Cisco SLB (服务器负载均衡)配置实例

SLB(Server Load Balancing) feture是一个基于Cisco IOS的第4层或第7层交换(实质为:服务器负载均衡)解决方案。
实现原理:
此feture定义一个前端的virtual server来代表整个real servers cluster(Server Farm)。当clients初始化一个连接到virtual server时,IOS SLB根据相应的配置,动态的从这些real servers中负载均衡流量。
支持设备:
Hardware Software Release
Cisco Catalyst 6500 Series/7600 Series Supervisor Engines 720-3B and 720-3BXL
(WS-SUP720-3B and WS-SUP720-3BXL) Cisco IOS Software Release 12.2(18)SXD and later
Cisco Catalyst 6500 Series/7600 Series Supervisor Engines 32-GE-3B and 32-10GE-3B
(WS-SUP32-GE-3B and WS-SUP32-10GE-3B) Cisco IOS Software Release 12.2(18)SXF5 and later
另外:经试验 cisco 2621 3640 3745 7507设备上可以支持 slb(我使用的版本是12.4
SLB两种运行模式:
1>dispatched mode
(1)所有的real servers都知道virtual server的地址。必须配置每一个real server的loopback地址为virtual server的VIP地址。这样real server就可以使用loopback地址代表VIP来直接回复clients,就像它就是virtual server一样。
(2)VIP地址在传给real servers时不会被改变,IOS SLB在第二层将数据包重定向给real servers,这样real servers必须与IOS SLB能在二层直接访问。
2>directed mode
(1)virtual server可以分配一个real servers不知道的VIP地址。Virtual server使用NAT将VIP地址转换为real servers的IP地址。
(2)要使用directed mode,要给server farm配置nat server命令。
Probes:
IOS SLB支持HTTP probes,ping probes,wireless session protocol(WSP)probes。
这些probes可以用来检测,监控real servers的负载均衡情况。
HTTP probes每8秒连接一次HTTP real servers。使用此feture需要配置命令method get。
Section II. Command Syntax
1>Real Server Defination
命令语法:
ip slb serverfarm {serverfarm_name}
real {ip-address-of-real-server}
inservice
实例:
router(config)#ip slb serverfarm name1
router(config-slb-sfarm)#real 192.168.1.1
router(config-slb-real)#inservice
router(config-slb-real)#exit
router(config-slb-sfarm)#real 192.168.1.2
router(config-slb-real)#inservice
router(config-slb-real)#exit
router(config-slb-sfarm)#exit
router(config)#ip slb serverfarm name2
router(config-slb-sfarm)#real 192.168.1.3
router(config-slb-real)#inservice
router(config-slb-real)#exit
检测命令:
show ip slb real
show ip slb serverfarm
2>Virtual Server(Front End Server) Defination
命令语法:
ip slb vserver {vserver-name}
virtual {ip-address} [network-mask] {tcp|udp} [port-number|wsp|wsp-wtp|wsp-wtls|wsp-wtp-wtls] [service {service-name}]
serverfarm {primary-serverfarm-name} [backup {backup-serverfarm-name} [sticky]]
inservice
client {ip-address-allowed} {network-mask}
实例:
router(config)#ip slb vserver name1
router(config-slb-vserver)#virtual 192.168.1.253 tcp www
router(config-slb-vserver)#serverfarm name1
router(config-slb-vserver)#client 10.1.1.0 255.255.255.0
router(config-slb-vserver)#inservice
router(config-slb-vserver)#exit
router(config)#ip slb vserver name2
router(config-slb-vserver)#virtual 192.168.1.254 tcp www
router(config-slb-vserver)#serverfarm name2
router(config-slb-vserver)#client 10.1.2.0 255.255.255.0
router(config-slb-vserver)#inservice
router(config-slb-vserver)#exit
检测命令:
show ip slb vserver
show ip slb connections
show ip slb connections client {ip-address} detail
show ip slb status
Case Study:HTTP SLB
测试环境:
Catalyst 6000 family Supervisor IOS Release 12.1(6)E for Supervisor Engine 1 with MSFC1(c6sup11-jsv-mz.121-6.E1)
Microsoft Windows 2000/IIS Web Servers
IOS SLB Configuration Using Catalyst 6509:
Current configuration:
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat6
!
boot buffersize 126968
boot system flash slot0:c6sup11-jsv-mz.121-6.E1.bin
!
redundancy
main-cpu
auto-sync standard
ip subnet-zero
!
no ip finger
no ip domain-lookup
!
ip slb probe KEEPALIVE http
!
ip slb serverfarm SERVERS
probe KEEPALIVE
!
real 10.1.1.3
inservice
!
real 10.1.1.5
inservice
!
ip slb vserver WEBSITE
virtual 172.17.63.215 tcp www
serverfarm SERVERS
inservice
!
cns event-service server
!
interface GigabitEthernet1/1
no ip address
shutdown
!
interface GigabitEthernet1/2
no ip address
shutdown
!
interface FastEthernet2/1
no ip address
switchport
switchport access vlan 100
switchport mode access
!
interface FastEthernet2/2
no ip address
shutdown
!
interface FastEthernet2/3
no ip address
switchport
switchport access vlan 200
switchport mode access
!
interface FastEthernet2/4
no ip address
switchport
switchport access vlan 200
switchport mode access
!
interface FastEthernet2/5
no ip address
shutdown
!
interface FastEthernet2/48
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 172.17.63.211 255.255.255.192
!
interface Vlan200
ip address 10.1.1.250 255.255.255.0
!
ip default-gateway 172.17.63.193
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.63.193
no ip http server
!
line con 0
transport input none
line vty 0 4
password cisco
login
!
end
Verify:
1>show ip slb mode 查看SLB mode的状态
cat6#show ip slb mode
SLB forwarding mode = rp (default)
SLB configured mode = rp (default)
2>show ip slb vserver 查看virtual server的状态信息
cat6#show ip slb vserver
slb vserver protocol virtual state conns
————————————————————————
WEBSITE TCP 172.16.63.215/32:80 OPERATIONAL 0
3>show ip slb reals 查看每个real server的状态信息
cat6#show ip slb reals
real server farm weight state conns
——————————————————————-
10.1.1.5 SERVERS 8 OPERATIONAL 0
10.1.1.3 SERVERS 8 OPERATIONAL 0
4>show ip slb serverfarm 查看server farm信息
cat6#show ip slb serverfarm
server farm predictor nat reals redirect bind id
————————————————————————–
SERVERS roundrobin none 2 0 0
注:nat属性下的none指示此server farm运行dispached mode
5>show ip slb conns [vserver virtual_server-name | client ip-address | firewall firewallfarm-name] [detail] 显示当前连接的状态
注:
vserver – 根据virtual server name显示相应的连接
client – 根据client的ip地址显示相应的连接
detail – 显示详细信息
cat6#show ip slb conns
vserver prot client real state nat
———————————————————————– —————
WEBSITE TCP 10.21.188.123:2187 10.1.1.5 ESTAB none
WEBSITE TCP 10.21.188.123:2190 10.1.1.5 CLOSING none
WEBSITE TCP 10.21.188.123:2192 10.1.1.3 ESTAB none
WEBSITE TCP 10.21.188.123:2197 10.1.1.3 CLOSING none
WEBSITE TCP 10.21.188.123:2200 10.1.1.5 SYNCLIENT none
WEBSITE TCP 10.21.188.123:2201 10.1.1.5 SYNCLIENT none
cat6#show ip slb conns detail
WEBSITE, client = 10.21.188.123:2187 state = ESTAB, real = 10.1.1.5,
nat = none v_ip = 172.17.63.215:80, TCP, service = NONE
client_syns = 1, sticky = FALSE, flows attached = 0
WEBSITE, client = 10.21.188.123:2205 state = CLOSING, real = 10.1.1.5,
nat = none v_ip = 172.17.63.215:80, TCP, service = NONE
client_syns = 3, sticky = FALSE, flows attached = 0
WEBSITE, client = 10.21.188.123:2206 state = ESTAB, real = 10.1.1.5,
nat = none v_ip = 172.17.63.215:80, TCP, service = NONE
client_syns = 2, sticky = FALSE, flows attached = 0
6>show ip slb probe 查看关于IOS SLB的相关信息
Probe的三种运行状态:
FAILED – probe运行失败
OPERATIONAL – probe正常运行
TESTING – probe没有运行成功,因为没有得到回复信息。IOS SLB不会为处于此状态的probe保持couters和timers计数器。
Show ip slb probe属性列示意:
Outages – 成功的probes之间的时间间隔
Current – 上次成功运行probe到现在的时间,即当前的outages值。
Cumulative – real server经历一个失败probe检测到现在的总的时间。
cat6#show ip slb probe
Server:Port State Outages Current Cumulative
———————————————————————–
10.1.1.3:80 OPERATIONAL 1 never 00:05:22
10.1.1.5:80 OPERATIONAL 0 never 00:00:00
Case Study:FTP SLB
测试环境:
Catalyst 6000 family Supervisor Cisco IOS?Software Release 12.1(8)E for Supervisor Engine 1 with
MSFC1 (c6sup11-jsv-mz.121-8a.E)
配置FTP SLB,必须使virtual server运行于dispatch mode,即所有的real FTP server都知道VIP地址。这样real FTP server就可以代表virtual server直接回复clients。VIP地址在virtual server给real FTP server时不会被改变,数据包在第二层被直接转发给real FTP server,所以real FTP server必须能与virtual server实现第二层互访。
IOS SLB FTP Configuration Using Catalyst 5509:
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat
!
boot buffersize 126968
boot system flash slot0:c6sup11-jsv-mz.121-8a.E.bin
!
redundancy
main-cpu
auto-sync standard
ip subnet-zero
!
!— FTP Serverfarm configuration.
ip slb serverfarm FTPFARM
real 10.1.1.3
inservice
!
real 10.1.1.4
inservice
!
!— FTP Virtual configuration.
!— Important: Config Loopback address on FTP Server’s with Virtual address.
ip slb vserver FTPSERVER
virtual 172.17.63.241 tcp ftp service ftp
serverfarm FTPFARM
inservice
!
interface GigabitEthernet1/1
no ip address
shutdown
!
interface GigabitEthernet1/2
no ip address
shutdown
!
interface FastEthernet2/1
description “Uplink to the Default Gateway”
no ip address
switchport
switchport access vlan 100
!
interface FastEthernet2/2
no ip address
shutdown
!
interface FastEthernet2/3
description “Connection to FTP server”
no ip address
switchport
switchport access vlan 200
!
interface FastEthernet2/4
description “Connection to FTP server”
no ip address
switchport
switchport access vlan 200
!
interface FastEthernet2/5
no ip address
shutdown
!
interface FastEthernet2/48
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
!— Client Side Vlan.
interface Vlan100
ip address 172.17.63.240 255.255.255.192
!
!— FTP Server Vlan.
!— Important: Configure the default gateway of the FTP Server to this address.
interface Vlan200
ip address 10.1.1.250 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.63.193
no ip http server
!
line con 0
line vty 0 4
login
!
end
Verify:
1>show ip slb vserver 查看virtual server信息
cat#show ip slb vserver
slb vserver protocal virtual state conns
———————————————————————-
FTPSERVER TCP 172.17.63.241/32:21 OPERATIONAL 4
2>show ip slb serverfarm 查看serverfarm信息
cat#show ip slb serverfarm
server farm predictor nat reals bind id
—————————————————————–
FTPFARM ROUNDROBIN none 2 0
TroubleShooting:
1>debug ip slb {conns | reals | vservers | all}
conn – debug IOS SLB当前处理的连接信息
vservers – debug IOS SLB关于virtual servers的信息
reals – debug IOS SLB关于real servers的信息
all – debug所有关于IOS SLB的信息
注:
1>FTP session信息有两部分连接:Control和Data
2>在passive FTP状态,client同时初始化control和Data连接。
3>passive mode指的是server的状态,指server被动的接受所有的连接。
4>在passive状态,源和目的ports都是临时的ports(大于1023的ports)。
5>由client决定ftp mode状态,client或是发出passive命令,或是发出port命令,从而初始化一个数据连接的建立。

发表评论

电子邮件地址不会被公开。 必填项已用*标注