No8ArrayTMX配置操作手册LLB功能配置

1、Array TMX工程安装配置手册链路负载分担功能配置一、 Array TMX产品LLB功能介绍通过Array TMX的链路负载分担功能，能够对用户的多链路的网络应用提供提供基于Inbound和的Outbound链路负载分担功能。l Inbound：从互联网通过多条专线链路连接的TMX访问内网l Outbound：从内部网通过多条专线链路连接的TMX访问互联网Array TMX通过端口Mnet或VLAN功能功能的配置，能够同时支持128条链路实现链路负载分担功能。同时通过策略路由(eroute)功能，能够更好的满足用户对路由功能的要求。二、 Array TMX LLB配置命令相对于TMX的其它

2、功能，TMX LLB功能实现更多的需要其它功能实现作为运行基础。TMX的LLB功能的实现，需要基本网络配置（如Mnet功能、Default路由功能和NAT功能）的配合，甚至需要SLB功能的支持。在此基础上，还需要配置LLB的健康检查机制、LLB算法等功能。最终才能实现所需Outbound和Inbound的链路负载分担功能。主要需要注意的命令如下：Array TMX LLB功能配置示例：三、 Array TMX LLB功能配置实例应用一台TMX同时使用两个interface（Outside、Eng）实现Inbound LLB和Outbound llb功能。网络配置连接如下图，其中应用了两个TMC

3、作为路由器，实现两个链路的IP连接到测试TM上。Outbound LLB功能实现前期准备：配置两台TMC,实现路由和NAT功能，满足能够分别通过两台TMC访问Internet。TMC1 IP地址为 Outside：0 Inside： Default Router：Nat port 0 TMC2 IP 地址为 Outside：0 Inside：

4、Default Router：Nat Port 0 将测试PC分别配置为 和网段IP地址，同时路由应用TMC1或TMC2进行测试，确保能够成功访问Internet。TM LLB Outbound设置：1、 配置基本功能：a) Ip address Outside b) Ip address Eng c) Ip address inside 255.255.

5、255.0配置两个default路由，供Outbound LLB应用：d) Ip route default e) Ip route default 激活ip link :f) ip link on配置实现健康检查，即通过向进行ping，实现链路健康检查g) llb health 10 1h) llb health 10 1定义Outbound load balance策略：i) llb method wrr激活llb功能j) llb o

6、nk) llb statistics on2、 通过配置激活端口Cluster功能，实现NAT IP功能支持：#cluster configuration#cluster configuration for interface outsidecluster virtual ifname "outside" 1cluster virtual vip "outside" 1 0cluster virtual auth "outside" 1 0cluster virtual interval "outside

7、" 1 5cluster virtual preempt "outside" 1 1cluster virtual priority "outside" 1 200 Primarycluster virtual on 1 "outside"#cluster configuration for interface engcluster virtual ifname "eng" 2cluster virtual vip "eng" 2 0cluster virtual

8、auth "eng" 2 0cluster virtual interval "eng" 2 5cluster virtual preempt "eng" 2 1cluster virtual priority "eng" 2 200 Primarycluster virtual on 2 "eng"3、 然后配置nat功能，应用上面已配置好的cluster IP：a) #nat configurationb) nat port 0 255.255.2

9、55.0 60c) nat port 0 60llb状态检测命令：show llb stat 命令：AN(config)# show llb statGateway Destination Interval Weight Resp_time Status Down Up_time 10 1 407.267 ms Up 3 01:19:00 10 1 481.390 ms Up 2 01:22:00 show ip link stat命令：AN(

10、config)#sho ip link statGateway Destination Down Up_time Use Total_tx Status default 2 01:05:30 1 508 Up default 2 00:56:40 1 530 Up AN(config)#show ip addressip address "outside" ip address "inside" ip address

11、 "eng" LLB Outbound功能测试：通过右图连接方式进行连接、配置后，将测试终端配置成网段IP进行测试和。l 正常连接情况下：（所有链路均通常）通过show llb stat命令，确认所有连接均为畅通；应用客户端(网关为)进行Internet访问，能够对Internet进行正常访问和通信。l 非正常情况下：a) A或b连接断掉：通过show llb stat命令，确认a或b连接断掉；应用客户端访问能够应用另一条链路进行正常访问。实现了预期功能。切换时间较快，大约10秒左右

12、。默认为10秒进行各一次健康检查，可以通过llb health 进行调整检查时间间隔。b) c或d链路断掉：只要C或D链路有一条断掉，则所有链路均断掉，通过命令show llb stat查看，发现所有链路状态为down。通过show cluster virtual stat命令查看，发现NAT IP均处于初始化状态。NAT IP为不可用状态。和Roland针对此问题进行确认。结果是目前我们Outbound LLB功能是基于Cluster IP实现的，通过Mnet功能实现，则不存在此问题。 ：） 而如果应用两个接口实现此现象由于cluster功能的检查而的确存在。Roland同时提示，此时不能应

13、用port redundant功能，由于端口不够了。TM Inbound LLB 功能实现 Two-Interface前期设置：按右图实现网络部署和IP地址配置、Nat功能和路由功能。TM Inbound功能配置：可以完全按照公司培训文档中配置来实施配置：注意配置DNS服务器的NS纪录#ip configurationip address "outside" ip address "inside" ip address "eng" 200.20

14、.1.2 #route configurationip route default ip route default #rts configurationip rts onip rts expire 60#ip link configurationip link onip link interval 10#link load balancing configurationllb expire 60 ：定义IP flow timeout时间llb health 21 10 1：定义健康

15、检查主机llb health 21 10 1llb method rrllb onllb statistics on#link load balancing DNS configurationllb dns local ：定义local DNS ipllb dns local llb dns host 0 2：定义解析A纪录IP地址llb dns host 0 1llb dns ttl 5llb dns method wrr#smart DNS configuration：

16、 sdns offInbound LLB 功能测试：配置后，应用show llb stat查看链路状态均为ON;正常情况下，饮用dns服务器进行域名解析，能够解析到两个IP地址:0,0断掉a,b,c,d任何链路，通过nslookup再进行域名解析，则只能够解析到正常链路网段所对应的IP地址。如断掉a或c则解析为0， 断掉b或d则解析为0测试结果正常。响应时间断掉某条链路直至dns解析生效之间的时间较长，大约10秒。而再正常连接后，则dns解析立刻正常生效。唯一需要注意的是和sdns(GSLB)功能冲突，目前研发部门

17、已经知道此情况，相信不久即能解决。Outbound config & Inbound ConfigOutbound:AN(config)#show run #hostname configuration#rts configurationip rts onip rts expire 60#IP statistics configurationip statistics off#ip mtuip mtu outside 1500ip mtu inside 1500ip mtu dmz 1500ip mtu eng 1500#ip configurationip address "

18、;outside" ip address "inside" ip address "eng" #interface configurationinterface "outside" autointerface "inside" autointerface "dmz" autointerface "eng" auto#ip

19、host configuration#support ip configuration#ssh configurationssh on#vlan configuration#mnet configuration#route configurationip route default ip route default #extended routing policiesip ipflow priority 1000ip ipflow expire 60#ip link configurationip link onip link interval 10

20、#port redundancy configurationip redundant offip redundant healthcheck interval 15ip redundant healthcheck retries 3#link load balancing configurationllb expire 60llb health 10 1llb health 10 1llb method wrrllb onllb statistics on#link load balancing permit, b

21、ackup ,and link configuration#link load balancing DNS configurationllb dns local llb dns local #smart DNS configurationsdns onsdns interval heartbeat 2sdns interval report 30#access list and webwall configuration#synconfig configuration#cluster configuration#cluster configuration

22、 for interface outsidecluster virtual ifname "outside" 1cluster virtual vip "outside" 1 0cluster virtual auth "outside" 1 0cluster virtual interval "outside" 1 5cluster virtual preempt "outside" 1 1cluster virtual priority "outside&quo

23、t; 1 200 Primarycluster virtual on 1 "outside"#cluster configuration for interface engcluster virtual ifname "eng" 2cluster virtual vip "eng" 2 0cluster virtual auth "eng" 2 0cluster virtual interval "eng" 2 5cluster virtual preempt "e

24、ng" 2 1cluster virtual priority "eng" 2 200 Primarycluster virtual on 2 "eng"#nameserver configuration#enable passwordpasswd enable "XXXXXXXXXsaFLGt/QKS6yw"#user configurationuser "array" "XXXXXXXXXqzYCM/mvr6Gmw"#webui configurationwebui port 88

25、88webui on#xmlrpc configurationxmlrpc offxmlrpc port 9999#snmp configurationsnmp offsnmp community "public"snmp contact ""snmp location ""no snmp enable traps#fastlog configurationlog facility "local0"log level "info"log onlog host 514log s

26、ource port 514log http squid#ntp configurationntp off#system timezone configurationsystem timezone "GMT"#system mail configurationsystem mail from "%h<>"system mail hostname "%l.alert_pseudo_domain"#tune configurationsystem tune hwcksum onsystem tune tcpidle 300sy

27、stem tune tcp retransmit timeout 1000system tune tcp retransmit dupacks 3system tune tcp slowstart onsystem tune tcp retransmit policy newrenosystem tune defraglimit 0system tune memthreshold 168691 168691 6000 4096#port forwarding configurationfwd mode transparent#proxy cache configurationcache off

28、cache settings expire "82800"cache settings objectsize 5120cache settings replacement 10cache settings lowresource keepclientcache response cookierequest disablecache response byterange disablecache policy response setcookie cachecache override request urlquery settings off#filter configur

29、ation#slb configuration#http error page configuration#http compression configurationhttp compression off#http configurationhttp xforwardedfor offhttp owa offhttp extendedcharset offhttp serverpersist onhttp serverconnreuse onhttp buffer nomsglen onhttp mask server offhttp mask via offhttp rewrite re

30、sponse cookie secure onhttp shuntreset offsystem mode reverse#nat configurationnat port 0 60nat port 0 60#health check configurationhealth failover disablehealth failover retries 3#ssl configuration#ssl global settingsssl global

31、s verifycert onssl globals ignoreclosenotify on#Billing configuration#RIP routing configuration#Bypass configuration#graph configurationAN(config)# show llb statGateway Destination Interval Weight Resp_time Status Down Up_time 10 1 407.267 ms Up 3 01:19:00 10

32、1 481.390 ms Up 2 01:22:00 AN(config)#sho ip link statGateway Destination Down Up_time Use Total_tx Status default 2 01:05:30 1 508 Up default 2 00:56:40 1 530 Up AN(config)#show ip addressip address "outside" ip address "inside" 172.1

33、68.1.1 ip address "eng" Inbound Config:AN(config)#show run#hostname configuration#rts configurationip rts onip rts expire 60#IP statistics configurationip statistics off#ip mtuip mtu outside 1500ip mtu inside 1500ip mtu dmz 1500ip mtu eng 1500#ip config

34、urationip address "outside" ip address "inside" ip address "eng" #interface configurationinterface "outside" autointerface "inside" autointerface "dmz" autointerface &quo

35、t;eng" auto#ip host configuration#support ip configurationsupport #ssh configurationssh on#vlan configuration#mnet configuration#route configurationip route default ip route default #extended routing policiesip ipflow priority 1000ip ipflow expire 60#ip

36、 link configurationip link onip link interval 10#port redundancy configurationip redundant offip redundant healthcheck interval 15ip redundant healthcheck retries 3#link load balancing configurationllb expire 5llb health 21 10 1llb health 21 10 1llb method r

37、rllb onllb statistics on#link load balancing permit, backup ,and link configuration#link load balancing DNS configurationllb dns local llb dns local llb dns host 0 2llb dns host 0 1llb dns ttl 5llb dns method wrr#smart DNS configurationsdns offsdns interval he

38、artbeat 2sdns interval report 30#access list and webwall configuration#synconfig configuration#cluster configuration#nameserver configuration#enable passwordpasswd enable "XXXXXXXXXsaFLGt/QKS6yw"#user configurationuser "array" "XXXXXXXXXqzYCM/mvr6Gmw" #webui configurati

39、onwebui port 8888webui off#xmlrpc configurationxmlrpc offxmlrpc port 9999#snmp configurationsnmp offsnmp community "public"snmp contact ""snmp location ""no snmp enable traps#fastlog configurationlog facility "local0"log level "info"log onlog host 12

40、 514log source port 514log http squid#ntp configurationntp off#system timezone configurationsystem timezone "GMT"#system mail configurationsystem mail from "%h<>"system mail hostname "%l.alert_pseudo_domain"#tune configurationsystem tune hwcksum onsystem tu

41、ne tcpidle 300system tune tcp retransmit timeout 1000system tune tcp retransmit dupacks 3system tune tcp slowstart onsystem tune tcp retransmit policy newrenosystem tune defraglimit 0system tune memthreshold 168691 168691 6000 4096#port forwarding configurationfwd mode transparent#proxy cache config

42、urationcache off cache settings expire "82800"cache settings objectsize 5120cache settings replacement 10cache settings lowresource keepclientcache response cookierequest disablecache response byterange disablecache policy response setcookie cachecache override request urlquery settings off#filter configuration#slb configurationslb real http "server1" 80 1000 tcp 1 1slb virtual http "vip1" 100.10