《负载均衡A10培训ppt课件.pptx》由会员分享,可在线阅读,更多相关《负载均衡A10培训ppt课件.pptx(27页珍藏版)》请在三一办公上搜索。
1、Load Balancing Concepts,Section 1,Section objectives,Understand main load balancing goals and conceptsConfigure AX L4 SLB Virtual ServerConfigure two common L4 SLB Virtual Server options (Source IP Persistence + NAT),Load balancing goals,Provide high availability of servicesShare load among multiple
2、 servers (load balancing),Topology: One-armed L2 (switched) mode (p. 1 of 2),100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,SNAT = 100.0.0.50,100.0.0.0/24,100.0.0.100-200,Topology: One-armed L2 (switched) mode (p. 2 of 2),Benefits:No change required on clients or serversEasy to testClients can be in server
3、s subnet,Points to keep in mind:Servers lose Client IP visibility (can be partly remedied by IP header insertion in HTTP (X-ClientIP (customizable)Requires Source NAT on SLB,100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,SNAT = 100.0.0.50,100.0.0.0/24,100.0.0.100-200,Topology: L3 (routed) mode with SNAT (p
4、. 1 of 2),100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,SNAT = 100.0.1.50,100.0.1.0/24,100.0.1.100-200,Topology: L3 (routed) mode with SNAT (p. 2 of 2),Benefits:No change required on clients or serversEasy to test,Points to keep in mind:Servers lose Client IP visibility (canbe partly remedied by IP header
5、 insertion in HTTP)Requires Source NAT on SLB,100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,SNAT = 100.0.1.50,100.0.1.0/24,100.0.1.100-200,Topology: L3 (routed) mode w/o SNAT (p. 1 of 2),100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,100.0.1.0/24,100.0.1.100-200,Topology: L3 (routed) mode w/o SNAT (p. 2 of 2),Be
6、nefits:No change required on clients or serversProvides additional layer of security,Points to keep in mind:Configure SLB as default gateway on servers,100.0.0.0/24,200.0.0.1,VIP = 100.0.0.10,100.0.1.0/24,100.0.1.100-200,100.0.0.0/24,Topology: DSR mode (p. 1 of 2),200.0.0.1,VIP = 100.0.0.10,100.0.0.
7、0/24,Loopback IP = VIP = 100.0.0.10,100.0.0.100-200,Topology: DSR mode (p. 2 of 2),Benefits:Highly scalable (SLB processes only incoming traffic),Points to keep in mind:Cant use any AX layer 7 features (aFleX can still be applied at virtual port level)Configure VIP IP as loopback on servers,100.0.0.
8、0/24,200.0.0.1,VIP = 100.0.0.10,100.0.0.0/24,100.0.0.100-200,Loopback IP = VIP = 100.0.0.10,Server Load Balancing (SLB),AX SLB configuration has three core elements:Servers, Service Groups, Virtual Servers (VIPs),SLB: Server,Minimum configurationNameIP address (can use DNS name)PortsServer configura
9、tionWebUI: Config Service SLB ServerCLI: AX(config)# slb server Server status and statisticsWebUI: Monitor Service SLB ServerCLI: AX# show slb server ,SLB: Service Group,Minimum configurationNameType (TCP/UDP)LB AlgorithmAt least one Server/Port,Load balancing algorithms,Service group load-balancing
10、 algorithmsRound-RobinLeast ConnectionService Least ConnectionWeighted Round RobinWeighted Least ConnectionService Weighted Least ConnectionFastest Response timeLeast RequestRound Robin StrictStateless (new in release 2.4.2; see notes),Health Monitor,Service availability is checked using health moni
11、torsHealth monitors can be applied to:ServerServer:PortService GroupHealth monitors can test server availabilityOn layer 3: ping (icmp)On layer 4: tcp, udpOn layer 7 (application): http, https, ftp, smtp, pop3, snmp, dns, radius, ldap, rtsp, sip, ntpVia manually created scripts Multiple L3/L4/L7 tes
12、ts can also be combined in a Boolean expression (and/or/not),Applying health monitor,Physical server health monitorIf HM fails, that server is considered down and service groups configured with that specific server stop using it for load balancingNote: Default Server health monitor is icmp.Physical
13、server port health monitoringIf HM fails, that server port is considered down and service groups configured with that specific server:port stop using it for load balancingNote: Default TCP Server Port Health Monitor is tcp handshakeService group health monitorIf HM fails for a specific member, the s
14、ervice group stops using this member for load balancingNote: By default there is no health monitor configured on Service Group,Source IP persistence,When to use Source IP persistenceSource IP persistence must be used when clients must have their future connections/traffic terminated on the same serv
15、er,Source IP persistence template,Create Source IP Persistence TemplateNameType:Port (persistence per VIP:Port)Server (persistence per VIP)Service-Group (persistence per URL or Host)Timeout: How long inactive entries are saved (default = 5 minutes)Dont Honor Conn Rules: Ignore connection limits defi
16、ned on Servers and Server Ports and connect new clients connections to the Server (default = disabled)Netmask: Granularity of Client IP address hashing (default = 255.255.255.255 for the most granularity)Assign the Source IP Persistence Template to the Virtual Server Port,NAT: SLB Source NAT templat
17、e,Create IP Source NAT Pool:Name: Name of the templateStart IP address (can be the AX interface IP)End IP address (can be the same as Start IP)Note: If the Start and End IP address are the same, the AX will NAT with one unique IP address and can NAT up to 64k flowsNetmask (used by IP Source NAT Grou
18、p when servers are on different subnets)(optional) Gateway: Specify a gateway to use to reply to the clients requests (optional) HA Group: Specify the HA group to tie to the SLB source NAT poolAssign the SLB Source NAT Pool to the Virtual Server Port,SLB: Virtual Server,Minimum configurationNameIP a
19、ddress (accessed by end users)Virtual Server Ports (usually),SLB: Virtual Server Port (vPort),Minimum configurationType: (TCP/UDP/HTTP/HTTPS/Fast-HTTP/RTSP/FTP/MMS/SSL-Proxy/SMTP/SIP/SIP-TCP/SIP-TLS/Others) Port Service Group (usually)Pre-configured elements are applied here,SLB processing order: Vi
20、rtual Server,Virtual Servers are processed from the most specific to the least specific. Example:slb virtual-server acme 10.0.1.12 port 80 http service-group acmeslb virtual-server emca 10.0.1.14 port 0 tcp service-group emcaslb virtual-server default 0.0.0.0 port 0 tcp service-group defaultVirtual
21、Servers are displayed in the order of processing from the CLI,SLB processing order: Virtual Server Port (vPort),vPorts are displayed under Virtual Server in the order they were added but processed from most specific to least specific. Example:slb virtual-server default 0.0.0.0 port 0 tcp service-gro
22、up default port 80 tcp service-group httpIn the above example port 80 will be matched against incoming connection first,SLB processing order: vPort configuration elements,Configuration elements applied on the Virtual Server Port are processed in the following order:Layer 4:DNS templatePolicy templat
23、eAll other templatesService groupLayer 7:Cookie persistence templateaFleX scriptAll other templatesService group,Lab,Configure Layer 4 SLB Virtual Server (VIP)Physical serversService GroupSource NATSource IP PersistenceVirtual ServerVerify functionality,Section summary,In this section we discussed:L
24、oad balancings main goals: server load sharing and high availability of servicesLoad balancers network integration modes: routed, one-arm, transparent, and DSRTwo common L4 SLB options and their AX configurationWe have configured the following:AX Layer 4 SLB Virtual ServerSource IP Persistence SLB Source NAT,
