radware负载均衡器配置adc

安装adc镜像

其余都是默认

概念介绍

五元组

 dip dport   协议类型   vip   vport  
 
 a.a.a.a 9999   http b.b.b.b 80
 
 b.b.b.b 80 a.a.a.a 9999
代理地址： c.c.c.c   vip：d.d.d.d
 a.a.a.a 9999 http d.d.d.d 80
 c.c.c.c 8888 http b.b.b.b 80
 
 b.b.b.b 80 http c.c.c.c 8888
 d.d.d.d 8888 http a.a.a.a 9999
 
1
2
3
4
5
6
7
8
9
10
11
12

全代理最终访问流程

初始化

默认密码是：admin

配置管理口

•/cfg/sys/mmgmt/dhcp disable
•/cfg/sys/mmgmt/addr 
•/cfg/sys/mmgmt/mask 
•/cfg/sys/mmgmt/gw 
•/cfg/sys/mmgmt/ena
•apply
•save
1
2
3
4
5
6
7

开启ssh

•/cfg/sys/access/ssh/on
•apply
•save
1
2
3

开启web

这个在新版本不需要

/cfg/sys/access/https/https enable
apply
sava
1
2
3

然后登陆 https:// mmgmt

配置vlan，这里的vlan是

/cfg/l2/vlan 110    #新增Vlan 110
/cfg/l2/vlan 110/add 1 #新增Port1至Vlan 110
/cfg/l2/vlan 110/ena #启用Vlan110
apply
save
1
2
3
4
5

配置三层ip

/cfg/l3/if 1  #新增L3 interface 1
/cfg/l3/if 30/addr 192.168.47.152 #新增加的ip
/cfg/l3/if 30/mask 255.255.255.0  #子网掩码
/cfg/l3/if 30/vlan 110 # 绑定if 1于vlan 110
/cfg/l3/if 30/ena #启用interface1
apply
save
1
2
3
4
5
6
7

配置gatways

/cfg/l3/gw 110  #新增GW 110
/cfg/l3/gw 30/addr 192.168.47.254
/cfg/l3/gw 30/vlan 110
/cfg/l3/gw 30/ena  #启用GW 110
1
2
3
4

配置Real Server

/cfg/slb/on  
/cfg/slb/real 1  #新增Real Server 1
/cfg/slb/real 1/rip 192.168.47.153
/cfg/slb/real 1/addport 80
/cfg/slb/real 1/en
/cfg/slb/real 2  #新增Real Server 2
/cfg/slb/real 2/rip 192.168.47.154
/cfg/slb/real 2/addport 80
/cfg/slb/real 2/en

1
2
3
4
5
6
7
8
9
10

配置Real Server Group

/cfg/slb/group 80   #添加服务器组
/cfg/slb/group 80/add 1  #添加Real Server服务器1
/cfg/slb/group 80/add 2  #添加Real Server服务器2
/cfg/slb/group 80/metric roundrobin  #开启轮询
1
2
3
4

创建vip

/cfg/slb/virt 1
/cfg/slb/virt 1 vip 192.168.47.150  #添加vip
/cfg/slb/virt 1  enabled   #开启vip
/cfg/slb/virt 1 service 80  #开启vip的80端口
/cfg/slb/virt 1 group 80  #把group 80 添加进vip
/cfg/slb/virt 1/service 80 http/pip
/cfg/slb/virt 1/service 80 http/pip mode address
/cfg/slb/virt 1/service 80 http/pip	addr v4 192.168.47.150 255.255.255.255
1
2
3
4
5
6
7
8

在web上面选择Delayed Binding 为Enable

访问测试

负载均衡算法

在Group的负载均衡器算法进行配置

轮询（Round Robin）

加权轮询（Weighted Round Robin）

最少连接（Least Connections）

加权最少连接（Weighted Least Connections）

随机（Random）

加权随机（Weighted Random）

源地址散列（Source Hashing）

源地址端口散列（Source&Port Hashing）

健康检查

对于服务器组的服务器主机进行健康检查配置

这里添加不同健康检查

选择不同的Select Type

选择协议的细节

nginx ssl配置

生成证书

[root@localhost conf.d]# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/pki/tls/private/ca.key -out /etc/pki/tls/certs/server.crt
Generating a 2048 bit RSA private key
...+++
.........+++
writing new private key to '/etc/pki/tls/private/ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

编写config文件

47.153
[root@localhost conf.d]# cat /etc/nginx/conf.d/ssl.conf 
server{

    listen  443 ssl;
    ssl_certificate /etc/pki/tls/certs/server.crt;
    ssl_certificate_key  /etc/pki/tls/private/ca.key;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}
[root@localhost conf.d]# cat /usr/share/nginx/html/index.html
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx
this is 47.153 443
[root@localhost conf.d]# scp ssl.conf root@192.168.47.154:/etc/nginx/conf.d/
ssl.conf                                                                          100%  235   160.4KB/s   00:00    
[root@localhost conf.d]# scp /etc/pki/tls/certs/server.crt root@192.168.47.154:/etc/pki/tls/certs/server.crt

server.crt                                                                        100% 1220   852.3KB/s   00:00    
[root@localhost conf.d]# scp /etc/pki/tls/private/ca.key root@192.168.47.154:/etc/pki/tls/private/ca.key

ca.key                                                                            100% 1704     1.2MB/s   00:00    
[root@localhost html]# cat /usr/share/nginx/html/index.html
this is 47.154 443
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# systemctl status nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

radware配置

首先把证书copy出来

配置证书仓库

配置SSL Policy

开启后端加密
这个是需要选择开启的，如果后面的服务器是http,就不需要开启这个功能

对http做重定向

在vip应用ssl证书

查看效果

然后apply，save

高级操作

抓包配置

Main# /maint/pktcap/data/capture host 192.168.47.160
Main# /maint/pktcap/data/dumpcap
1
2

查看设备的cpu和内存

>> Proxy IP# /stats/mp/cpu 
------------------------------------------------------------------
CPU utilization:
cpuUtil1Second:   8%
cpuUtil4Seconds:  9%
cpuUtil64Seconds: 9%
1
2
3
4
5
6