《F5 BIG-IP LTM 负载均衡器培训》由会员分享,可在线阅读,更多相关《F5 BIG-IP LTM 负载均衡器培训(107页珍藏版)》请在文档大全上搜索。
1、 地址地址: :广州市体育西路广州市体育西路1-31-3号号1919楼楼邮编邮编:510620:510620电话电话:(:(020)85239088020)85239088传真传真:(020)85239899:(020)85239899热线热线:(020)85239199:(020)85239199网址网址:F5 BIG-IP LTM F5 BIG-IP LTM 负载均衡器培训负载均衡器培训 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置
2、BIG-IP命令行命令行典型组网典型组网 F5 BIG-IP F5 BIG-IP 产品分类产品分类BIG-IP LC链路接入优化链路接入优化BIG-IP LTM应用流量管理应用流量管理BIG-IP GTM广域网流量优化广域网流量优化 LTMLocal Traffic Manager 局域网流量管理器局域网流量管理器Page 46800640034001500Simplified Management:Lights Out Management Multi-Boot SupportLCD for Simplified Management Hot-Swappable PartsRedundant
3、 Power / Fans Port FlexibilityPCI SlotsIndependent Secure Management AccessPowerful:Packet Velocity ASIC 2High Performance SSL & CompressionHigh Performance Switching FabricDual Processor*All Models Include 100 TPS SSL Acceleration8400 F5F5BIG-IP 1500BIG-IP 1500介绍介绍u 2 2个千兆光纤端口,个千兆光纤端口,4 4个千兆电口个千兆电口
4、u 内置独立管理机内置独立管理机- -生产系统与管理系统分离,进一步提高系统可靠性生产系统与管理系统分离,进一步提高系统可靠性u 768MB768MB内存,单内存,单CPUCPUu BIGIP 1500 LTMBIGIP 1500 LTM 全面支持多应用负载均衡:12种负载均衡算法 可编程控制架构:50多个事件,200多个函数处理 内置100TPS SSL加速功能,独立NP处理SSL对称算法和非对称算法 多种可扩展模块:SSL加速、带宽控制、内存Cache、HTTP压缩 BIG-IP 3400 BIG-IP 3400 介绍介绍Page 6u 2 2个千兆光纤端口,个千兆光纤端口,8 8个千兆电
5、口个千兆电口u 内置独立管理机内置独立管理机- -生产系统与管理系统分离,进一步提高系统可靠性生产系统与管理系统分离,进一步提高系统可靠性u Packet Velocity ASIC 2Packet Velocity ASIC 2提供高性能四提供高性能四- -七层处理七层处理u 1GB1GB内存,超线程内存,超线程2.8Ghz CPU2.8Ghz CPUu BIGIP 3400 LTMBIGIP 3400 LTM 全面支持多应用负载均衡:12种负载均衡算法 可编程控制架构:50多个事件,200多个函数处理 内置100TPS SSL加速功能,独立NP处理SSL对称算法和非对称算法 多种可扩展模块
6、:SSL加速、带宽控制、内存Cache、HTTP压缩 BIG-IP LTM 6400/6800BIG-IP LTM 6400/6800u 4 4个千兆光纤端口,个千兆光纤端口,1616个千兆电口个千兆电口u 内置独立管理机内置独立管理机- -生产系统与管理系统分离,进一步提高系统可靠性生产系统与管理系统分离,进一步提高系统可靠性u Packet Velocity ASIC 2Packet Velocity ASIC 2提供高性能四提供高性能四- -七层处理七层处理u 2GB2GB内存,双内存,双6464位高速位高速CPUCPUu BIGIP 6400 LTMBIGIP 6400 LTM 全面支
7、持多应用负载均衡:12种负载均衡算法 可编程控制架构:50多个事件,200多个函数处理 内置100TPS SSL加速功能,独立NP处理SSL对称算法和非对称算法 多种可扩展模块:SSL加速、带宽控制、内存Cache、HTTP压缩、Application Security BIG-IP 3400 Application Switch BIG-IP 3400 Application Switch 内部构造内部构造 Processor boardPage 8Switch boardA.ProcessorB.SSL cardBAD.SCCPE.ASIC2F.Switch chipsDEFC.CF &
8、HDC BIG-IP BIG-IP 逻辑示意图逻辑示意图Page 9 Platform Sizing GuidePlatform Sizing GuidePage 10BIG-IP 1500BIG-IP 3400BIG-IP 6400BIG-IP 6800BIG-IP 8400Layer 4 Connections/sec30,000 110,000220,000220,000300,000Layer 7 Connections/sec22,000 50,00075,000110,000120,000Max. throughput500 Mbps 1 Gbps 2 Gbps 4 Gbps 10
9、 GbpsMax. conc. conn.4 Million 4 Million8 Million8 Million8 MillionMax. SSL TPS2,0005,00015,00020,00022,000Max. SSL Bulk500 Mbps 1 Gbps2 Gbps2 Gbps2.2 GbpsMax. SSL conc. conn.100,000 200,000500,000500,000500,000Max. compression100 Mbps500 Mbps2 Gbps2 Gbps3 GbpsSwitch backplane14 Gbps 22 Gbps44 Gbps4
10、8 Gbps80 Gbps 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网Page 11 应用交换机的基本工作应用交换机的基本工作截获和检查流量截获和检查流量,保证只有合适的数据包才能通过保证只有合适的数据包才能通过服务器监控和健康检查服务器监控和健康检查,随时了解服务器群的可用性状态随时了解服务器群的可用性状态负载均衡和应用交换功能负载均衡和应用交换功能,通过各种策略导向到合适的服务器通过各种策略
11、导向到合适的服务器会话的保持会话的保持以实现与应用系统完美结合以实现与应用系统完美结合截取监控保持负载均衡 BIG-IP-LTMBIG-IP-LTM的工作模式的工作模式virtual server192.168.101.1:80pool(name=cgi_boxes)member(server=10.1.1.3:80)member(server=10.1.1.2:80)member(server=10.1.1.1:80)pool(name=asp_boxes)member(server=10.1.1.6:80)member(server=10.1.1.5:80)member(server=10
12、.1.1.4:80)virtual addr192.168.101.1virtual server192.168.101.1:443pool(name=ssl_boxes)member(server=10.1.1.6:443)member(server=10.1.1.2:443)member(server=10.1.1.1:443)virtual addr192.168.101.2负载均衡智能流量控制(通过检查URL,Header,Cookie,TCP/UDP内容)基于端口的流量导向基于地址的流量导向用户请求iRules 单台服务器到多台服务器的转变单台服务器到多台服务器的转变Internet
13、BIG-IP LTMsClientsServersClientsInternet 什么叫服务器负载均衡什么叫服务器负载均衡Page 1512345678ClientsClientsInternet BIG-IP-LTMBIG-IP-LTM基本功能基本功能- -服务器负载均衡服务器负载均衡123123最多的负载均衡模式最多的负载均衡模式(12种种)其中观察模式,预测模式是F5的专利会话保持技术最多会话保持技术最多(8种种)其中Cookie 会话保持技术向所有的竞争对手收取专利费服务器健康检查最彻底服务器健康检查最彻底专有的EAV、ECV健康检查模式性能最好性能最好,速度最快速度最快: 270,0
14、00 S/S Lay4; 110,000 S/S Lay7;10Gbps;会话保持数量第一达到会话保持数量第一达到:800万万支持最多的支持最多的VIP : 4万个万个唯一交换机厂商有开放的唯一交换机厂商有开放的APIBIG-IPapplication switch combo Link Controller外部应用验证EAV (Extended Application Verification)EAV 是一种状态检查,可通过远程运行应用对节点上的应用进行验证。EAV 状态检查只是LTM 系统上可用的三种状态检查类型之一。请参阅“状态检查,状态Monitor”和“外部Monitor”。扩展内容
15、验证ECV (Extended Content Verification)ECV 是一种状态检查,它使您能够根据节点是否返回特定内容来确定节点是Up 还是Down。ECV 状态检查只是LTM 系统上可用的三种状态检查类型之一。请参阅“状态检查”。 InternetVirtual Server& NATVirtual Server& NAT虚拟服务器与网络地址转换虚拟服务器与网络地址转换Page 17真实服务器真实服务器Real Server网络地网络地址转换址转换Virtual Server Address216.34.94.17:80Real Server Address216.34.94.
16、17:80Internet虚拟服务器虚拟服务器172.16.20.1:8080172.16.20.2:8080172.16.20.3:8080172.16.20.4:8080 Network Flow - Packet #1Network Flow - Packet #1Page 18Internet域名域名 IP地址地址 216.34.94.17Virtual Server Address216.34.94.17:80172.16.20.4:8080172.16.20.1:8080172.16.20.2:808172.16.20.3:8080 Network Flow - Packet #1
17、Network Flow - Packet #1Page 19LTM translates Dest Address to Node based on Load BalancingInternetPacket # 1 Src - 207.17.117.20:4003Dest 216.34.94.17:80Packet # 1 Src 207.17.117.20:4003Dest 172.16.20.1:8080207.17.117.20216.34.94.17:80172.16.20.4:8080172.16.20.1:8080172.16.20.2:8080172.16.20.3:8080
18、Network Flow Network Flow Packet #1 Return Packet #1 Return Page 20LTM translates Src Address back to Virtual Server AddressInternetPacket # 1 - return Dest - 207.17.117.20:4003Src 216.34.94.17:80Packet # 1 - return Dest 207.17.117.20:4003Src 172.16.20.1:8080207.17.117.20216.34.94.17:80172.16.20.4:8
19、080172.16.20.1:8080172.16.20.2:8080172.16.20.3:8080 Network Flow - Packet #2Network Flow - Packet #2Page 21InternetPacket # 2 Src - 207.17.117.21:4003Dest 216.34.94.17:80Packet # 2 Src 207.17.117.21:4003Dest 172.16.20.2:8080207.17.117.21216.34.94.17:80172.16.20.4:8080172.16.20.1:8080172.16.20.2:8080
20、172.16.20.3:8080 Network Flow Network Flow Packet #2 Return Packet #2 Return Page 22InternetPacket # 2 - return Dest - 207.17.117.21:4003Src 216.34.94.17:80172.16.20.4:8080Packet # 2 - return Dest 207.17.117.21:4003Src 172.16.20.2:8080207.17.117.21216.34.94.17:80172.16.20.1:8080172.16.20.2:8080172.1
21、6.20.3:8080 Network Flow - Packet #3Network Flow - Packet #3Page 23InternetPacket # 3 Src - 207.17.117.25:4003Dest 216.34.94.17:80Packet # 3 Src 207.17.117.25:4003Dest 172.16.20.4:8080207.17.117.25216.34.94.17:80172.16.20.4:8080172.16.20.1:8080172.16.20.2:8080172.16.20.3:8080 Network Flow Network Fl
22、ow Packet #3 Return Packet #3 Return Page 24InternetPacket # 3 - return Dest - 207.17.117.25:4003Src 216.34.94.17:80172.16.20.4:8080Packet # 3 - return Dest 207.17.117.25:4003Src 172.16.20.4:8080207.17.117.25216.34.94.17172.16.20.1:8080172.16.20.2:8080172.16.20.3:8080 Connection Table Connection Tab
23、le 连接表连接表Src IP AddressVirtual ServerReal Server207.17.117.20:4003216.34.94.17:80172.16.20.1:8080207.17.117.21:4003216.34.94.17:80172.16.20.2:8080207.17.117.20:4005216.34.94.17:80172.16.20.3:8080207.17.117.21:4008216.34.94.17:80172.16.20.1:8080207.17.117.25:4003216.34.94.17:80172.16.20.4:8080Src IP
24、AddressVirtual Server207.17.117.20:4003216.34.94.17:80207.17.117.21:4003216.34.94.17:80207.17.117.20:4005216.34.94.17:80207.17.117.21:4008216.34.94.17:80207.17.117.25:4003216.34.94.17:80Page 25客户端负载均衡器 Connection Table Connection Table 连接表连接表Src IP AddressVirtual ServerReal Server207.17.117.20:40032
25、16.34.94.17:80172.16.20.1:8080207.17.117.21:4003216.34.94.17:80172.16.20.2:8080207.17.117.20:4005216.34.94.17:80172.16.20.3:8080207.17.117.21:4008216.34.94.17:80172.16.20.1:8080207.17.117.25:4003216.34.94.17:80172.16.20.4:8080Src IP AddressReal Server207.17.117.20:4003172.16.20.1:8080207.17.117.21:4
26、003172.16.20.2:8080207.17.117.20:4005172.16.20.3:8080207.17.117.21:4008172.16.20.1:8080207.17.117.25:4003172.16.20.4:8080Page 26服务器端负载均衡器 F5F5负载均衡的基本构件负载均衡的基本构件PoolPool、Pool Members Pool Members 与与 NodesNodesPage 27Internet172.16.20.4:8080172.16.20.1:80172.16.20.2:4002172.16.20.3:80Pool Members Node
27、s refer to Pool Members IP Address only Pools, Members and NodesPools, Members and NodesPage 28172.16.20.1172.16.20.2172.16.20.3Node = IP address:80:80:80Pool Member = Node + PortPool = Group of pool members Pool MembersPool Members的端口与地址问题的端口与地址问题Page 29注意:注意:1 1、Pool MemberPool Member的端口可以不一的端口可以不
28、一样样2 2、Pool MemberPool Member不一定需要与不一定需要与BIG-IPBIG-IP相连或在相连或在同一网段同一网段InternetVirtual Server216.34.94.17:80Pool Members172.16.20.0/24192.168.20.0/24路由器路由器192.168.20.4:8080172.16.20.1:80172.16.20.2:4002192.168.20.3:80 虚拟服务器虚拟服务器Virtual ServerVirtual ServerPage 30Internet172.16.20.4:8080172.16.20.2:400
29、2172.16.20.3:80Virtual Server IP Address + Service (Port) Combination 端口可以为端口可以为Any (0) 准备了负载均衡器是否需准备了负载均衡器是否需要对流过的网络流量作处要对流过的网络流量作处理理 一般与一般与Pool相关联相关联216.34.94.17:80 如何选择服务器如何选择服务器-负载均衡算法负载均衡算法Round RobinRatioLeast ConnectionsFastestObservedPredictiveDynamic RatioPriority Group ActivationFallback H
30、ostPage 31StaticDynamicF a i l u r e Mechanisms主要使用轮询、最少连接主要使用轮询、最少连接 BIG-IP LTMBIG-IP LTM负载均衡模式负载均衡模式轮询(轮询(RoundRobin):顺序循环将请求一次顺序循环地连接每个服务器。当其中某个服务器发生第二到第7 层的故障,BIG/IP 就把其 从顺序循环队列中拿出,不参加下一次的轮询,直到其恢复正常。比率(比率(Ratio):给每个服务器分配一个加权值为比例,根椐这个比例,把用户的请求分配到每个服务器。当其中某个服务器发生第二到第7 层的故障,BIG/IP 就把其从服务器队列中拿出,不参加下
31、一次的用户请求的分配,直到其恢复正常。优先权(优先权(Priority):给所有服务器分组,给每个组定义优先权,BIG/IP 用户的请求,分配给优先级最高的服务器组(在同一组内,采用轮询或比率算法,分配用户的请求);当最高优先级中所有服务器出现故障,BIG/IP 才将请求送给次优先级的服务器组。这种方式,实际为用户提供一种热备份的方式。最小的连接数(最小的连接数(LeastConnection):传递新的连接给那些进行最少连接处理的服务器。当其中某个服务器发生第二到第7 层的故障,BIG/IP 就把其从服务器队列中拿出,不参加下一次的用户请求的分配,直到其恢复正常。最快模式(最快模式(Fast
32、est):传递连接给那些响应最快的服务器。当其中某个服务器发生第二到第7层的故障,BIG/IP 就把其从服务器队列中拿出,不参加下一次的用户请求的分配,直到其恢复正常。观察模式(观察模式(Observed):连接数目和响应时间以这两项的最佳平衡为依据为新的请求选择服务器。当其中某个服务器发生第二到第7 层的故障,BIG/IP 就把其从服务器队列中拿出,不参加下一次的用户请求的分配,直到其恢复正常。预测模式(预测模式(Predictive):BIG/IP 利用收集到的服务器当前的性能指标,进行预测分析,选择一台服务器在下一个时间片内,其性能将达到最佳的服务器相应用户的请求。(被big/ip 进行
33、检测)规则模式(规则模式(iRule):针对不同的数据流设置导向规则,用户可自行编辑流量分配规则,BIG/IP利用这些规则对通过的数据流实施导向控制。 如何识别不可用的服务器如何识别不可用的服务器服务器健康检查服务器健康检查 Health MonitorsHealth MonitorsPage 33Internet172.16.20.3:80 服务健康检查服务健康检查Monitor ConceptsMonitor Concepts网络连通性检查网络连通性检查Address CheckNode IP Address端口端口Service CheckIP : port内容检查内容检查Content
34、 CheckIP : port plus check data returnedPage 34 网络连通性检查网络连通性检查Address CheckAddress CheckPage 35Internet172.16.20.1172.16.20.2172.16.20.3ICMP 端口端口Service CheckService CheckPage 36InternetTCP Connection172.16.20.1:80172.16.20.3:80172.16.20.2:80 内容检查内容检查Content CheckContent CheckPage 37Internet172.16.2
35、0.1:80172.16.20.3:80http GET /172.16.20.2:80 会话保持会话保持 PersistencePersistencePage 38123123 Connection Table Connection Table 连接表连接表Src IP AddressVirtual ServerReal Server207.17.117.20:4003216.34.94.17:80172.16.20.1:8080207.17.117.21:4003216.34.94.17:80172.16.20.2:8080207.17.117.20:4005216.34.94.17:80
36、172.16.20.3:8080207.17.117.21:4008216.34.94.17:80172.16.20.1:8080207.17.117.25:4003216.34.94.17:80172.16.20.4:8080Src IP AddressReal Server207.17.117.20:4003172.16.20.1:8080207.17.117.21:4003172.16.20.2:8080207.17.117.20:4005172.16.20.3:8080207.17.117.21:4008172.16.20.1:8080207.17.117.25:4003172.16.
37、20.4:8080Page 39服务器端负载均衡器 Source Address Persistence TableSource Address Persistence TableSrc IP AddressVirtual ServerReal Server207.17.117.20:4003216.34.94.17:80172.16.20.1:8080207.17.117.21:4003216.34.94.17:80172.16.20.2:8080207.17.117.20:4005216.34.94.17:80172.16.20.3:8080?207.17.117.21:4008216.3
38、4.94.17:80172.16.20.1:8080?207.17.117.25:4003216.34.94.17:80172.16.20.4:8080Src IP AddressReal Server207.17.117.20172.16.20.1207.17.117.21172.16.20.2207.17.117.25172.16.20.4Page 40Persistence Table负载均衡器 Source Address PersistenceSource Address PersistenceBased on Client Source IP AddressNetmask - Ad
39、dress RangePage 41123123205.229.151.10205.229.152.11If Netmask is 255.255.255.0205.229.151.107 Cookie PersistenceCookie PersistenceInsert modeBIG-IP LTM Inserts a cookie into the streamRewrite modeWeb server creates cookie and BIG-IP LTM changes itPassive modeWeb server creates cookie and BIG-IP LTM
40、 reads itPage 42 Cookie Insert ModeCookie Insert ModePage 43ClientServerHTTP request (no special cookie)TCP handshakeTCP handshakeHTTP request (no special cookie)HTTP reply (no special cookie)HTTP reply (with inserted cookie)pickserver HTTP request (with same cookie)TCP handshakeTCP handshakeHTTP re
41、quest (no special cookie)HTTP reply (no special cookie)HTTP reply (updated cookie)cookiespecifiesserver First HitSecond Hit 源地址转换源地址转换SNATsSNATs多对一的转换多对一的转换 Many-to-one mappingTraffic to SNAT Address is refusedCan share IP with Virtual ServerPage 44 Internet207.10.1.102172.16.20.1172.16.20.2172.16.2
42、0.3 SNATs SNATs Typical Traffic Flow Typical Traffic FlowPage 45 Internet207.10.1.102172.16.20.1172.16.20.2172.16.20.3172.16.20.1:4001 205.229.151.203:80207.10.1.102:33001 205.229.151.203:80Source address translated to SNAT address Note source portServer205.229.151.203:80 SNATs SNATs Response Traffi
43、c Flow Response Traffic FlowPage 46 InternetSNAT IP Address 207.10.1.102172.16.20.1172.16.20.2172.16.20.3205.229.151.203:80172.16.20.1:4001205.229.151.203:80 207.10.1.102:33001Response packet translated backServer205.229.151.203:80 SNAT TableSNAT TableSrc IP AddressSNAT AddressDestination IP172.16.2
44、0.1:4001207.10.1.102:33001205.229.151.203:80172.16.20.2:4001207.10.1.102:33002205.229.151.203:80172.16.20.3:4003207.10.1.102:33005205.229.151.203:80172.16.20.1:4003207.10.1.102:33006205.229.151.203:80172.16.20.4:4001207.10.1.102:33007205.229.151.203:80Src IP AddressReal Server207.10.1.102:33001205.2
45、29.151.203:80207.10.1.102:33002205.229.151.203:80207.10.1.102:33005205.229.151.203:80207.10.1.102:33006205.229.151.203:80207.10.1.102:33007205.229.151.203:80Page 47服务器端负载均衡器 Source Address Persistence TableSource Address Persistence TableSrc IP AddressSNAT AddressDestination IP172.16.20.1:4001207.10
46、.1.102:33001205.229.151.203:80172.16.20.2:4001207.10.1.102:33002205.229.151.203:80172.16.20.3:4003207.10.1.102:33005205.229.151.203:80172.16.20.1:4003207.10.1.102:33006205.229.151.203:80172.16.20.4:4001207.10.1.102:33007205.229.151.203:80Src IP AddressDst IP Address205.229.151.203:80207.10.1.102:330
47、01205.229.151.203:80207.10.1.102:33002205.229.151.203:80207.10.1.102:33005205.229.151.203:80207.10.1.102:33006205.229.151.203:80207.10.1.102:33007Page 48服务器的回应负载均衡器 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网Page 49 Insta
48、llationInstallationPage 50InternetBIG-IP LTMsClientsServers Initial BIG-IP LTM SetupInitial BIG-IP LTM Setup设定管理网口地址设定管理网口地址通过LCD设置通过Console线设置Config utility从网络通过缺省地址上去再修改Config utility激活激活LicenseSetup utilityRoot passwordWeb Admin passwordSSH AccessAssign interfaces to VLANsIP Address for VLANsPage
49、 51 BIG-IPBIG-IP接口说明接口说明 ( (以以34003400为例为例) )1.12.110/100/1000M电口电口1.11.8端口编号端口编号:从上到下,从左到右从上到下,从左到右1.12.12.21.21.31.41.51.61.71.8千兆光纤接口千兆光纤接口2.1 2.2mgmteth0管理网口管理网口 eth0,主机接口,主机接口usbconsolefailover Config UtilityConfig UtilityPage 53Initial IP Address is 192.168.1.245 Setup / Configuration AccessSe
50、tup / Configuration AccessTwo methodsWeb Interface https (remote)Command Line ssh (remote) Serial Terminal License Process License Process Manual Manual PCBIG-IPF5 License Server activate.FInternetCopy Product Dossier to PCPaste Product Dossier to F5Move PC to InternetDownload License to PCUpload &
51、Install License fileRun Setup utility手动激活方式手动激活方式PChttps:/activate.FMove PC backReboot (v9.2) License Process License Process Automated Automated Page 56InternetRun Setup utility Enter Registration KeyPCBIG-IPLicense the box Get License from F5 Select parametersF5 License Server activate.FReboot (v9
52、.2) WEBWEB管理界面:管理界面:Setup UtilitySetup UtilityPage 57https:/Management IP Address Setup Utility Setup Utility Network Network Page 58 External VLANExternal VLAN与与Internal VLANInternal VLANPage 59真实服务真实服务器器Real ServerVirtual Server Address216.34.94.17:80Internet172.16.20.4:8080172.16.20.1:8080172.16.
53、20.2:8080172.16.20.3:8080Real Server Address216.34.94.17:80Internet虚拟服务虚拟服务器器External VLANSelf IP 216.34.94.1Internal VLANSelf IP 172.16.20.254 创建创建VLANVLANPage 60NetworkVLANSCreate 为为VLANVLAN设置设置Self IPSelf IP地址地址Page 61 Port LockdownPort LockdownDefaults are:UDP DNS, SNMP & RIPTCP SSH, DNS, SNMP,
54、HTTPS & iQueryPage 62 设置路由与网关设置路由与网关Page 63 限制限制SSHSSH访问访问 Internet216.34.94.32216.34.94.15216.34.91.10DenyAllow 216.34.94.* F5 WEBF5 WEB配置界面配置界面Page 65系统通用属性设置网络设置:VLAN/ IP/路由负载均衡相关设置性能与统计 用户配置用户配置Page 66 备份备份/ /恢复恢复BIG-IP LTM BIG-IP LTM 配置配置Page 67SystemArchives,点击Create: 如果在另外一台如果在另外一台BIG-IP上恢复备份
55、上恢复备份的配置,需要重新的配置,需要重新激活激活License SSHSSH登陆方式登陆方式Secure Shell ClientTera Term with Secure Shell extension (TTSSH)PuTTYPage 68 重置重置BIG-IPBIG-IP的设置的设置b db all resetb reset b save b base reset b self allow default tcp ssh tcp https udp efs tcp snmp proto ospf udp domain udp snmp tcp 4353 tcp domain udp 4
56、353 b base save最后运行最后运行config设置管理口设置管理口IP,然后用,然后用reboot重启。重启。 Page 69在命令行执行以下命令: 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网Page 70 配置服务器负载均衡的步骤配置服务器负载均衡的步骤创建创建Health Monitor创建创建Pool并为Pool Member关联相应的Monitor创建创建Profile创建P
57、ersistence Profile创建创建Virtual Server并为Virtual Server选择相应的Profile与PoolPage 71 配置配置MonitorsMonitors系统内置的系统内置的Monitor (Templates)Address Checks (icmp)Service Checks (tcp)Content Checks (http)Interactive Checks (ftp)Availability: All templates can be customized Some can be Assigned “as-is” Some can only
58、 be used as Templates for Custom MonitorsPage 72 定制定制MonitorsMonitorsPage 73 配置检测时间配置检测时间间隔时间间隔时间超时时间超时时间Page 74推荐配置推荐配置 3n + 1 配置健康检测参数配置健康检测参数 配置配置NodesNodes的健康检测的健康检测Health Monitors Health Monitors Page 76 配置配置PoolsPoolsPage 77 Assigning Monitors to PoolsAssigning Monitors to PoolsPage 78For one
59、Member Member and Node StatusMember and Node StatusPage 79Parent-Child Status节点节点Node节点成员节点成员Member池池Pool虚拟服务器虚拟服务器Virtual Server状况状况绿色可用绿色可用 红色不可用红色不可用 蓝色未知蓝色未知 配置负载算法配置负载算法Page 80 ProfilesProfiles属性集属性集 InternetVirtual ServerVirtual Server是是BIG-IP上地上地址加端口的组合,决定是址加端口的组合,决定是BIG-IP是否需要对到达其上的是否需要对到达其上
60、的网络流量进行处理。网络流量进行处理。而应该如何来处理,是而应该如何来处理,是根据根据Virtual Server上所关联的上所关联的Profile来决定的。来决定的。 ProfileProfile使用使用A Profile is:定义了流量处理的处理方式定义了流量处理的处理方式TCP,HTTP, FTP, SSL, compression, persistence并将处理方式适用到关联的并将处理方式适用到关联的Virtual Server上上可以从可以从Profile模板的基础上加以创建模板的基础上加以创建具有依赖与继承性:依赖于其它相关的具有依赖与继承性:依赖于其它相关的ProfilePa
61、ge 82 ProfileProfile的类型的类型Page 83 常用的常用的ProfileProfileTCPFASTL4HTTPFTPSSL Configuring Cookie PersistenceConfiguring Cookie PersistenceThen set Cookie Persist profileCookie Persist requires http profile 配置虚拟服务器配置虚拟服务器Scroll down 配置虚拟服务器参数配置虚拟服务器参数 SNATSNAT配置配置 Internet207.10.1.102172.16.20.1172.16.20
62、.2172.16.20.3 SNAT TimeoutSNAT TimeoutPage 89 Statistics Statistics 和和Statistics TypeStatistics TypeSummaryVirtual Servers PoolsNodesPage 90 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网 Redundant PairRedundant Pair Redunda
63、nt Pair Concepts Setup of a Redundant Pair SynchronizationPage 92InternetClientsServersBIG-IP LTMs 双机配置双机配置External IP 10.10.X.32InternetExternal IP 10.10.X.31Floating IP 10.10.X.33Failover 172.16.X.32Failover 172.16.X.31Internal IP 172.16.X.32Internal IP 172.16.X.31Floating IP 172.16.X.3321浮动地址浮动地址
64、设备设备ID故障切换故障切换 双机配置参数双机配置参数 配置同步设置配置同步设置Page 95SyncOtherConfigCurrentConfig 主备设置主备设置 手动切换主备状态手动切换主备状态From Active LTM - not StandbyCommand Line : b failover standbyScroll down 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网Pag
65、e 98 Command Line - bigpipe Command Line - bigpipe Page 99bigpipe virtual VS_httpdestination 10.10.X.100:httpprofile http tcp persist src_persist pool http_pool bigtop Commandsbigtop Commandsqbigtop delay #bigtop nbigtop oncebigtop once|morePage 100 bigtop Commandsbigtop CommandsPage 101 bigstart Co
66、mmandsbigstart CommandsActionsStop, Start, RestartStart on Boot, Include in DefaultProcessesbigd Monitorsalertd - NotificationPage 102 Other CommandsOther CommandsifconfignetstatpstailBooks and “man” pagesPage 103 内容内容BIG-IP LTM产品介绍产品介绍负载均衡基本原理负载均衡基本原理BIG-IP初始化安装与初始化安装与VLAN设置设置 配置配置BIG-IP实现服务器负载均衡实现服务器负载均衡 双机配置双机配置BIG-IP命令行命令行典型组网典型组网Page 104 BIG-IPBIG-IP双机接线方式四双机接线方式四BIG-IPBIG-IP旁挂方式旁挂方式Page 105推荐使用推荐使用BIGIP 3400负载均衡器Server3Server4Server2Server1中心交换中心交换InternetBIGIP 3400负载均衡器在同一个交换机上划在同一个交换机上划
