F5通過http class實現多域名分流進行服務器負載均衡

F5通過http class實現多域名分流進行服務器負載均衡

武漢通威電子有限公司

陳 波

2012-10-9

Technorati 標籤: f5,url,httpclass,loadbalance

一、環境和需求

#---------環境

電子商務平臺

BIGIP 1600 LTM 一臺，ASA5520 一臺

ISP公網ip 5個

IBM服務器刀片10幾個

主域名www.aaa.com,二級域名20個（tr.aaa.com/search.aaa.com/……）

#---------需求

由於公網ip有限，不能做到域名和公網ip的一對一綁定，需要通過f5來實現多域名的分流

所有用戶都通過域名（80端口）訪問業務，而後臺每個域名分別爲不同端口

每個域名代表一個業務組，後臺有多組服務器池對應不同域名

二、設計思路

# 第一步------------------------------------

把5個公網ip的功能進行規劃：

IP1=防火牆接口ip

IP2=防火牆預留映射ip，nat給f5的管理ip 443

IP3=業務集合bg

bg_cms.bg.aaa.com

bg_erp.bg.aaa.com

bg_exh.bg.aaa.com

bg_goods.bg.aaa.com

bg_log.bg.aaa.com

bg_member.bg.aaa.com

bg_order.bg.aaa.com

bg_tr.bg.aaa.com

IP4=業務集合main

club.aaa.com

exh.aaa.com

login.aaa.com

member.aaa.com

order.aaa.com

search.aaa.com

tr.aaa.com

www.aaa.com

IP5=業務集合pay

bg_pay.aaa.com

image.aaa.com

pay.aaa.com

# 第二步------------------------------

域名綁定到IP3的一個公網ip上

bg_cms.bg.aaa.com

bg_erp.bg.aaa.com

bg_exh.bg.aaa.com

bg_goods.bg.aaa.com

bg_log.bg.aaa.com

bg_member.bg.aaa.com

bg_order.bg.aaa.com

bg_tr.bg.aaa.com

其他域名類似

# 第三步------------------------------

防火牆做一對一端口映射

其中IP3、4、5映射到F5的3個vs ip 192.168.21.1~3

# 第四步------------------------------

F5上通過http class配置進行對數據包的url進行檢查域名來進行分流，到不同的server pool，並把80流量進行目的端口轉換到不同業務

三、流量邏輯圖

四、相關截圖

Vs_bg,vs_main1,vs_pay分別爲根據域名url判斷的三個分流應用組

Vs forward是內部三層交換

Vs out是服務器主動訪問

注：指定網段可以ip forwarding三層交換。

注：不管真實服務器是什麼端口，用戶都用80端口訪問

注：http class的配置，根據vs中接受到包頭的url進行判斷

注：在vs的resource裏面匹配http class

五、配置文件

profile httpclass httpclass {

pool none

redirect none

url rewrite none

asm disable

wa disable

hosts none

paths none

headers none

cookies none

}

profile httpclass bg_cms {

defaults from httpclass

pool pool_bg_cms

redirect none

hosts "cms.bg.aaa.com"

}

profile httpclass bg_erp {

defaults from httpclass

pool pool_bg_erp

redirect none

hosts "erp.bg.aaa.com"

}

profile httpclass bg_exh {

defaults from httpclass

pool pool_bg_exh

redirect none

hosts "exh.bg.aaa.com"

}

profile httpclass bg_goods {

defaults from httpclass

pool pool_bg_goods

redirect none

hosts "goods.bg.aaa.com"

}

profile httpclass bg_log {

defaults from httpclass

pool pool_bg_log

redirect none

hosts "logistics.bg.aaa.com"

}

profile httpclass bg_member {

defaults from httpclass

pool pool_bg_member

redirect none

hosts "member.bg.aaa.com"

}

profile httpclass bg_order {

defaults from httpclass

pool pool_bg_order

redirect none

hosts "order.bg.aaa.com"

}

profile httpclass bg_pay {

defaults from httpclass

pool pool_bg_pay

redirect none

hosts "pay.bg.aaa.com"

}

profile httpclass bg_tr {

defaults from httpclass

pool pool_bg_tr

redirect none

hosts "tr.bg.aaa.com"

}

profile httpclass club {

defaults from httpclass

pool pool_club

redirect none

url rewrite none

hosts "club.aaa.com"

paths none

headers none

cookies none

}

profile httpclass exh {

defaults from httpclass

pool pool_exh

redirect none

url rewrite none

hosts "exh.aaa.com"

paths none

headers none

cookies none

}

profile httpclass image {

defaults from httpclass

pool pool_image1

redirect none

hosts "image1.aaa.com"

}

profile httpclass login {

defaults from httpclass

pool pool_login

redirect none

hosts "login.aaa.com"

}

profile httpclass member {

defaults from httpclass

pool pool_member

redirect none

hosts "member.aaa.com"

}

profile httpclass order {

defaults from httpclass

pool pool_order

redirect none

hosts "order.aaa.com"

}

profile httpclass pay {

defaults from httpclass

pool pool_pay

redirect none

hosts "pay.aaa.com"

}

profile httpclass search {

defaults from httpclass

pool pool_search

redirect none

hosts "search.aaa.com"

}

profile httpclass tr {

defaults from httpclass

pool pool_tr

redirect none

hosts "tr.aaa.com"

}

profile httpclass www {

defaults from httpclass

pool pool_www

redirect none

hosts "www.aaa.com"

}

pool pool_bg_cms {

monitor all tcp8180

members 192.168.8.121:8180 {}

}

pool pool_bg_erp {

monitor all tcp8080

members 192.168.8.121:webcache {}

}

pool pool_bg_exh {

monitor all tcp8280

members 192.168.8.121:8280 {}

}

pool pool_bg_goods {

monitor all tcp8380

members 192.168.8.121:cruise-update {}

}

pool pool_bg_log {

monitor all tcp8780

members 192.168.8.121:8780 {}

}

pool pool_bg_member {

monitor all tcp8480

members 192.168.8.121:8480 {}

}

pool pool_bg_order {

monitor all tcp8580

members 192.168.8.121:8580 {}

}

pool pool_bg_pay {

monitor all tcp9180

members 192.168.8.221:9180 {}

}

pool pool_bg_tr {

monitor all tcp8680

members 192.168.8.121:8680 {}

}

pool pool_club {

monitor all tcp8080

members {

192.168.8.131:webcache {}

192.168.8.132:webcache {}

192.168.8.133:webcache {}

192.168.8.134:webcache {}

}

}

pool pool_exh {

monitor all tcp8280

members {

192.168.8.131:8280 {}

192.168.8.132:8280 {}

192.168.8.133:8280 {}

192.168.8.134:8280 {}

}

}

pool pool_image1 {

monitor all http

members 192.168.8.161:http {}

}

pool pool_internet {

monitor all gateway_icmp

members 192.168.21.254:any {}

}

pool pool_login {

monitor all tcp8380

members {

192.168.8.131:cruise-update {}

192.168.8.132:cruise-update {}

192.168.8.133:cruise-update {}

192.168.8.134:cruise-update {}

}

}

pool pool_member {

monitor all tcp8480

members {

192.168.8.131:8480 {}

192.168.8.132:8480 {}

192.168.8.133:8480 {}

192.168.8.134:8480 {}

}

}

pool pool_order {

monitor all tcp8580

members {

192.168.8.131:8580 {}

192.168.8.132:8580 {}

192.168.8.133:8580 {}

192.168.8.134:8580 {}

}

}

pool pool_pay {

monitor all tcp9080

members 192.168.8.221:glrpc {}

}

pool pool_search {

monitor all tcp8680

members {

192.168.8.131:8680 {}

192.168.8.132:8680 {}

192.168.8.133:8680 {}

192.168.8.134:8680 {}

}

}

pool pool_tr {

monitor all tcp8780

members {

192.168.8.131:8780 {}

192.168.8.132:8780 {}

192.168.8.133:8780 {}

192.168.8.134:8780 {}

}

}

pool pool_www {

monitor all tcp8180

members {

192.168.8.131:8180 {}

192.168.8.132:8180 {}

192.168.8.133:8180 {}

192.168.8.134:8180 {}

}

}

virtual address any {

mask 0.0.0.0

}

virtual address 192.168.5.0 {

mask 255.255.255.0

}

virtual address 192.168.6.0 {

mask 255.255.255.0

}

virtual address 192.168.8.0 {

mask 255.255.255.0

}

virtual vs_bg {

destination 192.168.21.2:http

ip protocol tcp

httpclass {

bg_cms

bg_erp

bg_exh

bg_goods

bg_log

bg_member

bg_order

bg_tr

}

persist source_addr

profiles {

http {}

tcp {}

}

}

virtual vs_forward {

ip forward

destination 192.168.8.0:any

mask 255.255.255.0

}

virtual vs_forward1 {

ip forward

destination 192.168.6.0:any

mask 255.255.255.0

}

virtual vs_forward2 {

ip forward

destination 192.168.5.0:any

mask 255.255.255.0

}

virtual vs_main1 {

destination 192.168.21.1:http

ip protocol tcp

httpclass {

club

exh

login

member

order

search

tr

www

}

persist source_addr

profiles {

http {}

tcp {}

}

}

virtual vs_out {

snat automap

pool pool_internet

destination any:any

mask 0.0.0.0

}

virtual vs_pay {

destination 192.168.21.3:http

ip protocol tcp

httpclass {

bg_pay

image

pay

}

persist source_addr

profiles {

http {}

tcp {}

}

}