F5负载均衡设备组网架构

xiaoge0923
2 ℃
2019-10-02

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

F5LTM组网架构李兴华F5售前工程师©F5Networks•单臂接入模式•双臂接入模式•远程节点模式•加入独立SSL/WA/ASM设备•防火墙负载均衡•多链路接入•灾备站点静态路由注入Agenda©F5NetworksLTM单臂接入模式3©F5Networks单臂接入模式下的网络物理结构4核心三层交换服务器服务器LTMLTM外部网络Vlan1串口心跳线©F5NetworksLTM单臂源地址替换接入典型架构设计5CoreSwitchCoreSwitchServerServer网络同步-独立Vlan串口心跳NetworkIP:192.168.0.1GW:192.168.0.254IP:192.168.0.2GW:192.168.0.254SelfIP:192.168.0.200GW:192.168.0.254VS:192.168.0.100SNATAutomapSelfIP:192.168.0.201GW:192.168.0.254VS:192.168.0.100SNATAutomapHSRP192.168.0.254TrunkTrunkTrunkActiveBackup©F5Networks单臂接入-源地址替换模式数据访问流程6核心三层交换服务器服务器LTMClient192.168.0.1192.168.1.10GW:192.168.1.254192.168.1.11GW:192.168.1.254VS:192.168.1.1:80SelfIP:192.168.1.253GW:192.168.1.254192.168.1.254192.168.0.254①②③④⑤SIPSportDIPDport①②192.168.0.16787192.168.1.180③192.168.1.2538888192.168.1.1180④192.168.1.1180192.168.1.2538888⑤⑥192.168.1.180192.168.0.16787⑥©F5Networks源地址替换后的处理7核心三层交换服务器服务器LTMClient192.168.0.1192.168.1.10GW:192.168.1.254192.168.1.11GW:192.168.1.254VS:192.168.1.1：80SelfIP:192.168.1.253GW:192.168.1.254192.168.1.254192.168.0.254①②③④⑤⑥HTTPProfilewhenHTTP_REQUEST{HTTP::headerinsertClient_IP=[IP::client_addr]}iRules只有HTTP协议的时候，可以通过将源地址插入到客户端请求的HTTPHeader里，然后在服务器上通过读取这个Header，获得客户端的真实源IP地址©F5Networks单臂接入-npath模式数据访问流程8核心三层交换服务器服务器LTMClient192.168.0.1192.168.1.10Lo:192.168.1.1GW:192.168.1.254192.168.1.11Lo:192.168.1.1GW:192.168.1.254VS:192.168.1.1:80SelfIP:192.168.1.253GW:192.168.1.254192.168.1.254192.168.0.254①②③④⑤SIPSportDIPDport①②192.168.0.16787192.168.1.180③192.168.0.16787192.168.1.180④⑤192.168.1.180192.168.0.16787npath模式的关键在于服务器上配置的loopback地址在地址如何配置的文档©F5Networks单臂接入-服务器非直连模式（无源地址替换）9核心三层交换服务器服务器LTMClient192.168.0.1192.168.2.10GW:192.168.2.254192.168.2.11GW:192.168.2.254VS:192.168.1.1:80SelfIP:192.168.1.253GW:192.168.1.254192.168.2.254192.168.0.254①②③④⑤⑦⑧⑥SIPSportDIPDport①②192.168.0.16787192.168.1.180③④192.168.0.16787192.168.2.1180⑤⑥192.168.2.1180192.168.0.16787⑦⑧192.168.1.180192.168.0.16787无源地址替换的单臂接入模式使用比较少，通常用于对现网不能改造的情况这种模式下需要在核心三层交换上启用源地址路由，将服务器的所有返回数据包转向LTM，这样才能保证进出的连接完整性建议在这种结构下采用源地址替换以减小网络复杂程度192.168.1.254©F5Networks同网段访问处理-必须通过SNAT实现10核心三层交换客户端服务器LTM192.168.1.10GW:192.168.1.254192.168.1.11GW:192.168.1.254VS:192.168.1.1：80IP:192.168.1.253GW:192.168.1.254192.168.1.254SIPSportDIPDport①192.168.0.106787192.168.1.180②192.168.1.2538888192.168.1.1180③192.168.1.1180192.168.1.2538888④192.168.1.180192.168.0.16787①②③④©F5Networks单臂接入-服务器更改网关数据访问流程11核心三层交换服务器服务器LTMClient192.168.0.1192.168.1.10GW:192.168.1.253192.168.1.11GW:192.168.1.253VS:192.168.1.1:80SelfIP:192.168.1.253GW:192.168.1.254192.168.1.254192.168.0.254①②③④⑤SIPSportDIPDport①②192.168.0.16787192.168.1.180③192.168.0.16787192.168.1.1180④192.168.1.1180192.168.0.16787⑤⑥192.168.1.180192.168.0.16787⑥©F5Networks服务器更改网关后的直接访问服务器问题12核心三层交换服务器服务器LTMClient192.168.0.1192.168.1.10GW:192.168.1.253192.168.1.11GW:192.168.1.253VS:192.168.1.1：80IP:192.168.1.253GW:192.168.1.254192.168.1.254192.168.0.254①SYN②SYN③SYN-ACKSIPSportDIPDport①②192.168.0.16787192.168.1.1180③192.168.1.1180192.168.0.16787FastL4Profile©F5Networks双臂接入模式13©F5NetworksLTM双臂接入模式典型架构设计14VLANEXTServerServer网络同步-独立Vlan串口心跳NetworkIP:192.168.0.3GW:192.168.0.254IP:192.168.0.4GW:192.168.0.254SelfIPEXT:192.168.1.200SelfIPINT:192.168.0.200GW:192.168.1.254VS:192.168.1.100HSRP192.168.0.254ActiveBackupVLANINTVLANEXTVLANINTSelfIPEXT:192.168.1.200SelfIPINT:192.168.0.200GW:192.168.1.254VS:192.168.1.100FIP:192.168.0.254LBServerIP:192.168.0.1GW:192.168.0.250LBServerIP:192.168.0.2GW:192.168.0.250FIP:192.168.0.254HSRP192.168.1.254©F5Networks双臂接入-服务器直连15核心三层交换服务器服务器LTMClient192.168.0.1192.168.2.10GW:192.168.2.254192.168.2.11GW:192.168.2.254VS:192.168.1.1EXTIP:192.168.1.253/VLANEXTINTIP:192.168.2.254/VLANINTGW:192.168.1.254192.168.1.254192.168.0.254SIPSportDIPDport①192.168.0.16787192.168.1.180②192.168.0.16787192.168.2.1180③192.168.2.1180192.168.0.16787④192.168.1.180192.168.0.16787①②③④©F5Networks双臂接入-串联部署-扩展端口16核心三层交换服务器服务器LTMClient192.168.0.1192.168.2.10GW:192.168.2.254192.168.2.11GW:192.168.2.254VS:192.168.1.1EXTIP:192.168.1.253/VLANEXTINTIP:192.168.2.254/VLANINTGW:192.168.1.254192.168.1.254192.168.0.254①②③④服务器接入交换SIPSportDIPDport①192.168.0.16787192.168.1.180②192.168.0.16787192.168.2.1180③192.168.2.1180192.168.0.16787④192.168.1.180192.168.0.16787©F5Networks双臂接入-旁挂模式17核心三层交换服务器服务器LTMClient192.168.0.1192.168.2.10GW:192.168.2.254192.168.2.11GW:192.168.2.254VS:192.168.1.1:80EXTIP:192.168.1.253/VLANEXTINTIP:192.168.2.254/VLANINTGW:192.168.1.254192.168.1.254192.168.0.254①②③④SIPSportDIPDport①192.168.0.16787192.168.1.180②192.168.0.16787192.168.2.1180③192.168.2.1180192.168.0.16787④192.168.1.180192.168.0.16787External_vlanInternal_vlan旁挂模式下LTM可以用不同的端口接入核心交换，也可以采用端口捆绑模式接入核心交换，然后在端口捆绑里通过VLANtag方式来划分多个VLAN©F5Networks旁挂模式下的服务器直接访问18核心三层交换服务器服务器LTMClient192.168.0.1192.168.2.10GW:192.168.2.254192.168.2.11GW:192.168.2.254VS:192.168.1.1EXTIP:192.168.1.253/VLANEXTINTIP:192.168.2.254/VLANINTGW:192.168.1.254192.168.1.254192.168.0.254①②③SIPSportDIPDport①192.168.0.16787192.168.2.1180②192.168.0.16787192.168.2.1180③192.168.2.1180192.168.