F5通過http class實現多域名分流進行服務器負載均衡
武漢通威電子有限公司
陳 波
2012-10-9
一、環境和需求
#---------環境
電子商務平臺
BIGIP 1600 LTM 一臺,ASA5520 一臺
ISP公網ip 5個
IBM服務器刀片10幾個
主域名www.aaa.com,二級域名20個(tr.aaa.com/search.aaa.com/……)
#---------需求
由於公網ip有限,不能做到域名和公網ip的一對一綁定,需要通過f5來實現多域名的分流
所有用戶都通過域名(80端口)訪問業務,而後臺每個域名分別爲不同端口
每個域名代表一個業務組,後臺有多組服務器池對應不同域名
二、設計思路
# 第一步------------------------------------
把5個公網ip的功能進行規劃:
IP1=防火牆接口ip
IP2=防火牆預留映射ip,nat給f5的管理ip 443
IP3=業務集合bg
bg_cms.bg.aaa.com
bg_erp.bg.aaa.com
bg_exh.bg.aaa.com
bg_goods.bg.aaa.com
bg_log.bg.aaa.com
bg_member.bg.aaa.com
bg_order.bg.aaa.com
bg_tr.bg.aaa.com
IP4=業務集合main
club.aaa.com
exh.aaa.com
login.aaa.com
member.aaa.com
order.aaa.com
search.aaa.com
tr.aaa.com
www.aaa.com
IP5=業務集合pay
bg_pay.aaa.com
image.aaa.com
pay.aaa.com
# 第二步------------------------------
域名綁定到IP3的一個公網ip上
bg_cms.bg.aaa.com
bg_erp.bg.aaa.com
bg_exh.bg.aaa.com
bg_goods.bg.aaa.com
bg_log.bg.aaa.com
bg_member.bg.aaa.com
bg_order.bg.aaa.com
bg_tr.bg.aaa.com
其他域名類似
# 第三步------------------------------
防火牆做一對一端口映射
其中IP3、4、5映射到F5的3個vs ip 192.168.21.1~3
# 第四步------------------------------
F5上通過http class配置進行對數據包的url進行檢查域名來進行分流,到不同的server pool,並把80流量進行目的端口轉換到不同業務
三、流量邏輯圖
四、相關截圖
Vs_bg,vs_main1,vs_pay分別爲根據域名url判斷的三個分流應用組
Vs forward是內部三層交換
Vs out是服務器主動訪問
注:指定網段可以ip forwarding三層交換。
注:不管真實服務器是什麼端口,用戶都用80端口訪問
注:http class的配置,根據vs中接受到包頭的url進行判斷
注:在vs的resource裏面匹配http class
五、配置文件
profile httpclass httpclass {
pool none
redirect none
url rewrite none
asm disable
wa disable
hosts none
paths none
headers none
cookies none
}
profile httpclass bg_cms {
defaults from httpclass
pool pool_bg_cms
redirect none
hosts "cms.bg.aaa.com"
}
profile httpclass bg_erp {
defaults from httpclass
pool pool_bg_erp
redirect none
hosts "erp.bg.aaa.com"
}
profile httpclass bg_exh {
defaults from httpclass
pool pool_bg_exh
redirect none
hosts "exh.bg.aaa.com"
}
profile httpclass bg_goods {
defaults from httpclass
pool pool_bg_goods
redirect none
hosts "goods.bg.aaa.com"
}
profile httpclass bg_log {
defaults from httpclass
pool pool_bg_log
redirect none
hosts "logistics.bg.aaa.com"
}
profile httpclass bg_member {
defaults from httpclass
pool pool_bg_member
redirect none
hosts "member.bg.aaa.com"
}
profile httpclass bg_order {
defaults from httpclass
pool pool_bg_order
redirect none
hosts "order.bg.aaa.com"
}
profile httpclass bg_pay {
defaults from httpclass
pool pool_bg_pay
redirect none
hosts "pay.bg.aaa.com"
}
profile httpclass bg_tr {
defaults from httpclass
pool pool_bg_tr
redirect none
hosts "tr.bg.aaa.com"
}
profile httpclass club {
defaults from httpclass
pool pool_club
redirect none
url rewrite none
hosts "club.aaa.com"
paths none
headers none
cookies none
}
profile httpclass exh {
defaults from httpclass
pool pool_exh
redirect none
url rewrite none
hosts "exh.aaa.com"
paths none
headers none
cookies none
}
profile httpclass image {
defaults from httpclass
pool pool_image1
redirect none
hosts "image1.aaa.com"
}
profile httpclass login {
defaults from httpclass
pool pool_login
redirect none
hosts "login.aaa.com"
}
profile httpclass member {
defaults from httpclass
pool pool_member
redirect none
hosts "member.aaa.com"
}
profile httpclass order {
defaults from httpclass
pool pool_order
redirect none
hosts "order.aaa.com"
}
profile httpclass pay {
defaults from httpclass
pool pool_pay
redirect none
hosts "pay.aaa.com"
}
profile httpclass search {
defaults from httpclass
pool pool_search
redirect none
hosts "search.aaa.com"
}
profile httpclass tr {
defaults from httpclass
pool pool_tr
redirect none
hosts "tr.aaa.com"
}
profile httpclass www {
defaults from httpclass
pool pool_www
redirect none
hosts "www.aaa.com"
}
pool pool_bg_cms {
monitor all tcp8180
members 192.168.8.121:8180 {}
}
pool pool_bg_erp {
monitor all tcp8080
members 192.168.8.121:webcache {}
}
pool pool_bg_exh {
monitor all tcp8280
members 192.168.8.121:8280 {}
}
pool pool_bg_goods {
monitor all tcp8380
members 192.168.8.121:cruise-update {}
}
pool pool_bg_log {
monitor all tcp8780
members 192.168.8.121:8780 {}
}
pool pool_bg_member {
monitor all tcp8480
members 192.168.8.121:8480 {}
}
pool pool_bg_order {
monitor all tcp8580
members 192.168.8.121:8580 {}
}
pool pool_bg_pay {
monitor all tcp9180
members 192.168.8.221:9180 {}
}
pool pool_bg_tr {
monitor all tcp8680
members 192.168.8.121:8680 {}
}
pool pool_club {
monitor all tcp8080
members {
192.168.8.131:webcache {}
192.168.8.132:webcache {}
192.168.8.133:webcache {}
192.168.8.134:webcache {}
}
}
pool pool_exh {
monitor all tcp8280
members {
192.168.8.131:8280 {}
192.168.8.132:8280 {}
192.168.8.133:8280 {}
192.168.8.134:8280 {}
}
}
pool pool_image1 {
monitor all http
members 192.168.8.161:http {}
}
pool pool_internet {
monitor all gateway_icmp
members 192.168.21.254:any {}
}
pool pool_login {
monitor all tcp8380
members {
192.168.8.131:cruise-update {}
192.168.8.132:cruise-update {}
192.168.8.133:cruise-update {}
192.168.8.134:cruise-update {}
}
}
pool pool_member {
monitor all tcp8480
members {
192.168.8.131:8480 {}
192.168.8.132:8480 {}
192.168.8.133:8480 {}
192.168.8.134:8480 {}
}
}
pool pool_order {
monitor all tcp8580
members {
192.168.8.131:8580 {}
192.168.8.132:8580 {}
192.168.8.133:8580 {}
192.168.8.134:8580 {}
}
}
pool pool_pay {
monitor all tcp9080
members 192.168.8.221:glrpc {}
}
pool pool_search {
monitor all tcp8680
members {
192.168.8.131:8680 {}
192.168.8.132:8680 {}
192.168.8.133:8680 {}
192.168.8.134:8680 {}
}
}
pool pool_tr {
monitor all tcp8780
members {
192.168.8.131:8780 {}
192.168.8.132:8780 {}
192.168.8.133:8780 {}
192.168.8.134:8780 {}
}
}
pool pool_www {
monitor all tcp8180
members {
192.168.8.131:8180 {}
192.168.8.132:8180 {}
192.168.8.133:8180 {}
192.168.8.134:8180 {}
}
}
virtual address any {
mask 0.0.0.0
}
virtual address 192.168.5.0 {
mask 255.255.255.0
}
virtual address 192.168.6.0 {
mask 255.255.255.0
}
virtual address 192.168.8.0 {
mask 255.255.255.0
}
virtual vs_bg {
destination 192.168.21.2:http
ip protocol tcp
httpclass {
bg_cms
bg_erp
bg_exh
bg_goods
bg_log
bg_member
bg_order
bg_tr
}
persist source_addr
profiles {
http {}
tcp {}
}
}
virtual vs_forward {
ip forward
destination 192.168.8.0:any
mask 255.255.255.0
}
virtual vs_forward1 {
ip forward
destination 192.168.6.0:any
mask 255.255.255.0
}
virtual vs_forward2 {
ip forward
destination 192.168.5.0:any
mask 255.255.255.0
}
virtual vs_main1 {
destination 192.168.21.1:http
ip protocol tcp
httpclass {
club
exh
login
member
order
search
tr
www
}
persist source_addr
profiles {
http {}
tcp {}
}
}
virtual vs_out {
snat automap
pool pool_internet
destination any:any
mask 0.0.0.0
}
virtual vs_pay {
destination 192.168.21.3:http
ip protocol tcp
httpclass {
bg_pay
image
pay
}
persist source_addr
profiles {
http {}
tcp {}
}
}