拓撲說明:
網絡描述:
網絡出口4條公網線路接入,如上圖,兩臺出口防火牆做HA,且防火牆出口地址是教育網的地址,即Radware LP 負載均衡設備教育網的接入端口應該啓用VLAN;那麼兩臺LP在做高可用的時候需要注意以下問題,這裏介紹的是基於VRRP的模式;
條件需求:
兩臺LP型號必須一樣,且需要相同的軟件版本。功能許可例如BWM,IPS可以不用考慮,內存大小也不用考慮,但是吞吐最好也要相同。
這裏實施的軟件版本是ODS2 6.12.02,目前最新的軟件版本
問題描述:
1、當啓用VRRP以後,發現主設備的VLAN接口運行狀態總是不能UP,但是物理狀態是UP的;
2、LP的VLAN接口不是很穩定,時段時通;
解決辦法:
1、當啓用VRRP的時候,主設備需要開啓Interface Grouping,此選項的功能是檢查設備端口運行狀態,當他發現一個端口DOWN了,那麼該機制會強制讓其他端口也DOWN。所以在給VLAN接口做VRRP的時候一定要將所有的
VLAN接口都UP,這樣VLAN纔是激活的狀態
To provide a complete solution for redundancy against all failures, LinkProof employs a mechanism called Interface Grouping. If LinkProof notices that one of its physical ports is down, it intentionally brings all other active ports down.
When a physical port on LinkProof goes down, because of a cable failure, switch port failure, hub failure, or other problems, LinkProof performs the following tasks:
|
1.
|
|
|
2.
|
|
3.
|
If there were no IP addresses configured on the port that went down, nothing happens and normal operation continues.
|
|
>>
|
Using Regular VLAN, when any of the ports associated with a VLAN is down, Interface Grouping is triggered.
|
|
>>
|
Using Switched IP VLAN, Interface Grouping is triggered only when all ports on a Switched IP VLAN are down.
|
|
>>
|
When using VLAN with interface groupings, a group may go down as a result of a failing interface. In such an event, all traffic to the interfaces belonging to the group will be discarded including management traffic.
|
2、可以從拓撲中看出,這樣的部署是有環路的,可能是這個原因導致了LP VLAN接口不穩定,但是在VRRP的全局設置中可以通過Backup-In-Vlan 選項解決此問題,他的作用是如果狀態選擇爲BACKUP,那麼備設備是不處理任何流量的。
主設備配置
備設備配置
全局參數
