ans Single VIP LLB and SLB config
配置命令:
# 配置设备工作模式和开启的功能 > enable ans mode FR MBF Edge USNIP L3 PMTUD Done > enable ans feature WL LB CS SSL IPv6PT CH Done > # 设置设备的管理IP ( 需要重启系统才可生效, 重启系统前请先保存配置. save ansconfig ) > set ans config -IPAddress 192.168.11.11 -netmask 255.255.255.0 Done > # 设置用于连通内网的SNIP地址 ( enable ans mode usnip ) > add ans ip 192.168.11.1 255.255.255.0 -mgmtAccess ENABLED -restrictAccess ENABLED Done > # 设置设备主机名 > set ans hostName SURFILTER Done > # 设置时区 > set ans param -cookieversion 1 -timezone "GMT+08:00-CST-Asia/Shanghai" Done > set audit syslogparams -timeZone LOCAL_TIME
Done
> set audit anslogParams -timeZone LoCAL_TIME
Done
> # 设置时间, 格式为: YYYYmmddHHMM 注意时区是否正确 > shell date 201903181424 Mon Dec 10 17:45:00 CST 2018 Done > shell date +'%Y-%m-%d %H:%M:%S' 2019-03-18 14:24:09 Done > # 添加NTP服务器 ( 非常规操作方式, 直接修改NTP配置文件 ) > shell vi /etc/ntp.conf # Common elements of NTP configuration # # Do not edit: changes will be lost following reboot. # For site-specific NTP configuration, see the instructions in /etc/ntp.conf # # We won't allow *anything* from hosts not listed in the configuration # This means you need a restrict line for each server restrict default ignore restrict -6 default ignore # Allow just about anything from localhost, IPv4. restrict 127.0.0.1 mask 255.255.255.255 driftfile /var/db/ntp.drift logfile /var/log/ntpd.log # Log everything, even from ntpd (which otherwise defaults to "all =sync") logconfig =all +all ####################### server 218.75.4.130 minpoll 6 maxpoll 10 restrict 218.75.4.130 nomodify notrap nopeer noquery ~ ~ ~ :wq! Done >
> shell cp /etc/ntp.conf /flash/anscfg/ntp.conf
Done
>
# 设置DNS服务器解析配置文件
> shell vi /etc/resolv.conf
# Do not change this entry, use the 'add nameserver'
nameserver 127.0.0.2
~
~
~
:wq!
> shell cp /etc/resolv.conf /flash/anscfg/resolv.conf
Done
>
# 启动NTP服务器 > enable ntp sync Done >
# 添加DNS服务器
> add dns nameServer 8.8.4.4
Done
>
# 设置默认证书链接关系
> add ssl certKey hg-root-certificate -cert hg-root.cert -inform PEM
Done
> add ssl certKey hg-server-certificate -cert hg-server.cert -key hg-server.key -inform PEM
Done
> link ssl certKey hg-server-certificate hg-root-certificate
Done
>
# 添加用于连通ISP的VIP地址 > add ans ip 192.168.110.41 255.255.255.0 -type VIP Done > add ans ip 192.168.120.45 255.255.255.0 -type VIP Done > # 添加 VLAN > add vlan 11 Done > add vlan 21 Done > bind vlan 11 -ifnum 1/6 Done > bind vlan 11 -IPAddress 192.168.110.41 255.255.255.0 Done > bind vlan 21 -ifnum 1/7 Done > bind vlan 21 -IPAddress 192.168.120.45 255.255.255.0 Done > # 设置针对内网的反向NAT > set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.110.41 Done > set rnat 192.168.11.0 255.255.255.0 -natIP 192.168.120.45 Done > # 添加 NetProfile , 绑定 SNIP > add netProfile net_pf_internal -srcIP 192.168.11.1 Done > # 添加ISP网关服务器地址 > add server srv_isp_ct 192.168.110.1 Done > add server srv_isp_cnc 192.168.210.1 Done > # 添加ISP监视器 > add lb monitor mon_ping_net_pf PING -LRTM DISABLED -netProfile net_pf_internal Done > # 添加ISP服务并绑定对应监视器 > add service svc_isp_ct srv_isp_ct ANY * Done > bind service svc_isp_ct -monitorName mon_ping_net_pf Done > > add service svc_isp_cnc srv_isp_cnc ANY * Done > bind service svc_isp_cnc -monitorName mon_ping_net_pf Done > # 添加ISP负载均衡虚拟服务器并绑定对应服务 > add lb vserver lb_vsrv_isp_llb_all ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_ct Done > bind lb vserver lb_vsrv_isp_llb_all svc_isp_cnc Done > > add lb vserver lb_vsrv_isp_llb_ct ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_ct svc_isp_ct Done > set lb vserver lb_vsrv_isp_llb_ct -backupVServer lb_vsrv_isp_llb_all Done > > add lb vserver lb_vsrv_isp_llb_cnc ANY 0.0.0.0 0 -lbMethod ROUNDROBIN -persistenceType DESTIP Done > bind lb vserver lb_vsrv_isp_llb_cnc svc_isp_cnc Done > set lb vserver lb_vsrv_isp_llb_cnc -backupVServer lb_vsrv_isp_llb_all Done > # 添加默认的LB路由项 > add lb route 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_all Done > # 添加并应用 PBR > add ans pbr pbr_isp_ct_internel ALLOW -srcIP = 192.168.11.1 -destIP = 192.168.110.1 -nextHop 127.0.0.1 -priority 1101 -msr ENABLED Done > add ans pbr pbr_isp_cnc_internel ALLOW -srcIP = 192.168.11.1 -destIP = 192.168.120.1 -nextHop 127.0.0.1 -priority 1102 -msr ENABLED Done > apply ans pbrs Done > # 发布本地ssh服务 > add server srv_local_loopback 127.0.0.1 Done > add service svc_local_ssh srv_local_loopback TCP 22 Done > > add lb vserver lb_vsrv_isp_ct_ssh TCP 192.168.110.41 22 -lbMethod ROUNDROBIN -persistenceType SOURCEIP Done > bind lb vserver lb_vsrv_isp_ct_ssh svc_local_ssh Done > add lb vserver lb_vsrv_isp_cnc_ssh TCP 192.168.120.45 22 -lbMethod ROUNDROBIN -persistenceType SOURCEIP Done > bind lb vserver lb_vsrv_isp_cnc_ssh svc_local_ssh Done > # 发布本地webgui服务 > add server srv_local_loopback 127.0.0.1 Done > add service svc_local_webgui srv_local_loopback HTTP 80 Done > > add lb vserver lb_vsrv_isp_ct_webgui HTTP 192.168.110.41 8088 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_isp_ct_webgui svc_local_webgui Done > add lb vserver lb_vsrv_isp_cnc_webgui HTTP 192.168.120.45 8088 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_isp_cnc_webgui svc_local_webgui Done > # 发布内网web服务 > add server srv_web_hfs 192.168.11.249 Done > add service svc_web_hfs srv_web_hfs HTTP 80 Done > > add lb vserver lb_vsrv_web_hfs_ct HTTP 192.168.110.41 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_web_hfs_ct svc_web_hfs Done > add lb vserver lb_vsrv_web_hfs_cnc HTTP 192.168.120.45 80 -lbmethod ROUNDROBIN -persistenceType COOKIEINSERT Done > bind lb vserver lb_vsrv_web_hfs_cnc svc_web_hfs Done >
查看状态:
> stat interface Interface Summary ID IntfState IntfAlias Rx Bytes Tx Bytes Rx Pkts Tx Pkts 1/5 DOWN 0 0 0 0 1/6 UP 1552657 1102874 9775 11783 1/7 UP 3963627 507439 7902 6361 1/8 DOWN 0 0 0 0 1/1 UP 1074116 743250 12969 6523 1/2 DOWN 0 0 0 0 1/3 UP 2737933 5924727 32701 21902 1/4 DOWN 0 0 0 0 10/1 DOWN 0 0 0 0 10/2 DOWN 0 0 0 0 10/3 DOWN 0 0 0 0 10/4 DOWN 0 0 0 0 0/0 DOWN 0 0 0 0 LO/1 UP 403220k 527085k 2841154 5497096 Done > > show ip Ipaddress TD Type Mode Arp Icmp Vserver State --------- -- ---- ---- --- ---- ------- ------ 1) 192.168.11.11 0 HGANS IP Active Enabled Enabled NA Enabled 2) 192.168.11.1 0 SNIP Active Enabled Enabled NA Enabled 3) 192.168.110.41 0 VIP Active Enabled Enabled Enabled Enabled 4) 192.168.120.45 0 VIP Active Enabled Enabled Enabled Enabled Done > > show route Network Netmask Gateway/OwnedIP State TD Type ------- ------- --------------- ----- -- ---- 1) 0.0.0.0 0.0.0.0 lb_vsrv_isp_llb_ UP 0 |LBROUTE all 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.11.0 255.255.255.0 192.168.11.11 UP 0 DIRECT 4) 192.168.110.0 255.255.255.0 192.168.110.41 UP 0 DIRECT 5) 192.168.120.0 255.255.255.0 192.168.120.45 UP 0 DIRECT Done > > show vlan 1) VLAN ID: 1 Link-local IPv6 addr: fe80::20b:abff:fef3:87bf/64 Interfaces : 1/5 1/8 1/1 1/2 1/3 1/4 10/1 10/2 10/3 10/4 0/1 0/2 LO/1 2) VLAN ID: 11 VLAN Alias Name: Interfaces : 1/6 IPs : 192.168.110.41 Mask: 255.255.255.0 3) VLAN ID: 21 VLAN Alias Name: Interfaces : 1/7 IPs : 192.168.120.45 Mask: 255.255.255.0 Done > > show rnat 1) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.110.41 Td: 0 2) Network: 192.168.11.0 Netmask: 255.255.255.0 NatIP: 192.168.120.45 Td: 0 Done > > show ans pbr 1) Name: pbr_isp_ct_internel Action: ALLOW Hits: 686 srcIP = 192.168.11.1 destIP = 192.168.110.1 srcMac: Protocol: Vlan: Interface: Active Status: ENABLED Applied Status: APPLIED Priority: 1101 NextHop: 127.0.0.1 MSR: ENABLED STATE: UP 2) Name: pbr_isp_cnc_internel Action: ALLOW Hits: 676 srcIP = 192.168.11.1 destIP = 192.168.120.1 srcMac: Protocol: Vlan: Interface: Active Status: ENABLED Applied Status: APPLIED Priority: 1102 NextHop: 127.0.0.1 MSR: ENABLED STATE: UP Done > > show server 1) Name: srv_isp_ct State:ENABLED IPAddress: 192.168.110.1 2) Name: srv_isp_cnc State:ENABLED IPAddress: 192.168.120.1 3) Name: srv_local_loopback State:ENABLED IPAddress: 127.0.0.1 4) Name: srv_web_hfs State:ENABLED IPAddress: 192.168.11.249 Done > > show service -summary --------------------------------------------------------------------------------------------- Name State IP Addr Port Protocol MaxClients MaxReqs --------------------------------------------------------------------------------------------- 1 svc_isp_ct UP srv_isp_ct * ANY 0 0 2 svc_isp_cnc UP srv_isp_cnc * ANY 0 0 3 svc_..._ssh UP srv_loc...oopback 22 TCP 256 0 4 svc_...bgui UP srv_loc...oopback 80 HTTP 0 0 5 svc_web_hfs UP srv_web_hfs 80 HTTP 0 0 Done > > show lb vserver -summary -------------------------------------------------------------------------------------------------------------------------------------- Name State Effec State Td IP Addr Port Prot Method TCPProfName HTTPProfName NetProfName DBProfName -------------------------------------------------------------------------------------------------------------------------------------- 1 lb_..._all UP UP 0 0.0.0.0 0 ANY RO...IN 2 lb_...b_ct UP UP 0 0.0.0.0 0 ANY RO...IN 3 lb_..._cnc UP UP 0 0.0.0.0 0 ANY RO...IN 4 lb_..._ssh UP UP 0 192.168.110.41 22 TCP RO...IN 5 lb_..._ssh UP UP 0 192.168.120.45 22 TCP RO...IN 6 lb_...bgui UP UP 0 192.168.110.41 8088 HTTP RO...IN 7 lb_...bgui UP UP 0 192.168.120.45 8088 HTTP RO...IN 8 lb_...s_ct UP UP 0 192.168.110.41 80 HTTP LE...ON 9 lb_..._cnc UP UP 0 192.168.120.45 80 HTTP LE...ON Done >
============= End