F5通过http class实现多域名分流进行服务器负载均衡
武汉通威电子有限公司
陈 波
2012-10-9
一、环境和需求
#---------环境
电子商务平台
BIGIP 1600 LTM 一台,ASA5520 一台
ISP公网ip 5个
IBM服务器刀片10几个
主域名www.aaa.com,二级域名20个(tr.aaa.com/search.aaa.com/……)
#---------需求
由于公网ip有限,不能做到域名和公网ip的一对一绑定,需要通过f5来实现多域名的分流
所有用户都通过域名(80端口)访问业务,而后台每个域名分别为不同端口
每个域名代表一个业务组,后台有多组服务器池对应不同域名
二、设计思路
# 第一步------------------------------------
把5个公网ip的功能进行规划:
IP1=防火墙接口ip
IP2=防火墙预留映射ip,nat给f5的管理ip 443
IP3=业务集合bg
bg_cms.bg.aaa.com
bg_erp.bg.aaa.com
bg_exh.bg.aaa.com
bg_goods.bg.aaa.com
bg_log.bg.aaa.com
bg_member.bg.aaa.com
bg_order.bg.aaa.com
bg_tr.bg.aaa.com
IP4=业务集合main
club.aaa.com
exh.aaa.com
login.aaa.com
member.aaa.com
order.aaa.com
search.aaa.com
tr.aaa.com
www.aaa.com
IP5=业务集合pay
bg_pay.aaa.com
image.aaa.com
pay.aaa.com
# 第二步------------------------------
域名绑定到IP3的一个公网ip上
bg_cms.bg.aaa.com
bg_erp.bg.aaa.com
bg_exh.bg.aaa.com
bg_goods.bg.aaa.com
bg_log.bg.aaa.com
bg_member.bg.aaa.com
bg_order.bg.aaa.com
bg_tr.bg.aaa.com
其他域名类似
# 第三步------------------------------
防火墙做一对一端口映射
其中IP3、4、5映射到F5的3个vs ip 192.168.21.1~3
# 第四步------------------------------
F5上通过http class配置进行对数据包的url进行检查域名来进行分流,到不同的server pool,并把80流量进行目的端口转换到不同业务
三、流量逻辑图
四、相关截图
Vs_bg,vs_main1,vs_pay分别为根据域名url判断的三个分流应用组
Vs forward是内部三层交换
Vs out是服务器主动访问
注:指定网段可以ip forwarding三层交换。
注:不管真实服务器是什么端口,用户都用80端口访问
注:http class的配置,根据vs中接受到包头的url进行判断
注:在vs的resource里面匹配http class
五、配置文件
profile httpclass httpclass {
pool none
redirect none
url rewrite none
asm disable
wa disable
hosts none
paths none
headers none
cookies none
}
profile httpclass bg_cms {
defaults from httpclass
pool pool_bg_cms
redirect none
hosts "cms.bg.aaa.com"
}
profile httpclass bg_erp {
defaults from httpclass
pool pool_bg_erp
redirect none
hosts "erp.bg.aaa.com"
}
profile httpclass bg_exh {
defaults from httpclass
pool pool_bg_exh
redirect none
hosts "exh.bg.aaa.com"
}
profile httpclass bg_goods {
defaults from httpclass
pool pool_bg_goods
redirect none
hosts "goods.bg.aaa.com"
}
profile httpclass bg_log {
defaults from httpclass
pool pool_bg_log
redirect none
hosts "logistics.bg.aaa.com"
}
profile httpclass bg_member {
defaults from httpclass
pool pool_bg_member
redirect none
hosts "member.bg.aaa.com"
}
profile httpclass bg_order {
defaults from httpclass
pool pool_bg_order
redirect none
hosts "order.bg.aaa.com"
}
profile httpclass bg_pay {
defaults from httpclass
pool pool_bg_pay
redirect none
hosts "pay.bg.aaa.com"
}
profile httpclass bg_tr {
defaults from httpclass
pool pool_bg_tr
redirect none
hosts "tr.bg.aaa.com"
}
profile httpclass club {
defaults from httpclass
pool pool_club
redirect none
url rewrite none
hosts "club.aaa.com"
paths none
headers none
cookies none
}
profile httpclass exh {
defaults from httpclass
pool pool_exh
redirect none
url rewrite none
hosts "exh.aaa.com"
paths none
headers none
cookies none
}
profile httpclass image {
defaults from httpclass
pool pool_image1
redirect none
hosts "image1.aaa.com"
}
profile httpclass login {
defaults from httpclass
pool pool_login
redirect none
hosts "login.aaa.com"
}
profile httpclass member {
defaults from httpclass
pool pool_member
redirect none
hosts "member.aaa.com"
}
profile httpclass order {
defaults from httpclass
pool pool_order
redirect none
hosts "order.aaa.com"
}
profile httpclass pay {
defaults from httpclass
pool pool_pay
redirect none
hosts "pay.aaa.com"
}
profile httpclass search {
defaults from httpclass
pool pool_search
redirect none
hosts "search.aaa.com"
}
profile httpclass tr {
defaults from httpclass
pool pool_tr
redirect none
hosts "tr.aaa.com"
}
profile httpclass www {
defaults from httpclass
pool pool_www
redirect none
hosts "www.aaa.com"
}
pool pool_bg_cms {
monitor all tcp8180
members 192.168.8.121:8180 {}
}
pool pool_bg_erp {
monitor all tcp8080
members 192.168.8.121:webcache {}
}
pool pool_bg_exh {
monitor all tcp8280
members 192.168.8.121:8280 {}
}
pool pool_bg_goods {
monitor all tcp8380
members 192.168.8.121:cruise-update {}
}
pool pool_bg_log {
monitor all tcp8780
members 192.168.8.121:8780 {}
}
pool pool_bg_member {
monitor all tcp8480
members 192.168.8.121:8480 {}
}
pool pool_bg_order {
monitor all tcp8580
members 192.168.8.121:8580 {}
}
pool pool_bg_pay {
monitor all tcp9180
members 192.168.8.221:9180 {}
}
pool pool_bg_tr {
monitor all tcp8680
members 192.168.8.121:8680 {}
}
pool pool_club {
monitor all tcp8080
members {
192.168.8.131:webcache {}
192.168.8.132:webcache {}
192.168.8.133:webcache {}
192.168.8.134:webcache {}
}
}
pool pool_exh {
monitor all tcp8280
members {
192.168.8.131:8280 {}
192.168.8.132:8280 {}
192.168.8.133:8280 {}
192.168.8.134:8280 {}
}
}
pool pool_image1 {
monitor all http
members 192.168.8.161:http {}
}
pool pool_internet {
monitor all gateway_icmp
members 192.168.21.254:any {}
}
pool pool_login {
monitor all tcp8380
members {
192.168.8.131:cruise-update {}
192.168.8.132:cruise-update {}
192.168.8.133:cruise-update {}
192.168.8.134:cruise-update {}
}
}
pool pool_member {
monitor all tcp8480
members {
192.168.8.131:8480 {}
192.168.8.132:8480 {}
192.168.8.133:8480 {}
192.168.8.134:8480 {}
}
}
pool pool_order {
monitor all tcp8580
members {
192.168.8.131:8580 {}
192.168.8.132:8580 {}
192.168.8.133:8580 {}
192.168.8.134:8580 {}
}
}
pool pool_pay {
monitor all tcp9080
members 192.168.8.221:glrpc {}
}
pool pool_search {
monitor all tcp8680
members {
192.168.8.131:8680 {}
192.168.8.132:8680 {}
192.168.8.133:8680 {}
192.168.8.134:8680 {}
}
}
pool pool_tr {
monitor all tcp8780
members {
192.168.8.131:8780 {}
192.168.8.132:8780 {}
192.168.8.133:8780 {}
192.168.8.134:8780 {}
}
}
pool pool_www {
monitor all tcp8180
members {
192.168.8.131:8180 {}
192.168.8.132:8180 {}
192.168.8.133:8180 {}
192.168.8.134:8180 {}
}
}
virtual address any {
mask 0.0.0.0
}
virtual address 192.168.5.0 {
mask 255.255.255.0
}
virtual address 192.168.6.0 {
mask 255.255.255.0
}
virtual address 192.168.8.0 {
mask 255.255.255.0
}
virtual vs_bg {
destination 192.168.21.2:http
ip protocol tcp
httpclass {
bg_cms
bg_erp
bg_exh
bg_goods
bg_log
bg_member
bg_order
bg_tr
}
persist source_addr
profiles {
http {}
tcp {}
}
}
virtual vs_forward {
ip forward
destination 192.168.8.0:any
mask 255.255.255.0
}
virtual vs_forward1 {
ip forward
destination 192.168.6.0:any
mask 255.255.255.0
}
virtual vs_forward2 {
ip forward
destination 192.168.5.0:any
mask 255.255.255.0
}
virtual vs_main1 {
destination 192.168.21.1:http
ip protocol tcp
httpclass {
club
exh
login
member
order
search
tr
www
}
persist source_addr
profiles {
http {}
tcp {}
}
}
virtual vs_out {
snat automap
pool pool_internet
destination any:any
mask 0.0.0.0
}
virtual vs_pay {
destination 192.168.21.3:http
ip protocol tcp
httpclass {
bg_pay
image
pay
}
persist source_addr
profiles {
http {}
tcp {}
}
}