F5负载均衡器配置指导书v1.02 - 图文(5)

F5负载均衡器配置指导书 内部公开

3.5.6 设置接口速率和双工类型

本例中一般采用auto默认值按“c”继续。

C O N F I G U R E I N T E R F A C E S Use the arrow keys to navigate. Press to choose an interface and configure its media settings. Press C to continue. NOTE: For best results, choose the Auto media setting. In some cases, x devices configured for Auto media are incompatible and the proper duple x setting will not be negotiated between these devices. In these cases you may need to set the media settings to the same speed and duplex on both this device and the corresponding switch or host. 1.1 auto 1.2 auto 1.3 auto 1.4 auto 1.5 auto 3.5.7 配置VLAN和IP地址

系统默认有3个VLAN：admin、external和internal。按“A”键添加新的VLAN，按“D”键删除一个VLAN，按“C”键继续下一步配置。

2004-12-28

内部资料，请勿扩散 第21页, 共62页

F5负载均衡器配置指导书 内部公开

D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press 'A' to add a new VLAN name. Press 'D' to delete a configuration. Press 'C' to continue. admin external internal Failover IP: 172.16.96.93 Redundant controller is not accessible. No addresses defined. 本例中删除默认admin VLAN。

D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press 'A' to add a new VLAN name. Press 'D' to delete a configuration. Press 'C' to continue. external internal Failover IP: 172.16.96.93 Redundant controller is not accessible. No addresses defined. VLAN配置还包括Port Lockdown 配置、IP地址/掩码/广播和浮动IP地址/掩码/广播。如果启用Port Lockdown，将无法通过该VLAN访问BIG-IP系统，即无法通过HTTPS或SSH对BIG-IP进行配置管理。通常建议对VLAN external启用Port Lockdown。本文以external为例介绍VLAN配置。

A. VLAN external启用Port Lockdown：

2004-12-28

内部资料，请勿扩散 第22页, 共62页

F5负载均衡器配置指导书 内部公开

C O N F I G U R E V L A N [ e x t e r n a l ] You will now specify the attributes and IP addresses of this VLAN. Port lockdown enabled for this vlan Port lockdown disabled for this vlan Enabling port lockdown will block traffic to services running on BIG-IP itself. However, individual ports can be opened for administrative and monitoring purposes using the global open port commands. The appropriate globals will be automatically set by this utility when services are configured. B. 配置VLAN external IP地址/掩码/广播

C O N F I G U R E V L A N [ e x t e r n a l ] You will now specify the attributes and IP addresses of this VLAN. Port lockdown disabled for this vlan Enter IP Address: 172.16.96.26 Enter Netmask : 255.255.255.224 Enter Broadcast Address : 172.16.96.31 Enter Shared IP Alias: 172.16.96.28 Enter Shared IP Alias Netmask : 255.255.255.224

然后对internal VLAN进行配置，最终VLAN和IP地址配置如下：

D E F I N E V L A N S A N D I P A D D R E S S E S Use the arrow keys to navigate. Press to choose a VLAN to configure or modify. Press 'A' to add a new VLAN name. Press 'D' to delete a configuration. Press 'C' to continue. external 172.16.96.26 (Port lockdown: on) internal 172.16.96.92 (Port lockdown: off) Failover IP: 172.16.96.93 Redundant controller is accessible. 2004-12-28

内部资料，请勿扩散

第23页, 共62页

F5负载均衡器配置指导书 内部公开

3.5.8 添加接口到VLAN中

根据安装前规划和设备物理连线，将接口添加到相应VLAN中。本例中，接口1.1添加到external VLAN中，接口1.3和1.4添加到internal VLAN中。此外，接口1.8用于主备BIG-IP双机系统级连，目前先不加入vlan web，将在WEB界面中进行配置。

A S S I G N I N T E R F A C E S T O V L A N S Use the arrow keys to navigate. Press to choose a VLAN and modify the list of interfaces. You must configure at least one VLAN. Press C to continue. external 1.1 internal 1.3 1.4 3.5.9 选择VLAN IP地址与主机名关联

分配接口到指定VLAN后，如果系统有多个定义VLAN。我们必须指定一个VLAN IP地址作为与系统主机名关联的主IP地址。本例中，我们选择external VLAN IP地址作为主IP地址。

S E L E C T H O S T I P A D D R E S S Select the IP address that will be associated with the host name in /etc/hosts. Press to select an address. Use the arrow keys to navigate. Enter 'C' to continue. Hostname: f5-2.colorring.net external 172.16.96.26 (X) web 172.16.96.92

指定主IP地址后，系统将保存网络配置：

2004-12-28

内部资料，请勿扩散 第24页, 共62页

F5负载均衡器配置指导书 内部公开

N E T W O R K I N G C O N F I G U R E D Wrote /etc/hosts Write /config/bigip_base.conf Update /config/bigip.conf Write bigdb fields Update /etc/snmpd.conf Shutdown all services... Startup all services... bigstart: startup inetd bigstart: startup named bigstart: startup sod bigstart: startup sshd bigstart: startup bigstpd bigstart: startup big3d bigstart: startup bigd bigstart: startup sfd bigstart: startup slapd

注：如果双机系统另外一台已经完成配置，终端可能会出现如下告警：

Jan 10 19:13:15 default kernel: duplicate IP address 172.16.96.28!! sent from a ddress: 00:01:d7:21:ab:01

解决方法：将串口心跳线连好，重新启动另一台，或者将用b failover standby命令另一台手动设成Standby。

3.5.10 配置默认网关

如果BIG-IP系统没有定义指定网络路由，BIG-IP将把数据发到默认网关池（gateway pool）。默认网关池可以认为是默认路由的组合，通常默认网关池由2个或多个网关IP地址组成，第一个地址作为默认路由，其它网关地址作为默认备用路由。默认网关池在系统激活后才能生效。

本例中只输入一个网关地址，这时系统不会生成默认网关池。

2004-12-28

内部资料，请勿扩散 第25页, 共62页