lb route 相关的一些问题
==========================
查看系统平台和版本
> show hardware Platform: NetScaler Virtual Appliance 450010 Manufactured on: 9/30/2009 CPU: 3192MHZ Host Id: 000c294ffa77 Serial no: HE2H81UJ47 Encoded serial no: 891e0000cb254307ee9a Done > > show version NetScaler NS12.0: Build 56.20.nc, Date: Dec 19 2017, 06:00:47 Done >
进行 lb route 配置
虚拟服务器必须配置固定的IP地址和端口以及协议 协议: ANY IP地址: 0.0.0.0 端口: 0
LLB的负载均衡虚拟服务器的名字建议命名为: lb_vsrv_isp_llb_all lb_vsrv_isp_llb_ct lb_vsrv_isp_llb_cu lb_vsrv_isp_llb_cmcc lb_vsrv_isp_llb_edu
LLB的虚拟服务的名字建议命名为: svc_isp_ct svc_isp_cu svc_isp_cmcc svc_isp_edu
虚拟服务器支持的负载算法和会话保持算法 支持的负载算法: DESTINATIONIPHASH LEASTBANDWIDTH LEASTPACKETS LRTM ROUNDROBIN SOURCEIPHASH SRCIPDESTIPHASH 支持的会话保持算法: SOURCEIP SRCIPDESTIP DESTIP
> show ip Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State --------- -------------- ---- ---- --- ---- ------- ------ 1) 192.168.11.15 0 NetScaler IP Active Enabled Enabled NA Enabled 2) 192.168.10.45 0 SNIP Active Enabled Enabled NA Enabled 3) 192.168.11.5 0 SNIP Active Enabled Enabled NA Enabled Done > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 192.168.10.1 UP 0 STATIC 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT Done > > enable ns mode usnip Done > add server srv_route1 9.9.9.9 Done > add server srv_route2 192.168.30.1 Done > add server srv_route3 192.168.10.1 Done > add service svc_route1 srv_route1 any * Done > add service svc_route2 srv_route2 any * Done > add service svc_route3 srv_route3 any * Done > bind service svc_route1 -monitorName ping Done > bind service svc_route2 -monitorName ping Done > bind service svc_route3 -monitorName ping Done > show service -summary --------------------------------------------------------------------------------------------- Name State IP Addr Port Protocol MaxClients MaxReqs --------------------------------------------------------------------------------------------- 1 svc_route1 UP srv_route1 * ANY 0 0 2 svc_route2 UP srv_route2 * ANY 0 0 3 svc_route3 UP srv_route3 * ANY 0 0 Done > > add monitor mon_tcp_llb TCP -destIP 114.114.114.114 -destPort 53 -Transparent YES -LRTM DISABLED Done > add monitor mon_ping_llb PING -destIP 114.114.114.114 -Transparent YES -LRTM DISABLED Done > bind service svc_route1 -monitorName mon_tcp_llb Done > bind service svc_route2 -monitorName mon_tcp_llb Done > bind service svc_route3 -monitorName mon_tcp_llb Done > show service -summary --------------------------------------------------------------------------------------------- Name State IP Addr Port Protocol MaxClients MaxReqs --------------------------------------------------------------------------------------------- 1 svc_route1 DOWN srv_route1 * ANY 0 0 2 svc_route2 DOWN srv_route2 * ANY 0 0 3 svc_route3 UP srv_route3 * ANY 0 0 Done > > add lb vserver lb_vsrv_isp1 ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN Done > bind lb vserver lb_vsrv_isp1 svc_route1 Done > add lb vserver lb_vsrv_isp2 ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN Done > bind lb vserver lb_vsrv_isp2 svc_route2 Done > add lb vserver lb_vsrv_isp3 ANY 0.0.0.0 0 -persistenceType DESTIP -lbMethod ROUNDROBIN Done > bind lb vserver lb_vsrv_isp3 svc_route3 Done>
问题1: 添加服务器的IP地址,不能为D类和E类的IPv4地址。
D类地址 前四位为1110,注意是位
1、不分网络地址和主机地址。
2、地址范围:224.0.0.1 --- 239.255.255.254
E类地址 前五位为11110,注意是位
1、不分网络地址和主机地址
2、地址范围:240.0.0.1 --- 255.255.255.254
> add server srv_route4 223.255.255.255 Done > rm server srv_route4 Done > add server srv_route4 224.0.0.0 ERROR: Operation not permitted > add server srv_route4 224.0.0.1 ERROR: Operation not permitted > add server srv_route4 239.255.255.254 ERROR: Operation not permitted > add server srv_route4 239.255.255.255 ERROR: Operation not permitted > add server srv_route4 240.0.0.0 ERROR: Operation not permitted > add server srv_route4 240.0.0.1 ERROR: Operation not permitted > add server srv_route4 255.255.255.254 ERROR: Operation not permitted > add server srv_route4 255.255.255.255 ERROR: Operation not permitted >
问题2: 添加路由项时,若网关与设备不在同一网段(简单理解即没有与之互通的SNIP),则操作失败,提示【ERROR: The gateway is not directly reachable】
> show ip Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State --------- -------------- ---- ---- --- ---- ------- ------ 1) 192.168.11.15 0 NetScaler IP Active Enabled Enabled NA Enabled 2) 192.168.10.45 0 SNIP Active Enabled Enabled NA Enabled 3) 192.168.11.5 0 SNIP Active Enabled Enabled NA Enabled Done > > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 192.168.10.1 UP 0 STATIC 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT Done > > add route 192.168.30.0 255.255.255.0 192.168.30.1 ERROR: The gateway is not directly reachable >
问题3: 对于与设备不在同一网段的服务(简单理解即没有与之互通的SNIP),此服务绑定的透传类型(-Transparent YES)的健康检查监视器 mon_tcp_llb,健康检查失败,提示信息为【Failure - Internal error: resource unavailable to send probe.】
> show service svc_route1 svc_route1 (9.9.9.9:*) - ANY State: DOWN Last state change was at Thu Aug 30 07:09:52 2018 Time since last state change: 0 days, 00:10:13.350 Server Name: srv_route1 Server ID : None Monitor Threshold : 0 Max Conn: 0 Max Req: 0 Max Band 0 kbits Use Source IP: NO Client Keepalive(CKA): NO Access Down Service: NO TCP Buffering(TCPB): NO HTTP Compression(CMP): NO Idle timeout: Client: 120 sec Server: 120 sec Client IP: DISABLED Cacheable: NO SC: OFF SP: OFF Down state flush: ENABLED Monitor Connection Close : NONE Appflow logging: ENABLED Process Local: DISABLED Traffic Domain: 0 1) Monitor Name: mon_tcp_llb State: DOWN Weight: 1 Passive: 0 Probes: 48 Failed [Total: 48 Current: 48] Last response: Failure - Internal error: resource unavailable to send probe. Response Time: 0.0 millisec 2) Monitor Name: ping State: UP Weight: 1 Passive: 0 Probes: 32 Failed [Total: 0 Current: 0] Last response: Success - ICMP echo reply received. Response Time: 273.67 millisec Done > show service svc_route2 svc_route2 (192.168.30.1:*) - ANY State: DOWN Last state change was at Thu Aug 30 07:09:55 2018 Time since last state change: 0 days, 00:10:13.220 Server Name: srv_route2 Server ID : None Monitor Threshold : 0 Max Conn: 0 Max Req: 0 Max Band 0 kbits Use Source IP: NO Client Keepalive(CKA): NO Access Down Service: NO TCP Buffering(TCPB): NO HTTP Compression(CMP): NO Idle timeout: Client: 120 sec Server: 120 sec Client IP: DISABLED Cacheable: NO SC: OFF SP: OFF Down state flush: ENABLED Monitor Connection Close : NONE Appflow logging: ENABLED Process Local: DISABLED Traffic Domain: 0 1) Monitor Name: mon_tcp_llb State: DOWN Weight: 1 Passive: 0 Probes: 48 Failed [Total: 48 Current: 48] Last response: Failure - Internal error: resource unavailable to send probe. Response Time: 0.0 millisec 2) Monitor Name: ping State: UP Weight: 1 Passive: 0 Probes: 33 Failed [Total: 0 Current: 0] Last response: Success - ICMP echo reply received. Response Time: 0.344 millisec Done > show service svc_route3 svc_route3 (192.168.10.1:*) - ANY State: UP Last state change was at Thu Aug 30 06:58:29 2018 Time since last state change: 0 days, 00:21:40.260 Server Name: srv_route3 Server ID : None Monitor Threshold : 0 Max Conn: 0 Max Req: 0 Max Band 0 kbits Use Source IP: NO Client Keepalive(CKA): NO Access Down Service: NO TCP Buffering(TCPB): NO HTTP Compression(CMP): NO Idle timeout: Client: 120 sec Server: 120 sec Client IP: DISABLED Cacheable: NO SC: OFF SP: OFF Down state flush: ENABLED Monitor Connection Close : NONE Appflow logging: ENABLED Process Local: DISABLED Traffic Domain: 0 1) Monitor Name: mon_tcp_llb State: UP Weight: 1 Passive: 0 Probes: 125 Failed [Total: 0 Current: 0] Last response: Success - TCP syn+ack received. Response Time: 0.0 millisec 2) Monitor Name: ping State: UP Weight: 1 Passive: 0 Probes: 32 Failed [Total: 0 Current: 0] Last response: Success - ICMP echo reply received. Response Time: 0.157 millisec Done >
问题4: 对于与设备不在同一网段的服务(简单理解即没有与之互通的SNIP),绑定此服务的虚拟服务器,添加 lb route 使用此虚拟服务器作为网关,执行失败,报错提示【ERROR: Service parameters are invalid for LLB/PBR VIP】
> add lb route 223.255.252.0 255.255.254.0 lb_vsrv_isp1 ERROR: Service parameters are invalid for LLB/PBR VIP > > add lb route 223.223.192.0 255.255.240.0 lb_vsrv_isp2 ERROR: Service parameters are invalid for LLB/PBR VIP > > add lb route 223.120.0.0 255.248.0.0 lb_vsrv_isp3 Done > > show lb route Network Netmask Traffic Domain VIP Flags ------- ------- -------------- --- ----- 1) 223.120.0.0 255.248.0.0 0 lb_vsrv_isp3 UP Done > > show route Network Netmask Gateway/OwnedIP State Traffic Domain Type ------- ------- --------------- ----- -------------- ---- 1) 0.0.0.0 0.0.0.0 192.168.10.1 UP 0 STATIC 2) 127.0.0.0 255.0.0.0 127.0.0.1 UP 0 PERMANENT 3) 192.168.10.0 255.255.255.0 192.168.10.45 UP 0 DIRECT 4) 192.168.11.0 255.255.255.0 192.168.11.15 UP 0 DIRECT 5) 223.120.0.0 255.248.0.0 lb_vsrv_isp3 UP 0 |LBROUTE Done > > show ip Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State --------- -------------- ---- ---- --- ---- ------- ------ 1) 192.168.11.15 0 NetScaler IP Active Enabled Enabled NA Enabled 2) 192.168.10.45 0 SNIP Active Enabled Enabled NA Enabled 3) 192.168.11.5 0 SNIP Active Enabled Enabled NA Enabled Done >
============= End