已阅读过的文件slaroute mapeembind9实现负载均衡

1、SLA+ROUTE-MAP+EEM+BIND9 实现真正负载均衡测试时间：2010-2-21.1 网络拓扑图：218.108.10.20202.192.100.32202.107.22.10/29router1124.150.32.34/29192.168.1.1/24DNS192.168.1.2/24WEB192.168.1.0/24192.168.1.10/24192.168.1.11/241.2 地址分配1.3 任务1、内部用户互联网时，网通流量通过网通线路进行，电信流量设备名称接口名称IP 地址Router1F0/0124.150.32.34/29F0/1202.107.22.10/2

2、9F1/0192.168.1.1/24设备名称内部 IP 地址IP 地址WEB 服务器192.168.1.10124.150.32.35192.168.1.11202.107.22.11DNS 服务器192.168.1.2124.150.32.36192.168.1.3202.107.22.12通过电信线路进行，其它流量通过电信线路进行；当网通链路出现故障时，将所有流量迁移至电信链路。当电信链路出现故障时，将所有流量迁移至网通链路。2、网通用户通过网通线路WEB 服务器，电信用户通过电信线路访问 WEB 服务器。当网通链路出现故障时，则所有用户通过电信链路进行，当电信链路出现故障时，则所有用户

3、通过网通链路进行访问。1.4 实现思路1、内部互联网流量实现双 ISP 负载均衡及冗余备份，通过采用SLA+ROUTE-MAP 即可实现；2、互联网用户对外提供的服务器业务，实现双 ISP 负载均衡及冗余备份，需要内部建立一个 DNS 服务器，通过 BIND9 的 view 功能，实现对网通和电问服务器地址的。另外通过 SLA+EEM，实现对当链路DNS 业务源地址为私有地址，而 DNS 服务器故障时，将所有根据这私有地址来相应的服务器地址。1.5 内部ip cef互联网流量负载分担配置!/SLA 链路检测配置ip sla monitor 10type echo protocol ipIcmp

4、Echo 124.150.32.33 source-interface FastEthernet0/0ip sla monitor schedule 10 start-time nowip sla monitor 20type echo protocol ipIcmpEcho 202.107.22.9 source-interface FastEthernet0/1ip sla monitor schedule 20 start-time now!track 1 rtr 10 reachability!第 2 页，共 10 页track 2 rtr 20 reachability!/接口配置i

5、nterface FastEthernet0/0ip address 124.150.32.34 255.255.255.248ip nat outside!interface FastEthernet0/1ip address 202.107.22.10 255.255.255.248ip nat outside!interface FastEthernet1/0ip address 192.168.1.1 255.255.255.0ip nat inside!/静态路由配置ip route 0.0.0.0 0.0.0.0 124.150.32.33 50 track 1/默认路由，优先级为

6、 50。ip route 218.108.0.0 255.255.0.0 124.150.32.33 track 1不一一写列出。/网通地址段，网上可以搜到。这里ip route 0.0.0.0 0.0.0.0 202.107.22.9 10 track 2/默认情况下，其它 ISP 的地址段，通过电信线路。ip route 202.192.0.0 255.255.0.0 202.107.22.9 track 2/电信地址段，同样在网上可以搜到。!/内部互联网根据 route-map 做 PAT。ip nat inside source route-map cnc interface Fast

7、Ethernet0/0 overloadip nat inside source route-map telecom interface FastEthernet0/1 overload!access-list 100 permit ip 192.168.1.0 0.0.0.255 any!/配置 route-map。第 3 页，共 10 页route-map telecom permit 10match ip address 100match interface FastEthernet0/1!route-map cnc permit 10match ip address 100match

8、interface FastEthernet0/0!1.6互联网对外服务器负载均衡配置/互联网DNS 服务器时，配置内部 IP 地址池ip nat pool cnc_dns 192.168.10.1 192.168.10.250 netmask 255.255.255.0ip nat pool telecom_dns 192.168.20.1 192.168.20.250 netmask 255.255.255.0!/WEB 服务器配置两个内部 IP 地址，分别一个网通地址和一个电信地址。ip nat inside source static 192.168.1.10 124.150.32.3

9、5ip nat inside source static 192.168.1.11 202.107.22.11!/DNS 服务器同样配置两个内部 IP 地址，分别一个网通地址和一个电信地址。ip nat inside source static 192.168.1.2 124.150.32.36ip nat inside source static 192.168.1.3 202.107.22.12!/将互联网DNS 时，转换为内部 IP 地址。ip nat outside source list cnc pool cnc_dnsip nat outside source list telec

10、om pool telecom_dns!ip access-list extended cncdenyip any anypermit ip any host 124.150.32.36ip access-list extended telecom第 4 页，共 10 页denyip any anypermit ip any host 202.107.22.12!/配置 EEM，当网通链路断开时和恢复时作相应调整。event manager applet cnc_link_downevent syslog pattern rtr 10 reachability Up-Downaction 1.

11、1 syslog msg cnc link is downaction 2 cli command enableaction 2.1 cli command config taction 2.2 cli command ip access-list extended telecomaction 2.3 cli command no 5action 2.4 cli command ip route 192.168.20.0 255.255.255.0 202.107.22.9action 3 syslog msg cnc link is down,traffic transfer to tele

12、com linkevent manager applet cnc_link_upevent syslog pattern rtr 10 reachability Down-Upaction 1.1 syslog msg cnc link is upaction 2 cli command enableaction 2.1 cli command config taction 2.2 cli command ip access-list extended telecomaction 2.3 cli command 5 deny ip any anyaction 2.4 cli command n

13、o ip route 192.168.20.0 255.255.255.0 202.107.22.9action 2.5 cli command endaction 2.6 cli command clear ip nat translation *action 3 syslog msg cnc link is recovery/配置 EEM，当电信链路断开时和恢复时作相应调整。event manager applet telecom_link_downevent syslog pattern rtr 20 reachability Up-Downaction 1.1 syslog msg t

14、elecom link is downaction 2 cli command enableaction 2.1 cli command config t第 5 页，共 10 页action 2.2 cli command ip access-list extended cncaction 2.3 cli command no 5action 2.4 cli command ip route 192.168.10.0 255.255.255.0 124.150.32.33action 3 syslog msg telecom link is down,traffic transfer to c

15、nc linkevent manager applet telecom_link_upevent syslog pattern rtr 20 reachability Down-Upaction 1.1 syslog msg telecom link is upaction 2 cli command enableaction 2.1 cli command config taction 2.2 cli command ip access-list extended cncaction 2.3 cli command 5 deny ip any anyaction 2.4 cli comman

16、d no ip route 192.168.10.0 255.255.255.0 124.150.32.33action 2.5 cli command endaction 2.6 cli command clear ip nat translation *action 3 syslog msg telecom link is recovery1.7设备详细配置ip cef!ip sla monitor 10type echo protocol ipIcmpEcho 124.150.32.33 source-interface FastEthernet0/0timeout 1000freque

17、ncy 5ip sla monitor schedule 10 start-time now!ip sla monitor 20type echo protocol ipIcmpEcho 202.107.22.9 source-interface FastEthernet0/1timeout 1000frequency 5ip sla monitor schedule 20 start-time now第 6 页，共 10 页!track 1 rtr 10 reachability!track 2 rtr 20 reachability!interface FastEthernet0/0ip

18、address 124.150.32.34 255.255.255.248ip nat outside!interface FastEthernet0/1ip address 202.107.22.10 255.255.255.248ip nat outside!interface FastEthernet1/0ip address 192.168.1.1 255.255.255.0ip nat inside!ip route 0.0.0.0 0.0.0.0 124.150.32.33 50 track 1ip route 218.108.0.0 255.255.0.0 124.150.32.

19、33 track 1ip route 0.0.0.0 0.0.0.0 202.107.22.9 10 track 2ip route 202.192.0.0 255.255.0.0 202.107.22.9 track 2!ip nat pool cnc_dns 192.168.10.1 192.168.10.250 netmask 255.255.255.0ip nat pool telecom_dns 192.168.20.1 192.168.20.250 netmask 255.255.255.0ip nat inside source route-map cnc interface F

20、astEthernet0/0 overloadip nat inside source route-map telecom interface FastEthernet0/1 overloadip nat inside source static 192.168.1.2 124.150.32.36ip nat inside source static 192.168.1.3 202.107.22.12ip nat outside source list cnc pool cnc_dnsip nat outside source list telecom pool telecom_dns第 7

21、页，共 10 页!ip access-list extended cncdenyip any anypermit ip any host 124.150.32.36ip access-list extended telecomdenyip any anypermit ip any host 202.107.22.12!access-list 1 permit 124.150.32.33access-list 2 permit 202.107.22.9access-list 100 permit ip 192.168.1.0 0.0.0.255 any!route-map telecom per

22、mit 10match ip address 100match interface FastEthernet0/1!route-map cnc permit 10match ip address 100match interface FastEthernet0/0!event manager applet cnc_link_downevent syslog pattern rtr 10 reachability Up-Downaction 1.1 syslog msg cnc link is downaction 2 cli command enableaction 2.1 cli comma

23、nd config taction 2.2 cli command ip access-list extended telecomaction 2.3 cli command no 5action 2.4 cli command ip route 192.168.20.0 255.255.255.0 202.107.22.9action 3 syslog msg cnc link is down,traffic transfer to telecom link第 8 页，共 10 页event manager applet cnc_link_upevent syslog pattern rtr

24、 10 reachability Down-Upaction 1.1 syslog msg cnc link is upaction 2 cli command enableaction 2.1 cli command config taction 2.2 cli command ip access-list extended telecomaction 2.3 cli command 5 deny ip any anyaction 2.4 cli command no ip route 192.168.20.0 255.255.255.0 202.107.22.9action 2.5 cli command endaction 2.6 cli command clear ip nat translation *action 3 syslog msg cnc link is recoveryevent manager applet telecom_link_downevent syslog pattern rtr 20 reachability Up-Downaction 1.1 syslog msg telecom link is downaction