Chinaunix首页 | 论坛 | 博客
  • 博客访问: 802275
  • 博文数量: 102
  • 博客积分: 10011
  • 博客等级: 上将
  • 技术积分: 2301
  • 用 户 组: 普通用户
  • 注册时间: 2006-10-08 13:00
文章存档

2011年(2)

2010年(30)

2009年(25)

2008年(45)

我的朋友

分类: 服务器与存储

2009-12-07 15:15:02

Cisco ACE 第四讲主要介绍ACE的路由模式下的单臂路由。也可以用这个标题;

Basic Load Balancing using One Arm Mode with Source NAT on ACE;

Goal

Configure basic load balancing (Layer 3) where client traffic enters on one VLAN and is source NAT’d and sent out the same VLAN to the servers.  The servers will respond to the ACE, where the server’s IP is replaced with the VIP and the response message is sent to the client via the MSFC.

Design

Clients will send application requests through the MFSC, which routes them to a virtual IP address (VIP) within ACE.  The VIP used in this example resides in an ACE context which is configured with a single VLAN to handle client and server communication.  Client requests will hit the VIP and ACE will pick the appropriate server to handle the request.  ACE will rewrite the destination IP to that of the rserver, and rewrite the source IP with one from a nat-pool.  Once the client request is fully NAT’d it will be sent to the server over the same VLAN which it was originally received.  The server will respond to the ACE, based on the source IP of the request.  The ACE will receive the response, change the source IP to be the VIP, and send it to the MSFC.  The MSFC will forward the response to the client.

Configuration

The ACE needs to be configured via ACLs to allow traffic into the ACE data plane.  After the ACL checks are made a service-policy, which is applied to the interface, is used to classify traffic destined to the VIP.  The VIP is associated to a load balancing action within the multi-match policy.  The load balancing action tells ACE how to handle traffic which has hit a VIP.  In this example all traffic is sent to a serverfarm, where it is distributed in round robin fashion to one of five real servers.  The ACE configuration is layered, such that it builds from the real IPs to applying the VIP on an interface.  Due to this building structure, it is optimal to create the configuration working backwards from how the flow is processed.  Thus, to enable server load balancing you need to configure the following objects:

   1.1 Enable the ACL allow the traffic
 

ACE-1/onearm(config)# access-list everyone extended permit ip any any

ACE-1/onearm(config)# access-list everyone extended permit icmp any any

 

1.2 Denfine the Real Servers

 

ACE-1/onearm(config)# rserver lnx1

ACE-1/onearm(config-rserver-host)# ip add 192.168.5.11

ACE-1/onearm(config-rserver-host)# inservice

ACE-1/onearm(config-rserver-host)# rserver lnx2

ACE-1/onearm(config-rserver-host)# ip add 192.168.5.12

ACE-1/onearm(config-rserver-host)# inservice

ACE-1/onearm(config-rserver-host)# rserver lnx3

ACE-1/onearm(config-rserver-host)# ip add 192.168.5.13

ACE-1/onearm(config-rserver-host)# inservice

ACE-1/onearm(config-rserver-host)# rserver lnx4

ACE-1/onearm(config-rserver-host)# ip add 192.168.5.14

ACE-1/onearm(config-rserver-host)# inservice

ACE-1/onearm(config-rserver-host)# rserver lnx5

ACE-1/onearm(config-rserver-host)# ip add 192.168.5.15

ACE-1/onearm(config-rserver-host)# inservice

 

1.3 Denfine the ServerFarm

 

ACE-1/onearm(config-cmap)# serverfarm web

ACE-1/onearm(config-sfarm-host)# rserver lnx1

ACE-1/onearm(config-sfarm-host-rs)# inservice

ACE-1/onearm(config-sfarm-host-rs)# rserver lnx2

ACE-1/onearm(config-sfarm-host-rs)# inservice

ACE-1/onearm(config-sfarm-host-rs)# rserver lnx3

ACE-1/onearm(config-sfarm-host-rs)# inservice

ACE-1/onearm(config-sfarm-host-rs)# rserver lnx4

ACE-1/onearm(config-sfarm-host-rs)# inservice

ACE-1/onearm(config-sfarm-host-rs)# rserver lnx5

ACE-1/onearm(config-sfarm-host-rs)# inservice

 

1.4 Define the VIP

 

ACE-1/onearm(config)# class-map slb-vip

ACE-1/onearm(config-cmap)# match virtual-address 172.16.5.100 any

1.5 denfine the policy-map

ACE-1/onearm(config)# policy-map type loadbalance http first-match slb

ACE-1/onearm(config-pmap-lb)# class class-default

ACE-1/onearm(config-pmap-lb-c)# serverfarm web

ACE-1/onearm(config)# policy-map multi-match client-vips

ACE-1/onearm(config-pmap)# class slb-vip

ACE-1/onearm(config-pmap-c)# loadbalance policy slb

ACE-1/onearm(config-pmap-c)# loadbalance vip inservice

ACE-1/onearm(config-pmap-c)# nat dynamic 5 vlan 50

 

1.6 denfine the vlan

ACE-1/onearm(config)# interface vlan 50

ACE-1/onearm(config-if)# description “Client-Sever VLAN”

ACE-1/onearm(config-if)# ip address 172.16.5.5 255.255.255.0

ACE-1/onearm(config-if)# no shutdown

ACE-1/onearm(config)# interface vlan 50

ACE-1/onearm(config-if)# access-group input everyone

ACE-1/onearm(config-if)# service-policy input client-vips

ACE-1/onearm(config-if)# nat-pool 5 172.16.5.200 172.16.5.209 netmask 255.255.255.0 pat

 

注意:上述配置文档为基本的配置文档,其他需要配置信息再次不在列出,如果需要,可以联系MSN或者mail到

 

 

阅读(1515) | 评论(0) | 转发(0) |
0

上一篇:Cisco ACE (第三篇)

下一篇:Cisco SAN交换机

给主人留下些什么吧!~~