Protocol shunting for outbound link Load Balancing

Protocol shunting for outgoing link load balancing in the previous article "outgoing link load also needs intelligent DNS resolution" http://www.bkjia.com/net/201206/136614.html This section describes how to balance the distribution of carrier addresses by controlling DNS resolution to achieve link traffic balancing. In many network environments, the access speed can be ensured, and the traffic of each link can also be evenly allocated. However, in some link environments, the target address matching and DNS control methods cannot achieve this effect, especially in some colleges and universities. Www.2cto.com 1. the user's network is not suitable for DNS round-robin. the user's intranet address is the public address of CERNET, And the DNS uses the education network address. If forced DNS round-robin is performed, some domain names of CERNET cannot be resolved; second, some network link environments are not suitable. In addition to the environments with multiple links of the same operator, there are also extremely unbalanced link environments, such as a campus network, M Unicom, m mobile, and m education network links, due to the small amount of data resources in the mobile network and Education Network, even if users fully use the education network or mobile DNS, the UNICOM link is still the first to be fully occupied. This article introduces another out-of-band load balancing strategy for this link environment: Traffic Distribution Based on layer-4 protocols. The reason for layer-4 protocol shunting is that the application protocols hosted by TCP and UDP are very different, and different applications have different network requirements. If the latency of opening most websites in a network exceeds 3 seconds, you can say that the network is slow, but the utilization of the network bandwidth may only be 10% at this time, the cause of slow access is network latency rather than bandwidth. It can be seen that http is very sensitive to network latency. When thunder downloads are enabled on the same network, the download speed is very high, this shows that thunder is sensitive to bandwidth, but has no sense of latency. For network users, the network access experience often comes from tcp-based applications such as http and mail. In the P2P network, UDP traffic is usually higher than TCP traffic, to address this problem, we can use protocol-based traffic distribution to achieve link load balancing, that is, TCP protocol traffic is selected based on the target address matching method, UDP traffic is allocated to each egress link proportionally by Weighted Round Robin. UDP Weighted Round Robin (WRR) ensures Load Balancing for each link without congestion. TCP selects routes based on the destination address to achieve the fastest network access. The following describes how to configure the following topology cases: 1. Configure the interface IP address of the link Server Load balancer device, static/dynamic routing, and other general configurations. 2. Configure various link gateways and bind templates. 1) first configure the source address translation addresses of each link and define the Health Check Method. Connection Network snat-poolip nat pool snat-cnc 1.1.1.3 1.1.1.3 netmask/28 mobile network snat-poolip nat pool snat-cmcc 2.2.2.3 2.2.2.3 netmask/28 defines the Health Check Methods for each link: ping-cnc-gwping-cmcc-gwping-cernet-gw 2) Configure the server template and set 1) the snat-pool and health-check configured in the template reference the CERNET template. The source nat is not performed and the health check method is called. The slb template port tem-cernet health-check ping-cernet-gw connection template performs source nat and calls the health check Method. Slb template port tem-cnc health-check ping-cnc-gw source-nat snat-cnc mobile network template tem-cmcc is set in the same way as China Unicom. 3) configure each link gateway and Service Group Information Education Network Gateway slb server cernet-gw 1.1.1.1 health-check ping-cernet-gw weight 10 port 0 udp no health-check port 0 tcp no health-check here the weight value is the Weighted Round Robin weight of udp requests, when configuring the gateway, you must disable health check in the port configuration. Otherwise, the default detection will return the detection failure result. The cmcc-gw configuration of the mobile link gateway is the same as that of the cnc-gw configuration of the UNICOM link gateway, but the weight value is different. The Service Group is configured with TCP and UDP, and the server port template is introduced. Configure a TCP Service Group: You need to define a service group for each link. The Gateway configuration corresponding to the link in the Service Group has the highest priority (the higher the priority value, the higher the priority, in the configuration instance, the Service Group only takes effect for cernet-gw, And the cnc-gw takes effect only after the cernet-gw health check fails ), define the slb service-group cernet-gw-tcp protocol service group slb service-group cernet-gw-tcp member cernet- gw: 0 template tem-cernet priority 15 member cnc-gw: 0 template tem-cnc priority 10 member cmcc-gw: 0 template tem-cmcc priority 5 configure the UDP Service Group: you only need to configure a udp Service Group. The members in the service group have the same priority and the traffic distribution method is Weighted Round Robin. Slb service-group udp method weighted-rr member cernet-gw: 0 template tem-cernet priority 5 member cnc-gw: 0 template tem-cnc priority 5 member cmcc-gw: 0 template tem-cmcc priority 5 or above configure the source address nat configuration and health check to bind with each link gateway, when a data packet selects a link according to the routing policy, the data packet performs source address nat according to the template. The health status of each link is also detected using the template detection method. 3. Configure an out-of-the-box policy definition. Use the target address as the session persistence template dip-pst: slb template persist destination-ip dip-pst to import the ip address of a Chinese carrier: bw-list chinaall t ftp://172.31.31.100/chinaall.txt Configure the tcp routing policy based on the destination address: slb template policy link-select-tcp bw-list name chinaall bw-list id 1 service-group ctc-gw-tcp bw-list id 2 service-group cnc-gw-tcp bw -list id 3 service-group cmcc-gw-tcp bw-list id 4 service-group cnc-gw-tcp bw-list id 5 service-group cmcc-gw-tcp bw- list id 6 service-group cernet-gw-tcpbw-list id 7 service-group cernet-gw-tcpbw-list id is the carrier id after each IP address in chinaall, 1 to 7 in order: China Telecom, China Netcom, China tietong, China Unicom, and China Mobile Animation, education, and others. Similarly, the link-select-udp policy is configured to be optional for non-tcp and udp protocols. Configure an outbound policy: slb virtual-server To-Internet 0.0.0.0 port 0 tcp name _ wildcard_v4_TCP_0 use-rcv-hop-for-resp no-dest-nat template policy link-select-tcp port 0 others name _ wildcard_v4_TCP_0 use-rcv-hop-for-resp no-dest-nat template policy link-select-udp port 0 udp name _ wildcard_v4_UDP_0 service-group udp-group use-rcv-hop- for-resp no-dest-nat template persist destination-ip dip-pst Address routing. udp uses Weighted Round Robin (WRR) for routing. In udp Weighted Round Robin, session persistence based on the destination address must be configured to ensure normal use of udp applications. Without this configuration, communication between users in the network and an Internet address may be completed through multiple links, the security mechanism of the other party blocks the application as an attack.