750 likes | 763 Views
This guide covers setting up accounts, VLANs, static routing, ESRP, basic commands, trunking, STP, SLB, and access-lists on Extreme switches.
E N D
목 차 1.Account설정 2. Vlan 생성과 제거 3. Static routing 4. ESRP 5. 기본적인 명령어 6. Sharing (=trunking) 7.Spanning tree protocol 8. SLB 9. Flow-redirection(WCR) 10. Access-list 11. OSPF
Account 설정 Example #1 Summit48:1 > create account Next possible completions: admin user ( admin은 read/write user는 read only) Summit48:1 > create account admin Next possible completions: <name> Summit48:1 > create account admin Next possible completions: <name> Summit48:1 > create account admin testadmin Next possible completions: encrypted <cr> <password> Summit48:1 > create account admin testadmin testpassword Next possible completions: <cr> Summit48:1 > create account admin testadmin testpassword Summit48:1 > delete account testadmin
Password 변경 * Summit48:1 # conf account testadmin <tab> Next possible completions: encrypted <name> <cr> * Summit48:1 # conf account testadmin <enter> password: Reenter password:
VLAN SETTING(1) • 기본적으로 Default VLAN에 모든 port들이 들어있다. 먼저 이 port들을 제거 해 준다. Summit48:1 # sh vlan VLAN Interface[0-fdf] with name "Default" created by user Tagging: 802.1Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP1 Ports: 50. (Number of active port=0) Untag: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
VLAN SETTING(2) Summit48:2 # config default delete port all 만약 1번과 5번 port를 제거 한다면 all 부분에 1, 5라고 넣어주면 됨 1번 부터 5번 까지의 port들을 제거 한다면 1 – 5라고 넣어주면 됨 Summit48:3 # sh vlan VLAN Interface[0-fdf] with name "Default" created by user Tagging: 802.1Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP1 Ports: 0. (Number of active port=0)
VLAN SETTING(3) VLAN을 creat 명령어를 사용해 만든다. Summit48:4 # creat vlan test 만든 VLAN에 port를 추가시킨다. Summit48:5 # config vlan test add port 1 – 4 만약 BlackDiamond라면 1:1 – 1:4 형식으로 추가 해야 한다. (모듈 넘버:포트 넘버) VLAN에 IP Address를 입력한다. Summit48:6 # config vlan test ipadd 100.100.100.100/24 IP interface for VLAN locus-inside has been created. IP address = 100.100.100.100, Netmask = 255.255.255.0. VLAN의 IP Address를 바꾸려면 IP Address만 변경하여 위와 동일하게 하면 됨. *주의 사항 만약 여러개의 VLAN이 있으면 VLAN간에 Traffic이 흐르도록 하기 위해 VLAN을 만들 때 마다 * Summit48:14 # enable ipforwarding명령어를 실행 시킨다.
VLAN SETTING(4) Summit48:7 # sh vlan VLAN Interface[0-fdf] with name "Default" created by user Tagging: 802.1Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP1 Ports: 0. (Number of active port=0) VLAN Interface[1-fdc] with name “test" created by user Tagging: Untagged (Internal tag 4095) IP: 100.100.100.100/255.255.255.0 IPX: Not configured STPD: Domain "s0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP1 Ports: 4. (Number of active port=0) Untag: 1 2 3 4
VLAN SETTING(5) BlackDiamond:9 # sh vlan Name VID Protocol Addr Flags Proto Super Ports Default 0001 0.0.0.0 /BP -----f----- ANY 0/145 MacVlanDis 4095 ------------------ ---- - ANY 0/ 0 Mgmt 4094 ------------------ ----- ANY 0/ 1 trunk 4093 100.100.100.246/30 -----f--o-- ANY 1/ 1 backbone2 4092 100.100.100.41 /28 -----f--o-- ANY 1/ 1 loop-back 4091 100.100.100.74 /32 -L---f--o-- ANY 0/ 0 neowiz 0601 100.100.101.126/27 -----f--o-- ANY 2/ 2 cckvan 0602 100.100.101.94 /29 M----f--o-- ANY 2/ 2 itventure 0603 100.100.101.250/30 M----f--o-- ANY 2/ 2 test 0604 100.100.102.1 /27 M----f--o-- ANY 2/ 2 backbone1 4090 211.106.158.169/27 -----f--o-- ANY 1/ 1 Flags : M=ESRP Master, E=ESRP Slave, G=GVRP Enabled, L=Loopback Enabled S=SuperVlan, s=SubVlan, R=SubVLAN IP Range Configured C=Domain-masterVlan, c=Domain-memberVlan f=IP Forwarding Enabled, m=IPmc Forwarding Enabled r=RIP Enabled, o=OSPF Enabled, p=PIM Enabled, d=DVMRP Enabled R=IPX RIP Enabled, P=IPX SAP Enabled N=GNS Reply Enabled, 2=IPX Type 20 Forwarding Enabled
Default Gateway SETTING Summit48:17 # config iproute add default 100.100.100.1 Summit48:18 # sh iproute Destination Gateway Mtr Flags Use VLAN Origin 100.100.100.0/24 100.100.100.100 1 0 test Direct 200.200.200.0/24 200.200.200.200 1 0 test1 Direct 127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct Default Route 100.100.100.1 1 G M 0 test Static Total number of routes = 4. Mask distribution: 1 default routes 1 routes at length 8 2 routes at length 24 Route origin distribution: 3 routes from Direct 1 routes from Static
STATIC ROUTING SETTING Summit48:20 # config iproute add 200.200.100.0 255.255.255.0 200.200.200.1 destination address next hop Summit48:21 # sh iproute Destination Gateway Mtr Flags Use VLAN Origin 100.100.100.0/24 100.100.100.100 1 0 test Direct 200.200.100.0/24 200.200.200.1 1 G M 0 test1 Static 200.200.200.0/24 200.200.200.200 1 0 test1 Direct 127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct Default Route 100.100.100.1 1 G M 0 test Static Total number of routes = 5. Mask distribution: 1 default routes 1 routes at length 8 3 routes at length 24 Route origin distribution: 3 routes from Direct 2 routes from Static
Static routing 제거 및 iproute sharing • Summit48:20 # config iproute delete 200.200.100.0 255.255.255.0 200.200.200.1 • 동일한 destination에 대해서 static routing경로가 2개 이상일 경우 이를 round-robin으로 사용할 수 있다. 경로 백업이 아니고 동시에 사용하기 위해서는 다음과 같은 명령어를 사용한다. * Summit48:10 # enable iproute sharing * Summit48:11 # show iprou Destination Gateway Mtr Flags Use VLAN Origin 211.116.235.192/26 211.116.235.245 1 U 111858 global Direct 100.100.100.0/24 100.100.100.1 1 U 154 test1 Direct 200.200.200.0/24 211.116.235.254 1 UG M 0 global Static 200.200.200.0/24 100.100.100.10 1 UG M 0 test1 Static 127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct Default Route 211.116.235.254 1 UG M 124683 global Static
ESRP SETTING(1) ESRP는 시스코의 HSRP, Foundrynetworks의 FSRP와 같이 L3기능과 동시에 Spanning tree기능과 같이 L2 blocking을 제공한다. 즉 default gateway backup기능과 Link backup기능을 제공한다. MASTER쪽과 SLAVE쪽 VLAN의 IP Address는 동일 하게 setting. ESRP SLAVE ESRP MASTER 만약 어떤 장비에게 Traffic이 흐르지 않는다면 장비가 현재 MASTER에 연결되어 있는지 확인 SLAVE 쪽으론 Traffic이 흐르지 않음.
enable esrp vlan <name> Enables ESRP on a VLAN • disable esrp vlan <name> Disables ESRP on a VLAN • config vlan <vlan name> esrp priority <value> Configures the ESRP priority. The range is 0 to 255. The higher number has higher priority. The default setting is 0. • config vlan <vlan name> esrp timer <hello_timer> • Configures the time between ESRP updates. The range is 1 to 255 seconds. The default setting is 2 seconds. The timer setting must be configured identically for the VLAN across all participating switches. • Hello_timer is a protocol • show esrp <vlan name> <all> <cr>
ESRP ELECTION ALGORITHMS(1) • ESRP ELECTION ALGORITHMS 다섯가지의 master 선정방식중 한가지를 설정할 수 있다. 각각의 election algorithms에 대한 선정 기준에 대한 설명이다. 이 방식의 설정은 i chip에서만 가능하다. config vlan <name> esrp election-algorithm <tab> • ports_track_priority_mac — Active ports, tracking information, ESRP riority, MAC address (Default) • track_ports_priority_mac — Tracking information, active ports, ESRP riority, MAC address • priority_ports_track_mac — ESRP priority, active ports, tracking information, MAC address • priority_track_ports_mac — ESRP priority, tracking information, active ports, MAC address • priority_mac_only — ESRP priority, MAC address
ESRP ELECTION ALGORITHMS(2) • config vlan <name> add track-ping <ipaddress> frequency <seconds> miss <number> 지정된 ip로 ping을 쳐서 응답이 없으면 master가 될 수 없다. • config vlan <name> add track-route <ipaddress>/<masklength> 지정된 track-route ipaddress에 대한 route가 없으면 master가 될 수 없다. • config vlan <name> add track-vlan <vlan_tracked> 지정된 vlan이 active되지 안으면 master가 될 수 없다. • config vlan <name> delete track-ping <ipaddress> frequency <seconds> miss <number> • config vlan <name> delete track-route <ipaddress>/<masklength> • config vlan <name> delete track-vlan <vlan_tracked>
ESRP SETTING(2) – ESRP host mode • ESRP에서는 host mode를 지원한다. 특정하게 정해진 port로는 ESRP slave에서도 통신이 가능하게 하는 방법이다. Server에서 dual link가 지원되어 한 port는 active이고 다른 port가 slave로 사용 가능한 경우 매우 유용하다. • config esrp port-mode [host | normal] ports 여기서 port-mode를 host로 설정해 주어야 한다. 각 server가 active / backup를 지원하는 lan card를 장착하였을 경우 사용 A-server의 active한 쪽이 fail 된다 하더라도 esrpmaster slave가 바뀌면 안된다. 이런경우 ESRP slave쪽으로 A-server가 통신을 할 수 있어야 한다. Config esrpport-mode host ports를 해주면 A-server도 backup port를 이용하여 slave ESRP쪽을 통해서 통신이 가능하다. active standby ESRP slave ESRP master A B C D E
기본적인 명령어들 장비의 Configuration을 삭제하는 방법 Summit48:8 # Unconfigure switch all 위와 같은 명령을 내리면 장비가 Configuration을 지운 후 재 부팅 함. 설정된 것이 아니라 새로 만들려는 항목들에 대한 명령어 순서는 대부분이 Create config 순서로 이루어 진다. Create vlanname Config vlanname 등등의 형식 기존에 가지고 있는 항목들은 대개 enable , disable로 처리된다. Enable route sharing Enable ipforwording 설정에 대해 지우고 싶을때는 delete 혹은 config name delete등의 형식으로 이루어 진다. Delete vlanname Delete account 등의 형태를 가진다.
기본적인 명령어들 장비에 image 또는 Bootrom을 upgrade 하는 방법 Image upgrage Summit48:19 # download image 100.100.100.100 s4119b2.Z secondary tftp서버 주소 image 명 primary 또는 secondary Summit48:33 # use image secondary 다음 부팅 부턴 secondary에 있는 image를 사용 Summit48:34 # reboot 장비 재 부팅 Bootrom upgrade Summit48:33 # download bootrom 100.100.100.100 sboot_1_9.bin Summit48:34 # reboot
기본적인 명령어들 Configuration을 secondary에 저장한 후 다음 부팅부터 secondary에 있는 Configuraton을 사용 Summit48:2 # save configuration secondary Summit48:3 # use configuration secondary Upgrage 후 BlackDiamond에 장착되어 있는 두개의 MSM모듈을 동기화 시킨다. BlackDiamond에서 A Slot에 있는 모든 image와 configuration을 B Slot에 복사 BlackDiamond:1 # synchronize
기본적인 명령어들 다른 장비와 연결된 port가 제대로 동작하는지 확인 Summit48:8 # Sh port stats Port Statistics Tue Jan 16 11:44:57 2001 Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Rx Status Count Count Count Count Bcast Mcast ============================================================== 1 ACTIVE 2085 469123 88528 12187150 43295 44841 2 READY 0 0 0 0 0 0 3 READY 0 0 0 0 0 0 4 READY 0 0 0 0 0 0 5 READY 0 0 0 0 0 0 6 READY 0 0 0 0 0 0 7 READY 0 0 0 0 0 0 8 READY 0 0 0 0 0 0 9 READY 0 0 0 0 0 0 10 READY 0 0 0 0 0 0 ================================================================ 0->Clear Counters U->page up D->page down ESC->exit
기본적인 명령어들 Interface가 10M 인지 100M인지 또는 auto로 configuration 되어 있는지 확인 Summit48:5 # sh ports info Information for port 1: Port state: enabled Link state: active Port diagnostic: pass Configured Duplex mode: auto Actual Duplex Mode: half Configured speed: auto Actual Speed: 10 Link up 1 time(s) Link down 1 time(s) Media type: UTP Has redundant port: no Summit Link disabled Extreme Discovery Protocol: enabled Qos Monitor: disabled Load sharing is not enabled MAC Learning: enabled VLAN information: Default(untagged) Vlan Id: 1
기본적인 명령어들 Protocol: Vlan Default Priority: 0 type: EtherType value: ffff Qos Profile: None configured Queue to Qos Profile Mapping: Q0: QP1 MinBw 0, MaxBw 100, Pri Low Q1: QP2 MinBw 0, MaxBw 100, Pri Normal Q2: QP3 MinBw 0, MaxBw 100, Pri Medium Q3: QP4 MinBw 0, MaxBw 100, Pri High 만약 port의 상태를 바꾸고자 한다면 다음과 같은 방법을 사용하면 됨. Summit48:21 # configure ports 4 auto off speed 100 duplex full Summit48:22 # configure ports 4 auto off duplex fullspeed 100 위 2개의 명령어는4번 port를 강재적으로 100 full로 잡는 방법이다. Summit48:23 # configure ports 4 auto on 4번 port를 auto로 잡는 방법임.
기본적인 명령어들 Port들의 사용율을 체크 할 때 사용. ( spacebar를 사용해 다른 정보들도 볼 수 있음.) Summit48:6 # sh port utilization Link Utilization Averages Tue Jan 16 11:47:08 2001 Port Link Receive Peak Rx Transmit Peak Transmit Status packet/sec pkt/sec pkt/sec pkt/sec ================================================================ 1 ACTIVE 2 7 0 5 2 READY 0 0 0 0 3 READY 0 0 0 0 4 READY 0 0 0 0 5 READY 0 0 0 0 6 READY 0 0 0 0 7 READY 0 0 0 0 8 READY 0 0 0 0 9 READY 0 0 0 0 10 READY 0 0 0 0 ================================================================ spacebar->toggle screen U->page up D->page down ESC->exit
기본적인 명령어들 장비에 관한 대략적인 정보를 볼 수 있음. Summit48:14 # sh switch sysName: Summit48 sysLocation: sysContact: support@extremenetworks.com, +1 888 257 3000 System MAC: 00:01:30:6f:cf:00 License: Full L3. Qos Mode: Ingress System Mode: 802.1Q EtherType is 8100. PACE disabled. Jumbo disabled. Current time: Tue Jan 16 15:40:00 2001 Timezone: GMT Offset: 0 minutes, DST is not in effect. Auto DST check: Enabled Boot time: Mon Jan 15 16:24:33 2001 Next reboot: None scheduled Timed upload: None scheduled Temperature: 25C. All fans are operational. 장비의 온도는 0 – 40도를 유지 Power supply: Primary OK, RPS not present 하는 것 이 좋다.
기본적인 명령어들 Software image selected: primary Software image booted: primary Primary software version: 4.1.19b2 Secondary software version: 4.1.19b2 Configuration selected: primary Configuration booted: primary Primary configuration: 444520 bytes saved on Mon Jan 15 16:22:14 2001 Secondary configuration: Empty
기본적인 명령어들 장비가 사용하고 있는 Boot image와 image를 확인 Summit48:15 # sh ver System ID: 800013-14-0037M02655 Board ID: 700015-11-0037M00694 Left Board ID: 700016-10-0036M00614 Right Board ID: -- Image : Extremeware Version 4.1.19 (Build 2) by Release_Master Wed 08/09/200 0 6:09p BootROM : 1.9 Mirroring 방법 enable mirroring to <port> Example: enable mirroring to port 3 config mirroring add/del ports vlan <vlan name> <hex octet> disable mirroring show mirroring * Summit3:8 # sh mir Mirror port: 3 is up
기본적인 명령어들 장비의 log를 확인하는 방법 (장비 이상 유무 확인) Summit48:24 # sh log 01/16/2001 16:40.27 <INFO:SYST> Port 1 link down 01/16/2001 16:40.25 <INFO:SYST> serial admin: conf port 1 auto off speed 100 du fu 01/16/2001 16:04.27 <INFO:SYST> User admin logged out from telnet (211.116.235.2 05) 01/16/2001 15:25.15 <INFO:USER> admin logged in through telnet (211.116.235.205) 01/16/2001 14:11.09 <INFO:SYST> User admin logged out from telnet (211.116.235.2 05) 01/16/2001 14:09.16 <INFO:USER> admin logged in through telnet (211.116.235.205) 01/16/2001 11:49.56 <INFO:SYST> serial admin: sh management 01/16/2001 11:43.36 <INFO:USER> admin logged in through console 장비에 시간을 세팅하는 방법(log 확인시 시간 표시) Summit48:6 # configure time 1 / 17 / 2001 09 : 54 : 00
Sharing (= trunking) • Sharing은 cisco의 fast ether channel과 foundrynetworks의 trunk와 동일한 의미이다. • 두개의 물리적 포트를 하나의 포트처럼 사용가능하게 하는 방법이다. • 100M 이상의 트래픽이 몰리는 구간에 두개의 port를 연결하고 그 포트를 sharing 하면 200M로 사용할 수 있다. • * Summit48:1 # enable sharing 45 grouping 45 – 46 • Enable sharing <시작port> grouping <시작port> - <끝port> • Fast ethernet 4port 까지 가능 ( 800M)
Spanning Trees • Default switch configuration contains one STPD called “s0” • By default, spanning tree is disabled on s0 • Once the STPD is created, one or more VLANs can be assigned to it • Spanning Trees have VLANs as members • VLANs are assigned to STPDs • All VLANs are automatically made members of “s0” • You cannot delete a VLAN from “s0”, however, you can add it to another STPD
STP Configuration CLI Commands • create/delete stpd • enable/disable stpd • enable/disable stpd port • config stpd add vlan • config stpd priority • config stpd port cost • config stpd port priority • config stpd hellotime • config stpd forwarddelay • config stpd maxage • unconfig stpd • show stpd • show stpd port • enable ignore-stp vlan <name>
CLI Command • create stpd <stpd_name> • delete stpd <stpd_name> • Creates an STPD. When created, an STPD has the following default parameters: • Bridge priority — 32,768 • Hello time — 2 seconds • Forward delay — 15 seconds enable stpd <stpd_name> • disable stpd <stpd_name> The default setting is disabled
CLI Command • enable stpd <stpd_name> port <portlist> • disable stpd <stpd_name> port <portlist> • The default setting is enabled • config stpd <stpd_name> add vlan <name> • config stpd <stpd_name> priority <value> • The range is 0 through 65,535. • The default setting is 32,768
CLI Command • config stpd <stpd_name> port cost <value> <portlist> • For a 10Mbps port, the default cost is 100. • For a 100Mbps port, the default cost is 19. • For a 1000Mbps port, the default cost is 4. • config stpd <stpd_name> port priority <value> <portlist> • The range is 0 through 255. • The default setting is 128
CLI Command • config stpd <stpd_name> hellotime <value> • The hellotime default setting is 2 seconds • config stpd <stpd_name> forwarddelay <value> • The range is 4 through 30. • The default setting is 15 seconds. • config stpd <stpd_name> maxage <value> • The default setting is 20 seconds. • unconfig stpd <stpd_name>
CLI Command - show stpd show stpd {<stpd_name>} Displays STP information for one or all STP domains. Stpd: s0 Stp: ENABLED Number of Ports: 3 Ports: 16,17,22 Vlans: Default red blue Bridge Priority: 32768 BridgeID: 80:00:00:e0:2b:03:eb:00 Designated root: 80:00:00:e0:2b:03:18:00 RootPathCost: 4 MaxAge: 20s HelloTime: 2s ForwardDelay: 15s CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s Topology Change Time: 35s Hold time: 1s Topology Change Detected: FALSE Topology Change: TRUE Number of Topology Changes: 0 Time Since Last Topology Change: 9s } If this matches, then this is the ROOT Bridge
CLI Command - show stpd port show stpd {<stpd_name>} port <portlist> Displays the STP state of a port. * Summit24:6 #show stpd s0port 1 Stpd: s0 Port: 1 PortId: 8001 Stp: ENABLED Path Cost: 100 Port State: FORWARDING Topology Change Ack: FALSE Port Priority: 128 Designated Root: 00:00:00:00:00:00:00:00 Designated Cost: 0 Designated Bridge: 00:00:00:00:00:00:00:00 Designated Port Id: 0 Press <SPACE> to continue or <Q> to quit:
SLB (Server Load Balancing) i칩이 들어간 모든 장비에서 지원한다.( submit1i, submit5i, submit7i, blackdiamond등) Server Loadbalancing을 위해서는 다음과 같은 구성요소가 필요하다. • Node –실제 동작을 하는 real server를 말함 • Pools – Node(real server)들을 하나의 Group으로 설정 • VIP – Virtual IP (사용자가 접속하는 ip address) 위의 세가지 구성요소로 이루어 진다. Server Load Balancing 동작 방식에 따라 다음과 같은 4가지 mode를 지원한다. • GO GO 가장 빠른속도의 방법이지만 서버들의 mac과 ip를 동일하게 해주어야함. • Transparent hardware로 처리 되므로 빠른 응답, 서버에 loopback설치 필요(권장) • Translational 일반적인 L4 switch가 동작되는것과 같음 cpu로 처리됨 • Port Translational 가장 늦은 방법, port변환을 해야함
SLB (Server Load Balancing) Server Load Balancing Algorithms: • Round Robin : 순차적으로 한번씩 보냄 • Ratio : 서버의 성능에 따라서 비율을 준다. • Priority • Least Connections : 보낸지 가장 오래된 서버로 보냄 Server Load Balancing 에서 주의점 - Server vlan과 client가 들어오는 vlan이 반드시 나누어져야 한다. Extreme에서는 L3 라우팅이 일어날 때 slb가 이루어 지므로 반드시 vlan이 분리되어야 한다. - Vip는 server vlan이나 또는 client vlan 어느 쪽에 있어도 무방하다. - Health check는 ping-check, L4-port check, service check중 하나를 선택한다.
SLB (Server Load Balancing) Server Load Balancing mode에서 transparent mode를 사용할 경우 - NT Server에서 loopback interface 설정 방법 NT서버에서 Loopback interface설정은 제어판 -> 새하드웨어 추가설치 -> 네트웍어뎁터 -> microsoft -> Loopback interface로 하면 된다. Loopback interface는 하나만을 설정하고 그 이상의 추가 설치는 하지 않는다 부득이 추가할 경우에는 advanced tab을 이용하여 추가 한다. - Linux & UNIX에서의 Loopback interface 설정 Ifconfig lo:0 <ipaddress> netmask <255.255.255.255> up Make sure that it has the correct default route (netstat –rn) look for 0.0.0.0 If not, add one, Route add default gw <gateway ip> Transparent Mode를 사용할 경우 반드시 Loopback interface address는 Extremenetwork장비의 Vip(virtual ip)로 설정해야 한다.
SLB (Server Load Balancing) Create slb pool <poolname> {slb-method [ round-robin | ratio| priority| least-connections]} Poolname은 유일해야 하며 기억하기 쉬운 것으로 임의 설정을 한다. SLB-method는 round-robin, ratio, priority, and lest-connections중 하나를 선택한다. Show slb pool Show slb pool detail Show slb node Enable slb node <ipaddress> ping-check Enable slb node <ipaddress> port <port> port-check config slb pool <poolname> add <ipaddress>:<L4Port> {ratio <ratio> |priority <priority>} SLB pool에다가 node를 추가시키는 명령어. Create slb vip <vipname> pool <poolname> mode [transparent | translation | port-translation] <ipaddress> {- <upper_ipaddress>} {port <L4Port>} Enable slb vip Disable slb vip Show slb vip detail Show slb vip
Public network 200.200.200.0/24 Private network 100.100.100.0/24 Client 100.100.100.2 Port http 100.100.100.3 Port http 3 2 1 100.100.100.4 Port ftp 100.100.100.5 Port ftp 인터넷 SLB (Server Load Balancing)
SLB (Server Load Balancing) Configuration guide 두개의 vlan으로 나눈다. ( public network과 private network으로 나눈다.) Slb pool을 두개를 만든다 ( httppool, ftppool) - httppool은 node로 100.100.100.2와 100.100.100.3을 갖는다. - ftppool은 node로 100.100.100.4와 100.100.100.5를 갖는다. Vip를 두개를 만든다. ( public network, private network에 각각 하나씩 만든다.) - public network(200.200.200.1)에 만드는 경우는 vip는 public ip를 갖고 real server는 private network에 존재 - private network(100.100.100.6)에 만드는 경우는 nat를 해주는 장비(firewall등등)가 있는 경우 Transparent mode 로 설정하려면 real server에서 loopback address를 vip로 지정해 줘야만 한다.
SLB (Server Load Balancing) configuration create vlan svlan create vlan cvlan conf svlan add port 1:1-1:10 conf cvlan add port 1:11-1:20 conf svlan ipadd 100.100.100.1/24 conf cvlan ipadd 200.200.200.2/24 enable ipforwarding (vlan을 생성하면 반드시 해주어야 한다.) create slb pool httppoollb-method round conf slb pool httppool add 100.100.100.2 : 80 conf slb pool httppool add 100.100.100.3 : 80 create slb pool ftppool lb-method least conf slb pool ftppool add 100.100.100.4 : ftp conf slb pool ftppool add 100.100.100.5 : ftp create slb vip pubvip pool httppool mode translational 200.200.200.1 : http create slb vip privip pool ftppool mode transparent 100.100.100.6 : ftp enable slb config vlan svlan slb-type server (svlan을 server vlan으로 선언) config vlan cvlan slb-type client (cvlan을 client vlan으로 선언) enable slb node all tcp-port-check (health check를 L4-port까지 check)
SLB (Server Load Balancing) PING-CHECK Ping-check is Layer 3 based pinging of the physical node. The default ping frequency is one ping generated to the node each 10 seconds. If the node does not respond to any ping within a timeout period of 30 seconds (3 ping intervals), then the node is considered down. PING-CHECK COMMANDS To enable ping-check, use this command: enable slb node <ipaddress> ping-check To disable ping-check, use this command: disable slb node <ipaddress> ping-check
SLB (Server Load Balancing) TCP-PORT-CHECK TCP-port-check is Layer 4 based TCP port open/close testing of the physical node. The default frequency is 30 seconds and the default timeout is 90 seconds. Port-checking is useful when a node passes ping-checks, but a required TCP service (for example, httpd) has gone down. If the httpd daemon running on TCP port 80 crashed, that would cause a layer 4 port-check on port 80 to fail, because no TCP socket could be opened to that port. If this continues for the duration of the specified port-check timeout, the IP/port combination is considered down. TCP-PORT-CHECK COMMANDS To enable tcp-port-check, use this command: enable slb node <ipaddress>:<L4Port> tcp-port-check To disable tcp-port-check, use this command: disable slb node <ipaddress>:{<L4Port> | all} tcp-port-check
SLB (Server Load Balancing) SERVICE-CHECK Service-check is Layer 7 based application-dependent checking defined on a VIP. Service-checking is performed on each node in the pool with which this VIP is associated. The default frequency is 60 seconds and the default timeout is 180 seconds. Each service check has associated parameters that you can set. These parameters are described in Table 1 7-3. If the service-check parameters are not specified on an individual node or VIP, the global default values for these parameters are used. The global service-check defaults themselves are configurable, so if you use the same value in many cases, change the global defaults accordingly. In the case of HTTP service-checking, the URL of the Web page to be retrieved, such as “/index.html”, can be specified. A match-string that is expected to be in the retrieved Web page can be specified, such as “Welcome”. If the match-string is found in the first 1,000 bytes of the retrieved Web page, the service-check passes on the particular node. A match-string specified as keyword any-content will match any retrieved text. However, to distinguish valid data in the retrieved text from error text, specifying an actual string to match is suggested. For FTP, Telnet, and POP3 service-check attempts to log on and off the application on the server using the specified userid and password.
SLB (Server Load Balancing) SERVICE-CHECK COMMANDS To enable service-check, use this command: enable slb vip [<vipname> | all] service-check To disable service-check, use this command: disable slb vip [<vipname> | all] service-check Service-Check Parameters Service Attribute Global Default Value HTTP URL “/” Match-string Any-content FTP Userid “anonymous” Password “anonymous” Telnet Userid “anonymous” Password “anonymous” SMTP Dns-domain Same as the switch DNS domain. If no DNS domain is configured for the switch, the value is ““. NNTP Newsgroup “ebusiness” POP3 Userid “anonymous” Password “anonymous”
Flow-redirection (WCR) • WEB CACHE REDIRECTION (WCR) • Flow redirection은 source, destination, L4-port를 가지고 redirection할 수 있다. IP source address and mask IP destination address and mask Layer 4 port • Cache server와 연동해서 TCS(transparent cache switching)을 지원 • PBR(policy base routing)을 지원 source ip를 가지고 Destination router를 설정하는 기술