以下拓扑在Home LAB环境下模拟常见企业网架构,能有效验证LLB的各项功能点:
分别将3.3.3.0/24地址段加入CTC/CMC/CUC的class-list库中,验证从FW起点的选路验证。
如果从Client起点进行验证,则会看到如下效果:Client>FW>LLB-A10>edge>TOP。
LLB-A10的完整配置:
LLB-11-Active-affinity-def-vMaster[1/1]#sh running-config
!Current configuration: 3848 bytes
!Configuration last updated at 08:43:48 GMT Sun Mar 15 2020
!Configuration last saved at 09:35:14 GMT Sun Mar 15 2020
!64-bit Advanced Core OS (ACOS) version 4.1.4-GR1-P2, build 151 (Sep-09-2019,15:47)
!
vrrp-a common
device-id 1
set-id 1
enable
!
device-context 1
vcs enable
!
device-context 2
vcs enable
!
vcs floating-ip 1.1.1.2 255.255.255.0
!
vcs device 1
priority 250
interfaces management
interfaces ve 1001
affinity-vrrp-a-vrid 0
enable
!
vcs device 2
priority 200
interfaces management
interfaces ve 1001
affinity-vrrp-a-vrid 0
enable
!
!
system resource-usage nat-pool-addr-count 2000
!
terminal idle-timeout 60
!
class-list class-cmc
223.96.100.0/24
223.96.110.0/24
!
class-list class-ctc
122.227.231.0/24
122.227.230.0/24
8.8.8.8/32
3.3.3.0/24
!
class-list class-cuc
60.12.220.0/24
60.12.221.0/24
!
ip dns primary 122.227.231.250
!
vlan 1/1001
tagged ethernet 3
router-interface ve 1001
name heartBeat
!
vlan 1/2001
untagged ethernet 2
router-interface ve 2001
!
vlan 1/3001
tagged ethernet 1
router-interface ve 3001
!
vlan 1/3002
tagged ethernet 1
router-interface ve 3002
!
vlan 1/3003
tagged ethernet 1
router-interface ve 3003
!
vlan 2/1001
tagged ethernet 3
router-interface ve 1001
!
vlan 2/2001
untagged ethernet 2
router-interface ve 2001
!
vlan 2/3001
tagged ethernet 1
router-interface ve 3001
!
vlan 2/3002
tagged ethernet 1
router-interface ve 3002
!
vlan 2/3003
tagged ethernet 1
router-interface ve 3003
!
device-context 1
hostname LLB-11
!
device-context 2
hostname LLB-12
!
device-context 1
interface management
ip address 192.168.0.11 255.255.255.0
ip default-gateway 192.168.0.254
!
device-context 2
interface management
ip address 192.168.0.12 255.255.255.0
ip default-gateway 192.168.0.254
!
interface ethernet 1/1
enable
!
interface ethernet 1/2
enable
!
interface ethernet 1/3
enable
!
interface ethernet 2/1
enable
!
interface ethernet 2/2
enable
!
interface ethernet 2/3
enable
!
interface ve 1/1001
name heartBeat
ip address 1.1.1.11 255.255.255.0
!
interface ve 1/2001
name donwLink
ip address 172.22.99.1 255.255.255.0
ip allow-promiscuous-vip
!
interface ve 1/3001
name CTC
ip address 122.227.231.1 255.255.255.0
!
interface ve 1/3002
name CUC
ip address 60.12.220.1 255.255.255.0
!
interface ve 1/3003
name CMC
ip address 223.96.100.1 255.255.255.0
!
interface ve 2/1001
name heartBeat
ip address 1.1.1.12 255.255.255.0
!
interface ve 2/2001
name downLink
ip address 172.22.99.2 255.255.255.0
!
interface ve 2/3001
name CTC
ip address 122.227.231.2 255.255.255.0
!
interface ve 2/3002
name CUC
ip address 60.12.220.2 255.255.255.0
!
interface ve 2/3003
name CMC
ip address 223.96.100.2 255.255.255.0
!
vrrp-a vrid 0
floating-ip 122.227.231.82
floating-ip 60.12.220.168
floating-ip 172.22.99.3
device-context 1
blade-parameters
priority 250
tracking-options
trunk 1 priority-cost 60
gateway 172.22.99.254 priority-cost 100
device-context 2
blade-parameters
priority 200
tracking-options
trunk 1 priority-cost 60
gateway 172.22.99.254 priority-cost 100
!
ip nat pool cmc-nat 223.96.100.4 223.96.100.6 netmask /24 ip-rr
!
ip nat pool ctc-nat 122.227.231.4 122.227.231.6 netmask /24 ip-rr
!
ip nat pool ctc-nat1 122.227.232.1 122.227.232.3 netmask /24
!
ip nat pool cuc-nat 60.12.220.4 60.12.220.6 netmask /24 ip-rr
!
ip nat pool-group cmc-pool
member cmc-nat
!
ip nat pool-group ctc-pool
member ctc-nat1
!
ip nat pool-group cuc-pool
member cuc-nat
!
device-context 1
enable-management service ssh
ve 1001
ve 2001
!
device-context 2
enable-management service ssh
ve 1001
ve 2001
!
device-context 1
ip route 0.0.0.0 /0 122.227.231.251
ip route 0.0.0.0 /0 223.96.100.250 20
ip route 0.0.0.0 /0 60.12.220.250 10
!
device-context 1
ip route 10.0.0.0 /8 172.22.99.10
!
device-context 1
ip route 172.22.0.0 /16 172.22.99.10
!
device-context 2
ip route 0.0.0.0 /0 122.227.231.251
ip route 0.0.0.0 /0 60.12.220.254 10
ip route 0.0.0.0 /0 223.96.100.254 20
!
slb resource-usage client-ssl-template-count 8192
slb resource-usage conn-reuse-template-count 4096
slb resource-usage fast-tcp-template-count 4096
slb resource-usage fast-udp-template-count 4096
slb resource-usage http-template-count 4096
slb resource-usage nat-pool-addr-count 2000
slb resource-usage persist-cookie-template-count 4096
slb resource-usage persist-srcip-template-count 4096
slb resource-usage proxy-template-count 4096
slb resource-usage real-port-count 16384
slb resource-usage real-server-count 8192
slb resource-usage server-ssl-template-count 8192
slb resource-usage service-group-count 8192
slb resource-usage stream-template-count 4096
slb resource-usage virtual-port-count 8192
slb resource-usage virtual-server-count 4096
slb resource-usage health-monitor-count 1024
!
health monitor check-ctc-baidu
method external program ext-ping arguments "ve3001 122.227.231.251"
!
health monitor check-cuc-baidu
method external program ext-ping arguments "ve3002 60.12.220.250"
!
health monitor check-cmc-baidu
method external program ext-ping arguments "ve3003 223.96.100.250"
!
health monitor check-ctc-taobao
method external program ext-ping arguments "ve3001 122.227.231.251"
!
health monitor check-cuc-taobao
method external program ext-ping arguments "ve3002 60.12.220.250"
!
health monitor check-cmc-taobao
method external program ext-ping arguments "ve3003 223.96.100.250"
!
health monitor check-ctc
method compound sub check-ctc-baidu sub check-ctc-taobao or
!
health monitor check-cuc
method compound sub check-cuc-baidu sub check-cuc-taobao or
!
health monitor check-cmc
method compound sub check-cmc-baidu sub check-cmc-taobao or
!
slb template port ctc-snat-temp
source-nat ctc-pool
!
slb template port cuc-snat-temp
source-nat cuc-pool
!
slb template port cmc-snat-temp
source-nat cmc-pool
!
slb server gw-cmc 223.96.100.250
health-check check-cmc
port 0 tcp
template port cmc-snat-temp
health-check-disable
port 0 udp
template port cmc-snat-temp
health-check-disable
port 10 tcp
!
slb server gw-ctc 122.227.231.251
health-check check-ctc
port 0 tcp
template port ctc-snat-temp
health-check-disable
port 0 udp
template port ctc-snat-temp
health-check-disable
!
slb server gw-cuc 60.12.220.250
health-check check-cuc
port 0 tcp
template port cuc-snat-temp
health-check-disable
port 0 udp
template port cuc-snat-temp
health-check-disable
!
slb service-group gw-all-tcp tcp
method src-ip-hash
health-check-disable
member gw-cmc 0
member gw-ctc 0
member gw-cuc 0
!
slb service-group gw-all-udp udp
health-check-disable
member gw-cmc 0
member gw-ctc 0
member gw-cuc 0
!
slb service-group gw-cmc-tcp tcp
health-check-disable
member gw-cmc 0
priority 15
member gw-ctc 0
priority 10
member gw-cuc 0
priority 5
!
slb service-group gw-cmc-udp udp
health-check-disable
member gw-cmc 0
priority 15
member gw-ctc 0
priority 10
member gw-cuc 0
priority 5
!
slb service-group gw-ctc-tcp tcp
health-check-disable
member gw-cmc 0
priority 10
member gw-ctc 0
priority 15
member gw-cuc 0
priority 5
!
slb service-group gw-ctc-udp udp
health-check-disable
member gw-cmc 0
priority 10
member gw-ctc 0
priority 15
member gw-cuc 0
priority 5
!
slb service-group gw-cuc-tcp tcp
health-check-disable
member gw-cmc 0
priority 5
member gw-ctc 0
priority 10
member gw-cuc 0
priority 15
!
slb service-group gw-cuc-udp udp
health-check-disable
member gw-cmc 0
priority 5
member gw-ctc 0
priority 10
member gw-cuc 0
priority 15
!
slb template persist destination-ip p-dip
!
slb template tcp temp-tcp-60s
idle-timeout 60
reset-fwd
reset-rev
!
slb template udp temp-udp-60s
idle-timeout 60
!
slb virtual-server llb-out 0.0.0.0
port 0 others
clientip-sticky-nat
aflex llb-out-udp
service-group gw-all-udp
template persist destination-ip p-dip
template udp temp-udp-60s
no-dest-nat
port 0 tcp
clientip-sticky-nat
aflex llb-out-tcp
service-group gw-all-tcp
template persist destination-ip p-dip
template tcp temp-tcp-60s
no-dest-nat
port 0 udp
clientip-sticky-nat
aflex llb-out-udp
service-group gw-all-udp
template persist destination-ip p-dip
template udp temp-udp-60s
no-dest-nat
!
sflow setting local-collection
!
sflow collector ip 127.0.0.1 6343
!
!
end
!Current config commit point for partition 0 is 0 & config mode is classical-mode
LLB-11-Active-affinity-def-vMaster[1/1]#