做为ADC产品三大卖点SLB/LLB/GSLB的LLB需要加深理解。从网络基础成长起来的SE,可以不熟悉SLB,但对LLB不能不熟。为方便手机屏幕浏览,将原图改造成竖版如下:
一次链路负载均衡的访问处理流程如下:
1) 客户端访问Internet 服务器(如LAN客户端172.22.99.10访问WAN网http://122.227.231.250);
LLB-11-Active-affinity-def-vMaster[1/1]#sh running-config | sec nat
system resource-usage nat-pool-addr-count 2000
ip nat pool cmc-nat 223.96.100.4 223.96.100.6 netmask /24 ip-rr
ip nat pool ctc-nat 122.227.231.4 122.227.231.6 netmask /24 ip-rr
ip nat pool cuc-nat 60.12.220.4 60.12.220.6 netmask /24 ip-rr
ip nat pool-group cmc-pool
member cmc-nat
ip nat pool-group ctc-pool
member ctc-nat
ip nat pool-group cuc-pool
member cuc-nat
slb resource-usage nat-pool-addr-count 2000
slb template port ctc-snat-temp
source-nat ctc-pool
slb template port cuc-snat-temp
source-nat cuc-pool
slb template port cmc-snat-temp
source-nat cmc-pool 
2) 如果A10 设备流量进入的接口配置有ip allow-promiscuous-vip,用户访问将命中某个ACL 关联的 Wildcard VIP 或没有关联ACL 的默认Wildcard VIP。
3) A10 设备首先匹配会话表,若命中会话表,根据会话表转发。
4) 如果没有命中会话表,先判断策略中是否配置有会话保持,若有会话保持且命中,则根据会话保持表选择下一跳,创建会话并转发。
5) 若没有配置会话保持或没有命中会话保持表,则按照Wildcard 中配置的各种策略进行处理,具体过程如下:
a) 若配置有aFlex,先判断aFlex 中是否有选路策略。
b) 若没有aFlex,判断Policy 模板中的选路策略,例如判断目的地址所属运营商,若目的地址属于电信,转发给电信网关Service-group,若目的地址为联通,转发给联通网关Service-group,若目的地址属于其他运营商,但无该运营商链路,则根据指定的下一跳转发,依次类推…
c) 若没有配置policy 模板或者没有命中polic 模板的具体条目,则转发到默认配置中的Servicegroup所包含的下一跳网关。
6) 目的服务器回包后,匹配会话表,根据返回路由或原路返回策略,将从设备收到请求的端口发回给客户端。
7) 后续任何客户端的访问按照以上的流程匹配相应的策略。
Done!
配置范例:
LLB-11-Active-affinity-def-vMaster[1/1]#sh running-config
!Current configuration: 3661 bytes
!Configuration last updated at 06:42:04 GMT Sat Mar 14 2020
!Configuration last saved at 08:55:17 GMT Sat Mar 14 2020
!64-bit Advanced Core OS (ACOS) version 4.1.4-GR1-P2, build 151 (Sep-09-2019,15:47)
!
vrrp-a common
device-id 1
set-id 1
enable
!
device-context 1
vcs enable
!
device-context 2
vcs enable
!
vcs floating-ip 1.1.1.2 255.255.255.0
!
vcs device 1
priority 250
interfaces management
interfaces ve 1001
affinity-vrrp-a-vrid 0
enable
!
vcs device 2
priority 200
interfaces management
interfaces ve 1001
affinity-vrrp-a-vrid 0
enable
!
!
system resource-usage nat-pool-addr-count 2000
!
terminal idle-timeout 60
!
class-list class-cmc
223.96.100.0/24
223.96.110.0/24
3.3.3.3/32
!
class-list class-ctc
122.227.231.0/24
122.227.230.0/24
!
class-list class-cuc
60.12.220.0/24
60.12.221.0/24
!
ip dns primary 122.227.231.250
!
vlan 1/1001
tagged ethernet 3
router-interface ve 1001
name heartBeat
!
vlan 1/2001
untagged ethernet 2
router-interface ve 2001
!
vlan 1/3001
tagged ethernet 1
router-interface ve 3001
!
vlan 1/3002
tagged ethernet 1
router-interface ve 3002
!
vlan 1/3003
tagged ethernet 1
router-interface ve 3003
!
vlan 2/1001
tagged ethernet 3
router-interface ve 1001
!
vlan 2/2001
untagged ethernet 2
router-interface ve 2001
!
vlan 2/3001
tagged ethernet 1
router-interface ve 3001
!
vlan 2/3002
tagged ethernet 1
router-interface ve 3002
!
vlan 2/3003
tagged ethernet 1
router-interface ve 3003
!
device-context 1
hostname LLB-11
!
device-context 2
hostname LLB-12
!
device-context 1
interface management
ip address 192.168.0.11 255.255.255.0
ip default-gateway 192.168.0.254
!
device-context 2
interface management
ip address 192.168.0.12 255.255.255.0
ip default-gateway 192.168.0.254
!
interface ethernet 1/1
enable
!
interface ethernet 1/2
enable
!
interface ethernet 1/3
enable
!
interface ethernet 2/1
enable
!
interface ethernet 2/2
enable
!
interface ethernet 2/3
enable
!
interface ve 1/1001
name heartBeat
ip address 1.1.1.11 255.255.255.0
!
interface ve 1/2001
name donwLink
ip address 172.22.99.1 255.255.255.0
ip allow-promiscuous-vip
!
interface ve 1/3001
name CTC
ip address 122.227.231.1 255.255.255.0
!
interface ve 1/3002
name CUC
ip address 60.12.220.1 255.255.255.0
!
interface ve 1/3003
name CMC
ip address 223.96.100.1 255.255.255.0
!
interface ve 2/1001
name heartBeat
ip address 1.1.1.12 255.255.255.0
!
interface ve 2/2001
name downLink
ip address 172.22.99.2 255.255.255.0
!
interface ve 2/3001
name CTC
ip address 122.227.231.2 255.255.255.0
!
interface ve 2/3002
name CUC
ip address 60.12.220.2 255.255.255.0
!
interface ve 2/3003
name CMC
ip address 223.96.100.2 255.255.255.0
!
vrrp-a vrid 0
floating-ip 122.227.231.82
floating-ip 60.12.220.168
floating-ip 172.22.99.3
device-context 1
blade-parameters
priority 250
tracking-options
trunk 1 priority-cost 60
gateway 172.22.99.254 priority-cost 100
device-context 2
blade-parameters
priority 200
tracking-options
trunk 1 priority-cost 60
gateway 172.22.99.254 priority-cost 100
!
ip nat pool cmc-nat 223.96.100.4 223.96.100.6 netmask /24 ip-rr
!
ip nat pool ctc-nat 122.227.231.4 122.227.231.6 netmask /24 ip-rr
!
ip nat pool cuc-nat 60.12.220.4 60.12.220.6 netmask /24 ip-rr
!
ip nat pool-group cmc-pool
member cmc-nat
!
ip nat pool-group ctc-pool
member ctc-nat
!
ip nat pool-group cuc-pool
member cuc-nat
!
device-context 1
enable-management service ssh
ve 1001
ve 2001
!
device-context 2
enable-management service ssh
ve 1001
ve 2001
!
device-context 1
ip route 0.0.0.0 /0 60.12.220.254 10
ip route 0.0.0.0 /0 223.96.100.254 20
ip route 0.0.0.0 /0 122.227.231.251
!
device-context 2
ip route 0.0.0.0 /0 122.227.231.251
ip route 0.0.0.0 /0 60.12.220.254 10
ip route 0.0.0.0 /0 223.96.100.254 20
!
slb resource-usage client-ssl-template-count 8192
slb resource-usage conn-reuse-template-count 4096
slb resource-usage fast-tcp-template-count 4096
slb resource-usage fast-udp-template-count 4096
slb resource-usage http-template-count 4096
slb resource-usage nat-pool-addr-count 2000
slb resource-usage persist-cookie-template-count 4096
slb resource-usage persist-srcip-template-count 4096
slb resource-usage proxy-template-count 4096
slb resource-usage real-port-count 16384
slb resource-usage real-server-count 8192
slb resource-usage server-ssl-template-count 8192
slb resource-usage service-group-count 8192
slb resource-usage stream-template-count 4096
slb resource-usage virtual-port-count 8192
slb resource-usage virtual-server-count 4096
slb resource-usage health-monitor-count 1024
!
health monitor check-ctc-baidu
method external program ext-ping arguments "ve3001 www.baidu.com"
!
health monitor check-cuc-baidu
method external program ext-ping arguments "ve3002 60.12.220.249"
!
health monitor check-cmc-baidu
method external program ext-ping arguments "ve3003 223.96.100.249"
!
health monitor check-ctc-taobao
method external program ext-ping arguments "ve3001 www.taobao.com"
!
health monitor check-cuc-taobao
method external program ext-ping arguments "ve3002 60.12.220.249"
!
health monitor check-cmc-taobao
method external program ext-ping arguments "ve3003 223.96.100.249"
!
health monitor check-ctc
method compound sub check-ctc-baidu sub check-ctc-taobao or
!
health monitor check-cuc
method compound sub check-cuc-baidu sub check-cuc-taobao or
!
health monitor check-cmc
method compound sub check-cmc-baidu sub check-cmc-taobao or
!
slb template port ctc-snat-temp
source-nat ctc-pool
!
slb template port cuc-snat-temp
source-nat cuc-pool
!
slb template port cmc-snat-temp
source-nat cmc-pool
!
slb server gw-cmc 223.96.100.250
health-check check-cmc
port 0 tcp
template port cmc-snat-temp
health-check-disable
port 0 udp
template port cmc-snat-temp
health-check-disable
port 10 tcp
!
slb server gw-ctc 122.227.231.251
health-check check-ctc
port 0 tcp
template port ctc-snat-temp
health-check-disable
port 0 udp
template port ctc-snat-temp
health-check-disable
!
slb server gw-cuc 60.12.220.250
health-check check-cuc
port 0 tcp
template port cuc-snat-temp
health-check-disable
port 0 udp
template port cuc-snat-temp
health-check-disable
!
slb service-group gw-all-tcp tcp
method src-ip-hash
health-check-disable
member gw-cmc 0
member gw-ctc 0
member gw-cuc 0
!
slb service-group gw-all-udp udp
method src-ip-hash
health-check-disable
member gw-cmc 0
member gw-ctc 0
member gw-cuc 0
!
slb service-group gw-cmc-tcp tcp
health-check-disable
member gw-cmc 0
priority 15
member gw-ctc 0
priority 10
member gw-cuc 0
priority 5
!
slb service-group gw-cmc-udp udp
health-check-disable
member gw-cmc 0
priority 15
member gw-ctc 0
priority 10
member gw-cuc 0
priority 5
!
slb service-group gw-ctc-tcp tcp
health-check-disable
member gw-cmc 0
priority 10
member gw-ctc 0
priority 15
member gw-cuc 0
priority 5
!
slb service-group gw-ctc-udp udp
health-check-disable
member gw-cmc 0
priority 10
member gw-ctc 0
priority 15
member gw-cuc 0
priority 5
!
slb service-group gw-cuc-tcp tcp
health-check-disable
member gw-cmc 0
priority 5
member gw-ctc 0
priority 10
member gw-cuc 0
priority 15
!
slb service-group gw-cuc-udp udp
health-check-disable
member gw-cmc 0
priority 5
member gw-ctc 0
priority 10
member gw-cuc 0
priority 15
!
slb template persist destination-ip p-dip
!
slb template tcp temp-tcp-60s
idle-timeout 60
reset-fwd
reset-rev
!
slb template udp temp-udp-60s
idle-timeout 60
!
slb virtual-server llb-out 0.0.0.0
port 0 others
clientip-sticky-nat
aflex llb-out-udp
template persist destination-ip p-dip
template udp temp-udp-60s
no-dest-nat
port 0 tcp
clientip-sticky-nat
aflex llb-out-tcp
template persist destination-ip p-dip
template tcp temp-tcp-60s
no-dest-nat
port 0 udp
clientip-sticky-nat
aflex llb-out-udp
template persist destination-ip p-dip
template udp temp-udp-60s
no-dest-nat
!
sflow setting local-collection
!
sflow collector ip 127.0.0.1 6343
!
!
end
!Current config commit point for partition 0 is 0 & config mode is classical-mode
LLB-11-Active-affinity-def-vMaster[1/1]#