radware负载均衡器配置adc

安装adc镜像

radware负载均衡器配置adc_第1张图片
radware负载均衡器配置adc_第2张图片

其余都是默认

概念介绍

五元组

 dip dport   协议类型   vip   vport  
 
 a.a.a.a 9999   http b.b.b.b 80
 
 b.b.b.b 80 a.a.a.a 9999
代理地址: c.c.c.c   vip:d.d.d.d
 a.a.a.a 9999 http d.d.d.d 80
 c.c.c.c 8888 http b.b.b.b 80
 
 b.b.b.b 80 http c.c.c.c 8888
 d.d.d.d 8888 http a.a.a.a 9999
 

全代理最终访问流程

radware负载均衡器配置adc_第3张图片

初始化

radware负载均衡器配置adc_第4张图片

默认密码是:admin

配置管理口

•/cfg/sys/mmgmt/dhcp disable
•/cfg/sys/mmgmt/addr 
•/cfg/sys/mmgmt/mask 
•/cfg/sys/mmgmt/gw 
•/cfg/sys/mmgmt/ena
•apply
•save

开启ssh

•/cfg/sys/access/ssh/on
•apply
•save

开启web

这个在新版本不需要

/cfg/sys/access/https/https enable
apply
sava

然后登陆 https:// mmgmt

radware负载均衡器配置adc_第5张图片

配置vlan,这里的vlan是

/cfg/l2/vlan 110    #新增Vlan 110
/cfg/l2/vlan 110/add 1 #新增Port1至Vlan 110
/cfg/l2/vlan 110/ena #启用Vlan110
apply
save

配置三层ip

/cfg/l3/if 1  #新增L3 interface 1
/cfg/l3/if 30/addr 192.168.47.152 #新增加的ip
/cfg/l3/if 30/mask 255.255.255.0  #子网掩码
/cfg/l3/if 30/vlan 110 # 绑定if 1于vlan 110
/cfg/l3/if 30/ena #启用interface1
apply
save

配置gatways

/cfg/l3/gw 110  #新增GW 110
/cfg/l3/gw 30/addr 192.168.47.254
/cfg/l3/gw 30/vlan 110
/cfg/l3/gw 30/ena  #启用GW 110

配置Real Server

/cfg/slb/on  
/cfg/slb/real 1  #新增Real Server 1
/cfg/slb/real 1/rip 192.168.47.153
/cfg/slb/real 1/addport 80
/cfg/slb/real 1/en
/cfg/slb/real 2  #新增Real Server 2
/cfg/slb/real 2/rip 192.168.47.154
/cfg/slb/real 2/addport 80
/cfg/slb/real 2/en

配置Real Server Group

/cfg/slb/group 80   #添加服务器组
/cfg/slb/group 80/add 1  #添加Real Server服务器1
/cfg/slb/group 80/add 2  #添加Real Server服务器2
/cfg/slb/group 80/metric roundrobin  #开启轮询

创建vip

/cfg/slb/virt 1
/cfg/slb/virt 1 vip 192.168.47.150  #添加vip
/cfg/slb/virt 1  enabled   #开启vip
/cfg/slb/virt 1 service 80  #开启vip的80端口
/cfg/slb/virt 1 group 80  #把group 80 添加进vip
/cfg/slb/virt 1/service 80 http/pip
/cfg/slb/virt 1/service 80 http/pip mode address
/cfg/slb/virt 1/service 80 http/pip	addr v4 192.168.47.150 255.255.255.255

在web上面选择Delayed Binding 为Enable

radware负载均衡器配置adc_第6张图片

访问测试

radware负载均衡器配置adc_第7张图片

负载均衡算法

在Group的负载均衡器算法进行配置

radware负载均衡器配置adc_第8张图片

轮询(Round Robin)

加权轮询(Weighted Round Robin)

最少连接(Least Connections)

加权最少连接(Weighted Least Connections)

随机(Random)

加权随机(Weighted Random)

源地址散列(Source Hashing)

源地址端口散列(Source&Port Hashing)

健康检查

对于服务器组的服务器主机进行健康检查配置

这里添加不同健康检查

radware负载均衡器配置adc_第9张图片

选择不同的Select Type

radware负载均衡器配置adc_第10张图片

选择协议的细节

radware负载均衡器配置adc_第11张图片

nginx ssl配置

生成证书

[root@localhost conf.d]# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/pki/tls/private/ca.key -out /etc/pki/tls/certs/server.crt
Generating a 2048 bit RSA private key
...+++
.........+++
writing new private key to '/etc/pki/tls/private/ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

编写config文件

47.153
[root@localhost conf.d]# cat /etc/nginx/conf.d/ssl.conf 
server{

    listen  443 ssl;
    ssl_certificate /etc/pki/tls/certs/server.crt;
    ssl_certificate_key  /etc/pki/tls/private/ca.key;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@localhost conf.d]# cat /usr/share/nginx/html/index.html
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx
this is 47.153 443
[root@localhost conf.d]# scp ssl.conf [email protected]:/etc/nginx/conf.d/
ssl.conf                                                                          100%  235   160.4KB/s   00:00    
[root@localhost conf.d]# scp /etc/pki/tls/certs/server.crt [email protected]:/etc/pki/tls/certs/server.crt

server.crt                                                                        100% 1220   852.3KB/s   00:00    
[root@localhost conf.d]# scp /etc/pki/tls/private/ca.key [email protected]:/etc/pki/tls/private/ca.key

ca.key                                                                            100% 1704     1.2MB/s   00:00    
[root@localhost html]# cat /usr/share/nginx/html/index.html
this is 47.154 443
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx

radware负载均衡器配置adc_第12张图片

radware配置

首先把证书copy出来

配置证书仓库

radware负载均衡器配置adc_第13张图片
radware负载均衡器配置adc_第14张图片

radware负载均衡器配置adc_第15张图片

配置SSL Policy

开启后端加密
这个是需要选择开启的,如果后面的服务器是http,就不需要开启这个功能
radware负载均衡器配置adc_第16张图片

对http做重定向

radware负载均衡器配置adc_第17张图片

在vip应用ssl证书

radware负载均衡器配置adc_第18张图片

radware负载均衡器配置adc_第19张图片

查看效果

radware负载均衡器配置adc_第20张图片

然后apply,save

高级操作

抓包配置

Main# /maint/pktcap/data/capture host 192.168.47.160
Main# /maint/pktcap/data/dumpcap

查看设备的cpu和内存

>> Proxy IP# /stats/mp/cpu 
------------------------------------------------------------------
CPU utilization:
cpuUtil1Second:   8%
cpuUtil4Seconds:  9%
cpuUtil64Seconds: 9%

你可能感兴趣的:(#,负载均衡,负载均衡,ssh,服务器)