FTP服务,Host访问服务器的流量将根据源地址在三台服务器之间负载分担。例如:源62.159.4.0/26FTP请求分给Server A,源62.159.4.64/26FTP请求分给Server B,其他源地址的FTP请求分给ServerC

图1 LB直连模式组网图

4.1.2  配置思路

为实现直连模式的四层服务器负载均衡,需要在LB设备上配置实服务组、实服务器、虚服务。

4.1.3  使用版本

本举例是在L1000-SVersion 7.1.054, Alpha 8102版本上进行配置和验证的。

4.1.4  配置注意事项

·     LB设备上配置的虚服务器地址,配置为接口GE1/0/1sub地址。配置完虚服务后,需要开启虚服务。

·     注意HostLB的路由配置,使之路由可达。

4.1.5  配置步骤

说明

以下配置均在LB设备上进行。

 

1. 配置实服务组

# 创建ICMP类型的NQA模板t1

<Sysname> system-view

[Sysname] nqa template icmp t1

[Sysname-nqatplt-icmp-t1] quit

# 创建实服务组sf1sf2sf3,均采用源IP地址的hash算法,并指定其健康检测方法为t1

[Sysname] server-farm sf1

[Sysname-sfarm-sf1] predictor hash address source

[Sysname-sfarm-sf1] probe t1

[Sysname-sfarm-sf1] quit

[Sysname] server-farm sf2

[Sysname-sfarm-sf2] predictor hash address source

[Sysname-sfarm-sf2] probe t1

[Sysname-sfarm-sf2] quit

[Sysname] server-farm sf3

[Sysname-sfarm-sf3] predictor hash address source

[Sysname-sfarm-sf3] probe t1

[Sysname-sfarm-sf3] quit

2. 配置实服务器

# 创建实服务器rs1,配置其IPv4地址为192.168.1.1,并加入实服务组sf1

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

[Sysname-rserver-rs1] server-farm sf1

[Sysname-rserver-rs1] quit

# 创建实服务器rs2,配置其IPv4地址为192.168.1.2,并加入实服务组sf2

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] server-farm sf2

[Sysname-rserver-rs2] quit

# 创建实服务器rs3,配置其IPv4地址为192.168.1.3,并加入实服务组sf3

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] server-farm sf3

[Sysname-rserver-rs3] quit

3. 配置负载均衡策略

# 配置负载均衡类lc1lc2,匹配Host的不同源地址

[Sysname] loadbalance class lc1 type generic match-any

[Sysname-lbc-generic-lc1] match 1 source ip address 62.159.4.0 26

[Sysname-lbc-generic-lc1] quit

[Sysname] loadbalance class lc2 type generic match-any

[Sysname-lbc-generic-lc2]match 1 source ip address 62.159.4.64 26

[Sysname-lbc-generic-lc2] quit

# 配置持续性组sg1,持续性方法为源IP地址

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip source

[Sysname-sticky-address-port-sg1] quit

# 配置负载均衡动作la1la2la3,均应用持续性方法sg1

[Sysname] loadbalance action la1 type generic

[Sysname-lba-generic-la1] server-farm sf1 sticky sg1

[Sysname-lba-generic-la1] quit

[Sysname] loadbalance action la2 type generic

[Sysname-lba-generic-la2] server-farm sf2 sticky sg1

[Sysname-lba-generic-la2] quit

[Sysname] loadbalance action la3 type generic

[Sysname-lba-generic-la3] server-farm sf3 sticky sg1

[Sysname-lba-generic-la3] quit

# 配置负载均衡策略lp1

[Sysname] loadbalance policy lp1 type generic

[Sysname-lbp-generic-lp1] class lc1 action la1

[Sysname-lbp-generic-lp1] class lc2 action la2

[Sysname-lbp-generic-lp1] default-class action la3

[Sysname-lbp-generic-lp1] quit

4. 配置虚服务器

# 创建TCP类型的虚服务器vs,配置其VSIP61.159.4.200,指定应用负载均衡策略为lp1,并开启虚服务。

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] virtual ip address 61.159.4.200

[Sysname-vs-tcp-vs]lb-policy lp1

[Sysname-vs-tcp-vs] service enable

[Sysname-vs-tcp-vs] quit

4.1.6  验证配置

(1)     查看所有实服务器的简要信息。

[Sysname] display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1      0   Active         sf1

rs2               192.168.1.2      0   Active         sf2

rs3               192.168.1.3      0   Active         sf3

(2)     查看所有实服务组的详细信息。

[Sysname] display server-farm

Server farm: sf1

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1        0      100     4

 

Server farm: sf2

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs2               Active         192.168.1.2        0      100     4

 

Server farm: sf3

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs3               Active         192.168.1.3        0      100     4

(3)     查看所有虚服务器的详细信息。

[Sysname] display virtual-server

Virtual server: vs

    Description:

    Type: TCP

    State: Active

    Virtual IPv4 address: 61.159.4.200/32

    Virtual IPv6 address: --

    Port: 0

    Default server farm:

    Backup server farm:

    Sticky:

    LB policy: lp1

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

InboundBandwidth: --

        OutboundBandwidth: --

  Connection synchronization: Disabled

  Sticky synchronization: Disabled

(4)     Host发起源地址分别为62.159.4.162.159.4.6562.159.4.129FTP请求共3个,通过虚服务61.159.4.200地址访问FTP服务器,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息。

[Sysname] display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections: 3

    Active connections: 0

    Max connections: 3

    Connections per second: 0

    Max connections per second: 1

    Client input: 1717bytes

    Client output: 2750bytes                                                 Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

Max inbound throughput: 1673 bytes/s

    Max outbound throughput: 2750 bytes/s

    Received packets:37

    Sent packets:45

Dropped packets: 0

[Sysname] display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 915 bytes

    Server output: 559bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1474bytes/s

Max inbound throughput: 915 bytes/s

Max outbound throughput: 559 bytes/s

    Received packets:12

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

 Dropped responses: 0

[Sysname] display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 918bytes

    Server output: 559bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1477bytes/s

Max inbound throughput: 918 bytes/s

Max outbound throughput: 559 bytes/s

    Received packets:12

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

Dropped responses: 0

[Sysname] display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 917bytes

    Server output: 599bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1516bytes/s

Max inbound throughput: 917 bytes/s

Max outbound throughput: 599 bytes/s

    Received packets:13

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

4.1.7  配置文件

#

nqa template icmp t1

 

#

sticky-group sg1 type address-port

 ip source

#

server-farm sf1

predictor hash address source

probe t1

#

server-farm sf2

predictor hash address source

probe t1

#

server-farm sf3

predictor hash address source

probe t1

#

loadbalance class lc1 type generic

 match 1 source ip address 61.159.4.0 26

#

loadbalance class lc2 type generic match-any

 match 1 source ip address 61.159.4.64 26

#

loadbalance action la1 type generic

 server-farm sf1 sticky sg1

#

loadbalance action la2 type generic

 server-farm sf2 sticky sg1

#

loadbalance action la3 type generic

 server-farm sf3 sticky sg1

#

loadbalance policy lp1 type generic

 class lc11 action la1

 class lc22 action la2

 default-class action la3

#

real-server rs1

 ip address 192.168.1.1

 

 server-farm sf1

#

real-server rs2

 ip address 192.168.1.2

 

 server-farm sf2

#

 real-server rs3

 ip address 192.168.1.3

 

 server-farm sf3

#

virtual-server vs type tcp

 virtual ip address 61.159.4.200

 lb-policy lp1

 service enable

#

4.2  旁路模式

4.2.1  组网需求

2所示,Host通过直连的交换机再通过LB设备对3台服务器进行访问,三台服务器也与交换机直连,三台服务器Server AServer BServer C均可提供FTP服务,Host访问服务器的流量将根据源地址会在三台服务器之间负载分担,并且Host访问业务的流程都会经过LB设备例如:源170.1.1.0.0/26FTP请求分给ServerA,源170.1.1.64/26FTP请求分给ServerB,其他源地址的FTP请求分给ServerC

图2 LB旁路模式组网图(箭头方向为流量走向)

 

4.2.2  配置思路

为了实现旁路模式的四层服务器负载均衡,需要完成如下配置:

·     LB设备上配置实服务组、实服务器和虚服务。

·     在交换机上配置到虚服务的路由;在LB设备上配置到实服务的路由。

4.2.3  使用版本

本举例是在 L1000-SVersion 7.1.054, Alpha 8102版本上进行配置和验证的。

4.2.4  配置注意事项

·     LB设备上配置的实服务器地址要与相应的实服务器地址保持一致。

·     配置完虚服务后,需要开启虚服务。

4.2.5  配置步骤

1. 配置交换机

# 配置交换机与Host的直连接口。

<Sysname> System-view

[Sysname] vlan 1700

[Sysname-vlan1700] quit

[Sysname] interface vlan-interface1700

[Sysname-Vlan-interface1700] ip address 170.1.1.1 255.255.255.0

[Sysname-Vlan-interface1700] quit

# 配置交换机与LB设备对接的出接口。

[Sysname] vlan 1710

[Sysname-vlan1710] quit

[Sysname] interface vlan-interface1710

[Sysname-Vlan-interface1710] ip address 171.1.1.1 255.255.255.0

[Sysname-Vlan-interface1710] quit

# 配置交换机与LB设备对接的入接口。

[Sysname] vlan 1780

[Sysname-vlan1780] quit

[Sysname] interface vlan-interface1780

[Sysname-Vlan-interface1780] ip address 178.1.1.1 255.255.255.0

[Sysname-Vlan-interface1780] quit

# 配置交换机与实服务器的直连接口。

[Sysname] vlan 1730

[Sysname-vlan1730] quit

[Sysname] interface Vlan-interface1730

[Sysname-Vlan-interface1730] ip address 192.168.1.4 255.255.255.0

[Sysname-Vlan-interface1730] quit

# 配置到虚服务的路由。

[Sysname] ip route-static 61.159.4.100 255.255.255.255 171.1.1.2

# 配置到客户端的策略路由。

[Sysname] policy-based-route p7 permit node 1

[Sysname-pbr-p7-1] if-match acl 3101

[Sysname-pbr-p7-1] apply next-hop 178.1.1.2

[Sysname-pbr-p7-1] quit

# 配置策略路由中的ACL

[Sysname] acl number 3101

[Sysname-acl-adv-3101] rule 0 permit ip source 192.168.1.0 0.0.0.255

2. 配置LB设备

(1)     配置接口和路由

# 配置入方向子接口。

<Sysname> System-view

[Sysname] interface gigabitethernet1/0/8.1710

[Sysname-GigabitEthernet1/0/8.1710] ip address 171.1.1.2 255.255.255.0

[Sysname-GigabitEthernet1/0/8.1710] vlan-type dot1q vid 1710

[Sysname-GigabitEthernet1/0/8.1710] quit

# 配置出方向子接口。

[Sysname] interface gigabitethernet1/0/8.1780

[Sysname-GigabitEthernet1/0/8.1780] ip address 178.1.1.2 255.255.255.0

[Sysname-GigabitEthernet1/0/8.1780] vlan-type dot1q vid 1780

[Sysname-GigabitEthernet1/0/8.1780] quit

# 配置到实服务器的路由。

[Sysname] ip route-static 192.168.1.0 24 178.1.1.1

# 配置到客户端的路由。

[Sysname] ip route-static 170.1.1.0 24 171.1.1.1

(2)     配置实服务组

# 创建ICMP类型的NQA模板t1

[Sysname] nqa template icmp t1

[Sysname-nqatplt-icmp-t1] quit

# 创建实服务组sf1sf2sf3,均采用源IP地址的hash算法,,并指定其健康检测方法为t1

[Sysname] server-farm sf1

[Sysname-sfarm-sf1] predictor hash address source

[Sysname-sfarm-sf1] probe t1

[Sysname-sfarm-sf1] quit

[Sysname] server-farm sf2

[Sysname-sfarm-sf2] predictor hash address source

[Sysname-sfarm-sf2] probe t1

[Sysname-sfarm-sf2] quit

[Sysname] server-farm sf3

[Sysname-sfarm-sf3] predictor hash address source

[Sysname-sfarm-sf3] probe t1

[Sysname-sfarm-sf3] quit

(3)     配置实服务器

# 创建实服务器rs1,配置其IPv4地址为192.168.1.1,并加入实服务组sf1

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

[Sysname-rserver-rs1] server-farm sf1

[Sysname-rserver-rs1] quit

# 创建实服务器rs2,配置其IPv4地址为192.168.1.2,并加入实服务组sf2

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] server-farm sf2

[Sysname-rserver-rs2] quit

# 创建实服务器rs3,配置其IPv4地址为192.168.1.3,并加入实服务组sf3

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] server-farm sf3

[Sysname-rserver-rs3] quit

(4)     配置负载均衡策略

# 配置负载均衡类lc1lc2,匹配Host的不同源地址

[Sysname] loadbalance class lc1 type generic match-any

[Sysname-lbc-generic-lc1] match 1 source ip address 170.1.1.0 26

[Sysname-lbc-generic-lc1] quit

[Sysname] loadbalance class lc2 type generic match-any

[Sysname-lbc-generic-lc2] match 1 source ip address 170.1.1.64 26

[Sysname-lbc-generic-lc2] quit

# 配置持续性组sg1,持续性方法为源IP地址

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip source

[Sysname-sticky-address-port-sg1] quit

# 配置负载均衡动作la1la2la3,均应用持续性方法sg1

[Sysname] loadbalance action la1 type generic

[Sysname-lba-generic-la1] server-farm sf1 sticky sg1

[Sysname-lba-generic-la1] quit

[Sysname] loadbalance action la2 type generic

[Sysname-lba-generic-la2] server-farm sf2 sticky sg1

[Sysname-lba-generic-la2] quit

[Sysname] loadbalance action la3 type generic

[Sysname-lba-generic-la3] server-farm sf3 sticky sg1

[Sysname-lba-generic-la3] quit

# 配置负载均衡策略lp1

[Sysname] loadbalance policy lp1 type generic

[Sysname-lbp-generic-lp1] class lc1 action la1

[Sysname-lbp-generic-lp1] class lc2 action la2

[Sysname-lbp-generic-lp1] default-class action la3

[Sysname-lbp-generic-lp1] quit

(5)     配置虚服务器

# 创建TCP类型的虚服务器vs,配置其VSIP61.159.4.100,指定应用负载均衡策略为lp1,并开启虚服务。

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] virtual ip address 61.159.4.100

[Sysname-vs-tcp-vs] lb-policy lp1

[Sysname-vs-tcp-vs] service enable

[Sysname-vs-tcp-vs] quit

4.2.6  验证配置

说明

以下验证过程均在LB设备上进行。

 

(1)     查看所有实服务器的简要信息。

[Sysname] display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1      0      Active         sf1

rs2               192.168.1.2      0      Active         sf2

rs3               192.168.1.3      0      Active         sf3

(2)     查看所有实服务组的详细信息。

[Sysname] display server-farm

Server farm: sf1

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1        0      100     4

 

Server farm: sf2

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs2               Active         192.168.1.2        0      100     4

 

Server farm: sf3

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

        rs3               Active         192.168.1.3        0      100     4

(3)     查看所有虚服务器的详细信息。

[Sysname] display virtual-server

Virtual server: vs

    Description:

    Type: TCP

    State: Active

    Virtual IPv4 address: 61.159.4.100/32

    Virtual IPv6 address: --

    Port: 0

    Default server farm:

    Backup server farm:

    Sticky:

    LB policy: lp1

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

InboundBandwidth: --

        OutboundBandwidth: --

    Connection synchronization: Disabled

    Sticky synchronization: Disabled

(4)     Host发起源地址分别为62.159.4.162.159.4.6562.159.4.129FTP请求共3个,通过虚服务61.159.4.100地址访问FTP服务器,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息。

[Sysname] display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections: 3

    Active connections: 0

    Max connections: 3

    Connections per second: 0

    Max connections per second: 1

    Client input: 1717bytes

    Client output: 2750bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

Max inbound throughput: 1673 bytes/s

    Max outbound throughput: 2750 bytes/s

    Received packets:37

    Sent packets:45

Dropped packets: 0

[Sysname] display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 915 bytes

    Server output: 559bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1474bytes/s

Max inbound throughput: 915 bytes/s

Max outbound throughput: 559 bytes/s

    Received packets:12

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

 Dropped responses: 0

[Sysname] display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 918bytes

    Server output: 559bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1477bytes/s

Max inbound throughput: 918 bytes/s

Max outbound throughput: 559 bytes/s

    Received packets:12

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

Dropped responses: 0

[Sysname] display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections:1

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 917bytes

    Server output: 599bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 1516bytes/s

Max inbound throughput: 917 bytes/s

Max outbound throughput: 599 bytes/s

    Received packets:13

    Sent packets:15

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

4.2.7  配置文件

·     交换机

#

vlan 1700

#

vlan 1710

#

vlan 1730

#

vlan 1780

#

interface Vlan-interface1700

 ip address 170.1.1.1 255.255.255.0

#

interface Vlan-interface1710

 ip address 171.1.1.1 255.255.255.0

#

interface Vlan-interface1730

 ip address 192.168.1.4 255.255.255.0

#

interface Vlan-interface1780

 ip address 178.1.1.1 255.255.255.0

#

ip route-static 61.159.4.100 255.255.255.255 171.1.1.2

#

policy-based-route p7 permit node 1

  if-match acl 3101

apply next-hop 178.1.1.2

#

acl number 3101

 rule 0 permit ip source 192.168.1.0 0.0.0.255

#

·     LB设备

#

interface GigabitEthernet1/0/8.1710

  ip address 171.1.1.2 255.255.255.0

  vlan-type dot1q vid 1710

#

interface GigabitEthernet1/0/8.1780

 ip address 178.1.1.2 255.255.255.0

vlan-type dot1q vid 1780

#

ip route-static 192.168.1.0 24 178.1.1.1

ip route-static 170.1.1.0 24 171.1.1.1

#

nqa template icmp t1

 

#

sticky-group sg1 type address-port

 ip source

#

server-farm sf

predictor hash address source

probe t1

#

server-farm sf2

predictor hash address source

probe t1

#

server-farm sf3

predictor hash address source

probe t1

#

loadbalance class lc1 type generic

 match 1 source ip address 170.1.1.0 26

#

loadbalance class lc2 type generic match-any

 match 1 source ip address 170.1.1.64 26

#

loadbalance action la1 type generic

 server-farm sf1 sticky sg1

#

loadbalance action la2 type generic

 server-farm sf2 sticky sg1

#

loadbalance action la3 type generic

 server-farm sf3 sticky sg1

#

loadbalance policy lp1 type generic

 class lc11 action la1

 class lc22 action la2

 default-class action la3

#

real-server rs1

 ip address 192.168.1.1

 

 server-farm sf1

#

real-server rs2

 ip address 192.168.1.2

 

 server-farm sf2

#

real-server rs3

 ip address 192.168.1.3

 

 server-farm sf3

#

virtual-server vs type tcp

 virtual ip address 61.159.4.100

 lb-policy lp1

 service enable

七层服务器负载均衡配置举例

5.1  直连模式

5.1.1  组网需求

3所示,Host通过LB设备对3台服务器进行访问,三台服务器Server AServer BServer C均可提供HTTP服务;Host访问服务器的流量会根据Host访问的url在三台服务器之间负载分担:url中含有sportsgovernmentnews的请求分给Server Aurl中含有financetechnologyshopping的请求分给Server B,其他url的请求分给ServerC

图3 LB直连模式组网图(箭头方向为流量走向)

5.1.2  配置思路

为实现直连模式的七层服务器负载均衡,需要在LB设备上配置实服务组、实服务器、虚服务。

5.1.3  使用版本

本举例是在 L1000-SVersion 7.1.054, Alpha 8102版本上进行配置和验证的。

5.1.4  配置注意事项

·     LB设备上配置的虚服务器地址,配置为接口的sub地址。。

·     配置完虚服务后,需要开启虚服务。

·     注意HostLB的路由配置,使之路由可达。

5.1.5  配置步骤

说明

以下配置均在LB设备上进行。

 

(1)     配置实服务组

# 创建HTTP类型的NQA模板t1

<Sysname> system-view

[Sysname] nqa template http t1

[Sysname-nqatplt-http-t1] quit

# 创建实服务组sf1sf2sf3,均采用源IP地址的hash算法,并指定其健康检测方法为t1

[Sysname] server-farm sf1

[Sysname-sfarm-sf1] predictor hash address source

[Sysname-sfarm-sf1] probe t1

[Sysname-sfarm-sf1] quit

[Sysname] server-farm sf2

[Sysname-sfarm-sf2] predictor hash address source

[Sysname-sfarm-sf2] probe t1

[Sysname-sfarm-sf2] quit

[Sysname] server-farm sf3

[Sysname-sfarm-sf3] predictor hash address source

[Sysname-sfarm-sf3] probe t1

[Sysname-sfarm-sf3] quit

(2)     配置实服务器

# 创建实服务器rs1,配置其IPv4地址为192.168.1.1,并加入实服务组sf1

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

[Sysname-rserver-rs1] server-farm sf1

[Sysname-rserver-rs1] quit

# 创建实服务器rs2,配置其IPv4地址为192.168.1.2,并加入实服务组sf2

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] server-farm sf2

[Sysname-rserver-rs2] quit

# 创建实服务器rs3,配置其IPv4地址为192.168.1.3,并加入实服务组sf3

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] server-farm sf3

[Sysname-rserver-rs3] quit

(3)     配置HTTP Cookie类型的持续性组

# 创建HTTP Cookie类型的持续性组。

[Sysname] sticky-group sg1 type http-cookie

# 配置持续性方法为Cookie插入,名字为cookie1。(Cookie插入,即在服务器发送的HTTP应答报文中插入Set-cookie字段用于持续性处理)

[Sysname-sticky-http-cookie-sg1] cookie insert name cookie1

[Sysname-sticky-http-cookie-sg1] quit

(4)     配置负载均衡策略

# 配置负载均衡类lc1lc2

[Sysname] loadbalance class lc1 type http match-any

[Sysname-lbc-http-lc1] match 1 url sports

[Sysname-lbc-http-lc1] match 2 url news

[Sysname-lbc-http-lc1] match 3 url government

[Sysname-lbc-http-lc1] quit

[Sysname] loadbalance class lc2 type http match-any

[Sysname-lbc-http-lc2] match 1 url finance

[Sysname-lbc-http-lc2] match 2 url technology

[Sysname-lbc-http-lc2] match 3 url shopping

[Sysname-lbc-http-lc2] quit

# 配置负载均衡动作la1la2la3,应用持续性方法sg1

[Sysname] loadbalance action la1 type http

[Sysname-lba-http-la1] server-farm sf1 sticky sg1

[Sysname-lba-http-la1] quit

[Sysname] loadbalance action la2 type http

[Sysname-lba-http-la2] server-farm sf2 sticky sg1

[Sysname-lba-http-la2] quit

[Sysname] loadbalance action la3 type http

[Sysname-lba-http-la3] server-farm sf3 sticky sg1

[Sysname-lba-http-la3] quit

# 配置负载均衡策略lp1

[Sysname] loadbalance policy lp1 type http

[Sysname-lbp-http-lp1] class lc1 action la1

[Sysname-lbp-http-lp1] class lc2 action la2

[Sysname-lbp-http-lp1] default-class action la3

[Sysname-lbp-http-lp1] quit

(5)     配置参数模板,对每个HTTP请求报文都进行负载均衡

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] rebalance per-request

[Sysname-para-http-pp1] quit

(6)     配置虚服务器并且引用持续性组

# 创建HTTP类型的虚服务器vs,配置其VSIP61.159.4.100,应用负载均衡策略lp1,以及参数模板pp1,持续性组为sg1,并开启虚服务。

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] virtual ip address 61.159.4.100

[Sysname-vs-http-vs]  lb-policy lp1

[Sysname-vs-http-vs] parameter http pp1

[Sysname-vs-http-vs] service enable

[Sysname-vs-http-vs] quit

5.1.6  验证配置

(1)     查看所有实服务器的简要信息。

[Sysname] display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1      0   Active         sf1

rs2               192.168.1.2      0   Active         sf2

rs3               192.168.1.3      0   Active         sf3

(2)     查看所有实服务组的详细信息。

 

[Sysname]display server-farm name sf1

Server farm: sf1

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1        0      100     4

 

[Sysname] display server-farm name sf2

Server farm: sf2

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs2               Active         192.168.1.2        0      100     4

 

[Sysname] display server-farm name sf3

Server farm: sf3

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs3               Active         192.168.1.3        0      100     4

(3)     查看所有虚服务器的详细信息。

[Sysname] display virtual-server

Virtual server: vs

    Description:

    Type: HTTP

    State: Active

    Virtual IPv4 address: 61.159.4.100/32

    Virtual IPv6 address: --

    Port: 80

    Default server farm:

    Backup server farm:

    Sticky:

LB policy: lp1

HTTP parameter profile: pp1

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

InboundBandwidth: --

        OutboundBandwidth: --

    SSL server policy:

    SSL client policy:

    Redirect relocation:

    Redirect return-code: 302

  Sticky synchronization: Disabled

(4)     Host通过发起包含url值分别包含aaasportsnewsgovernment financetechnologyshopping的请求报文共7个访问HTTP服务器,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息,且在Host端抓包可以看到,服务器端发回的响应报文中头部有set-cookie字段。

[Sysname] display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections:3

    Active connections:0

    Max connections:3

    Connections per second: 0

    Max connections per second: 3

    Client input: 3081bytes

    Client output: 5913bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 8994bytes/s

    Max inbound throughput: 3081 bytes/s

    Max outbound throughput: 5913 bytes/s

    Received packets:18

    Sent packets:16

    Dropped packets: 0

    Received requests:9

    Dropped requests:2

    Sent responses:7

Dropped responses: 0

[Sysname] display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections:3

    Active connections:0

    Max connections:1

    Connections per second: 0

    Max connections per second:3

    Server input: 3604742 bytes

    Server output: 7205452 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 10807648 bytes/s

Max inbound throughput: 3603124 bytes/s

Max outbound throughput: 7204524 bytes/s

    Received packets:180123

    Sent packets:90084

    Dropped packets: 0

    Received requests:2

    Dropped requests: 0

    Sent responses:2

Dropped responses: 0

[Sysname] display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections:3

    Active connections:0

    Max connections:1

    Connections per second: 0

    Max connections per second:3

   Server input: 2427 bytes

    Server output: 1402 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 3829 bytes/s

Max inbound throughput: 2427 bytes/s

    Max outbound throughput: 1402 bytes/s

    Received packets:15

    Sent packets:9

    Dropped packets: 0

    Received requests:3

    Dropped requests: 0

    Sent responses:3

Dropped responses: 0

[Sysname] display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections:3

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second:3

   Server input: 3645026 bytes

    Server output: 7286008 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 10929315 bytes/s

Max inbound throughput: 3644013 bytes/s

    Max outbound throughput: 7285302 bytes/s

    Received packets:182137

    Sent packets:91091

    Dropped packets: 0

    Received requests:2

    Dropped requests: 0

    Sent responses:2

Dropped responses: 0

5.1.7  配置文件

#

nqa template http t1

#

server-farm sf1

predictor hash address source

probe t1

#

server-farm sf2

predictor hash address source

probe t1

#

server-farm sf3

predictor hash address source

probe t1

#

loadbalance class lc1 type http match-any

 match 1 url sports

 match 2 url news

 match 3 url government

#

loadbalance class lc2 type http match-any

 match 1 url finance

 match 2 url technology

 match 3 url shopping

#

loadbalance action la1 type http

 server-farm sf1 sticky sg1

#

loadbalance action la2 type http

 server-farm sf2 sticky sg1

#

loadbalance action la3 type http

 server-farm sf3 sticky sg1

#

loadbalance policy lp1 type http

 class lc1 action la1

 class lc2 action la2

 default-class action la3

#

real-server rs1

 ip address 192.168.1.1

 

 server-farm sf1

#

real-server rs2

 ip address 192.168.1.2

 

 server-farm sf2

#

real-server rs3

 ip address 192.168.1.3

 

 server-farm sf3

#

sticky-group sg1 type http-cookie

 cookie insert name cookie1

#

virtual-server vs type http

 virtual ip address 61.159.4.100

 

parameter http pp1

 lb-policy lp1

 service enable

#

5.2  旁路模式

5.2.1  组网需求

4所示,Host通过直连的设备再通过LB设备对3台服务器进行访问,三台服务器也与设备直连,三台服务器Server AServer BServer C均可提供HTTP服务, Host访问服务器的流量会根据Host访问的url在三台服务器之间负载分担:url中含有sportsgovernmentnews的请求分给Server Aurl中含有financetechnologyshopping的请求分给Server B,其他url的请求分给ServerC,并且Host访问业务的流程都会经过LB设备,配置中使用的普通设备为交换机。

图4 LB设备旁路模式组网图(箭头方向为流量走向)

5.2.2  配置思路

为了实现旁路模式的七层服务器负载均衡,需要完成如下配置:

·     LB设备上配置实服务组、实服务器和虚服务。

·     在交换机上配置到虚服务的路由;在LB设备上配置到实服务的路由。

5.2.3  使用版本

本举例是在 L1000-SVersion 7.1.054, Alpha 8102版本上进行配置和验证的。

5.2.4  配置注意事项

·     LB设备上配置的实服务器地址要与相应的实服务器地址保持一致。

·     配置完虚服务后,需要开启虚服务。

5.2.5  配置步骤

1. 配置交换机

# 配置交换机与Host的直连接口。

<Sysname> System-view

[Sysname] vlan 1700

[Sysname-vlan1700] quit

[Sysname] interface vlan-interface 1700

[Sysname-Vlan-interface1700] ip address 170.1.1.1 255.255.255.0

[Sysname-Vlan-interface1700] quit

# 配置交换机与LB设备对接的出接口。

[Sysname] vlan 1710

[Sysname-vlan1710] quit

[Sysname] interface vlan-interface 1710

[Sysname-Vlan-interface1710] ip address 171.1.1.1 255.255.255.0

[Sysname-Vlan-interface1710] quit

# 配置交换机与LB设备对接的入接口。

[Sysname] vlan 1780

[Sysname-vlan1780] quit

[Sysname] interface vlan-interface 1780

[Sysname-Vlan-interface1780] ip address 178.1.1.1 255.255.255.0

[Sysname-Vlan-interface1780] quit

# 配置交换机与实服务器的直连接口。

[Sysname] vlan 1730

[Sysname-vlan1730] quit

[Sysname] interface Vlan-interface 1730

[Sysname-Vlan-interface1730] ip address 192.168.1.4 255.255.255.0

[Sysname-Vlan-interface1730] quit

# 配置到虚服务的路由。

[Sysname] ip route-static 61.159.4.100 255.255.255.255 171.1.1.2

# 配置到客户端的策略路由。

[Sysname] policy-based-route p7 permit node 1

[Sysname-pbr-p7-1] if-match acl 3101

[Sysname-pbr-p7-1] apply next-hop 178.1.1.2

[Sysname-pbr-p7-1] quit

# 配置策略路由中的ACL

[Sysname] acl number 3101

[Sysname-acl-adv-3101] rule 0 permit ip source 192.168.1.0 0.0.0.255

[Sysname-acl-adv-3101] quit

2. 配置LB设备

(1)     配置接口和路由

# 配置入方向子接口。

<Sysname> System-view

[Sysname] interface gigabitethernet1/0/8.1710

[Sysname-GigabitEthernet1/0/8.1710] ip address 171.1.1.2 255.255.255.0

[Sysname-GigabitEthernet1/0/8.1710] vlan-type dot1q vid 1710

[Sysname-GigabitEthernet1/0/8.1710] quit

# 配置出方向子接口。

[Sysname] interface gigabitethernet1/0/8.1780

[Sysname-GigabitEthernet1/0/8.1780] ip address 178.1.1.2 255.255.255.0

[Sysname-GigabitEthernet1/0/8.1780] vlan-type dot1q vid 1780

[Sysname-GigabitEthernet1/0/8.1780] quit

# 配置到实服务器的路由。

[Sysname] ip route-static 192.168.1.0 24 178.1.1.1

# 配置到客户端路由。

[Sysname] ip route-static 170.1.1.0 24 171.1.1.1

(2)     配置实服务组

# 创建HTTP类型的NQA模板t1

<Sysname> system-view

[Sysname] nqa template http t1

[Sysname-nqatplt-http-t1] quit

# 创建实服务组sf1sf2sf3,均采用源IP地址的hash算法,并指定其健康检测方法为t1

[Sysname] server-farm sf1

[Sysname-sfarm-sf1] predictor hash address source

[Sysname-sfarm-sf1] probe t1

[Sysname-sfarm-sf1] quit

[Sysname] server-farm sf2

[Sysname-sfarm-sf2] predictor hash address source

[Sysname-sfarm-sf2] probe t1

[Sysname-sfarm-sf2] quit

[Sysname] server-farm sf3

[Sysname-sfarm-sf3] predictor hash address source

[Sysname-sfarm-sf3] probe t1

[Sysname-sfarm-sf3] quit

(3)     配置实服务器

# 创建实服务器rs1,配置其IPv4地址为192.168.1.1,并加入实服务组sf1

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

[Sysname-rserver-rs1] server-farm sf1

[Sysname-rserver-rs1] quit

# 创建实服务器rs2,配置其IPv4地址为192.168.1.2,并加入实服务组sf2

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] server-farm sf2

[Sysname-rserver-rs2] quit

# 创建实服务器rs3,配置其IPv4地址为192.168.1.3,并加入实服务组sf3

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] server-farm sf3

[Sysname-rserver-rs3] quit

(4)     配置HTTP Cookie类型的持续性组

# 创建HTTP Cookie类型的持续性组。

[Sysname] sticky-group sg1 type http-cookie

# 配置持续性方法为Cookie插入,名字为cookie1。(Cookie插入,即在服务器发送的HTTP应答报文中插入Set-cookie字段用于持续性处理)

[Sysname-sticky-http-cookie-sg1] cookie insert name cookie1

[Sysname-sticky-http-cookie-sg1] quit

(5)     配置负载均衡策略

# 配置负载均衡类lc1lc2

[Sysname] loadbalance class lc1 type http match-any

[Sysname-lbc-http-lc1] match 1 url sports

[Sysname-lbc-http-lc1] match 2 url news

[Sysname-lbc-http-lc1] match 3 url government

[Sysname-lbc-http-lc1] quit

[Sysname] loadbalance class lc2 type http match-any

[Sysname-lbc-http-lc2] match 1 url finance

[Sysname-lbc-http-lc2] match 2 url technology

[Sysname-lbc-http-lc2] match 3 url shopping

[Sysname-lbc-http-lc2] quit

# 配置负载均衡动作la1la2la3,应用持续性方法sg1

[Sysname] loadbalance action la1 type http

[Sysname-lba-http-la1] server-farm sf1 sticky sg1

[Sysname-lba-http-la1] quit

[Sysname] loadbalance action la2 type http

[Sysname-lba-http-la2] server-farm sf2 sticky sg1

[Sysname-lba-http-la2] quit

[Sysname] loadbalance action la3 type http

[Sysname-lba-http-la3] server-farm sf3 sticky sg1

[Sysname-lba-http-la3] quit

# 配置负载均衡策略lp1

[Sysname] loadbalance policy lp1 type http

[Sysname-lbp-http-lp1] class lc1 action la1

[Sysname-lbp-http-lp1] class lc2 action la2

[Sysname-lbp-http-lp1] default-class action la3

[Sysname-lbp-http-lp1] quit

(6)     配置参数模板,对每个HTTP请求报文都进行负载均衡

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] rebalance per-request

[Sysname-para-http-pp1] quit

(7)     配置虚服务器并且引用持续性组

# 创建HTTP类型的虚服务器vs,配置其VSIP61.159.4.100,应用负载均衡策略lp1,以及参数模板pp1,持续性组为sg1,并开启虚服务。

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] virtual ip address 61.159.4.100

[Sysname-vs-http-vs] lb-policy lp1

[Sysname-vs-http-vs] parameter http pp1

[Sysname-vs-http-vs] service enable

[Sysname-vs-http-vs] quit

5.2.6  验证配置

(1)     查看所有实服务器的简要信息。

[Sysname] display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1      0   Active         sf1

rs2               192.168.1.2      0   Active         sf2

rs3               192.168.1.3      0   Active         sf3

(2)     查看所有实服务组的详细信息。

[Sysname]display server-farm name sf1

Server farm: sf1

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1        0      100     4

[Sysname] display server-farm name sf2

Server farm: sf2

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs2               Active         192.168.1.2        0      100     4

[Sysname] display server-farm name sf3

Server farm: sf3

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs3               Active         192.168.1.3        0      100     4

(3)     查看所有虚服务器的详细信息。

[Sysname] display virtual-server

Virtual server: vs

    Description:

    Type: HTTP

    State: Active

    Virtual IPv4 address: 61.159.4.100/32

    Virtual IPv6 address: --

    Port: 80

    Default server farm:

    Backup server farm:

    Sticky:

LB policy: lp1

HTTP parameter profile: pp1

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

InboundBandwidth: --

        OutboundBandwidth: --

    SSL server policy:

    SSL client policy:

    Redirect relocation:

    Redirect return-code: 302

  Sticky synchronization: Disabled

(4)     Host发起包含url值分别包含aaasportsnewsgovernment financetechnologyshopping的请求报文共7个访问HTTP服务器,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息,且在Host端抓包可以看到,服务器端发回的响应报文中头部有set-cookie字段。

[Sysname] display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections:3

    Active connections:0

    Max connections:3

    Connections per second: 0

    Max connections per second:3

    Client input: 3081 bytes

    Client output: 5913 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 8994 bytes/s

Max inbound throughput: 3081 bytes/s

    Max outbound throughput: 5913 bytes/s

    Received packets:18

    Sent packets:16

    Dropped packets: 0

    Received requests:9

    Dropped requests:2

    Sent responses:7

Dropped responses: 0

[Sysname] display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections:3

    Active connections:0

    Max connections:1

    Connections per second: 0

    Max connections per second:3

    Server input: 3604742 bytes

    Server output: 7205452 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 10807648 bytes/s

Max inbound throughput: 3603124 bytes/s

Max outbound throughput: 7204524 bytes/s

    Received packets:180123

    Sent packets:90084

    Dropped packets: 0

    Received requests:2

    Dropped requests: 0

    Sent responses:2

Dropped responses: 0

[Sysname] display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections:3

    Active connections:0

    Max connections:1

    Connections per second: 0

    Max connections per second:3

    Server input: 2427 bytes

    Server output: 1402 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 3829 bytes/s

Max inbound throughput: 2427 bytes/s

    Max outbound throughput: 1402 bytes/s

    Received packets:15

    Sent packets:9

    Dropped packets: 0

    Received requests:3

    Dropped requests: 0

    Sent responses:3

Dropped responses: 0

[Sysname] display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections:3

    Active connections:0

    Max connections: 1

    Connections per second: 0

    Max connections per second:3

   Server input: 3645026 bytes

    Server output: 7286008bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

    Max throughput: 10929315 bytes/s

Max inbound throughput: 3644013 bytes/s

    Max outbound throughput: 7285302 bytes/s

    Received packets:182137

    Sent packets:91091

    Dropped packets: 0

    Received requests:2

    Dropped requests: 0

    Sent responses:2

Dropped responses: 0

5.2.7  配置文件

·     交换机

#

vlan 1700

#

vlan 1710

#

vlan 1730

#

vlan 1780

#

interface Vlan-interface1700

 ip address 170.1.1.1 255.255.255.0

#

interface Vlan-interface1710

 ip address 171.1.1.1 255.255.255.0

#

interface Vlan-interface1730

 ip address 192.168.1.4 255.255.255.0

#

interface Vlan-interface1780

 ip address 178.1.1.1 255.255.255.0

#

ip route-static 61.159.4.100 255.255.255.255 171.1.1.2

#

policy-based-route p7 permit node 1

  if-match acl 3101

apply next-hop 178.1.1.2

#

acl number 3101

 rule 0 permit ip source 192.168.1.0 0.0.0.255

#

·     LB设备

#

interface GigabitEthernet1/0/8.1710

  ip address 171.1.1.2 255.255.255.0

  vlan-type dot1q vid 1710

#

interface GigabitEthernet1/0/8.1780

 ip address 178.1.1.2 255.255.255.0

vlan-type dot1q vid 1780

#

ip route-static 192.168.1.0 24 178.1.1.1

ip route-static 170.1.1.0 24 171.1.1.1

#

nqa template http t1

#

sticky-group sg1 type http-cookie

 cookie insert name cookie1

#

parameter-profile pp1 type http

 rebalance per-request

#

server-farm sf1

predictor hash address source

probe t1

#

server-farm sf2

predictor hash address source

probe t1

#

server-farm sf3

predictor hash address source

probe t1

#

loadbalance class lc1 type http match-any

 match 1 url sports

 match 2 url news

 match 3 url government

#

loadbalance class lc2 type http match-any

 match 1 url finance

 match 2 url technology

 match 3 url shopping

#

loadbalance action la1 type http

 server-farm sf1 sticky sg1

#

loadbalance action la2 type http

 server-farm sf2 sticky sg1

#

loadbalance action la3 type http

 server-farm sf3 sticky sg1

#

loadbalance policy lp1 type http

 class lc1 action la1

 class lc2 action la2

 default-class action la3

#

real-server rs1

 ip address 192.168.1.1

 

 server-farm sf1

#

real-server rs2

 ip address 192.168.1.2

 

 server-farm sf2

#

real-server rs3

 ip address 192.168.1.3

 

 server-farm sf3

#

 

virtual-server vs type http

 virtual ip address 61.159.4.100

 

parameter http pp1

 lb-policy lp1

 service enable

#

5.3  HTTPS卸载

5.3.1  组网需求

5所示,Host通过LB设备对3台服务器进行访问,三台服务器Server AServer BServer C均可提供HTTP服务,Host访问服务器的流量会在三台服务器之间负载分担。HTTPS卸载是指LB设备为内网的Web服务器提供SSL加解密服务,对外提供安全(SSL加密)访问Web服务器的功能。内网Web服务器只需处理业务,无须耗费CPU进行SSL加解密运算,从而提高服务器的处理能力。

图5 LB设备SSL卸载组网图(箭头方向为流量走向)

5.3.2  配置思路

为了实现HTTPS卸载功能,需要在LB设备上完成如下配置:

·     CA证书和设备证书导入到LB设备,并在LB设备上创建SSL策略。

·     配置实服务组、实服务器和虚服务。

5.3.3  使用版本

本举例是在L5000-SVersion 7.1.053Alpha 8103版本上进行配置和验证的。

5.3.4  配置注意事项

·     确保HostLB设备的虚服务路由可达。

·     要先申请正确的证书,再将申请的证书通过FTPTFTP上传到LB设备上。

·     LB设备上配置的实服务器地址要与相应的实服务器地址保持一致。

·     配置完虚服务后,需要开启虚服务。

5.3.5  配置步骤

说明

以下验证过程均在LB设备上进行。

 

(1)     将申请的CA证书和设备证书通过FTPTFTP上传到LB设备上,配置步骤略。

(2)     创建PKI域,并禁止CRL检查

<Sysname> system-view

[Sysname] pki domain ca

[Sysname-pki-domain-ca] undo crl check enable

[Sysname-pki-domain-ca] quit

(3)     导入CA证书和设备证书到创建的PKIca

[Sysname] pki import domain ca der ca filename certnew.cer

[Sysname] pki import domain ca p12 local filename local.pfx

(4)     创建SSL服务器端策略,并且引用PKIca

[Sysname] ssl server-policy ssl

[Sysname-ssl-server-policy-ssl] pki-domain ca

[Sysname-ssl-server-policy-ssl] quit

(5)     配置实服务组

# 创建实服务组sf,采用的调度算法为源IP地址的hash算法。

[Sysname] server-farm sf

[Sysname-rserver-sf] predictor hash address source

[Sysname-rserver-sf] quit

(6)     配置实服务器

# 创建实服务器rs1,配置其IPv4地址为192.168.1.1、权值为150,并加入实服务组sf

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

 [Sysname-rserver-rs1] weight 150

[Sysname-rserver-rs1] server-farm sf

[Sysname-rserver-rs1] quit

# 创建实服务器rs2,配置其IPv4地址为192.168.1.2、权值为120,并加入实服务组sf

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] weight 120

[Sysname-rserver-rs2] server-farm sf

[Sysname-rserver-rs2] quit

# 创建实服务器rs3,配置其IPv4地址为192.168.1.3、权值为80,并加入实服务组sf

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] weight 80

[Sysname-rserver-rs3] server-farm sf

[Sysname-rserver-rs3] quit

(7)     配置虚服务器

# 创建HTTP类型的虚服务器vs,配置其VSIP61.159.4.100,指定其默认实服务组为sf,端口号为443,引用ssl策略ssl

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] virtual ip address 61.159.4.100

[Sysname-vs-http-vs] port 443

[Sysname-vs-http-vs] default server-farm sf

[Sysname-vs-http-vs] ssl-server-policy ssl

[Sysname-vs-http-vs] service enable

[Sysname-vs-http-vs] quit

5.3.6  验证配置

(1)     查看所有实服务器的简要信息。

[Sysname] display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1        80     Active         sf

rs2               192.168.1.2        80     Active         sf

rs3               192.168.1.3        80     Active         sf

(2)     查看所有实服务组的详细信息。

[Sysname] display server-farm

Server farm: sf

    Description:

    Predictor: Round robin

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 3

    Active real server: 3

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1       80       150     4

    rs2               Active         192.168.1.2       80       120     4

    rs3               Active         192.168.1.3       80       80     4

(3)     查看所有虚服务器的详细信息。

[Sysname] display virtual-server

Virtual server: vs

    Description:

    Type: HTTP

    State: Active

    Virtual IPv4 address: 61.159.4.100/32

    Virtual IPv6 address: --

    Port: 443

    Default server farm: sf (in use)

    Backup server farm:

    Sticky:

    LB policy:

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

InboundBandwidth: --

        OutboundBandwidth: --

    SSL server policy: ssl

    SSL client policy:

    Redirect relocation:

    Redirect return-code: 302

  Sticky synchronization: Disabled

(4)     Host通过https:// 61.159.4.100访问HTTP服务器,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息。

[Sysname]display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections: 372

    Active connections: 3

    Max connections: 293

    Connections per second: 0

    Max connections per second:11

    Client input: 32861115 bytes

    Client output: 35976439 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 491640 bytes/s

Max inbound throughput: 0 bytes/s

Max outbound throughput: 0 bytes/s

    Received packets: 302121

    Sent packets: 395025

    Dropped packets: 0

    Received requests: 2541

    Dropped requests: 0

    Sent responses: 2437

Dropped responses: 0

[Sysname]display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections: 123

    Active connections: 1

    Max connections: 21

    Connections per second: 0

    Max connections per second: 1

    Server input: 307462 bytes

    Server output: 27460 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 316457 bytes/s

Max inbound throughput: 105485 bytes/s

Max outbound throughput: 210972 bytes/s

    Received packets: 3192

    Sent packets: 2364

    Dropped packets: 0

    Received requests: 1112

    Dropped requests: 0

    Sent responses: 1112

Dropped responses: 0

[Sysname]display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections: 125

    Active connections: 1

    Max connections: 22

    Connections per second: 0

    Max connections per second: 1

    Server input: 870147 bytes

    Server output: 45163 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 580348 bytes/s

Max inbound throughput: 19346 bytes/s

Max outbound throughput: 38692 bytes/s

    Received packets: 7486

    Sent packets: 5114

    Dropped packets: 0

    Received requests: 697

    Dropped requests: 0

    Sent responses: 697

Dropped responses: 0

[Sysname]display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections: 124

    Active connections: 1

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 870147 bytes

    Server output: 45163 bytes

Throughput: 0 bytes/s

Inbound throughput: 0 bytes/s

Outbound throughput: 0 bytes/s

Max throughput: 580348 bytes/s

Max inbound throughput: 193449 bytes/s

Max outbound throughput: 386899 bytes/s

    Received packets: 2780

    Sent packets: 3115

    Dropped packets: 0

    Received requests: 732

    Dropped requests: 0

    Sent responses: 732

Dropped responses: 0

5.3.7  配置文件

#

pki domain ca

 undo crl check enable

#

pki import domain ca der ca filename certnew.cer 

pki import domain ca p12 local filename local.pfx

#

ssl server-policy ssl

 pki-domain ca

#

server-farm sf

 predictor hash address source

#

real-server rs1

 ip address 192.168.1.1

 port 80

weight 150

 server-farm sf

#

real-server rs2

 ip address 192.168.1.2

port 80

 weight 120

 server-farm sf

#

real-server rs3

 ip address 192.168.1.3

port 80

 weight 80

 server-farm sf

#

virtual-server vs type http

 virtual ip address 61.159.4.100

 port 443

 default server-farm sf

ssl-server-policy ssl

 service enable

 

双机热备组网

6.1.1  组网需求

6所示,为提高可靠性,由两台负载均衡设备采用双机热备方式进行组网。Host通过双机堆叠的LB设备对3HTTP服务器进行访问,三台服务器Server AServer BServer C通过二层交换机与LB直连,均可提供HTTP服务;Host访问服务器的流量会根据Host访问的url在三台服务器之间负载分担:url中含有sportsgovernmentnews的请求分给Server Aurl中含有financetechnologyshopping的请求分给Server B,其他url的请求分给ServerC

图6 LB设备双机热备组网图

6.1.2  配置思路

为了实现双机热备组网下的七层服务器负载均衡,需要完成如下配置:

·     在两台LB设备上建立堆叠,以及冗余接口。

·     LB设备上配置实服务组、实服务器和虚服务,开启会话备份功能

6.1.3  使用版本

本举例是在L1000-SVersion 7.1.054, Alpha 8102版本上进行配置和验证的。

6.1.4  配置注意事项

·     LB设备上配置的虚服务器地址,配置为冗余口的sub地址。

·     配置完虚服务后,需要开启虚服务。

6.1.5  配置步骤

1. 配置LB_1LB_2设备堆叠

(1)     配置LB_1

[Sysname] irf-port 1/1

[Sysname-irf-port1/1] port group interface gigabitEthernet1/0/0

[Sysname-irf-port1/1] quit

(2)     配置LB_2

[Sysname] irf-port 2/2

[Sysname-irf-port2/2] port group interface gigabitEthernet2/0/0

[Sysname-irf-port2/2] quit

2. 待两台LB形成堆叠后,配置冗余接口

[Sysname] interface Reth 1

[Sysname-Reth1] ip address 61.159.4.100 255.255.255.0

[Sysname-Reth1] ip address 61.159.4.200 255.255.255.0 sub

[Sysname-Reth1] member interface gigabitEthernet1/0/1 priority 100

[Sysname-Reth1] member interface gigabitEthernet2/0/1 priority 50

[Sysname-Reth1] quit

[Sysname] interface Reth 2

[Sysname-Reth2] ip address 192.168.1.100 255.255.255.0

[Sysname-Reth2] member interface gigabitEthernet1/0/2 priority 100

[Sysname-Reth2] member interface gigabitEthernet2/0/2 priority 50

[Sysname-Reth2] quit

# 配置track

[Sysname] track 1 interface gigabitEthernet1/0/1

[Sysname] track 2 interface gigabitEthernet1/0/2

[Sysname] track 3 interface gigabitEthernet2/0/1

[Sysname] track 4 interface gigabitEthernet2/0/2

# 配置冗余组、冗余组成员接口、冗余组节点并关联track

[Sysname] redundancy group bbb

[Sysname-redundancy-group-bbb] member interface Reth 1

[Sysname-redundancy-group-bbb] member interface Reth 2

[Sysname-redundancy-group-bbb] node 1

[Sysname-redundancy-group-bbb-node-1] bind slot 1

[Sysname-redundancy-group-bbb-node-1] priority 100

[Sysname-redundancy-group-bbb-node-1] track 1 interface gigabitEthernet1/0/1

[Sysname-redundancy-group-bbb-node-1] track 2 interface gigabitEthernet1/0/2

[Sysname-redundancy-group-bbb-node-1] quit

[Sysname-redundancy-group-bbb] node 2

[Sysname-redundancy-group-bbb-node-2] bind slot 2

[Sysname-redundancy-group-bbb-node-2] priority 50

[Sysname-redundancy-group-bbb-node-2] track 3 interface gigabitEthernet2/0/1

[Sysname-redundancy-group-bbb-node-2] track 4 interface gigabitEthernet2/0/2

[Sysname-redundancy-group-bbb-node-2] quit

[Sysname-redundancy-group-bbb] quit

3. 配置实服务组和实服务器

#配置实服务组sf1sf2sf3,均采用源IP地址的hash算法

[Sysname] server-farm sf1

[Sysname-sfarm-sf1] predictor hash address source

[Sysname-sfarm-sf1] quit

[Sysname] server-farm sf2

[Sysname-sfarm-sf2] predictor hash address source

[Sysname-sfarm-sf2] quit

[Sysname] server-farm sf3

[Sysname-sfarm-sf3] predictor hash address source

[H3C-sfarm-sf3] quit

# 配置实服务器,rs1rs2rs3分别属于实服务组sf1sf2sf3

[Sysname] real-server rs1

[Sysname-rserver-rs1] ip address 192.168.1.1

[Sysname-rserver-rs1] server-farm sf1

[Sysname-rserver-rs1] quit

[Sysname] real-server rs2

[Sysname-rserver-rs2] ip address 192.168.1.2

[Sysname-rserver-rs2] server-farm sf2

[H3C-rserver-rs2] quit

[Sysname] real-server rs3

[Sysname-rserver-rs3] ip address 192.168.1.3

[Sysname-rserver-rs3] server-farm sf3

[Sysname-rserver-rs3] quit

4. 配置负载均衡策略

# 配置负载均衡类lc1lc2

[Sysname] loadbalance class lc1 type http match-any

[Sysname-lbc-http-lc1] match 1 url sports

[Sysname-lbc-http-lc1] match 2 url news

[Sysname-lbc-http-lc1] match 3 url government

[Sysname-lbc-http-lc1] quit

[Sysname] loadbalance class lc2 type http match-any

[Sysname-lbc-http-lc2] match 1 url finance

[Sysname-lbc-http-lc2] match 2 url technology

[Sysname-lbc-http-lc2] match 3 url shopping

[Sysname-lbc-http-lc2] quit

# 配置持续性组sg1,持续性方法为Cookie插入(即在服务器发送的HTTP应答报文中插入Set-cookie字段用于持续性处理)

[Sysname] sticky-group sg1 type http-cookie

[Sysname-sticky-http-cookie-sg1] cookie insert

[Sysname-sticky-http-cookie-sg1] quit

# 配置负载均衡动作la1la2la3,应用持续性方法sg1

[Sysname] loadbalance action la1 type http

[Sysname-lba-http-la1] server-farm sf1 sticky sg1

[Sysname-lba-http-la1] quit

[Sysname] loadbalance action la2 type http

[Sysname-lba-http-la2] server-farm sf2 sticky sg1

[Sysname-lba-http-la2] quit

[Sysname] loadbalance action la3 type http

[Sysname-lba-http-la3] server-farm sf3 sticky sg1

[Sysname-lba-http-la3] quit

# 配置负载均衡策略lp1

[Sysname] loadbalance policy lp1 type http

[Sysname-lbp-http-lp1] class lc1 action la1

[Sysname-lbp-http-lp1] class lc2 action la2

[Sysname-lbp-http-lp1] default-class action la3

[Sysname-lbp-http-lp1] quit

5. 配置参数模板,对每个HTTP请求报文都进行负载均衡

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] rebalance per-request

[Sysname-para-http-pp1] quit

6. 配置虚服务vs,应用负载均衡策略lp1,以及参数模板pp1,开启持续性表项的备份功能

[Sysname] session synchronization enable

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] virtual ip address 61.159.4.200

[Sysname-vs-http-vs] lb-policy lp1

[Sysname-vs-http-vs] parameter http pp1

[Sysname-vs-http-vs] sticky-sync enable

[Sysname-vs-http-vs] service enable

[Sysname-vs-http-vs] quit

6.1.6  验证配置

(1)     查看两台LB形成的双机IRF

<Sysname> display irf

MemberID    Role    Priority  CPU-Mac         Description

 *+1        Master  10        586a-b108-77ff  ---

   2        Standby 1         586a-b108-7867  ---

--------------------------------------------------

 * indicates the device is the master.

 + indicates the device through which the user logs in.

 

 The Bridge MAC of the IRF is: 586a-b108-77fd

 Auto upgrade                : yes

 Mac persistent              : 6 min

 Domain ID                   : 0

<Sysname> display redundancy group

Redundancy group bbb (ID 1):

  Node ID      Slot          Priority   Status        Track weight

  1            Slot1         100        Primary       255

  2            Slot2         50         Secondary     255

 

Preempt delay time remained     : 0    min

Preempt delay timer setting     : 1    min

Remaining hold-down time        : 0    sec

Hold-down timer setting         : 1    sec

Manual switchover request       : No

 

Member interfaces:

    Reth1                 Reth2

 

Node 1:

  Track info:

    Track    Status       Reduced weight     Interface

    1        Positive     255                GE1/0/1

    2        Positive     255                GE1/0/2

Node 2:

  Track info:

    Track    Status       Reduced weight     Interface

    3        Positive     255                GE2/0/1

    4        Positive     255                GE2/0/2

<Sysname> display reth interface Reth 1

Reth1 :

  Redundancy group  : bbb

  Member           Physical status         Forwarding status   Presence status

  GE1/0/1          UP                      Active              Normal

  GE2/0/1          UP                      Inactive            Normal

<Sysname> display reth interface Reth 2

Reth2 :

  Redundancy group  : bbb

  Member           Physical status         Forwarding status   Presence status

  GE1/0/2          UP                      Active              Normal

  GE2/0/2          UP                      Inactive            Normal

(2)     查看所有实服务器的简要信息。

<Sysname> display real-server brief

Real server       Address          Port   State          Server farm

rs1               192.168.1.1        0      Active         sf1

rs2               192.168.1.2        0      Active         sf2

rs3               192.168.1.3        0      Active         sf3

(3)     查看所有实服务组的详细信息。

<Sysname> display server-farm name sf1

Server farm: sf1

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs1               Active         192.168.1.1        0      100     4

 

<Sysname> display server-farm name sf2

Server farm: sf2

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs2               Active         192.168.1.2        0      100     4

 

<Sysname> display server-farm name sf3

Server farm: sf3

    Description:

    Predictor: Hash address source IP

    NAT: Enabled

    SNAT pool:

    Failed action: Keep

    Active threshold: Disabled

    Slow-online: Disabled

    Selected server: Disabled

    Total real server: 1

    Active real server: 1

    Real server list:

    Name              State          Address          Port   Weight  Priority

    rs3               Active         192.168.1.3        0      100     4

 

(4)     查看所有虚服务器的详细信息。

<Sysname> display virtual-server name vs

Virtual server: vs

    Description:

    Type: HTTP

    State: Active

    VPN instance:

    Virtual IPv4 address: 61.159.4.200/32

    Virtual IPv6 address: --

    Port: 80

    Default server farm:

    Backup server farm:

    Sticky:

    LB policy: lp1

    HTTP parameter profile: pp1

    Connection limit: --

    Rate limit:

        Connections: --

        Bandwidth: --

        InboundBandwidth: --

        OutboundBandwidth: --

    SSL server policy:

    SSL client policy:

    Redirect relocation:

    Redirect return-code: 302

  Sticky synchronization: Disabled

(5)     Host发起包含url值分别包含aaasportsnewsgovernment financetechnologyshopping的请求报文共7个,访问成功,可以在LB设备上查看到虚服务和实服务的统计信息

<Sysname> display virtual-server statistics name vs

Slot 1:

Virtual server: vs

    Total connections: 1

    Active connections: 0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Client input: 2237 bytes

    Client output: 5199 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 7436 bytes/s

    Max inbound throughput: 2237 bytes/s

    Max outbound throughput: 5199 bytes/s

    Received packets: 10

    Sent packets: 8

    Dropped packets: 0

    Received requests: 7

    Dropped requests: 0

    Sent responses: 7

    Dropped responses: 0

 

Slot 2:

Virtual server: vs

    Total connections: 0

    Active connections: 0

    Max connections: 0

    Connections per second: 0

    Max connections per second: 0

    Client input: 0 bytes

    Client output: 0 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

    Max inbound throughput: 0 bytes/s

    Max outbound throughput: 0 bytes/s

    Received packets: 0

    Sent packets: 0

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

 

<Sysname> display real-server statistics name rs1

Slot 1:

Real server: rs1

    Total connections: 1

    Active connections: 0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 2259 bytes

    Server output: 1069 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 3328 bytes/s

    Max inbound throughput: 2259 bytes/s

    Max outbound throughput: 1069 bytes/s

    Received packets: 7

    Sent packets: 5

    Dropped packets: 0

    Received requests: 3

    Dropped requests: 0

    Sent responses: 3

    Dropped responses: 0

 

Slot 2:

Real server: rs1

    Total connections: 0

    Active connections: 0

    Max connections: 0

    Connections per second: 0

    Max connections per second: 0

    Server input: 0 bytes

    Server output: 0 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

    Max inbound throughput: 0 bytes/s

    Max outbound throughput: 0 bytes/s

    Received packets: 0

    Sent packets: 0

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

 

<Sysname> display real-server statistics name rs2

Slot 1:

Real server: rs2

    Total connections: 1

    Active connections: 0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 2259 bytes

    Server output: 1074 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 3333 bytes/s

    Max inbound throughput: 2259 bytes/s

    Max outbound throughput: 1074 bytes/s

    Received packets: 7

    Sent packets: 5

    Dropped packets: 0

    Received requests: 3

    Dropped requests: 0

    Sent responses: 3

    Dropped responses: 0

 

Slot 2:

Real server: rs2

    Total connections: 0

    Active connections: 0

    Max connections: 0

    Connections per second: 0

    Max connections per second: 0

    Server input: 0 bytes

    Server output: 0 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

    Max inbound throughput: 0 bytes/s

    Max outbound throughput: 0 bytes/s

    Received packets: 0

    Sent packets: 0

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

 

<Sysname> display real-server statistics name rs3

Slot 1:

Real server: rs3

    Total connections: 1

    Active connections: 0

    Max connections: 1

    Connections per second: 0

    Max connections per second: 1

    Server input: 809 bytes

    Server output: 462 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 1271 bytes/s

    Max inbound throughput: 809 bytes/s

    Max outbound throughput: 462 bytes/s

    Received packets: 5

    Sent packets: 3

    Dropped packets: 0

    Received requests: 1

    Dropped requests: 0

    Sent responses: 1

    Dropped responses: 0

 

Slot 2:

Real server: rs3

    Total connections: 0

    Active connections: 0

    Max connections: 0

    Connections per second: 0

    Max connections per second: 0

    Server input: 0 bytes

    Server output: 0 bytes

    Throughput: 0 bytes/s

    Inbound throughput: 0 bytes/s

    Outbound throughput: 0 bytes/s

    Max throughput: 0 bytes/s

    Max inbound throughput: 0 bytes/s

    Max outbound throughput: 0 bytes/s

    Received packets: 0

    Sent packets: 0

    Dropped packets: 0

    Received requests: 0

    Dropped requests: 0

    Sent responses: 0

    Dropped responses: 0

6.1.7  配置文件

#

irf-port 1/1

 port group interface GigabitEthernet1/0/0

#

irf-port 2/2

 port group interface GigabitEthernet2/0/0

#

interface Reth1

 ip address 61.159.4.100 255.255.255.0

 ip address 61.159.4.200 255.255.255.0 sub

 member interface GigabitEthernet1/0/1 priority 100

 member interface GigabitEthernet2/0/1 priority 50

#

interface Reth2

 ip address 192.168.1.100 255.255.255.0

 member interface GigabitEthernet1/0/2 priority 100

 member interface GigabitEthernet2/0/2 priority 50

#

redundancy group bbb

 member interface Reth1

 member interface Reth2

 node 1

  bind slot 1

  priority 100

  track 1 interface GigabitEthernet1/0/1

  track 2 interface GigabitEthernet1/0/2

 node 2

  bind slot 2

  priority 50

  track 3 interface GigabitEthernet2/0/1

  track 4 interface GigabitEthernet2/0/2

#

 session synchronization enable

#

sticky-group sg1 type http-cookie

 cookie insert

#

parameter-profile pp1 type http

 rebalance per-request

#

server-farm sf1

predictor hash address source

#

server-farm sf2

predictor hash address source

#

server-farm sf3

predictor hash address source

#

loadbalance class lc1 type http match-any

 match 1 url sports

 match 2 url news

 match 3 url government

#

loadbalance class lc2 type http match-any

 match 1 url finance

 match 2 url technology

 match 3 url shopping

#

loadbalance action la1 type http

 server-farm sf1 sticky sg1

#

loadbalance action la2 type http

 server-farm sf2 sticky sg1

#

loadbalance action la3 type http

 server-farm sf3 sticky sg1

#

loadbalance policy lp1 type http

 class lc1 action la1

 class lc2 action la2

 default-class action la3

#

real-server rs1

 ip address 192.168.1.1

 server-farm sf1

#

real-server rs2

 ip address 192.168.1.2

 server-farm sf2

#     

real-server rs3

 ip address 192.168.1.3

 server-farm sf3

#

virtual-server vs type http

 virtual ip address 192.168.1.200

 parameter http pp1

 lb-policy lp1

 service enable

sticky-sync enable

#      

 track 1 interface GigabitEthernet1/0/1

 track 2 interface GigabitEthernet1/0/2

 track 3 interface GigabitEthernet2/0/1

 track 4 interface GigabitEthernet2/0/2

#