radware鏈路負(fù)載均衡測試方案設(shè)計

實用標(biāo)準(zhǔn)文案高新區(qū)管委會鏈路負(fù)載測試實施方案radware精彩文檔實用標(biāo)準(zhǔn)文案目錄TOC\o"1-5"\h\z\o"CurrentDocument".用戶網(wǎng)絡(luò)背景 3\o"CurrentDocument"實施前的網(wǎng)絡(luò)拓?fù)?3\o"CurrentDocument".網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu) 4\o"CurrentDocument"改造后的網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu) 4\o"CurrentDocument"具體網(wǎng)絡(luò)規(guī)劃方案介紹 4\o"CurrentDocument"防火墻實現(xiàn)部分NAT轉(zhuǎn)換工作 4\o"CurrentDocument"防火墻不再實現(xiàn)目的地址轉(zhuǎn)換工作 5\o"CurrentDocument"IP地址規(guī)劃 5\o"CurrentDocument".實施過程 6配置接口地址 6\o"CurrentDocument"配置默認(rèn)路由 7\o"CurrentDocument"配置回指路由 7\o"CurrentDocument"地址轉(zhuǎn)換 7\o"CurrentDocument"DynamicNAT 7\o"CurrentDocument"StaticPAT 8DNS配置 錯誤!未定義書簽。配置Host表 錯誤!未定義書簽。DNS服務(wù)器修改 錯誤!未定義書簽。\o"CurrentDocument"就近性(Proixmity)配置 15\o"CurrentDocument"全局配置 15\o"CurrentDocument"靜態(tài)就近表配置 16靜態(tài)就近表配置 錯誤!未定義書簽。特殊配置 17特殊應(yīng)用會話老化時間 17\o"CurrentDocument"Cluster 19精彩文檔實用標(biāo)準(zhǔn)文案.用戶網(wǎng)絡(luò)背景高新區(qū)管委會目前已經(jīng)申請了四條ISP鏈路,分別為網(wǎng)通網(wǎng)通50M、網(wǎng)通100M、電信100M和電信教育網(wǎng)1G。主要業(yè)務(wù)分為三部分：?內(nèi)部工作人員的上網(wǎng)；?Internet用戶訪問內(nèi)部的網(wǎng)站、服務(wù)器。目前主要的問題是針對各個運(yùn)營商相互通信時，速度非常慢，所以準(zhǔn)備通過鏈路均衡器來解決。實現(xiàn)對內(nèi)部的服務(wù)器訪問的（Inbound）和內(nèi)部人員對外訪問流量（Outbound）的多鏈路負(fù)載均衡。用戶要求部署鏈路均衡設(shè)備后，從功能實現(xiàn)出/入站的就近性訪問；從實施上，除了配置鏈路負(fù)載均衡相關(guān)的配置之外，還需要修改防火墻網(wǎng)關(guān)地址、路由表、地址轉(zhuǎn)換信息和DNS服務(wù)器上域名解析。1.1.實施前的網(wǎng)絡(luò)拓?fù)銱K中心H1C■1.---uvruE田方;UK工聞姑HK中心H1C■1.---uvruE田方;UK工聞姑&辛與骨彳申布義及府用平Srr-H甘?寓M■n二??眸?。?*■JMjli-ME看Z-胃耳黃 ”用心郎卡巾 I.nwT?P事1如b， 守2KJ1 守■MtP￡工」Egg精彩文檔

實用標(biāo)準(zhǔn)文案2.網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)改造后的網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)采用標(biāo)準(zhǔn)的鏈路負(fù)載均衡方案設(shè)計，即為：LP設(shè)備部署在防火墻外面，直接連接ISP防火墻全部修改為私有IP地址，用LP負(fù)責(zé)將私有IP地址轉(zhuǎn)換成公網(wǎng)IP地址；防火墻的DMZ區(qū)跑路由模式，保證DMZ區(qū)服務(wù)器的正常訪問；LP利用SmartNAT技術(shù),分別在每鏈路上配置NAT地址;保證內(nèi)部員工的正常上網(wǎng)。具體網(wǎng)絡(luò)規(guī)劃方案介紹結(jié)合現(xiàn)有的網(wǎng)絡(luò)配置情況，和希望達(dá)到的測試的效果，提出兩個實施方案供選擇。防火墻實現(xiàn)部分NAT轉(zhuǎn)換工作1、LP設(shè)備部署在防火墻外面，直接連接ISP；2、防火墻全部修改為私有IP地址，用LP負(fù)責(zé)將私有IP地址轉(zhuǎn)換成公網(wǎng)IP地址；3、防火墻的DMZ區(qū)跑路由模式，保證DMZ區(qū)服務(wù)器的正常訪問；精彩文檔

實用標(biāo)準(zhǔn)文案4、現(xiàn)在防火墻負(fù)責(zé)所有的地址轉(zhuǎn)換工作，包括源地址轉(zhuǎn)換和目的地址轉(zhuǎn)換，如果把所有的地址轉(zhuǎn)換工作全部交給LP來做，實施起來比較復(fù)雜，并且客戶的公網(wǎng)地址不是很充裕,因此提出第一種測試方案，由防火墻實現(xiàn)源地址轉(zhuǎn)換，同時實現(xiàn)目的地址轉(zhuǎn)換，不過和原來不同的是，原來的目的地址轉(zhuǎn)換是將服務(wù)器的私有地址轉(zhuǎn)換成公網(wǎng)地址，現(xiàn)在的目的轉(zhuǎn)換是將服務(wù)器的私有地址轉(zhuǎn)換成和防火墻和LP互聯(lián)地址段內(nèi)的地址；5、LP利用SmartNAT技術(shù)，將所有私有IP地址轉(zhuǎn)換成可用的公網(wǎng)IP；6、修改內(nèi)部DNS服務(wù)器配置，將各個域名對應(yīng)的A記錄修改成服務(wù)器真是的私有地址，這樣內(nèi)部用戶訪問域名的時候是通過服務(wù)器的真實地址進(jìn)行訪問，外部用戶訪問域名時則是通過LP采用SmartNAT轉(zhuǎn)換后的公網(wǎng)地址進(jìn)行訪問，可以得到較快的訪問體驗。防火墻不再實現(xiàn)目的地址轉(zhuǎn)換工作.LP設(shè)備部署在防火墻外面，直接連接ISP；.防火墻全部修改為私有IP地址，用LP負(fù)責(zé)將私有IP地址轉(zhuǎn)換成公網(wǎng)IP地址；.防火墻的DMZ區(qū)跑路由模式，保證DMZ區(qū)服務(wù)器的正常訪問；.防火墻負(fù)責(zé)源地址轉(zhuǎn)換，而目的地址轉(zhuǎn)換工作交給LP來做，這種測試方案實施起來LP上面的配置稍有點(diǎn)復(fù)雜，實現(xiàn)的原理和第一種方案類似，不過在防火墻上面的改動要少一些；.LP利用SmartNAT技術(shù)，將所有私有IP地址轉(zhuǎn)換成可用的公網(wǎng)IP；.修改內(nèi)部DNS服務(wù)器配置，將各個域名對應(yīng)的A記錄修改成服務(wù)器真是的私有地址，這樣內(nèi)部用戶訪問域名的時候是通過服務(wù)器的真實地址進(jìn)行訪問，外部用戶訪問域名時則是通過LP采用SmartNAT轉(zhuǎn)換后的公網(wǎng)地址進(jìn)行訪問，可以得到較快的訪問體驗。2.3.IP地址規(guī)劃Radwarelinkproof公網(wǎng)IP地址規(guī)劃：原來公網(wǎng)ip分配給防火墻使用，現(xiàn)在添加了鏈路負(fù)載均衡設(shè)備，各運(yùn)營商線路將直接接到鏈路負(fù)載均衡上面，然后負(fù)載均衡和防火墻通過私網(wǎng)地址互聯(lián)。運(yùn)營商地址范圍：ISP網(wǎng)通50M：62/40ISP網(wǎng)通100M：/28ISP電信100M：2/40ISP教育網(wǎng)1G：/地址分配以盡可能少地改動內(nèi)網(wǎng)地址設(shè)置為原則。鏈路負(fù)載均衡鏈路負(fù)載均衡設(shè)備下接設(shè)備鏈路負(fù)載均衡鏈路負(fù)載均衡設(shè)備下接設(shè)備精彩文檔實用標(biāo)準(zhǔn)文案接口/類型IP設(shè)備接口/類型IPG1千兆電口62光電轉(zhuǎn)換器61網(wǎng)通50MG2千兆電口光電轉(zhuǎn)換器網(wǎng)通100MG3千兆電口2光電轉(zhuǎn)換器1電信100MG4千兆電口未用G5千兆電口未用G6千兆電口未用G7千兆電口未用G8千兆電口未用G9千兆電口未用G10千兆電口未用G11千兆電口未用G12千兆電口未用G13千兆光口教育網(wǎng)光纖教育1GG14千兆光口/24光纖/24防火墻G15千兆光口中國移動中國移動1GG16千兆光口 未用3.實施過程配置接口地址InterfaceParametersCreateIPAddressNetworkMask:日madea3tAddr:OneIp(RouterInterfaceOnly):IfNumber'FwdBroadcast:VMNTag:PeerAddress:0000G-1 ▼0.0,0.0Enable/ONEFILLT0Disable▼Set■Cancel精彩文檔

實用標(biāo)準(zhǔn)文案IF1：62/40網(wǎng)通50MIF2：/28 網(wǎng)通100MIF3：2/40 電信100M教育網(wǎng)1G內(nèi)接口地址，互聯(lián)防火墻IF4教育網(wǎng)1G內(nèi)接口地址，互聯(lián)防火墻IF5：/配置默認(rèn)路由現(xiàn)網(wǎng)有四條鏈路，要將每條鏈路的網(wǎng)關(guān)都進(jìn)行添加，具體如下:Lprouteadd61LprouteaddLprouteadd1Lprouteadd配置回指路由netroutetablecreate-i14netroutetablecreate-i14netroutetablecreate-i14TOC\o"1-5"\h\znetroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroute table create -i 14netroutetablecreate-i14netroutetablecreate055-i14netroutetablecreate-i14netroutetablecreate-i14地址轉(zhuǎn)換地址轉(zhuǎn)換主要包括內(nèi)部用戶上網(wǎng)和服務(wù)器被訪問兩部分，這兩部分在LP上面分別采用DynamicNAT和StaticPAT這兩種NAT來實現(xiàn)，把內(nèi)部用戶的IP地址和服務(wù)器的IP地址分別對應(yīng)每條ISP都轉(zhuǎn)換成相應(yīng)的公網(wǎng)IP地址。DynamicNATDynamicNAT是多對一的映射，并且改變用戶的源端口，而且是單向的，只能出，不能進(jìn)。LinkProof>SmartNAT>DynamicNATTable>Create精彩文檔

實用標(biāo)準(zhǔn)文案FileriR\iirpGlobalConfiguration?FarmsSetvers?rsServersBridgeCortent_BParametersHoLte-PServerIPDynamicNZitIr\RedundancyMode卜FlowManagement?iTIPLinkProufClients卜Dslete■CreateHealthMonitoringReportingSecuritybwmVirtiaIIFMappedPTabletmartNAI?NnNATT^hlfiClassesProximity?StaticNATTablePgifnrmancoDNSConfigurationBasicNAIFableSer/icesLoadBalancingAlgorithmsDyidiiiib TdbeDynamicNATTableCreateRoutersServersFirewallServersFromLocalIP:ToLocalIP:ServerIP:DynamicNATIP:61 ▼RedundancyMode:Regular,Set■CancelFromlocalIP：被轉(zhuǎn)換地址的起始地址；TolocalIP：被轉(zhuǎn)換地址的結(jié)束地址；ServerIP：對應(yīng)的ISP的網(wǎng)關(guān)；DynamicNATIP：轉(zhuǎn)換后的公網(wǎng)地址。lpsmartnatdynamic-natcreate55lpsmartnatdynamic-natcreate55lpsmartnatdynamic-natcreate5512lpsmartnatdynamic-natcreate556162StaticPATStaticPAT是從外到內(nèi)的一對多的映射，用來將同一公網(wǎng)IP的不同端口映射到不同的內(nèi)網(wǎng)服務(wù)器，而且是單向的，只能進(jìn)，不能出。LinkProof>SmartNAT>StaticPATTable>Create精彩文檔

實用標(biāo)準(zhǔn)文案StaticPATTableCreateReutersServersFirewallServersInternalIP: InternalPort:0Protocol:MJ- ServerIP:61 -ExternalIP: ExternalPort:0StaticPATMode:Regular▼ StaticPATName:defaultCancelInternalIP：被轉(zhuǎn)換的私有IP地址；InternalPort：被轉(zhuǎn)換的內(nèi)部應(yīng)用端口;Protocol：被轉(zhuǎn)換的端口使用的協(xié)議；ServerIP：對用ISP的網(wǎng)關(guān)；ExternalIP：轉(zhuǎn)換后的公網(wǎng)地址；ExternalPort：lpsmartnatstatic-natcreate0 000lpsmartnatstatic-patcreate088tcp616888-pnxinbgzdh88lpsmartnatstatic-patcreate380tcp617080-pn863gongsilpsmartnatstatic-patcreate321tcp617021-pn863ftplpsmartnatstatic-patcreate3110tcp6170110-pn863110lpsmartnatstatic-patcreate480tcp1480-pnerxinserver80lpsmartnatstatic-patcreate42000tcp142133-pnerxinserver2133lpsmartnatstatic-patcreate521tcp616421-pnftp164lpsmartnatstatic-patcreate322tcp616422-pnftpshujulpsmartnatstatic-patcreate180tcp1180-pn17dlpsmartnatstatic-patcreate180tcp616680-pnwangzhanqun精彩文檔

實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate280tcp0980-pngserver1_80lpsmartnatstatic-patcreate233445tc@0933445-pngserver1_33445lpsmartnatstatic-patcreate244405tc@0944405-pngserver1_44405lpsmartnatstatic-patcreate255991tc@0955991-pngserver1_55991lpsmartnatstatic-patcreate25993tcp0955993-pngserver155993lpsmartnatstatic-patcreate255904tc@0955904-pngserver1_55904lpsmartnatstatic-patcreate23389tcp095600-pngserver1_6000lpsmartnatstatic-patcreate255995tc@0955995-pngserver1_55995lpsmartnatstatic-patcreate233446tc@0933446-pngserver1_55902lpsmartnatstatic-patcreate255997tc@0955997-pngserver1_55997lpsmartnatstatic-patcreate3800tcp13800-pnmailgw800lpsmartnatstatic-patcreate322tcp1322-pnmailgw22lpsmartnatstatic-patcreate3443tcp13443-pnmailgw443lpsmartnatstatic-patcreate325tcp616925-pnmailsmtplpsmartnatstatic-patcreate3901tcp6169901-pnmailgw901lpsmartnatstatic-patcreate423tcp2523-pn863_2_23lpsmartnatstatic-patcreate80tcp616380-pnwebfwqlpsmartnatstatic-patcreate23tcp23-pnwebewlpsmartnatstatic-patcreate21tcp616321-pnftp163lpsmartnatstatic-patcreate53udp616353-pndns163lpsmartnatstatic-patcreate53tcp616353-pndnsf163lpsmartnatstatic-patcreate023tcp2023-pn863_3_23精彩文檔實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate123tcp1923lpsmartnatstatic-patcreate123tcp1923-pn863_4_23Ipsmartnatstatic-patcreate421tcp1421-pnerxins_21Ipsmartnatstatic-patcreate580tcp0880-pngame80lpsmartnatstatic-patcreate53389tcp085800-pngame6000lpsmartnatstatic-pat33445-pngame33445lpsmartnatstatic-pat44405-pngame44405lpsmartnatstatic-pat55902-pngame55902lpsmartnatstatic-pat55993-pngame55903lpsmartnatstatic-pat55904-pngame55904lpsmartnatstatic-pat55995-pngame55995lpsmartnatstatic-patcreate192.168.11.create192.168.11.create800-pngame6000lpsmartnatstatic-pat33445-pngame33445lpsmartnatstatic-pat44405-pngame44405lpsmartnatstatic-pat55902-pngame55902lpsmartnatstatic-pat55993-pngame55903lpsmartnatstatic-pat55904-pngame55904lpsmartnatstatic-pat55995-pngame55995lpsmartnatstatic-patcreate192.168.11.create192.168.11.create192.168.11.create192.168.11.create192.168.11.create192.168.11.create533445tcp218.28.3544405tcp218.28.3555902tcp218.28.3555993tcp218.28.3555904tcp218.28.3555995tcp218.28.3533446tcp08134.108134.108134.108134.108134.108134.10833446-pngame55997lpsmartnatstatic-patcreate880tcp0680-pnzzgxrc_slpsmartnatstatic-patcreate821tcp1021-pnftpslpsmartnatstatic-patcreate980tcp0780-pngames3lpsmartnatstatic-patcreate93389tcp076000-pngames3389lpsmartnatstatic-patcreate921tcp0721-pngames55997lpsmartnatstatic-pat44405-pngames44405lpsmartnatstatic-pat55901-pngames55901lpsmartnatstatic-pat55902-pngames55902lpsmartnatstatic-pat55903-pngames55903lpsmartnatstatic-pat55904-pngames55904lpsmartnatstatic-pat55995-pngames55995create192.168.11.create192.168.11.create192.168.11.lpsmartnatstatic-pat44405-pngames44405lpsmartnatstatic-pat55901-pngames55901lpsmartnatstatic-pat55902-pngames55902lpsmartnatstatic-pat55903-pngames55903lpsmartnatstatic-pat55904-pngames55904lpsmartnatstatic-pat55995-pngames55995create192.168.11.create192.168.11.create192.168.11.create192.168.11.create192.168.11.create944405tcp218.28.3955901tcp218.28.3955902tcp218.28.3955903tcp218.28.3955904tcp218.28.3955995tcp07134.107134.107134.107134.107134.107精彩文檔實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate933445tc00733445-pngames33445lpsmartnatstatic-patcreate80tcp616480-pnwww164lpsmartnatstatic-patcreate80tcp1780-pngczj80lpsmartnatstatic-patcreate86tcp616688-pnwangzhanjieklpsmartnatstatic-patcreate1521tcp61691521-pnshujuk1521lpsmartnatstatic-patcreate80tcp616980-pnmailwwwlpsmartnatstatic-patcreate110tcp6169110-pnmailpop3lpsmartnatstatic-patcreate22tcp616922-pnmailsshlpsmartnatstatic-patcreate280tcp616780-pnnews80lpsmartnatstatic-patcreate2800tcp6167800-pnnews800lpsmartnatstatic-patcreate2801tcp6167801-pnnews801lpsmartnatstatic-patcreate2802tcp6167802-pnnews802lpsmartnatstatic-patcreate23306tcp61673306-pnnews3306lpsmartnatstatic-patcreate19999tcp61679999-pnwebgislpsmartnatstatic-patcreate480tcp2580-pn863_2_80lpsmartnatstatic-patcreate45632udp255632-pn863_2_5632lpsmartnatstatic-patcreate45631tcp255631-pn863_2_5631lpsmartnatstatic-patcreate41521tcp251521-pn863_2_1521lpsmartnatstatic-patcreate43306tcp253306-pn863_2_3306lpsmartnatstatic-patcreate80tcp680-pnqiyexinx80lpsmartnatstatic-patcreate080tcp2080-pn863_3_80lpsmartnatstatic-patcreate05631tcp205631-pn863_3_5631精彩文檔實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate05632udp205632-pn863_3_5632lpsmartnatstatic-patcreate08080tcp208080-pn863_3_8080lpsmartnatstatic-patcreate180tcp1980-pn863_4_80lpsmartnatstatic-patcreate15631tcp195631-pn863_4_5631lpsmartnatstatic-patcreate15632udp195632-pn863_4_5632lpsmartnatstatic-patcreate13389udp196000-pn863_4_3389lpsmartnatstatic-patcreate280tcp1680-pn863_5_80lpsmartnatstatic-patcreate25631tcp165631-pn863_5_5631lpsmartnatstatic-patcreate25632udp165632-pn863_5_5632lpsmartnatstatic-patcreate223tcp1623-pn863_5_23lpsmartnatstatic-patcreate221tcp1621-pn863_5_21lpsmartnatstatic-patcreate288tcp1688-pn863_5_88lpsmartnatstatic-patcreate28000tcp168000-pn863_5_8000lpsmartnatstatic-patcreate28888tcp168888-pn863_5_8888lpsmartnatstatic-patcreate23389tcp163389-pn863_5_3389lpsmartnatstatic-patcreate380tcp1580-pn863_6_80lpsmartnatstatic-patcreate321tcp1521-pn863_6_21lpsmartnatstatic-patcreate35188tcp155188-pn863_6_5188lpsmartnatstatic-patcreate323tcp1523-pn863_6_23lpsmartnatstatic-patcreate33306tcp153306-pn863_6_3306lpsmartnatstatic-patcreate325tcp1525-pn863_6_25lpsmartnatstatic-patcreate3110tcp15110-pn863_6_110精彩文檔實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate823tcp1823-pnt128route23lpsmartnatstatic-patcreate32088tcp152088-pn863_6_2088lpsmartnatstatic-patcreate23tcp616323-pntelnet163lpsmartnatstatic-patcreate555991tc@0855991-pngame55901lpsmartnatstatic-patcreate443tcp17443-pngczj443lpsmartnatstatic-patcreate03306tcp203306-pn863_3_3306lpsmartnatstatic-patcreate80tcp2280-pnsuncjs80lpsmartnatstatic-patcreate5361tcp225361-pnjsps5361lpsmartnatstatic-patcreate5362udp225362-pnjsps5362lpsmartnatstatic-patcreate21tcp2221-pnjsps21lpsmartnatstatic-patcreate8080tcp228080-pnjsps8080lpsmartnatstatic-patcreate25tcp2225-pnjsps25lpsmartnatstatic-patcreate23tcp2223-pnjsps23lpsmartnatstatic-patcreate8tcp228-pnjspst8lpsmartnatstatic-patcreate8udp228-pnjspsu8lpsmartnatstatic-patcreate80tcp2180-pnzxtwlpsmartnatstatic-patcreate21tcp2121-pnzxpt21lpsmartnatstatic-patcreate800tcp21800-pnzxpt23lpsmartnatstatic-patcreate3389tcp213389-pnzxpt3389lpsmartnatstatic-patcreate38080tcp61708080-pn863luntanlpsmartnatstatic-patcreate37001tcp61707001-pn8637001lpsmartnatstatic-patcreate35863tcp61705863-pn8635631精彩文檔實用標(biāo)準(zhǔn)文案lpsmartnatstatic-patcreate35863udp61705863-pn8635863lpsmartnatstatic-patcreate35631tcp61705631-pn863_5631lpsmartnatstatic-patcreate35632udp61705632-pn863_5632lpsmartnatstatic-patcreate325tcp617025-pn86325lpsmartnatstatic-patcreate25tcp616525-pnsmtp_165lpsmartnatstatic-patcreate110tcp616510-pnpop3_165lpsmartnatstatic-patcreate21tcp616521-pnftp_165lpsmartnatstatic-patcreate80tcp616580-pnmailzzgxcomlpsmartnatstatic-patcreate021tcp0021-pnnewoa21lpsmartnatstatic-patcreate080tcp616880-pnxinbgzdhlpsmartnatstatic-patcreate03389tcp61683389-pnnewoalpsmartnatstatic-patcreate32188tcp152188-pn863_6_2188lpsmartnatstatic-patcreate28080tcp168080-pn863_5_8080lpsmartnatstatic-patcreate1723tcp1723-pnvpn_1723lp smartnat static-nat create 0 0 00lp smartnat static-natcreate 1717就近性(Proixmity)配置就近性(Proiximity)，可以為用戶帶來更好的網(wǎng)絡(luò)訪問服務(wù)。內(nèi)網(wǎng)用戶訪問Internet，LP可以檢測到目的地最快的鏈路；外網(wǎng)用戶訪問內(nèi)網(wǎng)服務(wù)器，LP可以解析最佳鏈路上的公網(wǎng)IP給用戶。全局配置首先我們需要全局開啟Proximity，默認(rèn)是NoProximity。如果只使用靜態(tài)態(tài)表，則選擇StaticProximity；如果只使用出向流量，則選擇FullProximityOutbound；只使用入向，則選擇FullProximityInbound；如果同時使用雙向，動態(tài)和靜態(tài)同時使用，則選擇FullProximityBoth，一般情況都選擇這個。精彩文檔

實用標(biāo)準(zhǔn)文案LinkProof>Proximity>ProximityParameter>GeneralFileDeviceBridgeGlobalConfiguration >Farms *Senders >-GeneralFullProximityBethVConlentLBParameters卜Router000.flFIdwManagemen1 〉LinkPraofHealthMonitoringReportingSecurityBWMClassesOOQ.O_lcirc ?1440lieP /sidepra??irnityenable;MappedIPTable265.256.2+BU-ir^itkAT 卜Proiirniti1 +ProiimityParameters?GgneralPerformanceL.\irT(|u-a:icr ?■ i i - ui ■■i l.StaticProximityProximityChecksPr&xilmityParamet&r5-GeneralrProximityMods:FullProximityB&thnVL—JMainDNS.BackupDNS:oaooo.a.o.oProximityAgingPe-ritwi(min):1440rUseroutermode-d&aisionainsideproximity:enablevFProximitySubnetMask:LJProximityMode:FullProximityBothProximityProximityAgingPeriod(min):1440〃這里配置為1天,默認(rèn)為2880分鐘,2天。ProximitySubnetMask:255,255.248.0//就近表條目網(wǎng)絡(luò)地址的最小單位ProximitySubnetMask:255,255.248.0//就近表條目網(wǎng)絡(luò)地址的最小單位靜態(tài)就近表配置有時候，在鏈路穩(wěn)定的情況下，我們更多地希望使用靜態(tài)的就近表，即訪問電信的IP只從電信的鏈路出去訪問；訪問網(wǎng)通的網(wǎng)站只從網(wǎng)通鏈路出去。這時，我們可以設(shè)置靜態(tài)就近表。如果靜態(tài)就近表的內(nèi)容查到，則按靜態(tài)表的規(guī)則去訪問。如果沒查到，如果配置的是FullProximity,LP則發(fā)起動態(tài)就近性檢查；如果配置的是StaticProximity,則LP就做負(fù)載均衡，沒有就近性。LinkProof>Proximity>StaticProximity精彩文檔

實用標(biāo)準(zhǔn)文案特殊配置特殊應(yīng)用會話老化時間常用的一些特殊應(yīng)用端口，比如游戲端口，QQ,MSN等特殊應(yīng)用，它們的會話表老化時間會比一般應(yīng)用的要長許多，如果把這類應(yīng)用的會話表按常規(guī)處理，可能會帶來訪問的問題。比如某個游戲一開始使用電信IP訪問，會話表老化后，由于負(fù)載均衡的策略，這個會話轉(zhuǎn)而使用網(wǎng)通的IP去訪問，遠(yuǎn)端服務(wù)器有可能對用戶的IP進(jìn)行驗證，從而造成訪問的問題。這時候我們需要將這類應(yīng)用的會話表老化時間調(diào)長。如果直接將所有會話表的時間都調(diào)長,則會造成會話表過大，影響性能和負(fù)載均衡的效果。相反，對R)NS類的應(yīng)用，我們可以將其調(diào)整得短一些。LinkProof>GlobalConfiguration>AgingByApplicationPort精彩文檔

實用標(biāo)準(zhǔn)文案FileDeviceBridgeRouterLinkProofHealthMonitoringReoortindGlobalConfigurationGeneralFarms?ClientTable?General實用標(biāo)準(zhǔn)文案FileDeviceBridgeRouterLinkProofHealthMonitoringReoortindGlobalConfigurationGeneralFarms?ClientTable?GeneralServers卜DelayedBindAgingByApplicationPortContentLBParameters?Tweaks□FlowManagement?RulesTableClients?AliasPortsVirtualIP?PortLBStatus命令行配置如下：LP-Master#Ipgloballpglobalclient-tableapplication-aging-timecreate1863-at1080lpglobalclient-tableapplication-aging-timecreate4000-at1080lpglobalclient-tableapplication-aging-timecreate8000-at1080lpglobalclient-tableapplication-aging-timecreate443-at600lpglobalclient-tableapplication-aging-timecreate7000-at600lpglobalclient-tableapplication-aging-timecreate5555-at600lpglobalclient-tableapplication-aging-timecreate7001-at600lpglobalclient-tableapplication-aging-timecreate2000-at600lpglobalclient-tableapplication-aging-timecreate7210-at600lpglobalclient-tableapplication-aging-timecreate7209-at600lpglobalclient-tableapplication-aging-timecreate7208-at600lpglobalclient-tableapplication-aging-timecreate7207-at600lpglobalclient-tableapplication-aging-timecreate7206-at600lpglobalclient-tableapplication-aging-timecreate7205-at600lpglobalclient-tableapplication-aging-timecreate7204-at600l