安装adc镜像
其余都是默认
概念介绍
五元组
dip dport 协议类型 vip vport
a.a.a.a 9999 http b.b.b.b 80
b.b.b.b 80 a.a.a.a 9999
代理地址: c.c.c.c vip:d.d.d.d
a.a.a.a 9999 http d.d.d.d 80
c.c.c.c 8888 http b.b.b.b 80
b.b.b.b 80 http c.c.c.c 8888
d.d.d.d 8888 http a.a.a.a 9999
全代理最终访问流程
初始化
默认密码是:admin
配置管理口
•/cfg/sys/mmgmt/dhcp disable
•/cfg/sys/mmgmt/addr <ip address>
•/cfg/sys/mmgmt/mask <mask>
•/cfg/sys/mmgmt/gw <default gw>
•/cfg/sys/mmgmt/ena
•apply
•save
开启ssh
•/cfg/sys/access/ssh/on
•apply
•save
开启web
这个在新版本不需要
/cfg/sys/access/https/https enable
apply
sava
然后登陆 https:// mmgmt
配置vlan,这里的vlan是
/cfg/l2/vlan 110 #新增Vlan 110
/cfg/l2/vlan 110/add 1 #新增Port1至Vlan 110
/cfg/l2/vlan 110/ena #启用Vlan110
apply
save
配置三层ip
/cfg/l3/if 1 #新增L3 interface 1
/cfg/l3/if 30/addr 192.168.47.152 #新增加的ip
/cfg/l3/if 30/mask 255.255.255.0 #子网掩码
/cfg/l3/if 30/vlan 110 # 绑定if 1于vlan 110
/cfg/l3/if 30/ena #启用interface1
apply
save
配置gatways
/cfg/l3/gw 110 #新增GW 110
/cfg/l3/gw 30/addr 192.168.47.254
/cfg/l3/gw 30/vlan 110
/cfg/l3/gw 30/ena #启用GW 110
配置Real Server
/cfg/slb/on
/cfg/slb/real 1 #新增Real Server 1
/cfg/slb/real 1/rip 192.168.47.153
/cfg/slb/real 1/addport 80
/cfg/slb/real 1/en
/cfg/slb/real 2 #新增Real Server 2
/cfg/slb/real 2/rip 192.168.47.154
/cfg/slb/real 2/addport 80
/cfg/slb/real 2/en
配置Real Server Group
/cfg/slb/group 80 #添加服务器组
/cfg/slb/group 80/add 1 #添加Real Server服务器1
/cfg/slb/group 80/add 2 #添加Real Server服务器2
/cfg/slb/group 80/metric roundrobin #开启轮询
创建vip
/cfg/slb/virt 1
/cfg/slb/virt 1 vip 192.168.47.150 #添加vip
/cfg/slb/virt 1 enabled #开启vip
/cfg/slb/virt 1 service 80 #开启vip的80端口
/cfg/slb/virt 1 group 80 #把group 80 添加进vip
/cfg/slb/virt 1/service 80 http/pip
/cfg/slb/virt 1/service 80 http/pip mode address
/cfg/slb/virt 1/service 80 http/pip addr v4 192.168.47.150 255.255.255.255
在web上面选择Delayed Binding 为Enable
访问测试
负载均衡算法
在Group的负载均衡器算法进行配置
轮询(Round Robin)
加权轮询(Weighted Round Robin)
最少连接(Least Connections)
加权最少连接(Weighted Least Connections)
随机(Random)
加权随机(Weighted Random)
源地址散列(Source Hashing)
源地址端口散列(Source&Port Hashing)
健康检查
对于服务器组的服务器主机进行健康检查配置
这里添加不同健康检查
选择不同的Select Type
选择协议的细节
nginx ssl配置
生成证书
[root@localhost conf.d]# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/pki/tls/private/ca.key -out /etc/pki/tls/certs/server.crt
Generating a 2048 bit RSA private key
...+++
.........+++
writing new private key to '/etc/pki/tls/private/ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
编写config文件
47.153
[root@localhost conf.d]# cat /etc/nginx/conf.d/ssl.conf
server{
listen 443 ssl;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/private/ca.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
[root@localhost conf.d]# cat /usr/share/nginx/html/index.html
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx
this is 47.153 443
[root@localhost conf.d]# scp ssl.conf root@192.168.47.154:/etc/nginx/conf.d/
ssl.conf 100% 235 160.4KB/s 00:00
[root@localhost conf.d]# scp /etc/pki/tls/certs/server.crt root@192.168.47.154:/etc/pki/tls/certs/server.crt
server.crt 100% 1220 852.3KB/s 00:00
[root@localhost conf.d]# scp /etc/pki/tls/private/ca.key root@192.168.47.154:/etc/pki/tls/private/ca.key
ca.key 100% 1704 1.2MB/s 00:00
[root@localhost html]# cat /usr/share/nginx/html/index.html
this is 47.154 443
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx
radware配置
首先把证书copy出来
配置证书仓库
配置SSL Policy
开启后端加密
这个是需要选择开启的,如果后面的服务器是http,就不需要开启这个功能
对http做重定向
在vip应用ssl证书
查看效果
然后apply,save
高级操作
抓包配置
Main# /maint/pktcap/data/capture host 192.168.47.160
Main# /maint/pktcap/data/dumpcap
查看设备的cpu和内存
>> Proxy IP# /stats/mp/cpu
------------------------------------------------------------------
CPU utilization:
cpuUtil1Second: 8%
cpuUtil4Seconds: 9%
cpuUtil64Seconds: 9%