Radware鏈路負載均衡雙機注意事項

 

拓撲說明：

 

網絡描述：

網絡出口4條公網線路接入，如上圖，兩臺出口防火牆作HA，且防火牆出口地址是教育網的地址，即Radware LP 負載均衡設備教育網的接入端口應該啓用VLAN；那麼兩臺LP在作高可用的時候須要注意如下問題，這裏介紹的是基於VRRP的模式；

 

條件需求：

兩臺LP型號必須同樣，且須要相同的軟件版本。功能許可例如BWM,IPS能夠不用考慮，內存大小也不用考慮，可是吞吐最好也要相同。

這裏實施的軟件版本是ODS2 6.12.02，目前最新的軟件版本

問題描述：

一、當啓用VRRP之後，發現主設備的VLAN接口運行狀態老是不能UP，可是物理狀態是UP的；

二、LP的VLAN接口不是很穩定，時段時通；

解決辦法：

一、當啓用VRRP的時候，主設備須要開啓Interface Grouping,此選項的功能是檢查設備端口運行狀態，當他發現一個端口DOWN了，那麼該機制會強制讓其餘端口也DOWN。因此在給VLAN接口作VRRP的時候必定要將全部的

VLAN接口都UP，這樣VLAN纔是激活的狀態

 

Interface Grouping

To provide a complete solution for redundancy against all failures, LinkProof employs a mechanism called Interface Grouping. If LinkProof notices that one of its physical ports is down, it intentionally brings all other active ports down.

When a physical port on LinkProof goes down, because of a cable failure, switch port failure, hub failure, or other problems, LinkProof performs the following tasks:

 

1.	LinkProof examines the configuration to see if any IP addresses were configured on the port that just went down.
2.	If there were IP addresses configured on the port that went down, LinkProof deactivates all other active ports.

3.	If there were no IP addresses configured on the port that went down, nothing happens and normal operation continues.

>>	Using Regular VLAN, when any of the ports associated with a VLAN is down, Interface Grouping is triggered.
>>	Using Switched IP VLAN, Interface Grouping is triggered only when all ports on a Switched IP VLAN are down.

>>	When using VLAN with interface groupings, a group may go down as a result of a failing interface. In such an event, all traffic to the interfaces belonging to the group will be discarded including management traffic.

 

二、能夠從拓撲中看出，這樣的部署是有環路的，多是這個緣由致使了LP VLAN接口不穩定，可是在VRRP的全局設置中能夠經過 Backup-In-Vlan 選項解決此問題，他的做用是若是狀態選擇爲BACKUP，那麼備設備是不處理任何流量的。

 

主設備配置

 

備設備配置

 

 

全局參數