F5 BIG-IP LTM 负载均衡器培训

资源描述

,地址,:,广州市体育西路,1-3,号,19,楼邮编,:510620,电话,:(,020)85239088,传真,:(020)85239899,热线,:(020)85239199,网址,:,F5 BIG-IP LTM,负载均衡器培训,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,F5 BIG-IP,产品分类,BIG-IP LC,链路接入优化,BIG-IP LTM,应用流量管理,BIG-IP GTM,广域网流量优化,LTM,Local Traffic Manager,局域网流量管理器,Page,4,6800,6400,3400,1500,Simplified Management:,Lights Out Management,Multi-Boot Support,LCD for Simplified Management,Hot-Swappable Parts,Redundant Power / Fans,Port Flexibility,PCI Slots,Independent Secure Management Access,Powerful,:,Packet Velocity ASIC 2,High Performance SSL & Compression,High Performance Switching Fabric,Dual Processor,*,All Models Include 100 TPS SSL Acceleration,8400,F5,BIG-IP 1500,介绍,2,个千兆光纤端口，,4,个千兆电口,内置独立管理机,-,生产系统与管理系统分离，进一步提高系统可靠性,768MB,内存，单,CPU,BIGIP 1500 LTM,全面支持多应用负载均衡：,12,种负载均衡算法,可编程控制架构：,50,多个事件，,200,多个函数处理,内置,100TPS SSL,加速功能，独立,NP,处理,SSL,对称算法和非对称算法,多种可扩展模块：,SSL,加速、带宽控制、内存,Cache,、,HTTP,压缩,BIG-IP 3400,介绍,Page,6,2,个千兆光纤端口，,8,个千兆电口,内置独立管理机,-,生产系统与管理系统分离，进一步提高系统可靠性,Packet Velocity ASIC 2,提供高性能四,-,七层处理,1GB,内存，超线程,2.8Ghz CPU,BIGIP 3400 LTM,全面支持多应用负载均衡：,12,种负载均衡算法,可编程控制架构：,50,多个事件，,200,多个函数处理,内置,100TPS SSL,加速功能，独立,NP,处理,SSL,对称算法和非对称算法,多种可扩展模块：,SSL,加速、带宽控制、内存,Cache,、,HTTP,压缩,BIG-IP LTM 6400/6800,4,个千兆光纤端口，,16,个千兆电口,内置独立管理机,-,生产系统与管理系统分离，进一步提高系统可靠性,Packet Velocity ASIC 2,提供高性能四,-,七层处理,2GB,内存，双,64,位高速,CPU,BIGIP 6400 LTM,全面支持多应用负载均衡：,12,种负载均衡算法,可编程控制架构：,50,多个事件，,200,多个函数处理,内置,100TPS SSL,加速功能，独立,NP,处理,SSL,对称算法和非对称算法,多种可扩展模块：,SSL,加速、带宽控制、内存,Cache,、,HTTP,压缩、,Application Security,BIG-IP 3400 Application Switch,内部构造,Processor board,Page,8,Switch board,Processor,SSL card,B,A,SCCP,ASIC2,Switch chips,D,E,F,CF & HD,C,BIG-IP,逻辑示意图,Page,9,Platform Sizing Guide,Page,10,BIG-IP 1500,BIG-IP 3400,BIG-IP 6400,BIG-IP 6800,BIG-IP 8400,Layer 4,Connections/sec,30,000,110,000,220,000,220,000,300,000,Layer 7,Connections/sec,22,000,50,000,75,000,110,000,120,000,Max. throughput,500 Mbps,1 Gbps,2 Gbps,4 Gbps,10 Gbps,Max. conc. conn.,4 Million,4 Million,8 Million,8 Million,8 Million,Max. SSL TPS,2,000,5,000,15,000,20,000,22,000,Max. SSL Bulk,500 Mbps,1 Gbps,2 Gbps,2 Gbps,2.2 Gbps,Max. SSL conc. conn.,100,000,200,000,500,000,500,000,500,000,Max. compression,100 Mbps,500 Mbps,2 Gbps,2 Gbps,3 Gbps,Switch backplane,14 Gbps,22 Gbps,44 Gbps,48 Gbps,80 Gbps,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Page,11,应用交换机的基本工作,截获和检查流量,保证只有合适的数据包才能通过,服务器监控和健康检查,随时了解服务器群的可用性状态,负载均衡和应用交换功能,通过各种策略导向到合适的服务器,会话的保持,以实现与应用系统完美结合,截取,监控,保持,负载均衡,BIG-IP-LTM,的工作模式,virtual server,192.168.101.1:80,pool,(name=,cgi_boxes),member,(server=,10.1.1.3:80),member,(server=,10.1.1.2:80),member,(server=,10.1.1.1:80),pool,(name=,asp_boxes),member,(server=,10.1.1.6:80),member,(server=,10.1.1.5:80),member,(server=,10.1.1.4:80),virtual addr,192.168.101.1,virtual server,192.168.101.1:443,pool,(name=,ssl_boxes),member,(server=,10.1.1.6:443),member,(server=,10.1.1.2:443),member,(server=,10.1.1.1:443),virtual addr,192.168.101.2,负载均衡,智能流量控制,（通过检查,URL,，,Header,，,Cookie,，,TCP/UDP,内容）,基于端口的流量导向,基于地址的流量导向,用户请求,iRules,单台服务器到多台服务器的转变,Internet,BIG-IP LTMs,Clients,Servers,Clients,Internet,什么叫服务器负载均衡,Page,15,1,2,3,4,5,6,7,8,Clients,Clients,Internet,BIG-IP-LTM,基本功能,-,服务器负载均衡,1,2,3,1,2,3,最多的负载均衡模式(12种),其中观察模式,预测模式是,F5,的专利,会话保持技术最多(8种),其中,Cookie,会话保持技术向所有的竞争对手收取专利费,服务器健康检查最彻底,专有的,EAV,、,ECV,健康检查模式,性能最好,速度最快:,270,000 S/S Lay4; 110,000 S/S Lay7;10Gbps;,会话保持数量第一达到:,800,万,支持最多的,VIP : 4,万个,唯一交换机厂商有开放的,API,BIG-IP,application switch combo Link Controller,外部应用验证,EAV (Extended Application Verification),EAV,是一种状态检查，可通过远程运行应用对节点上的应用进行验证。,EAV,状态检查只是,LTM,系统上可用的三种状态检查类型之一。请参阅,“状态检查，状态,Monitor”,和“外部,Monitor”,。,扩展内容验证,ECV (Extended Content Verification),ECV,是一种状态检查，它使您能够根据节点是否返回特定内容来确定节,点是,Up,还是,Down,。,ECV,状态检查只是,LTM,系统上可用的三种状态,检查类型之一。请参阅“状态检查”。,Internet,Virtual Server& NAT,虚拟服务器与网络地址转换,Page,17,真实服务器,Real Server,网络地,址转换,Virtual Server Address,216.34.94.17:80,Real Server Address,216.34.94.17:80,Internet,虚拟服务器,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,172.16.20.4:8080,Network Flow - Packet #1,Page,18,Internet,域名,IP,地址,216.34.94.17,Virtual Server Address,216.34.94.17:80,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:808,172.16.20.3:8080,Network Flow - Packet #1,Page,19,LTM translates Dest Address to Node based on Load Balancing,Internet,Packet # 1,Src - 207.17.117.20:4003,Dest 216.34.94.17:80,Packet # 1,Src 207.17.117.20:4003,Dest 172.16.20.1:8080,207.17.117.20,216.34.94.17:80,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Network Flow,Packet #1 Return,Page,20,LTM translates Src Address back to Virtual Server Address,Internet,Packet # 1 - return,Dest - 207.17.117.20:4003,Src 216.34.94.17:80,Packet # 1 - return,Dest 207.17.117.20:4003,Src 172.16.20.1:8080,207.17.117.20,216.34.94.17:80,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Network Flow - Packet #2,Page,21,Internet,Packet # 2,Src - 207.17.117.21:4003,Dest 216.34.94.17:80,Packet # 2,Src 207.17.117.21:4003,Dest 172.16.20.2:8080,207.17.117.21,216.34.94.17:80,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Network Flow,Packet #2 Return,Page,22,Internet,Packet # 2 - return,Dest - 207.17.117.21:4003,Src 216.34.94.17:80,172.16.20.4:8080,Packet # 2 - return,Dest 207.17.117.21:4003,Src 172.16.20.2:8080,207.17.117.21,216.34.94.17:80,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Network Flow - Packet #3,Page,23,Internet,Packet # 3,Src - 207.17.117.25:4003,Dest 216.34.94.17:80,Packet # 3,Src 207.17.117.25:4003,Dest 172.16.20.4:8080,207.17.117.25,216.34.94.17:80,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Network Flow,Packet #3 Return,Page,24,Internet,Packet # 3 - return,Dest - 207.17.117.25:4003,Src 216.34.94.17:80,172.16.20.4:8080,Packet # 3 - return,Dest 207.17.117.25:4003,Src 172.16.20.4:8080,207.17.117.25,216.34.94.17,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Connection Table,连接表,Src IP Address,Virtual Server,Real Server,207.17.117.20:4003,216.34.94.17:80,172.16.20.1:8080,207.17.117.21:4003,216.34.94.17:80,172.16.20.2:8080,207.17.117.20:4005,216.34.94.17:80,172.16.20.3:8080,207.17.117.21:4008,216.34.94.17:80,172.16.20.1:8080,207.17.117.25:4003,216.34.94.17:80,172.16.20.4:8080,Src IP Address,Virtual Server,207.17.117.20:4003,216.34.94.17:80,207.17.117.21:4003,216.34.94.17:80,207.17.117.20:4005,216.34.94.17:80,207.17.117.21:4008,216.34.94.17:80,207.17.117.25:4003,216.34.94.17:80,Page,25,客户端,负载均衡器,Connection Table,连接表,Src IP Address,Virtual Server,Real Server,207.17.117.20:4003,216.34.94.17:80,172.16.20.1:8080,207.17.117.21:4003,216.34.94.17:80,172.16.20.2:8080,207.17.117.20:4005,216.34.94.17:80,172.16.20.3:8080,207.17.117.21:4008,216.34.94.17:80,172.16.20.1:8080,207.17.117.25:4003,216.34.94.17:80,172.16.20.4:8080,Src IP Address,Real Server,207.17.117.20:4003,172.16.20.1:8080,207.17.117.21:4003,172.16.20.2:8080,207.17.117.20:4005,172.16.20.3:8080,207.17.117.21:4008,172.16.20.1:8080,207.17.117.25:4003,172.16.20.4:8080,Page,26,服务器端,负载均衡器,F5,负载均衡的基本构件,Pool,、,Pool Members,与,Nodes,Page,27,Internet,172.16.20.4:8080,172.16.20.1:80,172.16.20.2:4002,172.16.20.3:80,Pool Members,Nodes refer to Pool Members IP Address only,Pools, Members and Nodes,Page,28,172.16.20.1,172.16.20.2,172.16.20.3,Node = IP address,:,80,:,80,:,80,Pool Member,= Node + Port,Pool,= Group of pool members,Pool Members,的端口与地址问题,Page,29,注意：,1,、,Pool Member,的端口可以不一样,2,、,Pool Member,不一定需要与,BIG-IP,相连或在同一网段,Internet,Virtual Server,216.34.94.17:80,Pool Members,172.16.20.0/24,192.168.20.0/24,路由器,192.168.20.4:,8080,172.16.20.1:,80,172.16.20.2:,4002,192.168.20.3:,80,虚拟服务器,Virtual Server,Page,30,Internet,172.16.20.4:8080,172.16.20.2:4002,172.16.20.3:80,Virtual Server,IP Address + Service (Port) Combination,端口可以为,Any (0),准备了负载均衡器是否需要对流过的网络流量作处理,一般与,Pool,相关联,216.34.94.17:80,如何选择服务器,-,负载均衡算法,Round Robin,Ratio,Least Connections,Fastest,Observed,Predictive,Dynamic Ratio,Priority Group Activation,Fallback Host,Page,31,Static,Dynamic,Failure Mechanisms,主要使用轮询、最少连接,BIG-IP LTM,负载均衡模式,轮询（,RoundRobin,）,：顺序循环将请求一次顺序循环地连接每个服务器。当其中某个服务器发生第二到第,7,层的故障，,BIG/IP,就把其从顺序循环队列中拿出，不参加下一次的轮询，直到其恢复正常。,比率（,Ratio,）,：给每个服务器分配一个加权值为比例，根椐这个比例，把用户的请求分配到每,个服务器。当其中某个服务器发生第二到第,7,层的故障，,BIG/IP,就把其从服务器队列中拿出，不参加下一次的用户请求的分配，直到其恢复正常。,优先权（,Priority,）：给所有服务器分组，给每个组定义优先权，,BIG/IP,用户的请求，分配给优先级最高的服务器组（在同一组内，采用轮询或比率算法，分配用户的请求）；当最高优先级中所有服务器出现故障，,BIG/IP,才将请求送给次优先级的服务器组。这种方式，实际为用户提供一种热备份的方式。,最小的连接数（,LeastConnection,）,：传递新的连接给那些进行最少连接处理的服务器。当其中某个服务器发生第二到第,7,层的故障，,BIG/IP,就把其从服务器队列中拿出，不参加下一次的用户请求的分配，直到其恢复正常。,最快模式（,Fastest,）,：传递连接给那些响应最快的服务器。当其中某个服务器发生第二到第,7,层的故障，,BIG/IP,就把其从服务器队列中拿出，不参加下一次的用户请求的分配，直到其恢复正常。,观察模式（,Observed,）：连接数目和响应时间以这两项的最佳平衡为依据为新的请求选择服务器。当其中某个服务器发生第二到第,7,层的故障，,BIG/IP,就把其从服务器队列中拿出，不参加下一次的用户请求的分配，直到其恢复正常。,预测模式（,Predictive,）：,BIG/IP,利用收集到的服务器当前的性能指标，进行预测分析，选择一台服务器在下一个时间片内，其性能将达到最佳的服务器相应用户的请求。,(,被,big/ip,进行检测,),规则模式（,iRule,）,：针对不同的数据流设置导向规则，用户可自行编辑流量分配规则，,BIG/IP,利用这些规则对通过的数据流实施导向控制。,如何识别不可用的服务器,服务器健康检查,Health Monitors,Page,33,Internet,172.16.20.3:80,服务健康检查,Monitor Concepts,网络连通性检查,Address Check,Node,IP Address,端口,Service Check,IP : port,内容检查,Content Check,IP : port plus check data returned,Page,34,网络连通性检查,Address Check,Page,35,Internet,172.16.20.1,172.16.20.2,172.16.20.3,ICMP,端口,Service Check,Page,36,Internet,TCP Connection,172.16.20.1:80,172.16.20.3:80,172.16.20.2:80,内容检查,Content Check,Page,37,Internet,172.16.20.1:80,172.16.20.3:80,http GET /,172.16.20.2:80,会话保持,Persistence,Page,38,1,2,3,1,2,3,Connection Table,连接表,Src IP Address,Virtual Server,Real Server,207.17.117.20:4003,216.34.94.17:80,172.16.20.1:8080,207.17.117.21:4003,216.34.94.17:80,172.16.20.2:8080,207.17.117.20:4005,216.34.94.17:80,172.16.20.3:8080,207.17.117.21:4008,216.34.94.17:80,172.16.20.1:8080,207.17.117.25:4003,216.34.94.17:80,172.16.20.4:8080,Src IP Address,Real Server,207.17.117.20:4003,172.16.20.1:8080,207.17.117.21:4003,172.16.20.2:8080,207.17.117.20:4005,172.16.20.3:8080,207.17.117.21:4008,172.16.20.1:8080,207.17.117.25:4003,172.16.20.4:8080,Page,39,服务器端,负载均衡器,Source Address Persistence Table,Src IP Address,Virtual Server,Real Server,207.17.117.20:4003,216.34.94.17:80,172.16.20.1:8080,207.17.117.21:4003,216.34.94.17:80,172.16.20.2:8080,207.17.117.20:4005,216.34.94.17:80,172.16.20.3:8080,?,207.17.117.21:4008,216.34.94.17:80,172.16.20.1:8080,?,207.17.117.25:4003,216.34.94.17:80,172.16.20.4:8080,Src IP Address,Real Server,207.17.117.20,172.16.20.1,207.17.117.21,172.16.20.2,207.17.117.25,172.16.20.4,Page,40,Persistence Table,负载均衡器,Source Address Persistence,Based on Client Source IP Address,Netmask - Address Range,Page,41,1,2,3,1,2,3,205.229.151.10,205.229.152.11,If Netmask is 255.255.255.0,205.229.151.107,Cookie Persistence,Insert mode,BIG-IP LTM Inserts a cookie into the stream,Rewrite mode,Web server creates cookie and BIG-IP LTM changes it,Passive mode,Web server creates cookie and BIG-IP LTM reads it,Page,42,Cookie Insert Mode,Page,43,Client,Server,HTTP request (no special cookie),TCP handshake,TCP handshake,HTTP request (no special cookie),HTTP reply (no special cookie),HTTP reply (with inserted cookie),pickserver,HTTP request (with same cookie),TCP handshake,TCP handshake,HTTP request (no special,cookie),HTTP reply (no special cookie),HTTP reply (updated cookie),cookiespecifiesserver,First Hit,Second Hit,源地址转换,SNATs,多对一的转换,Many-to-one mapping,Traffic to SNAT Address is refused,Can share IP with Virtual Server,Page,44,Internet,207.10.1.102,172.16.20.1,172.16.20.2,172.16.20.3,SNATs,Typical Traffic Flow,Page,45,Internet,207.10.1.102,172.16.20.1,172.16.20.2,172.16.20.3,172.16.20.1:4001, 205.229.151.203:80,207.10.1.102:33001, 205.229.151.203:80,Source address translated to SNAT address,Note source port,Server,205.229.151.203:80,SNATs,Response Traffic Flow,Page,46,Internet,SNAT IP Address 207.10.1.102,172.16.20.1,172.16.20.2,172.16.20.3,205.229.151.203:80,172.16.20.1:4001,205.229.151.203:80,207.10.1.102:33001,Response packet translated back,Server,205.229.151.203:80,SNAT Table,Src IP Address,SNAT Address,Destination IP,172.16.20.1:4001,207.10.1.102:33001,205.229.151.203:80,172.16.20.2:4001,207.10.1.102:33002,205.229.151.203:80,172.16.20.3:4003,207.10.1.102:33005,205.229.151.203:80,172.16.20.1:4003,207.10.1.102:33006,205.229.151.203:80,172.16.20.4:4001,207.10.1.102:33007,205.229.151.203:80,Src IP Address,Real Server,207.10.1.102:33001,205.229.151.203:80,207.10.1.102:33002,205.229.151.203:80,207.10.1.102:33005,205.229.151.203:80,207.10.1.102:33006,205.229.151.203:80,207.10.1.102:33007,205.229.151.203:80,Page,47,服务器端,负载均衡器,Source Address Persistence Table,Src IP Address,SNAT Address,Destination IP,172.16.20.1:4001,207.10.1.102:33001,205.229.151.203:80,172.16.20.2:4001,207.10.1.102:33002,205.229.151.203:80,172.16.20.3:4003,207.10.1.102:33005,205.229.151.203:80,172.16.20.1:4003,207.10.1.102:33006,205.229.151.203:80,172.16.20.4:4001,207.10.1.102:33007,205.229.151.203:80,Src IP Address,Dst IP Address,205.229.151.203:80,207.10.1.102:33001,205.229.151.203:80,207.10.1.102:33002,205.229.151.203:80,207.10.1.102:33005,205.229.151.203:80,207.10.1.102:33006,205.229.151.203:80,207.10.1.102:33007,Page,48,服务器的回应,负载均衡器,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Page,49,Installation,Page,50,Internet,BIG-IP LTMs,Clients,Servers,Initial BIG-IP LTM Setup,设定管理网口地址,通过,LCD,设置,通过,Console,线设置,Config utility,从网络通过缺省地址上去再修改,Config utility,激活,License,Setup utility,Root password,Web Admin password,SSH Access,Assign interfaces to VLANs,IP Address for VLANs,Page,51,BIG-IP,接口说明,(,以,3400,为例,),Page,52,1.1,2.1,10/100/1000M,电口,1.11.8,端口编号,:,从上到下，从左到右,1.1,2.1,2.2,1.2,1.3,1.4,1.5,1.6,1.7,1.8,千兆光纤接口,2.1 2.2,mgmt,eth0,管理网口,eth0,，主机接口,usb,console,failover,Config Utility,Page,53,Initial IP Address is 192.168.1.245,Setup / Configuration Access,Two methods,Web Interface,https (remote),Command Line,ssh (remote),Serial Terminal,Page,54,License Process,Manual,Page,55,PC,BIG-IP,F5 License Server,activate.F,Internet,Copy Product Dossier to PC,Paste Product Dossier to F5,Move PC to Internet,Download License to PC,Upload & Install License file,Run Setup utility,手动激活方式,PC,https:/activate.F,Move PC back,Reboot,(v9.2),License Process,Automated,Page,56,Internet,Run Setup utility,Enter Registration Key,PC,BIG-IP,License the box,Get License from F5,Select parameters,F5 License Server,activate.F,Reboot,(v9.2),WEB,管理界面：,Setup Utility,Page,57,https:/,Management IP Address,Setup Utility,Network,Page,58,External VLAN,与,Internal VLAN,Page,59,真实服务器,Real Server,Virtual Server Address,216.34.94.17:80,Internet,172.16.20.4:8080,172.16.20.1:8080,172.16.20.2:8080,172.16.20.3:8080,Real Server Address,216.34.94.17:80,Internet,虚拟服务器,External VLAN,Self IP 216.34.94.1,Internal VLAN,Self IP 172.16.20.254,创建,VLAN,Page,60,Network,VLANS,Create,为,VLAN,设置,Self IP,地址,Page,61,Port Lockdown,Defaults are:,UDP,DNS, SNMP & RIP,TCP,SSH, DNS, SNMP, HTTPS & iQuery,Page,62,设置路由与网关,Page,63,限制,SSH,访问,Page,64,Internet,216.34.94.32,216.34.94.15,216.34.91.10,Deny,Allow 216.34.94.*,F5 WEB,配置界面,Page,65,系统通用属性设置,网络设置,:VLAN/ IP/,路由,负载均衡相关设置,性能与统计,用户配置,Page,66,备份,/,恢复,BIG-IP LTM,配置,Page,67,System,Archives,，点击,Create:,如果在另外一台,BIG-IP,上恢复备份的配置，需要重新激活,License,SSH,登陆方式,Secure Shell Client,Tera Term with Secure Shell extension (TTSSH),PuTTY,Page,68,重置,BIG-IP,的设置,b db all reset,b reset,b save,b base reset,b self allow default tcp ssh tcp https udp efs tcp snmp proto ospf udp domain udp snmp tcp 4353 tcp domain udp 4353 ,b base save,最后运行,config,设置管理口,IP,，然后用,reboot,重启。,Page,69,在命令行执行以下命令：,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Page,70,配置服务器负载均衡的步骤,创建,Health Monitor,创建,Pool,并为,Pool Member,关联相应的,Monitor,创建,Profile,创建,Persistence Profile,创建,Virtual Server,并为,Virtual Server,选择相应的,Profile,与,Pool,Page,71,配置,Monitors,系统内置的,Monitor (Templates),Address Checks (icmp),Service Checks (tcp),Content Checks (http),Interactive Checks (ftp),Availability:,All templates can be customized,Some can be Assigned “as-is”,Some can only be used as Templates for Custom Monitors,Page,72,定制,Monitors,Page,73,配置检测时间,间隔时间,超时时间,Page,74,推荐配置, 3n + 1,配置健康检测参数,配置,Nodes,的健康检测,Health Monitors,Page,76,配置,Pools,Page,77,Assigning Monitors to Pools,Page,78,For one Member,Member and Node Status,Page,79,Parent-Child Status,节点,Node,节点成员,Member,池,Pool,虚拟服务器,Virtual Server,状况,绿色可用,红色不可用,蓝色未知,配置负载算法,Page,80,Profiles,属性集,Page,81,Internet,Virtual Server,Virtual Server,是,BIG-IP,上地址加端口的组合，决定是,BIG-IP,是否需要对到达其上的网络流量进行处理。,而应该如何来处理，是,根据,Virtual Server,上所关联的,Profile,来决定的。,Profile,使用,A Profile is:,定义了流量处理的处理方式,TCP,，,HTTP, FTP, SSL, compression, persistence,并将处理方式适用到关联的,Virtual Server,上,可以从,Profile,模板的基础上加以创建,具有依赖与继承性：依赖于其它相关的,Profile,Page,82,Profile,的类型,Page,83,常用的,Profile,TCP,FASTL4,HTTP,FTP,SSL,Configuring Cookie Persistence,Then set Cookie Persist profile,Cookie Persist requires http profile,配置虚拟服务器,Scroll down,配置虚拟服务器参数,Page,87,SNAT,配置,Internet,207.10.1.102,172.16.20.1,172.16.20.2,172.16.20.3,SNAT Timeout,Page,89,Statistics,和,Statistics Type,Summary,Virtual Servers,Pools,Nodes,Page,90,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Redundant Pair,Redundant Pair Concepts,Setup of a Redundant Pair,Synchronization,Page,92,Internet,Clients,Servers,BIG-IP LTMs,双机配置,Page,93,External IP 10.10.X.32,Internet,External IP 10.10.X.31,Floating IP 10.10.X.33,Failover,172.16.X.32,Failover,172.16.X.31,Internal IP 172.16.X.32,Internal IP 172.16.X.31,Floating IP 172.16.X.33,2,1,浮动地址,设备,ID,故障切换,双机配置参数,配置同步设置,Page,95,Sync,Other,Config,Current,Config,主备设置,手动切换主备状态,From Active LTM - not Standby,Page,97,Command Line : b failover standby,Scroll down,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Page,98,Command Line - bigpipe,Page,99,bigpipe virtual VS_http,destination 10.10.X.100:http,profile http tcp,persist src_persist,pool http_pool,bigtop Commands,q,bigtop,delay #,bigtop,n,bigtop,once,bigtop,once|more,Page,100,bigtop Commands,Page,101,bigstart Commands,Actions,Stop, Start, Restart,Start on Boot, Include in Default,Processes,bigd,Monitors,alertd - Notification,Page,102,Other Commands,ifconfig,netstat,ps,tail,Books and,“,man,”,pages,Page,103,内容,BIG-IP LTM,产品介绍,负载均衡基本原理,BIG-IP,初始化安装与,VLAN,设置,配置,BIG-IP,实现服务器负载均衡,双机配置,BIG-IP,命令行,典型组网,Page,104,BIG-IP,双机接线方式四,BIG-IP,旁挂方式,Page,105,推荐使用,BIGIP 3400,负载均衡器,Server3,Server4,Server2,Server1,中心交换,Internet,BIGIP 3400,负载均衡器,在同一个交换机上划分多个,VLAN,的做法，,双机自动切换机制采用,VLAN,监控方式,External Vlan,External Vlan,Internal Vlan,Internal Vlan,优点,：易于管理维护，扩展性高（不依赖于负载均衡器端口数目）,缺点,：需要划分不同的,VLAN,，适合于新上线系统,BIG-IP,旁挂方式的一些变化,Page,106,Trunk,Client1,Client2,Server1,Server2,BIGIP 3400,BIGIP 3400,External Vlan,External Vlan,Switch,Internal Vlan,Internal Vlan,通过,Link Aggregation,（,Port Channel),提高链路可靠性,F5 Link Aggregation,与华为交换机兼容,用于提高带宽和链路可靠性,BIG-IP,旁挂方式的一些变化,Page,107,Trunk VLAN:,VLAN 10,11,12,交换机,Vlan101,Vlan102,Vlan103,Port Channel :,Port 2.1,2.2,光纤接口,Trunk vlan :,Vlan 10, 11, 12, 101103,Port Chann

展开阅读全文

F5 BIG-IP LTM 负载均衡器培训

最新文档