Recently participated in A10 load balancing equipment training and wrote basic configuration notes based on personal understanding. Cisco ACE modules have been used before, and the fundamentals are consistent.
Note: If there is an understanding error please give the point, thank you.
The notes are as follows:
A10 Load Balancing Equipment foundation configuration Process ==================================================================== 1, establish management interface
Interface Management Management Interface IP address 172.31.31.11 255.255.255.0 configuration Management interface IP addresses IP default-gateway 172.31.31.1 Manage VLAN Gateway ==================================================================== 2, create VLAN add port
VLAN 3 Build VLAN 4 untagged Ethernet 1 will Ethernet 1 strokes into VLAN 3 router-interface ve 3 routing three Layer VLAN interface ve 3 (inte Rface VLAN 3)! VLAN 4 Build VLAN 4 untagged Ethernet 2 will ethernet 2 strokes into VLAN 4 router-interface ve 4 routing three Layer VLAN interface ve 4 (inte Rface VLAN 4 ==================================================================== 3, establish VLAN three-layer interface for Interconnect extranet router and intranet server switch
Interface ve 3 build three-tier VLAN interface interface IP address 10.0.1.11 255.255.255.0 Configure three-layer interface IP addresses name "outside" Named! Interface ve 4 build three-tier VLAN interface interface IP address 10.0.2.11 255.255.255.0 Configure three-layer interface IP addresses name "I Nside "naming
====================================================================
4, increase the default route
IP Route 0.0.0.0/0 10.0.1.1
====================================================================
5, the establishment of real Server
SLB Server S1 10.0.2.18 create a realserver host named "S1" TCP port is a "80" protocol for "TCP"! SLB Server S2 10.0.2.19 Create a realserver host named "S2" TCP port is "80" protocol for "TCP" ================ ====================================================
6, create Serverframe, and add Realserver
SLB service-group sg-80 TCP creates a service group named "Sg-80" with Protocol "TCP" Health-check hm-tcp-80 Set Health checks (similar to Cisco ACE Probes) member s1:80 Add Host (Realserver) s1:80 (format--S1 host name +80 port number) member s2:80 add host (realserver) s2:80 (format is--S2 host name +8 0 port number Health measure (similar to probe) Health Monitor hm-tcp-80 Create Health Check method named "hm-tcp-80" TCP port 80 detection methods TCP 80 Port NOTE: Health checks can be configured in Service-group, Port, and Server. Service-group When a failure occurs, stop this "service group" to load port when a failure occurs, stop this "port" to load the server when a failure occurs, stop the "servers" for load
====================================================================
7. Create Virtual-server (similar to Cisco ACE VIP) SLB virtual-server vip1 10.0.1.12 Create VIP1 address port TCP with name "VSERVER--VIP" Port 80 Protocol TCP name _10.0.1.12_tcp_80 named Service-group sg-80 add service-g named "sg-80" Roup (Cisco ACE serverframe) "====================================================================
8, the source address session to maintain
Define template slb template persist Source-ip tp-ip-pers1 Establish source address keep session template named "Tp-ip-pers1"
Application Template SLB virtual-server vip1 10.0.1.12 Port tcp template persist Source-ip tp-ip-pers1 ========= ===========================================================
Configure NAT 1, SLB source NAT when the extranet client and intranet server-side packet access path are identical, you do not need to configure the SLB source NAT Note: When intranet server gateways are built on load-balancing devices, SLB source NAT is not configured. Disadvantages: flexibility, poor scalability, the future server to increase the need to upgrade the load balancing hardware products. When the external network client and intranet server side packet path is inconsistent, the server gateway is configured in a three-tier switch and there is an extranet default route, the data back package will not go load-balanced products, resulting in data packets into the direction, the path inconsistent after the loss of packet. Therefore, to configure SLB Source NAT, the client initiates a request to access the VIP address to do NAT after the load balancing device, and the server returns the packet back to the load-balanced device NAT before returning to the extranet client. Advantages: Regardless of the number of servers, future expansion, gateway changes will not affect the server back to the package through the three-tier lookup method to send packets back to the load-balanced NAT address. And for intranet users to visit the VIP address automatically forwarding mechanism, to avoid conflict with the three-layer NAT.
2, Layer 3 NAT and routers consistent three-layer NAT mechanism, one-to-one, many-to-many one, Many-to-many (A10 Characteristics: Continuous intranet address corresponding to continuous public network address), static and dynamic address mapping. Methods: 1, designated intranet access Internet client ACL 2, designated public network IP address pool or static one-to-one address mapping, and A10 characteristics of discontinuous public network IP address segment Nat-group 3, the intranet access list embedded NAT conversion Item 4, define internal and external network connection Port NAT conversion direction inside, outside.
Http://blog.niwota.com/a/3105213.htm
A10 Load Balancer Concise operational manual all: http://www.docin.com/p-452344660.html
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.