F5负载均衡平台部署方案.pptx

F5 负载均衡部署方案AgendaLTM 基础原理单臂接入模式双臂接入模式远程节点模式加入独立SSL/WA/ASM设备防火墙负载均衡多链路接入灾备站点静态路由注入LTM 基础原理几个概念Load BalanceMember NodeVirtual Server PoolSNAT NATPersistenceCMPInternetLoad Balancinools, Members and Nodes:80:80:80Node = IP addressPool Member = Node + PortPool = Group of pool membersInternetVirtual ServerVirtual ServerIP Address + Service (Port) Combination“Listens” for and manages traffic 7:80 Normally Associated with a Pool:80:4002:8080InternetVirtual Server to Pool MembersVirtual Server7:80Maps toPool Members:80:80:4002:8080InternetVirtual Server - Address Translation7:80Virtual Server AddressBIG-IP LTM performs network address translation to real server addresses such that all machines are viewed as one Virtual ServerNetwork Address TranslationReal Server Address:8080:4002:80:80SNAT的工作模式SNAT Address:00SNAT AutoMap当配置SNAT AutoMap的时候，请求从那个VLAN发出去，则SNAT的源地址为VLAN上的SelfIP当一个VLAN上有多个SelfIP存在的时候，SNAT的源地址是在多个SelfIP之间轮询SNAT Automap优先选用该VLAN上的Floating IP112233PersistenceCMP工作模式Super VIPVIPTMM0HSBHSBVIPTMM1VIPTMM2VIPTMM3流量由HSB进行分配在多个TMM上，每个TMM占据一个CPU Core，每个TMM有自己独立的内存空间每个TMM都具有相同的配置，包括VS/Profile/iRules/Pool/Persistence等TMM之间通过内存高速总线进行通讯共享通用信息如会话保持表，SNAT源端口等当CMP被Disable的时候，TMM0接管所有的流量LTM单臂接入模式单臂接入模式下的网络物理结构外部网络核心三层交换Vlan 1LTM服务器服务器LTM串口心跳线单臂接入-源地址替换接入典型架构设计NetworkTrunkCore SwitchCore SwitchSelfIP:01GW:54VS:00:80SNAT AutomapSelfIP:02GW:54VS:00:80SNAT AutomapHSRP 54TrunkTrunkServerServerBackupActiveIP:GW:54IP:GW:54网络同步-独立Vlan串口心跳单臂接入-源地址替换模式数据访问流程　SIPSportDIPDport①00888880lient①⑥54核心三层交换54②⑤③服务器服务器LTM④GW:54GW:54VS: 00:80Floating IP: 00GW:54源地址替换后的处理只有HTTP协议的时候，可以通过将源地址插入到客户端请求的HTTP Header里，然后在服务器上通过读取这个Header，获得客户端的真实源IP地址HTTP ProfileiRuleswhen HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::remote_addr]}单臂接入-服务器更改网关接入典型架构设计NetworkTrunkCore SwitchCore SwitchSelfIP:01Floating IP：00GW:54VS:00:80SelfIP:02Floating IP：00GW:54VS:00:80HSRP 54TrunkTrunkServerServerBackupActiveIP:GW:00IP:GW:00网络同步-独立Vlan串口心跳单臂接入-服务器更改网关数据访问流程　SIPSportDI