資源描述:
《radware之鏈路負(fù)載均衡配置解析》由會(huì)員上傳分享�,免費(fèi)在線閱讀,更多相關(guān)內(nèi)容在行業(yè)資料-天天文庫(kù)����。
1、RADWARE之鏈路負(fù)載均衡配置解析網(wǎng)絡(luò)描述:網(wǎng)絡(luò)出口共有3條公網(wǎng)線路接入���,一臺(tái)RADWARE直接連接三個(gè)出口ISP做鏈路負(fù)載均衡����,來(lái)實(shí)現(xiàn)對(duì)內(nèi)部服務(wù)器訪問(wèn)和內(nèi)部對(duì)外訪問(wèn)流量的多鏈路負(fù)載均衡。?設(shè)計(jì)方案:1����、RADWARE?LINKPROOF設(shè)備部署在防火墻外面,直接連接出口ISP2��、防火墻全部修改為私有IP地址��,用RADWARE???LINKPROOF負(fù)責(zé)將私有IP地址轉(zhuǎn)換成公網(wǎng)IP地址�;3、防火墻的DMZ區(qū)跑路由模式�����,保證DMZ區(qū)服務(wù)器的正常訪問(wèn)����;4、RADWARE?LINKPROOF利用SmartNAT技術(shù)��,分別在每鏈路上配置NAT地址��,保證內(nèi)部服務(wù)器的聯(lián)
2�����、網(wǎng)��。?網(wǎng)絡(luò)拓?fù)洌簩?shí)施過(guò)程(關(guān)鍵步驟):1���、配置公網(wǎng)接口地址G-1:218.28.63.163/255.255.255.240??????聯(lián)通G-2:211.98.192.12/255.255.255.128???????鐵通G-3:222.88.11.82/255.255.255.240???????電信G-4:3.3.3.2/255.255.255.0??????????內(nèi)聯(lián)接口地址��,連接防火墻2�、配置默認(rèn)路由現(xiàn)網(wǎng)共有3條ISP鏈路�,要將每條鏈路的網(wǎng)關(guān)進(jìn)行添加,具體如下:命令行配置LP-Master#Lprouteadd0.0.0.00.0.0.0218.2
3�、8.63.161Lprouteadd0.0.0.00.0.0.0211.98.192.11Lprouteadd0.0.0.00.0.0.0222.88.11.813、配置內(nèi)網(wǎng)回指路由netroutetablecreate192.168.5.0255.255.255.03.3.3.1-i14netroutetablecreate192.168.6.0255.255.255.03.3.3.1-i14netroutetablecreate192.168.7.0255.255.255.03.3.3.1-i14netroutetablecreate192.168.8.0
4����、255.255.255.03.3.3.1-i14netroutetablecreate192.168.9.0255.255.255.03.3.3.1-i144、配置地址轉(zhuǎn)換地址轉(zhuǎn)換主要包括內(nèi)部用戶的聯(lián)網(wǎng)和服務(wù)器被訪問(wèn)兩部分����,這兩部分在負(fù)載均衡上面分別采用DynamicNAT和StaticPAT這兩種NAT來(lái)實(shí)現(xiàn),把內(nèi)部的IP地址和服務(wù)器的IP地址分別對(duì)應(yīng)每條ISP都轉(zhuǎn)換成相應(yīng)的公網(wǎng)IP地址�����。DynamicNAT是多對(duì)一的映射,并且改變用戶的源端口�����,而且是單向的�����,只能出��,不能進(jìn)���。LinkProof>SmartNAT>DynamicNATTable>Create?
5���、FromlocalIP:被轉(zhuǎn)換地址的起始地址;TolocalIP:被轉(zhuǎn)換地址的結(jié)束地址�����;ServerIP:對(duì)應(yīng)的ISP的網(wǎng)關(guān)�;DynamicNATIP:轉(zhuǎn)換后的公網(wǎng)地址。命令行配置LP-Master#lpsmartnatdynamic-natcreate0.0.0.1255.255.255.255211.98.192.11218.28.134.12lpsmartnatdynamic-natcreate0.0.0.1255.255.255.255222.88.11.81??222.88.11.82lpsmartnatdynamic-natcreate0.0.0.
6���、1255.255.255.255218.28.63.161218.28.63.162StaticPAT是從外到內(nèi)的一對(duì)多的映射�����,用來(lái)將同一公網(wǎng)IP的不同端口映射到不同的內(nèi)網(wǎng)服務(wù)器����,而且是單向的����,只能進(jìn),不能出�。LinkProof>SmartNAT>StaticPATTable>Create?命令行配置LP-Master#lpsmartnatstatic-patcreate192.168.5.13110tcp222.88.11.83222.88.11.90110-pn110maillpsmartnatstatic-patcreate192.168.6.1088t
7、cp218.28.63.161218.28.63.16888-pn88xinlpsmartnatstatic-patcreate192.168.7.1380tcp218.28.63.161218.28.63.17080-pn80gonglpsmartnatstatic-patcreate192.168.8.1321tcp218.28.63.161218.28.63.17021-pn21ftplpsmartnatstatic-patcreate192.168.9.1480tcp211.98.192.11?211.98.192.2080-pn80ser5�、就近性(
8、Proixmity)配置就近性(Pro
