AX1000配置说明.doc

AX配置说明1. 开始配置AX1000可以通过命令行和Web GUI两种方式进行配置。管理口的缺省IP为1缺省用户名/密码：admin/a10根据需要修改一些系统配置，例如配置界面的超时时间等。配置时区命令行支持console, ssh 和Telnet 三种方式，输入用户名/密码，进入设备看到后输入enable， 密码默认为空默认所有端口都是down的，如果要启用端口，请参照以下命令操作：Interface ethernet n Enable或者直接在Web界面上启用选中的端口。如果要通过数据端口管理设备，可采用如下命令：Enable-management service . 2. 网络配置网络部分配置推荐使用命令行的方式。2.1. 划分vlanQHD: vlan 2 untagged ethernet 1 to 2 router-interface ve 2!vlan 3 untagged ethernet 5 to 6 router-interface ve 3!FC：vlan 2 untagged ethernet 1 to 2 router-interface ve 2!vlan 3 untagged ethernet 5 to 6 router-interface ve 3!2.2. 配置IPQHD: interface ve 2 ip address 33 48!interface ve 3 ip address 54 52!FC：interface ve 2 ip address 34 48!interface ve 3 ip address 53 52!2.3. 配置路由ip route /0 29 （两台机器相同）2.4. 配置管理IP默认管理IP是1，假设管理口IP要设置成其他地址，修改如下：interface management ip address *.*.*.*.* 255.*.*.* ip default-gateway *.*.*.*!3. 配置HAQHD: ha id 1ha group 1 priority 20ha interface ethernet 1 vlan 2ha interface ethernet 6 vlan 3ha check vlan 2 timeout 10ha conn-mirror ip 53!ha preemption-enablefloating-ip 32 ha-group 1floating-ip 52 ha-group 1!FC：ha id 2ha group 1 priority 10ha interface ethernet 1 vlan 2ha interface ethernet 6 ha check vlan 2 timeout 10ha conn-mirror ip 54!ha preemption-enablefloating-ip 32 ha-group 1floating-ip 52 ha-group 1!4. 配置服务4.1. 配置模板4.1.1. 建立TCP长连接模板AX带有默认的模板，但是对于某些情况，需要创建相应的模板进行处理，例如对于Ftp等长连接，需要将连接过期时间改长，操作如下：在Web界面配置模式，选择模板-L4-TCP-新建，如下设置命令行配置如下：slb template tcp tcp_template_long idle-timeout 600!4.1.2. 配置HTTP协议模板由于通过负载均衡设备访问的源地址是经过转换了的，而服务器端要求能看到客户端源地址，所以这里将创建一个模板，将源地址包含在HTTP的头里面。slb template http http_template_for_clientip insert-client-ip compression minimum-content-length 120!4.1.3. 配置会话保持模板会话保持模板对于有多台服务器做负载均衡的情况，如果用户的业务，前后的会话是有关联的，则一定要选中会话保持，操作如下：在Web界面配置模式，选择模板-持续-源IP持续-新建命令行配置如下：slb template persist source-ip src_persistent timeout 10!4.2. 配置snatSnat 用于请求包从AX进来，中间目的地址做过改变转发给服务器，而服务器却从其他的路由不经过AX将应答包返回的现象，这种现象请求和应答是不一致的，必须在AX上对源地址进行转换，保证请求和应答都要经过AX。在Web界面配置模式如下所示，选择IP源NAT-IPv4池-新建命令行配置如下：ip nat pool snat_toserver 32 32 netmask /29 ha-group-id 1 ip nat pool snat_to145 45 45 netmask /28 ha-group-id 1 ip nat pool snat_to146 46 46 netmask /28 ha-group-id 1 ip nat pool snat_to147 47 47 netmask /28 ha-group-id 1 ip nat pool snat_to148 48 48 netmask /28 ha-group-id 1 ip nat pool snat_to149 49 49 netmask /28 ha-group-id 1 !4.3. 配置服务器负载均衡以下仅为一个简单的例子4.3.1. 配置服务器Web界面服务器服务器-选择新建配置服务端口，在当前页面点击端口-新建具体命令行配置如下：slb server server_27 27 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 443 tcp!slb server server_29 29 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 443 tcp!slb server server_30 30 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 443 tcp!slb server server_45 45 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 443 tcp port 8080 tcp port 8443 tcp!slb server server_46 46 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 7070 tcp port 7071 tcp port 20001 tcp port 20003 tcp port 8000 tcp port 8081 tcp port 8080 tcp port 20 tcp port 21 tcp port 1098 tcp port 1099 tcp port 4444 tcp port 4445 tcp port 4446 tcp port 8083 tcp!slb server server_47 47 port 0 tcp no health-check port 0 udp no health-check port 8000 tcp!slb server server_61 61 port 0 tcp no health-check port 0 udp no health-check port 80 tcp health-check http_test port 8081 tcp port 8080 tcp port 8082 tcp port 8083 tcp port 8084 tcp port 8085 tcp port 8086 tcp port 8087 tcp port 8088 tcp port 8089 tcp port 8090 tcp port 8091 tcp port 8092 tcp port 8093 tcp port 8094 tcp port 8095 tcp port 8096 tcp port 8097 tcp port 8098 tcp port 8099 tcp!slb server server_31 31 port 0 tcp no health-check port 0 udp no health-check port 80 tcp health-check http_test port 8081 tcp port 8080 tcp port 8382 tcp port 8383 tcp port 8384 tcp port 8385 tcp port 8386 tcp port 8387 tcp port 8388 tcp port 8389 tcp port 8390 tcp port 8391 tcp port 8392 tcp port 8393 tcp port 8394 tcp port 8395 tcp port 8396 tcp port 8397 tcp port 8398 tcp port 8399 tcp port 8085 tcp!slb server server_78 78 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 8080 tcp port 8081 tcp port 8082 tcp port 8083 tcp port 8084 tcp port 8085 tcp port 8086 tcp port 8087 tcp port 8088 tcp port 8089 tcp!slb server server_79 79 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 8380 tcp port 8381 tcp port 8382 tcp port 8383 tcp port 8384 tcp port 8385 tcp port 8386 tcp port 8387 tcp port 8388 tcp port 8389 tcp!slb server server_26 26 port 0 tcp no health-check port 0 udp no health-check port 80 tcp port 20 tcp port 21 tcp port 1098 tcp port 1099 tcp port 4444 tcp port 4445 tcp port 4446 tcp port 8083 tcp port 7070 tcp port 7071 tcp port 20001 tcp port 20003 tcp port 8081 tcp port 8080 tcp!4.3.2. 配置服务组WEB界面-服务器-服务组-新建命令行配置如下：slb service-group sg_zf_apache_80 tcp member server_27:80 member server_29:80 member server_30:80!slb service-group sg_zf_apache_443 tcp member server_27:443 member server_29:443 member server_30:443!slb service-group sg_zf_apache tcp member server_27:0 member server_29:0 member server_30:0!slb service-group sg_zf_apache_udp udp member server_27:0 member server_29:0 member server_30:0!slb service-group sg_zfht tcp member server_46:0 member server_26:0!slb service-group sg_zfht_udp udp member server_46:0 member server_26:0!slb service-group sg_zfht_80 tcp member server_46:80 member server_26:80!slb service-group sg_zfht_7070 tcp member server_46:7070 member server_26:7070!slb service-group sg_zfht_7071 tcp member server_46:7071 member server_26:7071!slb service-group sg_zfht_20001 tcp member server_46:20001 member server_26:20001!slb service-group sg_zfht_20003 tcp member server_46:20003 member server_26:20003!slb service-group sg_X3950-C_8000 tcp member server_47:8000!slb service-group sg_X3950-C tcp member server_47:0!slb service-group sg_X3950-C_udp udp member server_47:0!slb service-group sg_yygl_apache_80 tcp member server_61:80 member server_31:80!slb service-group sg_yygl_tomcat_8081 tcp member server_61:8081 member server_31:8081!slb service-group sg_yygl_apache tcp member server_61:0 member server_31:0!slb service-group sg_yygl_apache_udp udp member server_61:0 member server_31:0!slb service-group sg_yygl_tomcat161 udp member server_61:0!slb service-group sg_yygl_tomcat161_udp tcp member server_61:0!slb service-group sg_yygl_tomcat161_8082 tcp member server_61:8082!slb service-group sg_yygl_tomcat161_8083 tcp member server_61:8083!slb service-group sg_yygl_tomcat161_8084 tcp member server_61:8084!slb service-group sg_yygl_tomcat161_8085 tcp member server_61:8085!slb service-group sg_yygl_tomcat161_8086 tcp member server_61:8086! slb service-group sg_yygl_tomcat161_8087 tcp member server_61:8087!slb service-group sg_yygl_tomcat161_8088 tcp member server_61:8088!slb service-group sg_yygl_tomcat161_8089 tcp member server_61:8089!slb service-group sg_yygl_tomcat161_8090 tcp member server_61:8090!slb service-group sg_yygl_tomcat161_8091 tcp member server_61:8091!slb service-group sg_yygl_tomcat161_8092 tcp member server_61:8092!slb service-group sg_yygl_tomcat161_8093 tcp member server_61:8093!slb service-group sg_yygl_tomcat161_8094 tcp member server_61:8094!slb service-group sg_yygl_tomcat161_8095 tcp member server_61:8095!slb service-group sg_yygl_tomcat161_8096 tcp member server_61:8096!slb service-group sg_yygl_tomcat161_8097 tcp member server_61:8097!slb service-group sg_yygl_tomcat161_8098 tcp member server_61:8098!slb service-group sg_yygl_tomcat161_8099 tcp member server_61:8099!slb service-group sg_yygl_tomcat131 tcp member server_31:0!slb service-group sg_yygl_tomcat131_udp udp member server_31:0!slb service-group sg_yygl_tomcat131_8382 tcp member server_31:8382!slb service-group sg_yygl_tomcat131_8383 tcp member server_31:8383!slb service-group sg_yygl_tomcat131_8384 tcp member server_31:8384!slb service-group sg_yygl_tomcat131_8385 tcp member server_31:8385!slb service-group sg_yygl_tomcat131_8386 tcp member server_31:8386!slb service-group sg_yygl_tomcat131_8387 tcp member server_31:8387!slb service-group sg_yygl_tomcat131_8388 tcp member server_31:8388!slb service-group sg_yygl_tomcat131_8389 tcp member server_31:8389!slb service-group sg_yygl_tomcat131_8390 tcp member server_31:8390!slb service-group sg_yygl_tomcat131_8391 tcp member server_31:8391!slb service-group sg_yygl_tomcat131_8392 tcp member server_31:8392!slb service-group sg_yygl_tomcat131_8393 tcp member server_31:8393!slb service-group sg_yygl_tomcat131_8394 tcp member server_31:8394!slb service-group sg_yygl_tomcat131_8395 tcp member server_31:8395!slb service-group sg_yygl_tomcat131_8396 tcp member server_31:8396!slb service-group sg_yygl_tomcat131_8397 tcp member server_31:8397!slb service-group sg_yygl_tomcat131_8398 tcp member server_31:8398!slb service-group sg_yygl_tomcat131_8399 tcp member server_31:8399!slb service-group sg_zz_apache_80 tcp member server_78:80 member server_79:80!slb service-group sg_zz_apache tcp member server_78:0 member server_79:0!slb service-group sg_zz_apache_udp udp member server_78:0 member server_79:0!slb service-group sg_zz_tomcat178 tcp member server_78:0!slb service-group sg_zz_tomcat178_udp udp member server_78:0!slb service-group sg_zz_tomcat178_8080 tcp member server_78:8080!slb service-group sg_zz_tomcat178_8081 tcp member server_78:8081!slb service-group sg_zz_tomcat178_8082 tcp member server_78:8082!slb service-group sg_zz_tomcat178_8083 tcp member server_78:8083!slb service-group sg_zz_tomcat178_8084 tcp member server_78:8084!slb service-group sg_zz_tomcat178_8085 tcp member server_78:8085!slb service-group sg_zz_tomcat178_8086 tcp member server_78:8086!slb service-group sg_zz_tomcat178_8087 tcp member server_78:8087! slb service-group sg_zz_tomcat178_8088 tcp member server_78:8088!slb service-group sg_zz_tomcat178_8089 tcp member server_78:8089!slb service-group sg_zz_tomcat179 tcp member server_79:0!slb service-group sg_zz_tomcat179_udp udp member server_79:0!slb service-group sg_zz_tomcat179_8380 tcp member server_79:8380!slb service-group sg_zz_tomcat179_8381 tcp member server_79:8381!slb service-group sg_zz_tomcat179_8382 tcp member server_79:8382!slb service-group sg_zz_tomcat179_8383 tcp member server_79:8383!slb service-group sg_zz_tomcat179_8384 tcp member server_79:8384!slb service-group sg_zz_tomcat179_8385 tcp member server_79:8385!slb service-group sg_zz_tomcat179_8386 tcp member server_79:8386!slb service-group sg_zz_tomcat179_8387 tcp member server_79:8387!slb service-group sg_zz_tomcat179_8388 tcp member server_79:8388!slb service-group sg_zz_tomcat179_8389 tcp member server_79:8389!slb service-group sg_zf_X3950-B tcp member server_46:0!slb service-group sg_zf_X3950-B_udp udp member server_46:0!slb service-group sg_zf_X3950-B_80 tcp member server_46:80!slb service-group sg_zf_X3950-B_7070 tcp member server_46:7070!slb service-group sg_zf_X3950-B_7071 tcp member server_46:7071!slb service-group sg_zf_X3950-B_20001 tcp member server_46:20001!slb service-group sg_zf_X3950-B_20003 tcp member server_46:20003!slb service-group sg_zfht_8081 tcp member server_46:8081 member server_26:8081!slb service-group sg_zfht_8080 tcp member server_46:8080 member server_26:8080!slb service-group sg_zfht_20 tcp member server_46:20 member server_26:20!slb service-group sg_zfht_21 tcp member server_46:21 member server_26:21!slb service-group sg_test_8085 tcp member server_61:8085 member server_31:8085!slb service-group sg_zfht_1098 tcp member server_46:1098 member server_26:1098!slb service-group sg_zfht_1099 tcp member server_46:1099 member server_26:1099!slb service-group sg_zfht_4444 tcp member server_46:4444 member server_26:4444!slb service-group sg_zfht_4445 tcp member server_46:4445 member server_26:4445!slb service-group sg_zfht_4446 tcp member server_46:4446 member server_26:4446!slb service-group sg_zfht_8083 tcp member server_46:8083 member server_26:8083!4.3.3. 配置虚拟服务器WEB界面-服务器-虚拟服务器-新建在当前页面点击端口-新建具体内容命令行配置如下：slb virtual-server vip_48 48 ha-group 1 port 0 tcp service-group sg_zf_apache conn-limit 1000000 template persist source-ip persist_src access-list 1 source-nat-pool snat_to148 port 0 udp service-group sg_zf_apache_udp conn-limit 1000000 template persist source-ip persist_src access-list 1 source-nat-pool snat_to148 port 80 http service-group sg_zf_apache_80 template http http_template_for_clientip conn-limit 1000000 template persist source-ip persist_src access-list 1 source-nat-pool snat_to148 port 443 tcp source-nat pool snat_to148 service-group sg_zf_apache_443 conn-limit 1000000 template persist source-ip persist_src!slb virtual-server vip_49 49 ha-group 1 port 0 tcp service-group sg_zfht template persist source-ip persist_src access-list 1 source-nat-pool snat_to149 port 0 udp service-group sg_zfht_udp template persist source-ip persist_src access-list 1 source-nat-pool snat_to149 port 80 http service-group sg_zfht_80 template http http_template_for_clientip template persist source-ip persist_src access-list 1 source-nat-pool snat_to149 port 7070 http service-group sg_zfht_7070 template persist source-ip persist_src access-list 1 source-nat-po