资源描述
主标题,Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,/29,Layer 4-7,Layer4-7,Switch,软件,工作层,F5,4-7,NetScaler,4-7,LVS,4,HAProxy,4-7,Schedule,Basically,Hardware/GUI/CLI(Configure method)/HA(,Config,Sync),Load balance related,virtual server/node/pool/pool member,Monitors,Sorry server,Maintenance Mode,Load balance method,Persistence,SNAT/RNAT,Server Protection,ACL/Content Switch,GSLB,Performance,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Hardware/GUI/CLI/HA,Commercial,Open Source,F5,NetScaler,LVS,HAProxy,Hardware,GUI,CLI,HA,HAProxy Hot Reconfiguration,mv,/etc/,haproxy/config,/etc/,haproxy/config.old,mv,/,var/run/haproxy.pid,/,var/run/haproxy.pid.old,mv,/etc/,haproxy/config.new,/etc/,haproxy/config,kill-TTOU$(cat/,var/run/haproxy.pid.old,),if,haproxy,-p/,var/run/haproxy.pid,-f/etc/,haproxy/config,;then,echo New instance successfully loaded,stopping previous one.,kill-USR1$(cat/,var/run/haproxy.pid.old,),rm,-f/,var/run/haproxy.pid.old,exit 1,else,echo New instance failed to start,resuming previous one.,kill-TTIN$(cat/,var/run/haproxy.pid.old,),rm,-f/,var/run/haproxy.pid,mv,/,var/run/haproxy.pid.old,/,var/run/haproxy.pid,mv,/etc/,haproxy/config,/etc/,haproxy/config.new,mv,/etc/,haproxy/config.old,/etc/,haproxy/config,exit 0,fi,保存之前状态,停止老的监听,成功,清理老的连接和,pid,失败,恢复老的配置,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Concepts,virtual server,192.168.101.1:80,pool,(name=,cgi_boxes,),member,(server=,10.1.1.3:80),member,(server=,10.1.1.2:80),member,(server=,10.1.1.1:80),pool,(name=,asp_boxes),member,(server=,10.1.1.6:80),member,(server=,10.1.1.5:80),member,(server=,10.1.1.4:80),VIP,192.168.101.1,virtual server,192.168.101.1:443,pool,(name=,ssl_boxes,),member,(server=,10.1.1.6:443),member,(server=,10.1.1.2:443),member,(server=,10.1.1.1:443),VIP,192.168.101.2,LoadBalancing,Intelligent Traffic Control,(look at URL,client IP,addr,.,etc.),Port-basedTraffic Direction,IP,Addr,.-basedTraffic Direction,Incoming request,Monitor,Availability requirement,SNAT/NAT,Priority-based member activation,ACTION of servicedown,Slow Ramp Time,Pool/pool member,statistics,Monitors,Monitor,类型,Simple,ECV,EAV,ICMP/GW ICMP/TCP ECHO,TCP/HTTP/HTTPS,外部程序,/FTP,下载一个文件到,LTM,系统上,看是否下载成功,/IMAP/LDAP/MSSQL/NNTP/Oracle/POP3/RADIUS/Real Server/SIP/SMTP/SOAP/WMI,自定义,monitor,HAProxy Monitor,listen,webfarm,192.168.1.1:80,mode http,balance,roundrobin,cookie SERVERID insert indirect,option,httpchk,HEAD/,index.html,HTTP/1.0,server,webA,192.168.1.11:80 cookie A,check,server,webB,192.168.1.12:80 cookie B,check port 81 inter 2000,server,webC,192.168.1.13:80 cookie C check,server,webD,192.168.1.14:80 cookie D check,,HAProxy Sorry Server,listen,webfarm,192.168.1.1:80,mode http,balance,roundrobin,cookie SERVERID insert indirect,option,httpchk,HEAD/,index.html,HTTP/1.0,server,webA,192.168.1.11:80 cookie A check,server,webB,192.168.1.12:80 cookie B check port 81 inter 2000,server,webC,192.168.1.13:80 cookie C check,server,webD,192.168.1.14:80 cookie D check,server,bkpA,192.168.1.15:80 cookie A check,backup,server,bkpB,192.168.1.16:80 cookie B check,backup,,HAProxy Maintenance Mode,,Updating.,503 Service Unavailable,No server is available to handle this request.,Load balancing,algorithm,Round Robin,Wrr(Ratio(member,),Ratio(Node,),Dynamic Ratio,:根据对服务器性能的观察来动态设置,weight,,观察点包括连接数、响应时间等。,Fastest(node,)&,Fastest(application,):,服务器,/,应用的最快响应时间,LC,(Member,)&,LC(node,),Observed(member,)&,Observed(node,),Predictive(member,)&,Predictive(node,),Source,URL HASH,URL,Param,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Persistence,Client,Server A,GET/URI1 HTTP/1.1,HTTP request(no cookie),TCP handshake,TCP handshake,GET/URI1 HTTP/1.1,HTTP request(no cookie),HTTP/1.1 200 OK,HTTP reply(no cookie),HTTP/1.1 200 OK,HTTP reply(with inserted cookie),pickserver,GET/URI2 HTTP/1.1,HTTP request(with same cookie),TCP handshake,TCP handshake,GET/URI2 HTTP/1.1,HTTP request(with same cookie),HTTP/1.1 200 OK,HTTP reply(,no cookie,),HTTP/1.1 200 OK,HTTP reply(updated cookie),cookiespecifiesserver,First Hit,Second Hit,Set-Cookie:SERVERID=A,Cookie:SERVERID=A,Cookie persistence,1.1 HTTP Cookie Insert,1.2 HTTP Cookie Rewrite,1.3 HTTP Cookie Passive,1.4 Cookie Hash,Destination Address affinity persistence,Hash persistence,MSRDP persistence,SIP,persistence(session,Initiation protocol),Souce,address,affnity,persistence,SSL persistence,Universal persistence,insert,rewrite,prefix,listen,webfarm,192.168.1.1:80,mode http,balance,roundrobin,cookie SERVERID insert indirect,option,httpchk,HEAD/,index.html,HTTP/1.0,server,webA,192.168.1.11:80,cookie A,check,server,webB,192.168.1.12:80,cookie B,check,server,webC,192.168.1.13:80,cookie C,check,server,webD,192.168.1.14:80,cookie D,check,SNAT&RNAT,E,xternal,vlan,In,ternal,vlan,VIP:,221.238.249.177,MAPPED IP:10.10.1.1,eth0:10.10.1.2,eth1:192.168.1.2,SNAT,RNAT,backend private,#Connect to the servers using our 192.168.1.200 source address,source 192.168.1.200,backend transparent_ssl1,#Connect to the SSL farm from the clients source address,source 192.168.1.200,usesrc,clientip,server,railsA,192.168.1.11:80,source 192.168.1.201,check,server,railsB,192.168.1.12:80,minconn,4,maxconn,12 check,server,railsC,192.168.1.13:80,minconn,4,maxconn,12 check,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,Server Protection,Attack(SYN Flood),Connection Limit,Timeout,Surge Queue,Slow Start,F5,Syn,Proxy,ACL/,iControl/iRules,NetScaler,Syn,Cookie/TCP offload/Content Filter/ACL,LVS,Iptables,?,HAProxy,ACL,listen,appfarm,192.168.1.1:80,mode http,maxconn,10000,option,httpclose,option,abortonclose,option,forwardfor,balance,roundrobin,server,railsA,192.168.1.11:80,minconn,4,maxconn,12,check,server,railsB,192.168.1.12:80,minconn,4,maxconn,12 check,server,railsC,192.168.1.13:80,minconn,4,maxconn,12 check,contimeout,60000,weight,maxconn,Timeout,Timeout client,客户端连接的闲置时间,timeout,clitimeout,同上、已废弃,timeout connect,服务器端连接的超时时间,(,尝试连接,),timeout,contimeout,同上、已废弃,timeout http-request,一个完整的,HTTP,请求的超时时间,(,仅针对,header,,降低,DDoS,风险,连接堆积危险,),timeout queue,队列中等待的超时时间,当服务器连接满时,多余的请求会放到服务器或者,proxy,实例的,queue,里面。返回,503,timeout server,服务器端连接的闲置时间,timeout,srvtimeout,同上、已废弃,timeout,tarpit,使用,reqtarpit,后,连接保持打开的时间,超时则关闭,Client,proxy,server,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,HAProxy ACL,req_len,wait_end,req_ssl_ver,Layer 4 and below,Layer 4 Content,method,req_ver,path_*,url,_*,hdr,_*,Layer 7 Content,HTTP_1.1,METH_GET,Pre-defined ACL,src/dst,src_port/dst_port,dst_conn,nbsrv(backend,),acl,missing_cl,hdr_cnt(Content,-length),eq,0,block if HTTP_URL_STAR!METH_OPTIONS|METH_POST,missing_cl,block if METH_GET HTTP_CONTENT,block unless METH_GET or METH_POST or METH_OPTIONS,To select a different backend for requests to static contents on the www site,and to every request on the,img,video,download and ftp hosts:,acl,url_static,path_beg,/static/images/,img,/,css,acl,url_static,path_end,.gif.,png,.jpg.,css,.,js,acl,host_www,hdr_beg(host,)-i www,acl,host_static,hdr_beg(host,)-i,img,.video.download.ftp.,#now use backend static for all static-only hosts,and for static,urls,#of host www.Use backend www for the rest.,use_backend,static if,host_static,or,host_www,url_static,use_backend,www if,host_www,Content Switch(UIE/,iRule,/ACL),frontend public,reqisetbe,Host:,img,static,#The URI will use a specific keyword soon,reqisetbe,*/(,img|css,)/static,reqisetbe,*/admin/stats stats,default_backend,dynamic,#The static backend,backend,for Host:,img,/,img,and/,css,.,backend static,backend dynamic,backend stats,if(,http_uri,ends_with,“.gif”),use pool,image_servers,else if(,http_uri,starts_with,“/,foo,”),use pool,foo_servers,else if(,http_cookie(“XYZ,-Type”)=“direct”),use pool,cookie_servers,else if(,findstr(http_uri,“?type=”,6,“&”)=“,cgi,”),use pool,cgi_servers,else,use pool,web_servers,acl,url_static,path_beg,/static/images/,img,/,css,acl,url_static,path_end,.gif.,png,.jpg.,css,.,js,acl,host_www,hdr_beg(host,)-i www,acl,host_static,hdr_beg(host,)-i,img,.video.download.ftp.,use_backend,static if,host_static,or,host_www,url_static,use_backend,www if,host_www,We are here,Basically,LB related,Persistence,SNAT/RNAT,Server Protection,ACL/CS,GSLB,GSLB,如何实现,CDN,和站点容灾?!,Illustrated,Performance,Keep-Alive,Compression,In-memory Cache,Server Offload,TCP Buffering,Logging,listen proxy-out,mode http,option,httplog,option,logasap,log global,server cache1 192.168.1.1:3128,#log the name of the virtual server,capture request header Host,len,20,#log the amount of data uploaded during a POST,capture request header Content-Length,len,10,#log the beginning of the referrer,capture request header,Referer,len,20,#server name(useful for outgoing proxies only),capture response header Server,len,20,#logging the content-length is useful with option,logasap,capture response header Content-Length,len,10,#log the expected cache,behaviour,on the response,capture response header Cache-Control,len,8,HTTP Header Manipulation,reqdel,reqdeny,reqpass,reqtarpit,reqsetbe,reqisetbe,reqirep,reqidel,reqideny,reqipass,reqiallow,reqitarpit,reqadd,rsp,*,#remove X-Forwarded-For header and SERVER cookie,reqidel,X-Forwarded-For:.*,reqidel,Cookie:.*SERVER=,#refuse*.local,then allow www.*,reqideny Host:.*.local,reqiallow Host:www.,#refuse*.local,then allow www.*,but ignore#,www.private.local,reqipass,Host:,www.private,.local,reqideny,Host:.*.local,reqiallow,Host:www.,#replace/static/with/at the beginning of any request path.,reqrep,(*)/static/(.*)1/2,#replace,with www in the host name.,reqirep,Host:,Host:www,HAProxy The Reliable,High Performance TCP/HTTP,Load Balancer,简介,功能,性能,安全,Bibliography,1,HAProxy Official Site,:,haproxy.1wt.eu,2,Willy TARREAU,:,HAProxy Configuration Manual(English),3,Willy TARREAU,:,HAProxy Architecture Guide(English),4,Willy TARREAU,:,HAProxy Reference Manual,5,F5 Networks,:,Configuration Guide for Local Traffic Management(v9.2.2),6,Citrix,:,NetScaler Installation and Configuration Guide-Vol.1(2),THE END,
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
