Array-APV负载均衡培训ppt课件

1、2021/2/1,APV Technical Training,2021/2/1,2,内容,Array Appvelocity（简称APV）产品介绍 APV负载均衡器工作原理 APV初始化安装与基本配置 集群配置 典型组网,2021/2/1,3,Array Appvelocity（简称APV）产品介绍,APV 1200,4*1000M ports 1000 Mbps throughput Intel Celeron Processor 1GB RAM,2021/2/1,4,Array Appvelocity（简称APV）产品介绍,APV 2200,4*1000M ports 2*1000M S

2、FP 1500 Mbps throughput Intel P4 Processor 2GB RAM,2021/2/1,5,Array Appvelocity（简称APV）产品介绍,APV 3200,8*1000M ports 2*1000M SFP 2Gbps throughput Intel P4 Processor 4GB RAM,2021/2/1,6,Array Appvelocity（简称APV）产品介绍,APV 5200,8*1000M ports 4*1000M SFP 8Gbps throughput AMD Quad-Core Processor 4GB RAM,2021/2

3、/1,7,Array Appvelocity（简称APV）产品介绍,APV 6200,8*1000M ports 4*1000M SFP 2*10G ports(可选) 10Gbps throughput AMD Quad-Core Processor 8GB RAM,2021/2/1,8,Array Appvelocity（简称APV）产品介绍,APV 6250,8*1000M ports 4*1000M SFP 2*10G ports 12Gbps throughput AMD Quad-Core Processor 8GB RAM,2021/2/1,9,内容,Array Appveloc

4、ity（简称APV）产品介绍 APV负载均衡器工作原理 APV初始化安装与基本配置 集群配置 典型组网,2021/2/1,10,SLB Terminology,Real Service (“Real”) Represents a physical service which will handle client requests Real Service Group (“Group”) Represents a group of real services which traffic will be distributed to Defines which load balancing alg

5、orithm to use Virtual Service (“Virtual”) Represents a virtual service that clients can connect to Policy Associates real service groups with virtual services,service 1,service 5,service 4,service 3,service 2,Real 1,Real 3,Real 4,Real 5,Real 2,Group 1,Group 2,Virtual 1,Virtual 2,Internet,2021/2/1,11

6、,Server Load Balancing Example,Basic Server Load balancing,Internet,Service Group,Real services,Virtual IP 0,4,DNS,2021/2/1,12,SLB Modes,Server Load Balancing can be performed in three modes: Reverse Proxy Mode Array APV proxies all client connections to real services. Transparent Mode Arr

7、ay APV transparently proxies all client connections to real services. Triangle Mode Array APV transparently proxies all client connections to real services,2021/2/1,13,Reverse Proxy Mode,Packet Flow Client connects to VIP on Array APV and sends request to Array APV. Array APV opens a new connection

8、to real service and sends request to service. service responds to Array APV. Array APV responds to Client,Virtual,Internet,service1,service2,Inside Interface,Outside Interface,1,2,3,4,2021/2/1,14,Reverse Proxy Mode,Translations,Virtual,Internet,service1,service2,Inside Interface,Outside Interface,1,

9、2,3,4,2021/2/1,15,Transparent Mode,Packet Flow Client sends request to VIP on Array APV. Array APV forwards request to real service, maintaining the clients IP. Real service returns response via client IP (handled by Array APV). Array APV forwards response to Client,Virtual IP,Internet,service1,serv

10、ice2,2,3,5,4,6,1,2021/2/1,16,Transparent Mode,Translations,Virtual IP,Internet,service1,service2,2,3,5,4,6,1,2021/2/1,17,Triangle Transmission Mode,Triangle Transmission Arrays Triangle Transmission is specially designed for low-inbound/high-outbound applications such as Video On Demand (VOD), and t

11、o accommodate requests in the quickest and most efficient manner. A new system mode “triangle mode” is added for this new feature. For triangle transmission, when selecting a proper real server from a group, administrators can use Round Robin (rr), Persistent IP (pi), Hash IP (hi), Consistent Hash I

12、P (chi), Least connections (lc and SNMP (snmp) group method,2021/2/1,18,Working Flow,Client sends a request to a Virtual IP 0 on Array APV by the router. Array APV forwards the request to a real service. The Virtual IP 0 has been configured as the loopback interface on the real ser

13、vice, so that the request can be received by the real service. The real service returns response to the router directly. Since the default route IP on the real service is set to be , the response will be sent to the router directly The request will pass through APV, the response will be sen

14、t from the real server to the client directly without hitting APV. Notes: triangle transmission SLB health is based on the system IP addresses of the real servers, not the loopback IP addresses. This means when health check is up, the real service might not be available,Triangle Transmission Mode,20

15、21/2/1,19,负载均衡算法,非保持性算法 1, Round Robin(RR) 2, Least Connection(LC) 3, Fastest Response Time(FRT) 保持性算法 1, Persistent IP(PI) 2, Hash IP(HI) 3, Consistent Hash IP(CHI) 4, Hash Header(HH) 5, Persistent Hostname(PH) 6, Persistent URL(PU) 7,SSL Session ID(SSLID) 8, Persistent Cookie(PC) 9, Rewirte Cookie

16、(RC) 10, Insert Cookie(IC) 11,Hash Cookie(HC) 12,Embed Cookie(EC) 13,2021/2/1,20,Round Robin (rr,Distributes new connections sequentially between available real services. Example: Connections are distributed to the real services in the following order: 1, 2, 3, 4, 5, 1, 2, 3 The “granularity” option

17、 may be configured so that each real service handles a specific number of new connections before the next service is selected. Example: Granularity value of “3” illustrates the distribution: 1, 1, 1, 2, 2, 2, 3, 3, 3, etc,Internet,2021/2/1,21,Round Robin,Clients,Router,APV,Servers,Client requests ar

18、e distributed evenly,1,2,3,4,5,6,7,8,Internet,Round Robin (rr,2021/2/1,22,Least Connections (lc,Distributes new connections to the real service that has the least number of current connections. Example: real service 5 has the fewest current connections, so the next connection will go to real service

19、 5. The “granularity” option can be used to treat real services within the same connection count range as the same; a new real service will not be chosen until this range is exceeded for the current one,Internet,2021/2/1,23,Clients,Router,Servers,1,2,Internet,Distributes new connections to the real

20、service that has the least number of current connections,Least Connections (lc,2021/2/1,24,Real Service Weighting (rr, lc,Weighting allows you to change the distribution between real services in the group. Example: You may set one service to handle twice as many connections as another service. Use w

21、eighting if you have a mix of backend services with different performance capabilities. Example: If you add new services that have faster CPUs, you could weight them higher so they receive more connections,Internet,2021/2/1,25,Clients,Router,Servers,Administrator sets ratio for distributing Client r

22、equests 3:1:1:1,1,4,5,6,7,10,11,12,Internet,2,3,8,9,Real Service Weighting (rr, lc,APVX,2021/2/1,26,Clients,Router,Servers,1,2,Internet,Fastest Response time (frt,Distributes new connections to the real service that has the shortest response time,2021/2/1,27,the same IP request should be assigned to

23、 the same server,1,2,3,1,2,3,Persistent IP (pi,2021/2/1,28,Hash IP (hi,Distributes new connections to a real service based on a hash of the source IP address. Client sends a request to the virtual service. Array hashes source IP address of request to select a real service. Array forwards all request

24、s with same hash value to the same real service. Note If a real service fails, persistence will not be maintained for existing clients on healthy services. Consistent mappings of client IP to real service across multiple Arrays during failover is not guaranteed,2021/2/1,29,Consistent Hash IP (chi,Di

25、stributes new connections to a real service based on a hash of the source IP address. Client sends a request to the virtual service. Array hashes source IP address of request to select a real service. Array forwards all requests with same hash value to the same real service. Note If a real service f

26、ails, persistence will be maintained for existing clients on healthy services. Mappings of client IP to real service are consistent across all Arrays so that clients will continue to go to the same real service on failover,2021/2/1,30,Hash Header (hh,Distributes new connections to a real service bas

27、ed on a hash of a non-standard/standard HTTP Header Non-standard header = headers not defined in RFC 2616 (HTTP/1.1) Example: X-MSISDN header generated by WAP gateways All wireless clients (mobile phones) proxied through a WAP gateway have the same source IP address. Problem for client-IP persistenc

28、e methods! Options include cookie-persistence and Hash Header methods. WAP gateway can receive MSISDN (phone number) of user from Radius and insert it into proxied HTTP request as X-MSISDN header. Hash Header on this header provides good load distribution across the real services while maintaining c

29、lient persistence,2021/2/1,31,Persistent Hostname (ph,Distributes new connections to a real service based on a hash of the hostname found in the HTTP requests Host header sent from the client. Client sends a request to the virtual service with a Host: header. Array examines Host: header value to sel

30、ect a real service. Array forwards all requests with same Host: header value to the same real service,2021/2/1,32,Persistent URL (pu,Distributes new connections to a real service based on a static match of a URL Tag and Value. Client sends a request to the virtual service with a Tag and Value includ

31、ed in the URL. Array hashes Value to select a real service. Array forwards all requests with same Tag and Value to the same real service,2021/2/1,33,SSL Session ID (sslsid,SSL Session ID (negotiated during SSL connection setup) is used to maintain a client-to-service binding. Client opens an HTTPS c

32、onnection to the virtual service. Array selects a real service and forwards request to it. Response from real service contains an SSL Session ID. Array tracks SSL SID and real service combination. Next request from client contains SSL SID. Array examines SSL SID and sends request to the same real se

33、rvice that was chosen earlier. May only be used when load balancing SSL connections,2021/2/1,34,Persistent Cookie (pc,Real service is selected based on a static match of the cookie name/value pair. Client sends a request to the virtual service. Array selects a real service and forwards request to it

34、. Response from real service contains a specific cookie with a value denoting that service. Client receives cookie in response. Next request from client includes cookie. Array examines cookie and sends request to proper real service. Each real service within a group must be configured with a unique

35、cookie value,2021/2/1,35,Client,Server,pickserver,cookiespecifiesserver,APV,Persistent Cookie (pc,2021/2/1,36,Rewrite Cookie (rc,Array rewrites (modifies) a named cookies value in the service response. Client sends a request to the virtual service. Array selects a real service and forwards request t

36、o it. Response from real service contains a specific cookie with a generic value. Array rewrites cookie value based on the real service. Client receives cookie in response. Next request from client includes cookie. Array examines cookie and sends request to indicated real service. Used to simplify c

37、ookie based persistence configuration. All backend services within a group must set the same name=value pair,2021/2/1,37,Client,Server,pickserver,cookiespecifiesserver,APV,Rewrite Cookie (rc,2021/2/1,38,Insert Cookie (ic,Array automatically inserts a Cookie in the service response Client sends a req

38、uest to the virtual service. Array selects a real service and forwards request to it. Response from real service does not contain a cookie, but cookie persistence is needed. Array creates a cookie based on the real service and inserts it in the response. Client receives cookie in response. Next requ

39、est from client includes cookie. Array examines cookie, strips out cookie, and sends request to same real service as first request. Used in cases where the web site does not have built-in cookie support,2021/2/1,39,Client,Server,pickserver,cookiespecifiesserver,APV,Insert Cookie (ic,2021/2/1,40,Hash

40、 Cookie (hc,Real service selection is based on a hash of the specified cookies value. Used when each client browser session to the web site results in a unique cookie value for that browser session,2021/2/1,41,Client,Server,pickserver,cookie hash specifiesserver,Server,cookie hash specifiesserver,AP

41、V,Hash Cookie (hc,2021/2/1,42,Embed Cookie（ec,Embed cookie allows us to embed a section of a cookie value to the cookie can be sent back to the same server. Client sends a request to the virtual service. Array selects a real service and forwards request to it. Response from real service contains a c

42、ookie. Array embeds a specific value based on the real service. Client receives cookie in response. Next request from client includes cookie. Array examines cookie and removes the embedded value, then sends request to indicated real service. Unlike rewrite cookie, we will strip out the modifications

43、 that the ArrayOS has made in the request. so the backend will see the original cookie,2021/2/1,43,Embed Cookie（ec,Client,Server,pickserver,cookiespecifiesserver,APV,2021/2/1,44,几种算法的区别,Insert Cookie ：Array会自动插入一个Cookie。 Re-Write Cookie：Array在Response时重写Cookie的值，服务器看到的已经是修改后的Cookie。 Embed Cookie：Arr

44、ay在Response时在服务器回应的Cookie里，插入一段值。 Persistent Cookie：根据服务器的Cookie的值进行保持（静态匹配） Hash Cookie：根据服务器的Cookie的值进行保持（不需要静态匹配，Hash Cookie的值,2021/2/1,45,SLB Virtual Services,The following parameters are associated with a virtual service: Virtual service protocol (udp, tcp, ftp, http; tcps and https for SSL) Vi

45、rtual service name Virtual service IP address Virtual service port,2021/2/1,46,SLB Policy,SLB Policy Policy Matching Policy Precedence Policy Types,2021/2/1,47,SLB Policy,A policy defines the rules for matching client requests on a virtual service to a specific group or real service. Virtual service

46、s may have multiple policies assigned to them allowing hierarchical L7 load balancing. Policies have precedence levels to resolve conflicts if a client request matches more than one policy of the same type,Policy,Real b,Real c,Real a,Group,Virtual Service,2021/2/1,48,virtual server:80,Gro

47、up1,Group member (server= :80,Intelligent Traffic Control(look at URL, client IP . Cookie, Hostname Header、 regex、 etc.,Incoming request,Load Balancing,policy,Group2,Group member (server= :80,Group member (server= :80,Group member (server= :80,Group member (server= 10

48、.1.1.5:80,Group member (server= :80,SLB Policy,Virtual services may have multiple policies assigned to them allowing hierarchical L7 load balancing,2021/2/1,49,Policy Types,Basic Policy Types Static Default Backup Redirect,Persistent Policy Types Persistent URL Persistent Cookie Rewrite Cook

49、ie Insert Cookie Header QoS Policy Types QoS Cookie QoS Hostname QoS URL QoS Network Regular Expression Header,2021/2/1,50,The precedence between policy types,1.static 2. redirect 3. qos network 4. persistent url 5. rewrite cookie 6. insert cookie 7. persistent cookie 8. qos cookie 9. qos hostname 1

50、0. qos url 11. regex 12. header 13. default 14. backup,2021/2/1,51,健康检查类型,ICMP 向后台的Real IP发送ICMP echo请求，并根据是否收到响应判断健康状态 网络层检查 UDP DNS TCP 与后台的服务器尝试建立一个特定端口的TCP连接，根据能否建立连接来判断健康状态传输层检查 HTTP 请求/响应 向后台服务器发送一个预先配置的HTTP请求，将接收到的响应与预先配置的内容进行比较，以此来判断健康状态应用层检查 缺省的请求是“HEAD / HTTP/1.0rnrn”. 缺省的响应是“200 OK”. TCP-

51、Script, UDP-Script 定制模拟用户访问请求和服务器相应 Radius应用 Web应用中针对关键字的健康检查,服务器1,服务器3,服务器2,Internet,2021/2/1,52,内容,Array Appvelocity（简称APV）产品介绍 APV负载均衡器工作原理 APV初始化安装与基本配置 1，APV-配置-初始化 2，APV-配置-Vlan 3，APV-配置-Interface 4，APV-配置-Routing 5，APV-配置-针对于关键字的健康检查 6，APV-配置-Real Services 7，APV-配置-Groups 8，APV-配置-Virtual Ser

52、vices 9，APV-配置-Nat 集群配置 典型组网,2021/2/1,53,终端配置,Requirements Client computer Rollover cable + RJ45-DB9 adapter (provided) Terminal Client such as HyperTerminal or TeraTerm Terminal software settings Terminal Type = VT100 Baud = 9600 Bits = 8 Parity = None Stop Bits = 1 Flow control = None,2021/2/1,54,

53、初始化菜单,通过console连接到Array APV的设备后，回车登陆。APV产品默认需要认证，才能进行管理配置，默认的用户名为array，口令为，admin,APV系列产品的三种工作模式分别具有以下功能: 1，登陆模式：以“”开头，仅仅能够进行一些基本状态查看 2，管理模式：以“#”开头，能够进行所有状态信息的查看，同一时刻允许有多个管理员处在此模式下。 从登陆模式进入管理模式的命令：enable（可简写为en）,通过enable口令认证后（默认的enable密码为空），即可进入管理模式。 3，配置模式：以“（config）”开头，能够对设备进行配置和管理，同一时刻仅仅允许一个管理人员处在

54、配置模式下。此模式下可以同时具有管理模式和登陆模式的功能。 从管理模式进入配置模式的命令为：configure terminal(可简写为config t),即可进入配置模式。 从高级模式退出到低级模式的命令为exit或disable,2021/2/1,55,初始化配置,配置IP地址 命令：ip address outside | inside 实例：例如需要对设备的outside端口进行配置 AN(config)#ip address outside 启用webui功能 AN(config)# webui on 配置缺省路由 命令：ip rout

55、e default 实例：AN(config)#ip route default ,2021/2/1,56,SSH登陆管理,Requirements SSH client to securely connect via SSH. PuTTY (freeware) can be downloaded from Configure an interface IP address on the Array system. Establishing an SSH connection Windows PuTTY clients: Select the SSH Radio button.

56、 Enter the IP address of the Array APV (in this example, ). Unix clients: Enter ssh array from the command shell,2021/2/1,57,WEB登陆管理,Requirements Web browser client to securely connect via HTTPS (SSL). Internet Explorer 6.0 (or higher) Netscape Navigator 7.0 (or higher) Using a serial conso

57、le CLI connection: Set an interface IP address Set a default router Enable the WebUI (disabled by default) Establishing an SSL connection WebUI uses port 8888 by default. Port is configurable by the user. Open URL: https:/: Example: 00:8888 Enter username and password. Default adminis

58、trator account: Username = array Password = admin,2021/2/1,58,WEB登陆管理,2021/2/1,59,WEB登陆管理,2021/2/1,60,WEB全局界面,2021/2/1,61,WEB页面语言选择,2021/2/1,62,WEB中文管理界面,2021/2/1,63,说明,说明： Array的配置分为running-config和startup-config，因此，在做完所有的配置后，必须要进行保存配置操作，如下图所示： 点击“Save Config”即可,2021/2/1,64,内容,Array Appvelocity（简称AP

59、V）产品介绍 APV负载均衡器工作原理 APV初始化安装与基本配置 1，APV-配置-初始化 2，APV-配置-Vlan 3，APV-配置-Interface 4，APV-配置-Routing 5，APV-配置-针对于关键字的健康检查 6，APV-配置-Real Services 7，APV-配置-Groups 8，APV-配置-Virtual Services 9，APV-配置-Nat 集群配置 典型组网,2021/2/1,65,Vlan配置,2021/2/1,66,Vlan配置,2021/2/1,67,Delete Vlan,Delete,2021/2/1,68,内容,Array Appv

60、elocity（简称APV）产品介绍 APV负载均衡器工作原理 APV初始化安装与基本配置 1，APV-配置-初始化 2，APV-配置-Vlan 3，APV-配置-Interface 4，APV-配置-Routing 5，APV-配置-针对于关键字的健康检查 6，APV-配置-Real Services 7，APV-配置-Groups 8，APV-配置-Virtual Services 9，APV-配置-Nat 集群配置 典型组网,2021/2/1,69,Assign IP Address,Basic Networking Interface,在Static IP Address和Static