ANTON
|
2009-06-24 15:27:25, Á¶È¸ : 289, Ãßõ : 36 |
Alteon Switch 180e ¿î¿µÀÚ ¸Å´º¾ó
¸ñ Â÷
1. Alteon Web Switch ¼Ò°³
2. Server Load Balancing
3. High Availability Requirements
4. Policed-Based Traffic Redirection
5. Trouble Shooting
1. Alteon Web Switch ¼Ò°³
1.1 Á¾ÇÕÀûÀÎ Traffic°ü¸® ¼ºñ½º
• Local Server Load Balancing
»·ÎÄü¹ö·Î À¯ÀúµéÀÇ ¿ä±¸¸¦ ¹èºÐÇÔÀ¸·Î½á ¾ÖÇø®ÄÉÀ̼ÇÀÇ ¼öÇà´É·Â, À¯¿ë¼º, È®À强À» Çâ»ó½ÃÅ´.
• Global Server Load Balancing
»Áö¿ªÀûÀ¸·Î ºÐÆ÷µÈ ¼¹ö·Î À¯ÀúµéÀÇ ¿ä±¸¸¦ ¹èºÐÇÔÀ¸·Î½á ¾ÖÇø®ÄÉÀ̼ÇÀÇ ¼öÇà´É·Â, À¯¿ë¼º ¹× È®À强À» Çâ»ó½ÃÅ´.
• Policy-based Traffic Redirection
»º¸¾ÈÀÇ Á¦°í¿Í trafficÀ» °ü¸®Çϱâ À§ÇØ Æ÷Æ®º°·Î Á¢±ÙÀ» Á¦¾îÇÏ°í, trafficÀ» RedirectionÇÔ.
»Çâ»óµÈ ¼öÇà´É·Â°ú À¯¿ë¼ºÀ» À§ÇØ Ä³½¬, ÈÀ̾î¿ù ¹× ±âº»°ªÀÇ °ÔÀÌÆ®¿þÀ̸¦ Æ÷ÇÔÇÑ ÁÖº¯ÀåÄ¡ÀÇ ·Îµå¹ë·±½ÌÀ» °¡´ÉÇÏ°Ô ÇÔ.»Â÷º°ÈµÈ ¼ºñ½º¿Í QoS¸¦ °¡´ÉÇÏ°Ô ÇÔ.
• High Availability Configurations
»No single-point-of-failure at system level
• Server Security Protection
»ÇØÄ¿ÀÇ °ø°ÝÀ¸·ÎºÎÅÍ ¼¹ö¸¦ º¸È£
2. Server Load balancing
2.1 Server Load Balancing
•¡°°¡»ó¼¹ö¡±´Â ¸®¾ó¼¹öµéÀÌ ÀÏ¹Ý ¾ÖÇø®ÄÉÀ̼ǰú ÄÁÅÙÃ÷ÀÇ Á¢±ÙÀ» Áö¿øÇϵµ·Ï º¹ÇÕÀûÀ¸·Î À§Ä¡ÇÏ°Ô ÇÔ.
•Virtual Server IP address (VIP)»À¥½ºÀ§Ä¡¸¦ ±¸¼ºÇÏ°í DNS¸¦ ÅëÇØ °øÁöÇÔ.
»¸®¾ó¼¹ö´Â VIPµéÀ» º¹ÇÕÀûÀ¸·Î ±¸¼º, eg: shared hosting
»¸®¾ó¼¹ö´Â VIP ¶Ç´Â real IP address¸¦ ÅëÇØ Á¢±ÙµÊ.
•L3 switching and session address translation provides topology independence
»¸®¾ó¼¹ö´Â ¾îµð¿¡µç À§Ä¡ÇÒ ¼ö ÀÖÀ½.
»¸®¾ó¼¹ö´Â private IP addresses¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖÀ½.
•Load balancing process:
»½ºÀ§Ä¡´Â »õ·Î¿î ¼¼¼Ç¸®Äù½ºÆ®¸¦ ¹ÞÀº °¡Àå À¯¿ëÇÑ ¸®¾ó¼¹ö¸¦ ¼±ÅÃÇÑ´Ù.
»µ¿ÀÏÇÑ ¼¼¼Ç»óÀÇ ÆÐŶµéÀº ¼¼¼ÇÀÌ ³¡³¯ ¶§±îÁö °°Àº ¼¹ö·Î º¸³»Áø´Ù.
»Session addressÀÇ º¯È¯Àº ¸ðµç ÆÐŶ¿¡¼ ½ÇÇàµÈ´Ù.
•À¯¿¬ÇÑ ¼¹ö¸ð´ÏÅ͸µÀº ¼ºñ½ºÀÇ À¯¿ë¼ºÀ» È®°íÈ÷ ÇØÁÜ.
»Layers 2/3/4 »óÅ ȮÀÎ
»È®ÀåµÈ ÄÁÅÙÃ÷ÀÇ Á¢±ÙÀº HTTP, HTTPS, FTP, NNTP, SMTP, POP3, IMAP, DNS, RadiusµîÀ» ýũ.
»¹é¿£µå±îÁö ¿ÏÀüÇÑ °æ·Î ÀÔÁõ.»¿ÜºÎ, °´Ã¼ ¼¹ö¸ð´ÏÅ͸µ ½Ã½ºÅÛÀº ¼ºñ½ºÀÇ ½Å·ÚÇÒ ¼ö ¾ø´Â ¼¹öµéÀ» Á¦°ÅÇÑ´Ù.
»WebOS API¸¦ ÅëÇÑ ½Ã±×³Î ½ºÀ§Ä¡
•Increasing availability»¸¸¾à ¿ÏÀüÇÑ ¼¹ö±×·ìÀÌ ½ÇÆÐÇÑ °æ¿ì¿¡´Â, ¸í½ÃµÈ ¹é¾÷¼¹öµéÀ» ±¸¼ºÇÒ ¼ö ÀÖ´Ù.
»ÃÖ´ë ¿¬°áÀÇ ¹ß´Ü°ú ¸í½ÃµÈ ¿À¹öÇÃ·Î¿ì ¼¹öµéÀº ¼¹ö ¿À¹ö·Îµå¸¦ º¸È£ÇÑ´Ù.
•Performance optimized methods»Round-robin
»LeastConn: ÃÖ¼Ò °³¹æµÈ ¼¼¼ÇµéÀ» °¡Áø ¼¹ö´Â ´ÙÀ½ ¼¼¼ÇÀ» ÃëÇÑ´Ù.
»ºÎÇÏ´Â À§ÀÇ ±ÔÄ¢µé°ú ¿¬°üµÇ¾î ¼¹öº°·Î ÇÒ´çµÈ´Ù.
»ÀÓÀÇÀÇ URL±â¹Ý ·Îµå¹ë·±½ÌÀº ¼¹öÀÇ ¼º´ÉÀ» ÃÖÀûÈ ÇÑ´Ù.
•Persistence optimized methods based on:»Source IP address in combination with configurable inactivity timer
»Cookie
»SSL session ID
»Source ¶Ç´Â destination IP address(es)¿¡ ±â¹ÝÇÑ Hashing
•Dynamically programmable load balancing»¼¹ö¿¡ÀÌÀüÆ®¿Í ¸ð´ÏÅ͸µ½Ã½ºÅÛ°ú °°Àº ¿ÜºÎ ÁÖº¯ÀåÄ¡µéÀº WebOS API¸¦ ÅëÇÑ ½ºÀ§Ä¡ Æ®·¡ÇÈ ºÐ¹è¸¦ ´Ù¾çÇÏ°Ô ÇØÁØ´Ù.
••URL load balancingÀº Ưº°ÇÑ ÄÁÅÙÃ÷ŸÀÔÀ» ÃÖÀûÈÇÏ´Â ¼¹ö¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.
•Sub-string match on URL directs HTTP requests to designated server farm
»Load balancing ¾Ë°í¸®Áò ±¸¼ºÀ» ÀÌ¿ëÇϰųª,
»URL HashingÀº µ¿ÀÏÇÑ URL·ÎÀÇ ¿ä±¸¸¦ °°Àº ¼¹ö·Î º¸³», ¼¹ö ¸Þ¸ð¸®Ä³½ÌÀÇ ÀåÁ¡À» ¾òÀ» ¼ö ÀÖ°Ô ÇÔ.
•Session ID assigned by server to each unique client during SSL handshake
»°¡Àå ÀûÀýÇÑ HTTPS ·Îµå¹ë·±½Ì ¼ö´Ü.»¡°IP address changed by proxy¡± ¹®Á¦¸¦ ÇØ°á
•SSL session ID to server mapping cached by switch»»õ·Î¿î ¼¹ö´Â »õ·Î¿î ¼¼¼Ç ID¸¦ ¼±ÅÃÇÔ.; µ¿ÀÏÇÑ ID¿ÍÀÇ ¿¬¼ÓµÈ ¿¬°áÀº µ¿ÀÏÇÑ ¼¹ö¿¡ ³õÀÌ°Ô ÇÔ.
•Enhances overall response for end users»encryption key¸¦ Á¦°ÅÇÏ¿©, Ŭ¶óÀ̾ðÆ®°¡ HTTPS¼ºñ½º·Î ¹Ýº¹ÀûÀ¸·Î Á¢±ÙÇÒ ¶§ ¿À¹öÇìµå¸¦ ¹Ù²Ù¾î ÁÜ.
•¼¹öÀÀ´ä¿¡ ÀÖ¾î¼, ½ºÀ§Ä¡´Â »õ·Î¿î ¼¼¼ÇÀ¸·Î ÇÒ´çµÈ cookie¸¦ ¸ð´ÏÅÍÇÑ´Ù.
»Cookie´Â »ç½Ç»ó Ŭ¶óÀ̾ðÆ® °¢°¢À̳ª Ŭ¶óÀ̾ðÆ®±ºÀ» µ¿ÀϽà ÇÑ´Ù.
»¡°IP address changed by proxy¡±¹®Á¦¸¦ ÇØ°á.
•ClientÀÇ ¸®Äù½ºÆ®¿¡ ÀÖ¾î¼, ½ºÀ§Ä¡´Â ÄíÅ°ÀÇ Çì´õ¸¦ Á¶»çÇÏ°í ÄíÅ°stringÀ» Hashing.
»µ¿ÀÏÇÑ ÄíÅ°¼±»óÀÇ Å¬¶óÀ̾ðÆ® ¿ä±¸´Â µ¿ÀÏÇÑ ¸®¾ó¼¹ö·Î º¸³¿.
»Â÷º°ÈµÈ ¼ºñ½º¸¦ °¡´ÉÇÏ°Ô ÇÔ.
3. High Availability Requirement
•Redundant Web switch configurations»½ºÀ§Ä¡ ´Ù¿î¿¡ ´ëÇÑ È¸º¹.»Active-active redundancy´Â ÃÖ´ë À¯¿ëÇÑ º¸È£±â´ÉÀ» Á¦°ø.»active sessionÀÌ Á¤ÁöµÇ´Â °ÍÀ» ÃÖ¼ÒÈ
»Á¤»óÀûÀÎ ÀÛµ¿À» ±Ø´ëÈ»¼Ò½ºÀÇ À¯¿¬ÇÑ ÀÌ¿ë.»In-band keep-alives for simplicity
»No messy RS232 links
•Full-meshed topology support»Çãºê ¶Ç´Â L2 ½ºÀ§Ä¡ÀÇ Ãß°¡»ç¿ë ºÒÇÊ¿ä»Enables system topology with NO single-point-of-failures
4. Policed-Based Traffic Redirection
•Transparently redirect traffic regardless of specified destinations
»Policiy´Â L2/3/4¿Í ÄíÅ°ÀÇ Æ¯¼º¿¡ ±â¹Ý.
»Actions: permit, deny, redirect
»¼±ÅÃÀûÀÎ source/destination IP addressÀÇ ´ëü
»Policies applicable per port dynamically
•Load balancing if redirecting to a ¡°device¡± group
»Configurable load balancing algorithms
»ÁÖº¯ÀåÄ¡´Â server health checks¸¦ ¸ð´ÏÅ͸µ.
•Benefits:
»Flexible, high performance traffic engineering
»Offloads policy routing from servers
»Performance scaling for transparent devices
4.1 Web Cache Redirection
•Types of Caches»Proxies
»ºê¶ó¿ìÀúÀÇ ±¸¼ºÀÌ ÇÊ¿ä.
»Reverse proxies -
»Ä³½¬´Â origin¼¹öÀÇ ¾Õ´Ü¿¡ ³õ¿© ÄÁÅÙÃ÷ÀÇ À̵¿À» ÃËÁø.
»No browser configuration (DNS points to it)
»Transparent proxies
»No browser configuration
»µ¥ÀÌŸ°æ·Î ¶Ç´Â ¶ó¿ìÅÍ»óÀÇ Ä³½¬´Â policy routingÀ» ÅëÇØ ¸ðµç ¸®Äù½ºÆ®¸¦ Àü´Þ.
»Cache can be single point of failure
•Caching infrastructure needs
»Ä³½¬¼º´ÉÀÇ È®ÀåÀÌ ¿ëÀÌ.
»Availability
»Performance
»ºê¶ó¿ìÀú °ü¸®¸¦ ÃÖ¼ÒÈ
•High performance, resilient transparent caching
»½ºÀ§Ä¡´Â ȸ¼±¼Óµµ¿¡¼ ij½¬µÈ º¯È¯ ¸®Äù½ºÆ®¸¦ Redirecting.
»Offloads policy¸¦ ¶ó¿ìÅÍ·Î ºÎÅÍ ¶ó¿ìÆÃ.
•Cache load balancing for scalability »Cache hit¸¦ ÃÖ´ëÈ Çϱâ À§ÇØ destination IP address¸¦ hashing.
»cache hit¸¦ ´õ¿í ÃÖ´ëÈ Çϱâ À§ÇØ URLÀ» ¼±ÅÃÀûÀ¸·Î hashing.
•Maximizes availability
»Cache and content health checks
»MaxConn prevents cache overload
»Ä³½¬°¡ ºÒ°¡´ÉÇÒ °æ¿ì, origrin¼¹ö·Î ¹Ù·Î º¸³¿.
•Advanced optimization
»Ä³½¬°¡ ºÒ°¡´ÉÇÑ »çÀÌÆ®¸¦ À§ÇØ ¸®Äù½ºÆ®¸¦ bypass.
»URL¿¡ ±Ù°ÅÇÑ ¼±ÅÃÀûÀÎ Redirection
»Cache bypass for non-cacheable objects and non-GET requests; optimizing cache performance
Firewall Load Balancing Benefits
•Performance Scalability»256°³ÀÇ ÈÀ̾î¿ù±îÁö ·Îµå¹ë·±½Ì
»Redundant firewalls actively bear load
•Availability
»Firewall healthchecks
»Active-active redundant switches
•Transparency
»ÈÀ̾î¿ù¿¡ º°µµ·Î ¿ä±¸µÇ´Â ¼ÒÇÁÆ®¿þ¾î ¾øÀ½.
•Platform independence
»NT, Solaris, UNIX or firewall appliances
»Routing or transparent firewalls, NAT firewalls
•Integrated solutions»°°Àº ½ºÀ§Ä¡µéÀº À¥¼¹ö¸¦ ·Îµå¹è·±½Ì °¡´É.
»°°Àº ½ºÀ§Ä¡µéÀº ÈÀ̾î¿ù·Î ºÎÅÍ ÆÐŶÀ» ÇÊÅ͸µ.
•Session Classification
»Áý´ÜÀÇ ÈÀ̾î¿ùÀ» À§ÇÑ ¼¼¼ÇÀÇ »óŸ¦ À¯Áö.»¼·Î ´Ù¸¥ ¾ÖÇø®ÄÉÀÌ¼Ç ÈÀ̾î¿ù¿¡ °¢°¢ ´Ù¸¥ ¾ÖÇø®ÄÉÀ̼ÇÀ» Àû¿ë.
•Transparent Redirection
»¿ÏÀüÄ¡ ¸øÇÑ ÆÐŶÀ» ¾ÈÁ¤ÀûÀÎ ÂÊÀ¸·Î directing.»ÈÀ̾î¿ùÀº original source¿Í destination Ips¸¦ Æ÷ÇÔÇÑ ¿ÏÀüÇÑ ÆÐŶÀÌ ÇÊ¿ä.
•Firewall health checking
»°¢ ÈÀ̾î¿ùÀ» ÅëÇÑ ¿ÏÀüÇÑ °æ·Î¸¦ check.»Enable stateful failover for firewalls with shadowed session tables
»Prevents Denial of Service (DoS) without blocking legitimate traffic»½ºÀ§Ä¡¿¡¼ µé¾î¿À´Â ¸ðµç ¿¬°áÀ» Á¾°á.»¿ÏÀüÇÑ connection¸¸ÀÌ Åë°ú.»Thwarts SYN attacks without blocking legitimate requests
»Network addressÀÇ º¯È¯.
»High speed access list filtering
»4 Levels of adminstrators with authenticatio
Configuration ¹æ¹ý
1-1 ±Û·Î¹ú Ä¿¸àµå
Global Commands: [¸ðµç ¸Þ´º¿¡¼ »ç¿ë°¡´É]
help up print pwd
lines verbose exit quit
diff apply save revert
ping traceroute history pushd
popd
´ÙÀ½ÀÇ ¸í·É¾î·Î ¸Þ´º°£ÀÇ À̵¿À» ÇÑ´Ù:
. ÇöÀç ¸Þ´º º¸±â
.. »óÀ§ ¸Þ´º·Î À̵¿
/ ÃÖ»óÀ§ ¸Þ´º·Î À̵¿, ¶Ç´Â ¸í·É¾î ºÐ¸®ÀÚ·Î ÀÌ¿ë
! È÷½ºÅ丮¸¦ ÀÌ¿ëÇÑ ¸í·É¾î ¼±ÅÃ
¸í·É¾î¿¡ ´ëÇÑ µµ¿ò¸»Àº ? <command> Çü½ÄÀ¸·Î ÀÔ·ÂÇÑ´Ù.
1-2 ·ÎÄà Ŀ¸àµå
[¸ÞÀÎ ¸Þ´º]
info - Information Menu
stats - Statistics Menu
cfg - Configuration Menu
oper - Operations Command Menu
boot - Boot Options Menu
maint - Maintenance Menu
diff - Show pending config changes [global command]
apply - Apply pending config changes [global command]
save - Save updated config to FLASH [global command]
revert - Revert pending or applied changes [global command]
exit - Exit [global command, always available]
- °¢ ¸Þ´º¿¡¼¸¸ »ç¿ë °¡´ÉÇÑ ¸í·É¾î
2. ½Ã½ºÅÛ ±âº» ¼³Á¤ »çÇ× I2-1 ¸Þ´º : /cfg/sys
[System Menu]
radius - RADIUS Authentication Menu
ntp - NTP Server Menu
date - Set system date ÀÏÀÚ ¼³Á¤
time - Set system time ½Ã°£ ¼³Á¤
idle - Set timeout for idle CLI sessions CLI ¸ðµå ½Ã°£ ¼³Á¤
snmp - Set SNMP access control
wport - Set Web server port number À¥ UI»ç¿ë ½Ã Æ÷Æ®
bannr - Set login banner
mnet - Set management network
mmask - Set management netmask
smtp - Set SMTP host
tnet - Enable/disable Telnet access ÅÚ³Ý Çã¿ë ¿É¼Ç
bootp - Enable/disable use of BOOTP bootp Çã¿ë ¿É¼Ç
http - Enable/disable HTTP (Web) access À¥ UI Çã¿ë ¿É¼Ç
user - User Access Control Menu (passwords)
cur - Display current system-wide parameters ÇöÀç ¼³Á¤ »çÇ×À» º¸¿©ÁØ´Ù
3. ½Ã½ºÅÛ ±âº» ¼³Á¤ »çÇ× II@ ¸Þ´º : /cfg/ip
[IP Menu]
if - Interface Menu ½ºÀ§Ä¡IP ¼³Á¤ ¸Þ´º, 254°³ ±îÁö Áö¿ø
gw - Default Gateway Menu ½ºÀ§Ä¡ÀÇ °ÔÀÌÆ®¿þÀÌ ¼³Á¤, 4
°³ ±îÁö Áö¿ø
route - Static Route Menu Á¤Àû ¶ó¿ìÆà ¼³Á¤ ¸Þ´º
frwd - Forwarding Menu VLAN ¼³Á¤ ½Ã IP Æ÷¿öµùÀ»
À§ÇÑ ¸Þ´º
rip1 - Routing Information Protocol menu
bgp - Border Gateway Protocol menu
port - IP Port Menu
dns - Domain Name System Menu
log - Set IP address of syslog host
log2 - Set IP address of second syslog host
logfac - Set facility of syslog host
log2fac - Set facility of second syslog host
rearp - Set re-ARP period in minutes
metrc - Set default gateway metric : °ÔÀÌÆ® ¿þÀÌ ·Îµå ¹ß¶õ½Ì
Á¤Ã¥ ¼³Á¤
1) strict : 1¹ø °ÔÀÌÆ®¿þÀ̸¦ ±âº»ÀûÀ¸·Î »ç¿ëÇÏ°í, 1¹øÀÌ ºÒ°¡ÇÑ °æ¿ì
2¹ø »ç¿ë
2) roundrobin : ¼³Á¤ µÈ °ÔÀÌÆ® ¿þÀ̸¦ ¼øÂ÷ÀûÀ¸·Î »ç¿ë
cur - Display current IP configuration
3-1 ½ºÀ§Ä¡ IP ¼³Á¤
>> IP# if 1(ÀÎÅÍÆäÀ̽º ¹øÈ£)
addr - Set IP address IP ¼³Á¤ ¸í·É¾î
mask - Set subnet mask ( NetMask ¼³Á¤ ¸í·É¾î
broad - Set broadcast address ( ºê·ÎµåÄɽºÆ® ¼³Á¤ ¸í·É¾î
vlan - Set VLAN number
ena - Enable IP interface ( ÀÎÅÍÆäÀ̽º È°¼ºÈ ¸í·É¾î
dis - Disable IP interface
del - Delete IP interface
cur - Display current interface configuration
>> IP Interface 1#addr 10.10.10.1/mask 255.255.255.0/br
10.10.10.255/ena
3-2 ½ºÀ§Ä¡ °ÔÀÌÆ® ¿þÀÌ ¼³Á¤
@ °ÔÀÌÆ® ¿þÀÌÀÇ ·Îµå¹ß¶õ½Ì Á¤Ã¥Àº strict/roundrobinÁ¤Ã¥ÀÌ ÀÖ´Ù.
>> IP# gw 1(°ÔÀÌÆ® ¿þÀÌ ¹øÈ£)
addr - Set IP address ( IP ¼³Á¤ ¸í·É¾î
intr - Set interval between ping attempts
retry - Set number of failed attempts to declare gateway DOWN
arp - Enable/disable ARP only health checks
ena - Enable default gateway ( ÀÎÅÍÆäÀ̽º È°¼ºÈ ¸í·É¾î
dis - Disable default gateway
del - Delete default gateway
cur - Display current default gateway configuration
>> Default gateway 1#addr 10.10.10.254/ena
3-3 ¶ó¿ìÆà Å×À̺í Ãß°¡ ÀÛ¾÷
¸Þ´º : /cfg/ip/route
>> IP Static Route#
-------------------------------------------------------
[IP Static Route Menu]
add - Add static route
rem - Remove static route
cur - Display current static route configuration
>> IP Static Route# add
Enter destination IP address: 192.168.100.0
Enter destination subnet mask: 255.255.255.0
Enter gateway IP address: 10.10.10.1
Enter interface number: (1-256) 1
>> IP Static Route#
¶Ç´Â ´ÙÀ½°ú °°ÀÌ ¿¬¼ÓµÈ ¸í·É¾î·Î ¼³Á¤ÀÌ °¡´ÉÇÏ´Ù
>> IP Static Route#add 192.168.100.0 255.255.255.0 10.10.10.1 1
3-4 Æ÷Æ® ¸µÅ© ¼³Á¤ ¸Þ´º
- ¸Þ´º : /cfg/po 1[Æ÷Æ® ¹øÈ£]
[Port 1 Menu]
fast - Fast Phy Menu 10/100 ¼³Á¤ ¸Þ´º
gig - Gig Phy Menu ( Giga ¼³Á¤ ¸Þ´º
pref - Set preferred phy
back - Set backup phy
pvid - Set default port VLAN id
name - Set port name
cont - Set default port BW Contract
tag - Enable/disable VLAN tagging for port
iponly - Enable/disable allowing only IP related frames
ena - Enable port
dis - Disable port
cur - Display current port configuration
>> Port 1# fast
[Fast Link Menu]
speed - Set link speed ( ½ºÇÇµå ¼³Á¤
mode - Set full or half duplex mode ( ¸ðµå ¼³Á¤
fctl - Set flow control
auto - Set autonegotiation ( Auto nego ¼³Á¤
cur - Display current fast link configuration
>> Port 1#
3-4-1 100M full-duplex ¼³Á¤ ¹æ¹ý
[Fast Link Menu]
speed - Set link speed ( ½ºÇÇµå ¼³Á¤
mode - Set full or half duplex mode ( ¸ðµå ¼³Á¤
fctl - Set flow control
auto - Set autonegotiation ( Auto nego ¼³Á¤
cur - Display current fast link configuration
>> Port 1#speed 100
>> Port 1#mode full
>> Port 1#auto off
3-4-2 Auto nego ¼³Á¤ ¹æ¹ý
[Fast Link Menu]
speed - Set link speed
mode - Set full or half duplex mode
fctl - Set flow control
auto - Set autonegotiation
cur - Display current fast link configuration
>> Port 1#speed any
>> Port 1#mode any
>> Port 1#auto on
3-5-1) Vlan ¹øÈ£¸¦ ¼³Á¤ ÇÑ´Ù.
- ¸Þ´º : /cfg/vlan n[vlan ¹øÈ£]
[VLAN 1 Menu]
name - Set VLAN name
cont - Set BW contract
add - Add port to VLAN ÇöÁ¦ Vlan¿¡ Æ÷ÇԵǴ Æ÷Æ® ¼³Á¤
rem - Remove port from VLAN Vlan¿¡¼ »èÁ¦
def - Define VLAN as list of ports ¸®½ºÆ® ¹æ½ÄÀÇ Æ÷Æ® ¼³Á¤
jumbo - Enable/disable Jumbo Frame support
ena - Enable VLAN Vlan È°¼ºÈ
dis - Disable VLAN
del - Delete VLAN
cur - Display current VLAN configuration
>> VLAN 1#add 1/add 2/en
5-2) °¢ vlan Æ÷ÇÔ µÉ Æ÷Æ®¸¦ ¼³Á¤ÇÑ´Ù.
>> VLAN 1#add 1/add 2/en
5-3) Vlan »çÀÌ¿¡ ¶ó¿ìÆÃÀÌ ÇÊ¿äÇÑ °æ¿ì IP Æ÷¿öµùÀ» ÇÏ¿©ÁØ´Ù.
¸í·É¾î : /cfg/ip/fwrd on
FWLB(Firewall Load Balancing)
1. FWLBÀÇ ÀåÁ¡
2. FWLBÀÇ °³³ä
3. ¼³Á¤ »çÇ×Àü ³×Æ®¿÷ ±¸¼º
4. ¼³Á¤ÀýÂ÷
4-1. ½ºÀ§Ä¡ÀÇ ÀÎÅÍÆäÀ̽º ¼³Á¤
4-2. VLAN ¼³Á¤
4-3. ¸®¾ó ¼¹ö ¼³Á¤
4-4. ¸®¾ó ¼¹ö ±×·ì ¼³Á¤
4-5. IP Æ÷¿öµù ¼³Á¤
4-6. Á¤Àû ¶ó¿ìÆà ¼³Á¤
4-7. ÇÊÅÍ ¼³Á¤(1),(2)
4-8. ÇÊÅÍ Àû¿ë
1. Firewall Load BalancingÀÇ ÀåÁ¡
•¼º´É Çâ»ó
-256°³ÀÇ FWLB¸¦ Áö¿ø
-Redundant firewalls can actively bear load
•°¡¿ë¼º
- F/W ÀÌ ÀÖ´Â °æ·Î¿¡ ´ëÇÑ Çコ üũ.
- Active-Active redundant switch Áö¿ø.
•Åõ¸íÇÔ
- F/W ¿¡ º°µµÀÇ ¼ÒÇÁÆ®¿þ¾î°¡ ºÒ ÇÊ¿ä.
•Ç÷§Æû¿¡ µ¶¸³Àû
- NT, Solaris, UNIX ¶Ç´Â firewall Àåºñ
- Routing ¶Ç´Â transparent firewalls, NAT firewalls
•ÁýÀûÈ µÈ ±â´É
- F/W,Web ¼¹ö ·Îµå ¹ß¶õ½Ì ±â´ÉÀ» µ¿½Ã¿¡ ±¸Çö °¡´É
- ½ºÀ§Ä¡¿¡¼ ÆÐŶ ÇÊÅ͸µÀ» »ç¿ëÇÏ¿© F/WÀÇ ºÎÇϸ¦ °æ°¨.
2. FWLBÀÇ °³³ä
•FWLB´Â ÈÀÌ¾î ¿ù ¼¹öÀÇ ·Îµå ¹ß¶õ½ÌÀÌ ¾Æ´Ï¶ó µÎ°³ÀÇ °æ·Î¿¡ ´ëÇÑ ·Îµå
¹ß¶õ½ÌÀ¸·Î ÈÀ̾î¿ùÀÌ ±× µÎ°³ÀÇ °æ·Î À§¿¡ ¿Ã¶ó°¡ ÀÖ´Â ±¸¼ºÀÌ´Ù.
•À¥ ½ºÀ§Ä¡´Â ¸ðµç IPÆ®·¡ÇÈÀ» Á¤ÀÇµÈ ÀÎÅÍÆäÀ̽º ±×·ìÀ¸·Î ¸®´ÙÀÌ·º¼ÇÇÑ´Ù.
–ÀÎÅÍÆäÀ̽º ±×·ì(¸®¾ó ¼¹ö ±×·ì)Àº ¹Ý´ëÆí ½ºÀ§Ä¡ÀÇ ÀÎÅÍÆäÀ̽º IP·Î ±¸¼º µÇ¾î Áø´Ù.
–MACÁÖ¼Ò ±³Ã¼ ¹æ½ÄÀ» »ç¿ë(Routing)
–½ºÀ§Ä¡´Â ¼³Á¤ µÈ Á¤Àû ¶ó¿ìÆÃÀ» »ç¿ëÇÏ¿© °Á¦·Î Æ®·¡ÇÈÀ» µ¿ÀÏÇÑ °æ·Î·Î º¸³½´Ù.
•Hash Á¤Ã¥À» »ç¿ëÇϸç, ÀÌ Á¤Ã¥Àº È帧ÀÇ »óŸ¦ À¯ÁöÇϱâ À§ÇÏ¿© SIP¿Í DIP¸¦ º¯¼ö·Î »ç¿ëÇÑ´Ù.
•Dirty-Side¿Í Clean-Side»çÀÌÀÇ Àüü ±¸°£¿¡ ´ëÇÑ Health Check¸¦ À§ÇÏ¿© ÈÀ̾î¿ùÀ» °ÔÀÌÆ®¿þÀÌ·Î »ç¿ëÇÑ´Ù.(Á¤Àû ¶ó¿ìÆà ¼³Á¤ ½Ã »ç¿ë)
3. ¼³Á¤ »çÇ× Àü ³×Æ®웤 ±¸¼º
- ¿ì¼± ÀûÀ¸·Î ÈÀÌ¾î ¿ù ·Îµå ¹ß¶õ½Ì ½Ã¿¡ ³×Æ®웤ÀÌ 6°³°¡ ÇÊ¿äÇÏ°Ô µÈ´Ù.
(4°³ÀÇ ³×Æ®웤À¸·Îµµ ±¸¼ºÀÌ °¡´ÉÇϳª ÀÏ¹Ý ÀûÀ¸·Î 6°³ÀÇ ³×Æ®웤À» »ç¿ëÇÏ°Ô µÈ´Ù.)
- ÈÀÌ¾î ¿ùÀ» ±âÁØÀ¸·Î »óÇÏ·Î ´Ù¸¥ ³×Æ®웤À» ¿ì·Î ´Ù¸¥ ³×Æ®웤À» ±¸¼º
ÇÑ´Ù.
- ¶ÇÇÑ ¿ÜºÎ ¶ó¿ìÅÍ ´Ü°ú ³»ºÎ ¹éº» ´ÜÀÇ °¢ ³×Æ®웤ÀÌ Çϳª¾¿ ÇÊ¿äÇÏ°Ô
µÈ´Ù.
- ±×·¯¹Ç·Î »ó/ÇÏÀÇ ¾ËÅ׿ ½ºÀ§Ä¡°¡ 3°³ÀÇ ³×Æ®웤À» °¡Áö°Ô µÈ´Ù.
±×¸®°í ÇÁ·¹ÀÓÀÇ ºÒÇÊ¿äÇÑ Ç÷¯µùÀ» ¹æÁö Çϱâ À§ÇØ °¢ ÀÎÅÍÆäÀ̽º¸¶´Ù ´Ù¸¥ VLAN¼³Á¤À» ÇÑ´Ù.
4. ¼³Á¤ ÀýÂ÷
4-1 ½ºÀ§Ä¡ÀÇ ÀÎÅÍÆäÀ̽º ¼³Á¤
¸í·É¾î : /cfg/ip/if 1(ÀÎÅÍÆäÀ̽º ¹øÈ£)
[IP Interface 1 Menu](»ó´Ü ½ºÀ§Ä¡ ¿¹)
addr - Set IP address
mask - Set subnet mask
broad - Set broadcast address
vlan - Set VLAN number
ena - Enable IP interface
dis - Disable IP interface
del - Delete IP interface
cur - Display current interface configuration
>> IP Interface 1#add 210.116.39.126/ena
>> IP Interface 1#mask 255.255.255.128
>> IP Interface 1#broad 210.116.39.127
>> IP Interface 1# vlan 1
-À§¿Í °°Àº ¹æ¹ýÀ¸·Î IF #2¿Í #3À» ¼³Á¤ÇÏ°í °¢ °¢ Vlan 2/3¹øÀ¸·Î ÁöÁ¤ÇÑ´Ù.
-±×¸®°í ÇÏ´ÜÀÇ ½ºÀ§Ä¡µµ µ¿ÀÏÇÑ ¹æ½ÄÀ¸·Î ¼³Á¤ÇÑ´Ù.
4-2 °¢ VLAN¿¡ »ç¿ë µÉ ¹°¸®Àû Æ÷Æ® ÇÒ´ç
- ¸í·É¾î : /cfg/vlan 2
[VLAN 2 Menu]
name - Assign VLAN name
jumbo - Enable/disable Jumbo Frame support
del - Delete VLAN
ena - Enable VLAN
dis - Disable VLAN
add - Add port to VLAN
rem - Remove port from VLAN
def - Define VLAN as list of ports
cur - Display current VLANs
>> VLAN 2# add 1/add 2
- °¢ VLAN¿¡ »ç¿ë µÉ Æ÷Æ®¸¦ ÇÒ´çÇÑ´Ù.
- VLAN 3¹ø¿¡ ´ëÇÏ¿©µµ 3¹ø°ú 4¹ø Æ÷Æ®¸¦ ÇÒ´çÇÑ´Ù.
- ±âº»ÀûÀ¸·Î ¸ðµç Æ÷Æ®´Â VLAN1¹ø¿¡ ÇÒ´çÀÌ µÇ¾î ÀÖÀ¸¹Ç·Î VLAN 1¹ø¿¡ ´ëÇÑ ¼³Á¤Àº ÇÏÁö ¾Ê¾Æµµ µÈ´Ù.
- ÇÏ´ÜÀÇ ½ºÀ§Ä¡µµ µ¿ÀÏÇÑ ¹æ½ÄÀ¸·Î ó¸®ÇÑ´Ù.
- º¸Åë Æ÷Æ® ºÒ·®À» ´ëºñÇÏ¿© ¿©ºÐÀÇ Æ÷Æ®¸¦ Çϳª ´õ Ãß°¡ ÇÑ´Ù.
4-3 ·Îµå ¹ß¶õ½ÌÀ» À§ÇÑ ¸®¾ó ¼¹ö ¼³Á¤
- ¹Ý´ëÆí ½ºÀ§Ä¡ÀÇ ÀÎÅÍÆäÀ̽º(ÈÀÌ¾î ¿ù°ú ¿¬°á µÈ)¸¦ ¸®¾ó ¼¹ö·Î ÇÑ´Ù.
- ¸®¾ó ¼¹ö ¼³Á¤ ½Ã ¸®¾ó ¼¹öÀÇ ¼ø¼¸¦ µ¿ÀÏÇÏ°Ô ÇÏ¿©¾ß ÇÑ´Ù.
»ó´Ü ½ºÀ§Ä¡ ÇÏ´Ü ½ºÀ§Ä¡
¸®¾ó¼¹ö #1 : 192.168.12.254 ¸®¾ó¼¹ö #1 : 192.168.10.254
¸®¾ó¼¹ö #2 : 192.168.13.254 ¸®¾ó¼¹ö #2 : 192.168.11.254
- ¸í·É¾î : /cfg/slb/re 1(¸®¾ó¼¹öÀÇ ¹øÈ£)
[Real server 1 Menu]
rip - Set IP addr of real server name
weight - Set server weight
exclude - Enable/disable exclusionary string matching
ena - Enable real server : ¸®¾ó ¼¹ö¸¦ È°¼ºÈ ÇÑ´Ù.
dis - Disable real server
del - Delete real server
cur - Display current real server configuration
>> Real server 1 # rip 192.168.12.254/enable
- ¸®¾ó¼¹ö 2¿¡ ´ëÇÏ¿©µµ ¼³Á¤À» ÇÏ¿© ÁØ´Ù.
- ÇÏ´ÜÀÇ ½ºÀ§Ä¡µµ µ¿ÀÏÇÏ°Ô ¼³Á¤À» ÇÑ´Ù.
4-3 ¸®¾ó¼¹öÀÇ ±×·ì ¼³Á¤
- ¸í·É¾î : /cfg/slb/gr 1
[Real server group 1 Menu]
metric - Set metric used to select next server in group
content - Set health check content
health - Set health check type :
backup - Set backup real server or group
name - Set real server group name
realthr - Set real server failure threshold
add - Add real server
rem - Remove real server
del - Delete real server group
cur - Display current group configuration
>> Real server group 1# add 1/add 2
>> Real server group 1# health icmp
>> Real server group 1# metric hash
4-4 ½ºÀ§Ä¡ ³»¿¡¼ ¶ó¿ìÆÃÀ» À§ÇÑ IP Forwarding ¼³Á¤
- ¸í·É¾î : /cfg/ip/frwd
[IP Forwarding Menu]
local - Local network definition for route caching menu
dirbr - Enable/disable forwarding directed broadcasts
on - Globally turn IP Forwarding ON
off - Globally turn IP Forwarding OFF
cur - Display current IP Forwarding configuration
>> IP Forwarding# on
4-5 ¸®¾ó ¼¹öÀÇ Health Check¸¦ À§ÇÑ ¶ó¿ìÆà ¼³Á¤
- ¹Ý´ëÆí ¾ËÅ׿ ½ºÀ§Ä¡ÀÇ ÀÎÅÍÆäÀ̽º¸¦ üũÇϱâ À§ÇÏ¿© ÇØ´ç ³×Æ®웤°ú ¿¬°á µÈ ÈÀÌ¾î ¿ùÀÇ ÀÎÅÍÆäÀ̽º¸¦ ¼³Á¤ÇÑ´Ù.
¿¹) 192.168.12.0 Net¿¡ ´ëÇÑ °ÔÀÌÆ®¿þÀ̸¦ 192.168.10.1À» ¼³Á¤ÇÑ´Ù.
- ¸í·É¾î : /cfg/ip/route
[IP Static Route Menu]
add - Add static route
rem - Remove static route
cur - Display current static route configuration
>> IP Static Route#add 192.168.12.0
Enter destination subnet mask: 255.255.255.0
Enter gateway IP address: 192.168.10.1
Enter interface number: (1-256) 2
-À§¿Í °°Àº ¹æ½ÄÀ¸·Î ´Ù¸¥ ¸®¾ó ¼¹ö¿¡ ´ëÇÏ¿©µµ ¼³Á¤
-ÇÏ´ÜÀÇ ½ºÀ§Ä¡µµ µ¿ÀÏÇÑ ¹æ½ÄÀ¸·Î ¼³Á¤ÇÑ´Ù.
4-7. Æ®·¡ÇÈ ¸®´ÙÀÌ·º¼Ç ¼³Á¤ (1)
- °æ·Î¿¡ ´ëÇÑ ·Îµå ¹ß¶õ½ÌÀº ÇÊÅ͸¦ ÀÌ¿ëÇÏ¿© ¼³Á¤ µÈ´Ù.
- ¿ÜºÎ¿¡¼ ³»ºÎ·Î µé¾î°¡´Â ¸ðµç Æ®·¡ÇÈÀº ¸®´ÙÀÌ·º¼Ç ÇÊÅ͸¦ ÅëÇÏ¿© ¹Ý´ëÆíÀÇ ½ºÀ§Ä¡·Î ¶ó¿ìÆÃµÇ¸ç ±× °úÁ¤¿¡¼ ·Îµå ¹ß¶õ½ÌÀÌ ÀÌ·ç¾î Áø´Ù.
- ¸í·É¾î : /cfg/slb/fil 224(ÇÊÅÍ ¹øÈ£)
[Filter 224 Menu]
adv - Filter Advanced Menu
action - Set action
group - Set real server group for redirection
rport - Set real server port for redirection
nat - Set which addresses are network address translated
invert - Enable/disable filter inversion
ena - Enable filter
dis - Disable filter
del - Delete filter
cur - Display current filter configuration
>> Filter 224 # action redir/ena
- À§ÀÇ ÇÊÅ͸¸À¸·Î ÈÀ̾î¿ù ·Îµå ¹ß¶õ½ÌÀÌ °¡´ÉÇÏÁö¸¸ ÀϹÝÀûÀ¸·Î ½ºÀ§Ä¡°¡ °¡Áö°í ÀÖ´Â ³×Æ®웤¿¡ ´ëÇÏ¿©´Â AllowÇÏ´Â ÇÊÅ͸¦ ³Ö¾î ÁØ´Ù
4-7. Æ®·¡ÇÈ ¸®´ÙÀÌ·º¼Ç ¼³Á¤ (2)
- ÀÌ °æ¿ì´Â Àü¹øÀÇ ¹æ½Ä°ú ´Þ¸® ³»ºÎ¿¡ ÀÖ´Â ³×Æ®웤À» ÇÊÅÍ¿¡ ÁöÁ¤ÇÏ¿© ¸®´ÙÀÌ·º¼ÇÇÏ´Â ¹æ½ÄÀÌ´Ù.
- ÀÌ °æ¿ì ³»ºÎ¿¡ ³×Æ®웤ÀÌ ¿©·¯°³ÀÎ °æ¿ì ÇÊÅÍ°¡ ¿©·¯°³ µé¾î°¡°Ô µÈ´Ù.
- ¸í·É¾î : /cfg/slb/fil 100(ÇÊÅÍ ¹øÈ£)
[Filter 100 Menu]
adv - Filter Advanced Menu
dip - Set destination IP address
dmask - Set destination IP mask
action - Set action
group - Set real server group for redirection
rport - Set real server port for redirection
nat - Set which addresses are network address translated
invert - Enable/disable filter inversion
ena - Enable filter
dis - Disable filter
del - Delete filter
cur - Display current filter configuration
>> Filter 100 # dip 210.116.39.128/dmask 255.255.255.128
>> Filter 100 # action redir/ena
4-6 Æ÷Æ®¿¡ ÇÊÅÍ Ãß°¡
- ¸®´ÙÀÌ·º¼Ç ÇÊÅÍ´Â ¿ÜºÎ¿Í ³»ºÎ¿¡¼ Æ®·¡ÇÈÀÌ µé¾î¿À´Â Æ÷Æ®¿¡ Ãß°¡ÇÑ´Ù.
- ¸í·É¾î : /cfg/slb/po 8
[SLB port 8 Menu]
client - Enable/disable client processing
server - Enable/disable server processing
hotstan - Enable/disable hot-standby processing
intersw - Enable/disable inter-switch processing
proxy - Enable/disable use of PIP for ingress traffic
pip - Set Proxy IP address for port
filt - Enable/disable filtering
add - Add filter to port
rem - Remove filter from port
cur - Display current port configuration
>> SLB port 8# add 224/fil en
- ¼³Á¤ µÈ ¸®´ÙÀÌ·º¼Ç ÇÊÅÍ¿Í Çã¿ëÇÊÅ͸¦ ¸ðµÎ °É¾î ÁØ´Ù.
>> SLB port 8# /ma/slb/on
>> Main# apply/save
* default (°øÀåÃʱâÈ)¸í·É :
>> Main# /boot/conf
Currently set to use factory default config block on next boot.
Specify new block to use ["active"/"backup"/"factory"]: fa
Error: Invalid config block "".
Usage: conf "active"/"backup"/"factory"
specifies config block to use on next boot
-----------------------------------------------
[Boot Options Menu]
image - Select software image to use on next boot
conf - Select config block to use on next boot
tftp - Download new software image via TFTP
reset - Reset switch [WARNING: Restarts Spanning Tree]
cur - Display current boot options
>> Boot Options# reset
Reset will use software "image1" and the active config block.
>> Note that this will RESTART the Spanning Tree,
>> which will likely cause an interruption in network service.
Confirm reset [y/n]: y
Resetting at 16:00:22 Mon Dec 10, 2001...
* Version ¾÷±×·¹ÀÌµå ¸í·É
consol¿¡¼ ¾÷±×·¹ÀÌµå ¿ä·ÉÀ» ¾Ë¾Æº»´Ù.
PcÀÇ ½ÃÀÛ-ÇÁ·Î±×·¥-º¸Á¶ÇÁ·Î±×·¥-Åë½Å-ÇÏÀÌÆÛÅ͹̳ÎÀ» Ŭ¸¯ÇÑ´Ù.
Pc¿¡¼ 56000bps ¼Óµµ¸¦ ¸ÂÃß°í com1¿¡ ¸ÂÃá´Ù. (ÀϹݻç¿ë½Ã´Â 9600ÀÓ)
AD3 (L4)À» off/on ½Ãų¶§ pc¿¡¼ ctrl+f À» ´©¸¥´Ù.
Pcȸ鿡 ccc¡¦°¡ ³ª¿Â °ÍÀ» È®ÀÎÈÄ ÇÏÀÌÆÛÅ͹̳ÎÀÇ Àü¼ÛÀÇ º¸³»±â¸¦ ´©¸¥´Ù.
ÀÌ ¶§ ÇÁ·ÎÅäÄÝÀº 1k xmodemÀ» ¼±ÅÃÇÏ°í ¾÷±×·¹À̵åÇÒ ÆÄÀÏÀ» Á¤ÇÑÈÄ º¸³»±â¸¦
´©¸£¸é Àü¼ÛÇÑ´Ù.
Àü¼ÛÀÌ ´ÙµÈ´Ù¸é doneÀ̶ó´Â ¸Þ½ÃÁö°¡ ¶³¾îÁö¸é AD3À» ´Ù½ÃÇѹø off/onÇÏ¸é µÈ´Ù.;
6. Trouble Shooting
Monitoring command
• /info/ip : interface ip, gateway
• /info/route/dump : routing table
• /info/arp/dump : arp table
• /info/fdb/dump : forwarding DB table
• /info/log : log ( max 10ea)
• /info/link : port link stats
• /info/vlan : vlan infomation• /info/slb/dump : real server stats,
virtual server stats
port stats
• /info/slb/sess/dump : session table
sip sport, dip dport -> real server
• /stats/slb/gr <no> : load balancing stats
• /stats/port <no>/maint : port error check 6.2 Trouble shooting ¿¹
• Link
»LED check
»cable check
»negotiation check
• Ping unreachable
»Interface check
»Port error check
• L4 trouble shooting
»Real server down : group health check
»Redirection : port¿¡ filter ena check, filtering check
»Client processing, server processing check
|
|
|