F5负载均衡器配置指导书(lhh)

1、密级：密级：内部公开使用对象：使用对象：工程师、合作方、用户华为技术有限公司华为技术有限公司Huawei Technologies Co. Ltd.产品名称产品名称:F5配置指导书F5负载均衡器配置指导书负载均衡器配置指导书拟制拟制:Prepared by林浩泓林浩泓日期：日期：Date2004-2-16审核审核:Reviewed by日期：日期：Dateyyyy-mm-dd审核审核:Reviewed by日期：日期：Dateyyyy-mm-dd批准批准:Granted by日期：日期：Dateyyyy-mm-dd华为技术有限公司华为技术有限公司Huawei Technologies Co.,

2、 Ltd.版权所有版权所有 侵权必究侵权必究All rights reservedF5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 2 页, 共 60 页修订记录Revision record日期日期Date修订版本修订版本Revision version描述描述Description作者作者Author2004-01-110.01创建文档2004-2-161.00初稿完成F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 3 页, 共 60 页目 录1F5负载均衡器简介负载均衡器简介 .71.1负载均衡技术简介 .71.2F5负载均衡产品介绍

3、.72准备工作准备工作.82.1组网和IP地址规划.92.2BIG-IP接口编号说明.103命令行进行命令行进行SETUP配置配置.113.1配置终端 .113.2启动F5.113.3输入用户名口令 .123.4设置终端类型 .133.5SETUP初始化配置.133.5.1提示系统License不存在.133.5.2设置键盘类型.143.5.3设置root密码.143.5.4设置主机名.153.5.5双机系统设置.163.5.6设置接口速率和双工类型.183.5.7配置VLAN和IP地址.183.5.8添加接口到VLAN中.213.5.9选择VLAN IP地址与主机名关联.213.5.10配置

4、默认网关.223.5.11配置WEB访问.233.5.12配置SSH访问.253.5.13配置F5支持访问.26F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 4 页, 共 60 页3.5.14设置时区.273.5.15配置NTP支持.283.5.16配置DNS代理转发.283.5.17用户认证配置.283.5.18Setup配置完成.294激活激活LICENSE.304.1通过WEB访问BIG-IP.304.2激活LICENSE步骤.305系统时钟更改系统时钟更改.346WEB CONFIGURATION UTILITY进行配置进行配置.356.1进入配置工具 .

5、356.2配置VLAN和端口.366.3配置VLAN IP地址.366.4配置负载均衡池 .376.5配置节点状态监控 .396.5.1自定义节点状态监控.396.5.2监控与节点相关联.416.6配置虚拟服务器 .426.6.1创建虚拟服务器.426.6.2虚拟服务器属性修改配置.436.6.3检查系统状态.456.7配置SNAT.466.7.1配置步骤.466.7.2验证SNAT配置.487双机配置双机配置.517.1注意事项 .517.2初始化后配置步骤 .52F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 5 页, 共 60 页7.3上行连接的监控设置 .5

6、28附录附录A 常见问题说明常见问题说明.548.1BIG-IP单机或两台双机系统处于STANDBY状态，为什么？.548.2BIG-IP系统ROOT密码忘记了，如何恢复？.548.3默认的用户名和口令不安全，如何添加新用户或修改现有用户？ .558.4BIG-IP系统如何进行配置备份和恢复？.568.5SSH访问具有密码加密传输的优点，请问从哪里获取SSH客户端？.568.6网络设备通常有收集系统信息的宏命令，F5有没有相应命令？.578.7如何使用TCPDUMP进行TROUBLESHOOTING？.57F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 6 页, 共

7、 60 页关键词Key words：负载均衡池、虚拟服务器，节点、ECV、EAV、SNAT摘摘 要要Abstract：缩略语清单缩略语清单List of abbreviations：.ECVExtended Content Verification 可扩展的应用验证EAV Extended Application Verification可扩展的内容验证SNATsecure network address translation安全网络地址转换F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 7 页, 共 60 页1 F5 负载均衡器简介负载均衡器简介1.1负载均衡技

8、术简介随着业务与软件产品与IP网络关系愈加密切，业务平台提供的性能以及可靠性是电信级应用的关键因素。业务与软件产品中Portal、WAP网关、彩铃和MMS等业务直接通过Internet提供网络服务。由于Internet对业务服务访问具有不可预知性，传统的服务器提供大量并发服务已经面临处理能力和I/O性能的瓶颈，当业务超过已经界限将会出现“Server Too Busy”乃至服务器宕机等问题。针对单台服务器有限的性能存在瓶颈的情况，负载均衡器通过负载均衡机制将所有请求平均分配到多台节点服务器，使得系统业务处理能力大大提升。此外，负载均衡器还能监控服务器节点的可用性，其中某一台服务器故障时，能将访

9、问请求转移到其它可以正常工作的服务器。负载均衡器通常称为四层交换机或七层交换机。四层交换机主要分析IP层及TCP/UDP层，实现四层流量负载均衡。七层交换机除了支持四层负载均衡以外，还有分析应用层的信息，如HTTP协议URI或Cookie信息。1.2F5 负载均衡产品介绍目前F5负载均衡器有BIG-IP 1000、 BIG-IP 2400、BIG-IP 5000三个型号。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 8 页, 共 60 页BIG-IP 24002400D44 PlatformMRA II16 10/1002 Fiber GB1 x 1.26 GHz

10、 PIII512 MB Memory512 Flash1 SSL Chip (up to 2000 TPS)PMC slot for FIPS SSLBIG-IP 1000 1000D39 Platform8 10/1001 Gb1 x 1 GHz512 MB Memory512 Flash1 SSL Chip (up to 2000 TPS)0 TPS factoryBIG-IP 50005100D51 Platform2Gb/s2x 1.26 Ghz PIII24 10/1004 Fiber GB1 GB Memory512 Flash1 SSL Chips* (up to 4,000 T

11、PS)PMC slot for FIPS5110Everything the 5100 has except4 Copper GB replace Fiber GB三个型号的配置如下：BigIP 1000BigIP 2400BigIP 5000（5100/5110）最大连接数4,000,0004,000,0004,000,000空间占用2U2U2U冗余电源支持支持支持网络接口1x1000 BASE-SX8x10/100 BASE-TX2x1000 BASE-SX16x10/100 BASE-TX4x1000 BASE-SX24x10/100 BASE-TXCPUPIII 1.0 GHz x 1

12、PIII 1.26 GHz x 1PIII 1.26 GHz x 2MEM (STD/MAX)512 M/2G512 M/2G1G/2GStorage 512 MB Compact Flash512 MB Compact Flash512 MB Compact FlashSSL 芯片1x SSL chip1x SSL chip2x SSL chip免费SSL hand-shakes per second100 TPS100 TPS100TPS软件模块升级支持支持支持2 准备工作准备工作在安装BIG-IP系统之前，请检查如下准备工作是否做好：设备物理连接规划。F5 负载均衡器配置指导书内部公开2

13、004-01-10内部资料，请勿扩散第 9 页, 共 60 页IP地址规划，根据实际需要划分网段和分配IP地址，通常网络设备IP地址为网络中最大IP地址（默认网关使用最大IP地址），往下递推；主机设备从网络中最小IP地址往上递推进行分配。BIG-IP外部VLAN需要3个IP用于冗余BIG-IP配置。每一个VIP（虚拟IP地址）或NAT需要一个外部VLAN IP。BIG-IP内部VLAN需要3个IP用于冗余BIG-IP配置。BIG-IP内部每个节点需要一个内部VLAN IP。 确定BIG-IP主机域名，并且确保BIG-IP双机主机名不一样。2.1组网和 IP 地址规划本文通过实例来说明F5负载均

14、衡器的使用和配置。组网和IP地址规划如下图所示：F5-2Web Server2F5-1FirewallSwitchWeb Server1Failover CableTagged VLANInternet5/27网关:46/27网关:4VLAN: ExternalTag:200F5_1:6/27浮动IP:8VLAN: ExternalTag:200F5_2:7/27浮动IP:8VLAN: InternalT

15、ag:100F5_2:3/27浮动IP:4VLAN: InternalTag:100F5_1:2/27浮动IP:4VIP: POOL: 65Port:80DMZ0/27UNTRUST01/30MIP: VIPIP:9/27IP地址和物理端口分配如下表所示：单元单元号号主机名主机名VLANVLAN端口端口端口对端描

16、述端口对端描述IPIP 地址地址浮动浮动 IPIP 地址地址F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 10 页, 共 60 页external1.1外部 vlan 交换机6/278internal1.3, 1.4服务器主网卡2/2741f5-tagged1.8级联备用 F5-external1.1外部 vlan 交换机6/278internal1.3, 1.4服务器备网卡2/2742f5

17、-tagged1.8级联主用 F5-VIP与成员信息表如下：VIPVIP 号号VIPVIP IPIP 地址地址VIPVIP 端口端口成员池名成员池名成员节点成员节点 IPIP 地址地址成员节点端口成员节点端口映射方式映射方式5180web_pool680SNAT本文主要给出BIG-IP系统配置使用的指南，具体配置不一定跟本实例一致。2.2BIG-IP 接口编号说明F5接口槽位号编号遵循由上到下，然后由左到右规则。BIG-IP第一槽位为8端口快速以太网接口，2槽位为1端口千兆网接口，3槽位为管理接口。具体编码如下图：1.12.11

18、.3.1注：注：因为BIG-IP的接口与VLAN分配相关，网线连接接口位置不能随意更改，否则可能导致网络无法连接。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 11 页, 共 60 页3 命令行进行命令行进行 Setup 配置配置本文以BIG-IP 1000为例讲解整个配置过程，基本上讲解了BIG-IP整个配置过程。3.1配置终端使用超级终端建立一个连接，通过Console电缆一端连接BIGIP，一端连接COM，COM的参数设置：串口设置：19200，8-N-1设置串口的终端仿真为 VT100，如图：3.2启

19、动 F5启动F5，超级终端显示如下：System is booting, Please wait .loading /bootpress ESC to boot now, any other key to interrupt boot sequence 4 3 2 1 01basemem = 636K, extmem = 523264K, total 524288K1 设备内存信息F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 12 页, 共 60 页Checking for ACPI PM SUPPORT. Not presentChecking for APM

20、BIOS. APM V1.2 found.Copyright (c) 1996-2003F5 Networks, Inc. All rights reserved.2BIG-IP Kernel 4.5PTF-07 Build18Hardware Configuration: .3CPU: Pentium III (Coppermine) (996 MHz)Memory: 512 MBCrypto Processors: 1 x BCM5822Network Interfaces: 3.1 00:01:d7:21:c1:80 (exp0) ether 100BaseTX 10BaseT 2.1

21、00:01:d7:21:c1:ba (bsg2) ether 1000Mbps 1.1 - 1.8 (bs) ether 100BaseTX 10BaseTOther Devices:.Setup default configuration.Default configuration complete.IP 45 configured on vlan admin port 3.14default.* PRODUCT IS UNLICENSED *5sod bigstpd big3d bigd sfd slapd ipfw rateclass ratefilt ntpdat

22、e 3.3输入用户名口令BIG-IP 4.5PTF-07 (default) (console)login:输入用户“root”和默认密码“default”，回车。注：注：基于CLI访问F5的默认用户名为“root”，口令为“default”。基于HTTPS访问的默认用户名为“admin”，口令为“admin”。在业务系统中务必更改默认用户名和口令在业务系统中务必更改默认用户名和口令。2 设备版本号3 设备CPU、内存、网络接口等硬件信息4默认管理IP地址。为了允许远程连接使用Setup配置工具，BIG-IP定义两个预定义IP地址，优选默认IP地址为45。如果优选地址存在

23、地址冲突，BIG-IP将使用备选IP地址45。5第一次使用F5设备，License还没有被激活的提示消息。BIG-IP必须激活License后才能正常使用。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 13 页, 共 60 页3.4设置终端类型Copyright 1992, 1993, 1994, 1995, 1996, 1997 Berkeley Software Design, Inc.Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of

24、 the University of California. All rights reserved. 省略输出信息Terminal type? vt100缺省的终端类型为vt100，回车3.5Setup 初始化配置缺省的主机名字是：default,在提示符下面输入命令：config，回车：说明：第一次运行config或setup命令将进入setup命令界面。Setup工具可以实现逐步配置root密码、BIG-IP主机名、接口和远程管理等。default:# config3.5.1提示系统 License 不存在第一次运行，提示系统License不存在信息B I G - I P L I C E

25、 N S E P R O B L E M There is no active license on this system. To activate your license, run the setup command again after this configuration and choose the License Activation menu item, or exit from this program now and run the license command. Exit now? (Y/N): n 按“n”键进入License Agreement窗口，按回车键继续，

26、并选择Yes, I Agree To This License。根据系统提示，继续执行配置步骤直至正式进入Setup Utility。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 14 页, 共 60 页C O N F I G U R A T I O N Setup Utility Welcome to BIG-IP. Before using your BIG-IP, you will have to configure many services and values including: the root password, BIG-IP hostname,

27、 interface cards, shared interfaces (if any), and remote administration tools. This utility will take you through the process step-by-step. Press ctrl-E to exit and configure manually press any other key to continue 注意：注意：进入BIG-IP Setup工具模式后，无法退出和配置回滚，必须一步一步配完。3.5.2设置键盘类型进入Setup界面后，第一步工作是设置键盘类型，默认使用

28、US - Standard 101 key，回车。S E T K E Y B O A R D T Y P E Choose your keyboard type from the list below. Belgian Bulgarian MIK French German Japanese - 106 key Norwegian Spanish Swedish US + Cyrillic US - Standard 101 key United Kingdom F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 15 页, 共 60 页3.5.3设置 root 密码设

29、置root密码。输入root密码后，BIG-IP重新提示输入密码。如果前后输入密码匹配，系统立即保存密码。如果密码不一致，Setup工具提供错误消息并提示重新输入密码。S E T R O O T P A S S W O R D New Root Password: You need to set the root password on your BIG-IP. If you have purchased a redundant BIG-IP system, the root password on both boxes must be the same. Your input will no

30、t echo on this page. 注：注：root密码允许用户通过命令行访问BIG-IP系统。建议root密码长度大于6位，但不要超过32位字节。密码与大小写敏感，建议密码中包含大写/小写字母和特殊字节（比如，!#$%&*）。如果BIG-IP系统为冗余系统，两台主备机的root密码必须保持一致。3.5.4设置主机名S E T B I G - I P H O S T N A M E Enter BIG-IP FQDN : f5- The FQDN (Fully Qualified Domain Name) identifies this BIG-IP controller. Exampl

31、e: .注：注：主机名用来标识BIG-IP系统自身。主机名必须符合DNS域名标准。主机部分必须以字母开始，并至少为2个字符。举例：f5-。警告：警告：BIG-IP双机系统的主机名必须不一样不一样，否则配置无法同步。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 16 页, 共 60 页警告：警告：必须通过Setup工具来更改主机名，不得直接编辑/etc/hosts或用hostname命令更改主机名，否则会导致系统不可访问。3.5.5双机系统设置配置完主机名之后，BIG-IP系统进入接口配置模式，包括VLAN、IP地址和双机配置。如果工程中配置F5双机系统unit I

32、D（通常为1或2）、fail-over IP地址和fail-over类型。如果BIG-IP系统为双机，选择Yes, it is a redundant BIG-IP system，否则选择No, it is not a redundant BIG-IP system。C O N F I G U R E B I G - I P I N T E R F A C E S Is this a redundant BIG-IP system? Yes, it is a redundant BIG-IP system No, it is not a redundant BIG-IP system 若不选择

33、为双机系统，则跳过下列步骤：A. 设置Unit ID。通常主用系统Unit ID为1，备用系统Unit ID为2。C O N F I G U R E B I G - I P I N T E R F A C E S Enter the unit identifying number for this BIG-IP. This must be a unique number for each BIG-IP. For example, if this is the second BIG-IP you have configured, enter a 2 below. If it is the fir

34、st, enter a 1, which is the default. Unit Number: 1 B. 设置Failover IP。通常为备用BIG-IP系统内部接口Self-IP地址。本例中使用Portal F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 17 页, 共 60 页VLAN的备用BIG-IP系统IP地址。C O N F I G U R E B I G - I P I N T E R F A C E S Enter the unit identifying number for this BIG-IP. This must be a unique

35、 number for each BIG-IP. For example, if this is the second BIG-IP you have configured, enter a 2 below. If it is the first, enter a 1, which is the default. Unit Number: 2 What is the IP address of the failover system? This will typically be the IP of an internal interface on the redundant controll

36、er. Failover IP: 3 C. 设置Fail-over类型。本例中选择Hardwired，Fail-over通过双机系统连接Failover线缆来实现，请确保双机之间有请确保双机之间有Failover线缆线缆。我们还可以选择Network作为Fail-over类型，这时Failover心跳和同步方式将通过网络实现。BIG-IP系统支持MDI/MDI-X自适应自适应，BIG-IP系统之间接口既可以通过直连网线也可以通过交叉网线对接。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 18 页, 共 60 页C O N F I G U R

37、E B I G - I P I N T E R F A C E S Enter the unit identifying number for this BIG-IP. This must be a unique number for each BIG-IP. For example, if this is the second BIG-IP you have configured, enter a 2 below. If it is the first, enter a 1, which is the default. Unit Number: 2 What is the IP addres

38、s of the failover system? This will typically be the IP of an internal interface on the redundant controller. Failover IP: 3 Will hardwired or network failover be used for these systems? Hardwired Network 3.5.6设置接口速率和双工类型本例中一般采用auto默认值按“c”继续。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 19 页, 共 6

39、0 页C O N F I G U R E I N T E R F A C E S Use the arrow keys to navigate. Press to choose an interface and configure its media settings. Press C to continue. NOTE: For best results, choose the Auto media setting. In some cases, x devices configured for Auto media are incompatible and the proper duple

40、 x setting will not be negotiated between these devices. In these cases you may need to set the media settings to the same speed and duplex on both this device and the corresponding switch or host. 1.1 auto 1.2 auto 1.3 auto 1.4 auto 1.5 auto 3.5.7配置 VLAN 和 IP 地址系统默认有3个VLAN：admin、external和internal。按

41、“A”键添加新的VLAN，按“D”键删除一个VLAN，按“C”键继续下一步配置。D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press A to add a new VLAN name. Press D to delete a configuration. Press C to continue. admin external internal Failover IP: 172.16

42、.96.93 Redundant controller is not accessible. No addresses defined. F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 20 页, 共 60 页本例中删除默认admin VLAN。D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press A to add a new VLAN name. Pr

43、ess D to delete a configuration. Press C to continue. external internal Failover IP: 3 Redundant controller is not accessible. No addresses defined. VLAN配置还包括Port Lockdown 配置、IP地址/掩码/广播和浮动IP地址/掩码/广播。如果启用Port Lockdown，将无法通过该VLAN访问BIG-IP系统，即无法通过HTTPS或SSH对BIG-IP进行配置管理。通常建议对VLAN external启用Por

44、t Lockdown。本文以external为例介绍VLAN配置。A. VLAN external启用Port Lockdown：C O N F I G U R E V L A N e x t e r n a l You will now specify the attributes and IP addresses of this VLAN. Port lockdown enabled for this vlan Port lockdown disabled for this vlan Enabling port lockdown will block traffic to services

45、 running on BIG-IP itself. However, individual ports can be opened for administrative and monitoring purposes using the global open port commands. The appropriate globals will be automatically set by this utility when services are configured. B. 配置VLAN external IP地址/掩码/广播F5 负载均衡器配置指导书内部公开2004-01-10内

46、部资料，请勿扩散第 21 页, 共 60 页C O N F I G U R E V L A N e x t e r n a l You will now specify the attributes and IP addresses of this VLAN. Port lockdown disabled for this vlan Enter IP Address: 6 Enter Netmask : 24 Enter Broadcast Address : 1 Enter Shared IP Alias: 172.16.

47、96.28 Enter Shared IP Alias Netmask : 24 然后对internal VLAN进行配置，最终VLAN和IP地址配置如下：D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press A to add a new VLAN name. Press D to delete a configuration. Press C to co

48、ntinue. external 6 (Port lockdown: on) internal 2 (Port lockdown: off) Failover IP: 3 Redundant controller is accessible. 3.5.8添加接口到 VLAN 中根据安装前规划和设备物理连线，将接口添加到相应VLAN中。本例中，接口1.1添加到external VLAN中，接口1.3和1.4添加到internal VLAN中。此外，接口1.8用于主备BIG-IP双机系统级连，目前先不加入vlan web，将在WEB

49、界面中进行配置。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 22 页, 共 60 页A S S I G N I N T E R F A C E S T O V L A N S Use the arrow keys to navigate. Press to choose a VLAN and modify the list of interfaces. You must configure at least one VLAN. Press C to continue. external 1.1 internal 1.3 1.4 3.5.9选择 VLAN IP 地

50、址与主机名关联分配接口到指定VLAN后，如果系统有多个定义VLAN。我们必须指定一个VLAN IP地址作为与系统主机名关联的主IP地址。本例中，我们选择external VLAN IP地址作为主IP地址。S E L E C T H O S T I P A D D R E S S Select the IP address that will be associated with the host name in /etc/hosts. Press to select an address. Use the arrow keys to navigate. Enter C to continue.

51、 Hostname: f5- external 6 (X) web 2 指定主IP地址后，系统将保存网络配置：F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 23 页, 共 60 页 N E T W O R K I N G C O N F I G U R E D Wrote /etc/hosts Write /config/bigip_base.conf Update /config/bigip.conf Write bigdb fields Update /etc/snmpd.conf Shutdown all serv

52、ices. Startup all services. bigstart: startup inetd bigstart: startup named bigstart: startup sod bigstart: startup sshd bigstart: startup bigstpd bigstart: startup big3d bigstart: startup bigd bigstart: startup sfd bigstart: startup slapd 注：注：如果双机系统另外一台已经完成配置，终端可能会出现如下告警：Jan 10 19:13:15 default ker

53、nel: duplicate IP address 8! sent from address: 00:01:d7:21:ab:01解决方法解决方法：将串口心跳线连好，重新启动另一台，或者将用b failover standby命令另一台手动设成Standby。3.5.10 配置默认网关如果BIG-IP系统没有定义指定网络路由，BIG-IP将把数据发到默认网关池（gateway pool）。默认网关池可以认为是默认路由的组合，通常默认网关池由2个或多个网关IP地址组成，第一个地址作为默认路由，其它网关地址作为默认备用路由。默认网关池在系统激活后才能生效。本例中只输入一个网关

54、地址，这时系统不会生成默认网关池。F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 24 页, 共 60 页C O N F I G U R E D E F A U L T G A T E W A Y The default gateway route determines where the BIG-IP should send network traffic for which there is no more specific route. To set up a single default route, type one default gateway IP

55、address. If you type more than one address, the BIG-IP creates a default gateway pool. The first address in the list is entered as a traditional default route. Each IP address in the list must be on the same IP network as the BIG-IP. NOTE: Only a default route, no default gateway pool, will be set u

56、p on unlicensed systems. Enter default route addresses separated by a space. If you do not want a default route, leave this option blank. IPs: 0 3.5.11 配置 WEB 访问为了启用指定VLAN的WEB访问，必须在VLAN中指定域名。C O N F I G U R E W E B U T I L I T Y I N T E R F A C E S You will now configure the BIG-IP webser

57、ver for use with the Configuration Utility. The webserver may listen on any or all of the VLANS below. For each VLAN, you will be asked for the name by which the server will be known on the network associated with that VLAN. It is valid to assign the same name to more than one entry. Use the arrow k

58、eys to navigate. Press to choose an entry to configure, modify, or replace keys. Press C to continue to next stage. external f5-1. internal f5-1. 配置完WEB管理接口后，系统提示输入WEB管理接口admin用户帐号口令。F5默认帐F5 负载均衡器配置指导书内部公开2004-01-10内部资料，请勿扩散第 25 页, 共 60 页号口令为admin。C O N F I G U R E W E B S E R V E R A C C E S S Pass

59、word: The admin user account is provided as a general purpose BIG-IP account, allowing webserver access, remote login (ssh), and local login. If this is a redundant BIG-IP system, and the admin account is used as the configsync user, the password MUST be the same on the two systems. 配置完admin用户帐号口令后，系统提示输入允许WEB接口连接的IP地址。本处采用系统默认允许所有IP地址。S E T A D M I N I P A D D R E S S F O R H T T P D Administrative IP Address for httpd: *.*.*.* The Administrative IP Address is the IP address from which all remote administration, configuration and monitoring of your BIG-IP will be conducted using httpd. You m