NSC PDF 免费下载

Session

Web/Application Servers DNS (1:1) IP DNS

8 7 6 CPU NIC Kbps 5 4 3 2 1 0 4am 8am 4pm 8pm 12am

WWW FTP SMTP APP IP Health Check =

1 WWW 2 WWW 3 WWW

VIP ( IP ) ( ) 0.10.10.1 1 192.168.10.2 2 192.168.10.3 3 192.168.10.4 : Vserver 10.10.10.100 tcp www

3 192.168.10.4 / VLANs 0.10.10.1 VLAN VLAN 1 192.168.10.2 2 192.168.10.3

NAT ( ) (C) (S) 0.10.10.1 (CS) 2 192.168.10.3 IP MAC C C IP MAC VIP CS IP MAC C CS IP MAC S S

NAT ( ) (S) (C) 0.10.10.1 (CS) 2 192.168.10.3 IP MAC VIP CS IP MAC IP MAC IP MAC C C Networkers 2002 S S C CS NSC-271- NAT

(Predictors) : HTTP URL 1 2 3

(Predictors) 1 2 3

(URL, ) www.yahoo.com www.ebay.com URL URL *Networkers 2002 NSC-283 1 www.yahoo.com 2 www.ebay.com

HTTP LB Netscape IE French WAP Netscape HTTP ( WAP ) ( ) 1 2 3 4 Netscape t FrenchIE Netscape WAP

7 6 5 4 3 2 VIP,, URL, VIP, (TCP, UDP) VIP 1

( ) 5 4 3 tcp vip 192.168.1.2 80 url "//www.example.com/*" vip 10.10.10.10 tcp 80 vip 10.10.10.10

( ) VIP VIP

5 5 ( web ) URL HTTP 4 4 ( TCP UDP = Telnet, FTP, DNS, SMTP, SSL 3 3 ICMP ICMP = Ping

( 3 ) 3 ICMP # icmp ip 10.10.10.1 10.10.10.1 1 192.168.10.1 2 192.168.10.2 3 192.168.10

( 4 ) 4 TCP # telnet tcp 23 ip 10.10.10.2 TCP 23 23! 1 192.168.10.1 2 192.168.10.2 3 192.168.10

( 5 ) 5 HTTP /dbase/db_login.html keepalive HTTP method get ip 10.10.10.3 url /dbase/db_login.html 200 ok 1 192.168.10.1 2 192.168.10.2 3 10.10.10.3

(DFP) WRR WLC SECURE-WEB 1.cisco.com CPU: 70% 50% 80% Intranet SLB =x 2.cisco.com CPU: 10% 40% 30% WEB 3.cisco.com CPU: 20% 30% 30%

? 1 2 80 443 A Client X B C Y

? = HTTP 1.1 HTTP 1.0 ( ) = Stickiness Session NSC-181

- -

VIPA VIPB - VIP LB - VIP SLB HSRP MHSRP IP HSRP VRRP CSRP

- VIPA VIPB VIPC VIPA VIPB VIPC VIP - VIP -

- VIPA VIPB VIPA VIPB

? - - - - - -

: SSL SSL / SSL Web Client CISCO SCA 1100 SSL,

: / PDA CTE 1400 Web / CS HTTP ( 7 ) CTE

L2/L3 (L2/L3) L2 Se r ve r Fa r m s

: L2 L3 L2 L3 HSRP

: 1 Gbps STP L2 / / L2 Uplinkfast w/portfast

Ex NIC NIC IP/MAC NIC Portfast NIC L2 NIC 1-2s

: ACLs IDSs ACLs ACLs IDSs IDSs

SP 3 3 3 Web

: RFC2230 (CPS) (CC) (PPS) VIP / /, VLANs (DRAM CAM)

: MSFC ( ) ; L2 L5

: CSM (MSFC) VLANs MSFC - HSRP (FT) VLAN CSRP ( ) CSM L2 Two-arm CSS MSFC

: x.x.x.x (CSM Secure-Router ) ( HSRP)IP L2 CSRP VIP VLAN / VLAN / VLAN CSS one-arm two-arm

: PBR set ip default nexthop (MSFC) MSFC VLAN MSFC MSFC PBR Sup2 MSFC2 ( PBR HW matchip- + set next-hop!) CSS one-arm two-arm on

: :! ACL Sup2 ACL Sup2 VIP VIP HSRP HSRP PBR ACL PBR ACL Local Director Local Director IP VIP IP VIP MSFC MSFC MSFC MSFC

CSM CSRP CSM Vserver(VIP) MSFC ( drop conns ) CSM VLAN(s) CSM VLAN CSM VLAN s VLAN(s) (GW)

CSM HSRP primary IP Core HSRP standby MSFC CSM VLAN(s) : CSM VLANs Primary RP Standby RP VLAN(s) : CSM VLAN VIP CSM CSM CSM CSM

- SCA SCA IP - SCA, syslog IP CISCO SCA 11000 = ip web = SCA ip

VIP enable SSH disable telnet CPU (ASIC SNMP 3 3 2

1105 / / / 4-7 HSE

Cisco 4~7 Cisco 4~7 / / NMS/OSS SYSLOG XML

ISP T1 PIX URL/VIP / Catalyst 6000 w/ids CSS11150 HSE Web

(CSM) (CSRP) CSM 1 FT ( ) VLAN VLAN CSM QoS

: (CSM), CSM, CSM Catalyst #1 CSM #1 HSRP Group 1 EtherChannel HSRP Group 2 VLAN Catalyst #2 CSM #2

(CSM) switch#show mod csm 5 ft detail FT group 1, vlan 2 This box is active priority 10, heartbeat 1, failover 3, preemption is off total buffer count 6213, illegal state transitions 0 receive buffers not committed 0, send buffers not committed 0 updates: sent 4, received 0, committed 0 coup msgs: sent 0, received 0 election msgs: sent 249, received 0

(CSS) CSS Box-to-Box VIP Box-to-Box CSS VIP/ CSS VIP MHSRP

CSS : Box to Box CSS - ; VRRP VLAN VRRP VLAN IP IP redundancy-phy CSS1 CSS2

CSS : Box to Box ( ) CSS CSS1 redundancy-phy HSRP.1.2 REDUNDANCY-PHY CSS L2 L2

CSS Box-to-Box Useful Commands show redundancy logging subsystem redundancy level debug- 7 config-circuit-ip[vlan2-20.1.1.1])# show redundancy Redundancy: Enabled Redundancy Protocol: Running Redundancy State: Master MasterMode: No Number of times redundancy state changed to Master: 1 to Backup: 1 Redundancy interface: 20.1.1.1 Current State Duration: 0 days 14:10:02 Last Fail Reason: No Fail VRID: 128 Priority: 100 Physical Link Failure Monitor on: Interface: State ethernet-4 Up ethernet-3 Up ethernet-2 Up Uplink Enabled: 4 Number Alive 2 Service Name: Service State: ------------- -------------- SERV_1 Up SERV_2 Up

CSS VIP 1 VIP 192.168.3.3 MAC 00005E000101 Master down VRRP ARP VLAN1 192.168.3.0 192.168.3.1 - VLAN1-192.168.3.2 Backup up 1 VIP 192.168.3.3 MAC 00005E000101 192.168.3.4 MAC 00005E000101 down ARP up 192.168.3.4 MAC 00005E000101

CSS VIP A VIP IP (config-circuit-ip[vlan1-x.x.x.x])# ip redundant-vip <vird> <IP address> [ shared ] no ip redundant-vip <vrid> <IP address> CSS# redundant-vips Redundant-Vips: Interface Address: 192.1.10.2 VRID: 1 Redundant Address: 192.1.10.80 Range: 1 State: Master Master IP: 192.1.10.2 State Changes: 4 Last Change: 03/07/2002 11:29:29

CSS HSRP CSS fate sharing 192.1.10.5 -> CSS1 -> -> CSS2 -> 10.0.3.5

CSS CSS# show critical-services Critical-Services: Interface Address: 10.0.3.5 VRID: 3 Service Name: redundancy Service Type: Local Interface Address: 192.1.10.5 VRID: 1 Service Name: redundancy Service Type: Local

CSS Box to Box VRRP? Box to Box VRRP STP * Redundancy-phy 5 Ping List Ping List - - - * CSS STP

CSM IP / HSRP HSRP STP CSM STP root CSM - VIP FT VLAN STP EtherChannel CSM FT HSRP STP CSM EtherChannel FT

CSM vlan 10 client ip address 10.10.10.10 255.255.255.0 gateway 10.10.10.1 vlan 6 Server ip address 10.10.10.10 255.255.255.0 Serverfarm SERVER 2 nat server no nat client real 10.10.10.12 inservice vservercsm_test virtual 10.10.10.150 tcp www serverfarm SERVER 2 replicate csrp connection persistent rebalance inservice ft group 1 vlan 100 priority 20 preempt on MSFC

EDGE CSM vlan 10 client ip address 20.20.10.10 255.255.255.0 gateway 20.20.10.1 vlan 6 server ip address 10.10.10.10 255.255.255.0 Serverfarm SERVER2 nat server no nat client real 10.10.10.12 inservice vservercsm_test virtual 20.20.10.150 tcp www serverfarm SERVER2 replicate csrp connection persistent rebalance inservice ft group 1 vlan 100 priority 20 preempt CSM

CSM vlan 6 Server ip address 10.10.10.10 255.255.255.0 Gateway 10.10.10.1 Alias 10.10.10.2 Serverfarm SERVER 2 nat server no nat client real 10.10.10.12 inservice Vserver CSM_TEST virtual 10.20.20.150 tcp www Serverfarm SERVER 2 replicate csrp connection persistent rebalance inservice ft group 1 vlan 100 priority 20 preempt MSFC

6500 interface Vlan6 description internal_csm_vlan ip 10.6.0.2 255.255.255.0 no ip redirects standby 1 ip 10.6.0.1 standby 1 priority 110 standby 1 preempt standby 1 track GigabitEthernet1/1! interface Vlan10 description MSFC_server_side_vlan ip 10.14.0.6 255.255.255.0 no ip redirects ip policy route-map aggregate-mode standby 1 ip 10.14.0.1 standby 1 priority 110 standby 1 preempt standby 1 track GigabitEthernet1/1 ss-list 101 deny ip 10.14.0.0 0.0.255.255 10.14.0.0 0.0.255.255 access-list 101 permit ip any any route-map -mode permit 10 set ip default next-hop 10.6.0.6 A CSM A IP Core Primary RP St nd y R

CSM: VIP switch#sh mod csm 5 vserver detail TESTSITE1, state = OPERATIONAL, v_index = 10 virtual = 10.10.10.10/32:443, TCP, service = NONE, advertise = FALSE idle = 3600, replicate csrp = none, vlan = ALL, pending = 0 max parse len = 600, persist rebalance = TRUE conns = 0, total conns = 1 Default policy: server farm = test1 sticky: timer = 60, subnet = 0.0.0.0, group id = 10 Policy Tot Conn Client pkts Server pkts ------------------------------------------------------ (default) 1 17 22

CSM: switch#sh mod csm 5 real detail 192.168.2.10, WEBFARM, state = OPERATIONAL conns = 0, maxconns = 4294967295, minconns = 0 weight = 8, weight(admin) = 8, metric = 0, remainder = 0 total conns established = 1, total conn failures = 0 192.168.2.11, WEBFARM, state = OPERATIONAL conns = 0, maxconns = 4294967295, minconns = 0 weight = 8, weight(admin) = 8, metric = 0, remainder = 0 total conns established = 1, total conn failures = 0 192.168.1.250, SCA, state = OPERATIONAL conns = 0, maxconns = 4294967295, minconns = 0 weight = 8, weight(admin) = 8, metric = 0, remainder = 0 total conns established = 1, total conn failures = 0

CSM: switch#ping module csm 5 reals IP address Reachable ---------------------------------- --- 192.168.2.10 Yes 192.168.2.11 Yes 192.168.1.250 Yes 1 2 3 192.168.1.251 Yes

CSM: Switch#sh mod csm 5 conns Prot vlan source destination state --------------------------------------------------------- ------------- In TCP 6 10.15.0.15:1042 10.10.10.20:443 ESTAB Out TCP 4 10.10.10.20:443 10.15.0.15:1042 ESTAB In TCP 4 10.15.0.15:1042 10.10.10.20:81 ESTAB Out TCP 10 192.168.2.11:81 10.15.0.15:1042 ESTAB Src Src Src Src Src Src Src Src dest dest dest dest dest dest dest dest

CSS / HSRP HSRP STP CSS STP root VRRP - VIP VRRP RP STP.1q. 1q * IP Core HSRP STP CSS VRRP.1q * 1.q

CSS Sh phy Sh keepalive-summary Sh service-summary Sh rule-summary

CSS CSS# show flows 20.30.30.100 Src Address SPort Dst Address DPort NAT Dst Addr Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- --------- ------ 20.30.30.100 80 20.17.20.10 1366 20.17.20.10 TCP e14-30 e13 20.30.30.100 80 20.17.20.10 3477 20.17.20.10 TCP e14-30 e13 20.30.30.100 80 20.17.20.10 3476 20.17.20.10 TCP e14-30 e13 20.30.30.100 80 20.17.20.10 3475 20.17.20.10 TCP e14-30 e13 20.30.30.100 23 20.17.40.1 34890 20.17.40.1 TCP e14-30 e13 CSS# flow statistics Flow Manager Statistics: Cur High Avg UDP Flows per second 0 17 0 TCP Flows per second 0 381 0 Total Flows per second 0 381 0 Hits per second 0 375 0 -------------------------------------------------- Port Active Total TCP UDP -------------------------------------------------- #e13 22 191926 22 0 #e14-30 8 41764 8 0 #e14-40 0 31121 0 0

A SSL (GSLB) Route Health Injection (RHI) Networkers 2002 Web B 1: 2: 3: NSC-284

???

Session

NSC-282