Cisco IOSを用いたNATによる負荷分散方法について動作確認を行います。NATによる宛先を交互に変更する事で負荷分散を実現しています。
概要
NATを用いて負荷分散する方法についてまとめます。
コマンド一覧
このシナリオで重要なコマンド一覧は以下の通りです。
Router(config)# ip nat pool <pool_name> <low_addr> <high_addr> prefix-length <length> type rotary
Router(config)# access-list <1-99> permit host <virtual_server_addr>
Router(config)# access-list <100-199> tcp permit <src_addr> <src_wild_card> <virtual_server_addr> eq <port>
Router(config)# ip nat inside destination list <list> pool <pool>
Router(config)# interface <interface>
Router(config-if)# ip nat inside
Router(config)# interface <interface>
Router(config-if)# ip nat outside
構成図
以下の構成で動作確認を行います。
e0/0 e0/1 e0/0 e0/1 e0/0 e0/1
+--------+.1 .2+--------+.2 .3+--------+.3 .4+--------+
| R1 +--------+ R2 +--------+ R3 +--------+ R4 |
+--------+ +--------+ +--------+ +--------+
192.168.12.0/24 192.168.23.0/24 192.168.34.0/24
R1 Loopback0 R2 Loopback0 R3 Loopback0 R4 Loopback0
10.1.1.1/32 10.2.2.2/32 10.3.3.3/32 10.4.4.4/32
[R1,R2]
router rip
version 2
network 10.0.0.0
network 192.168.123.0
network 192.168.34.0
no auto-summary
[R3]
router rip
version 2
network 10.0.0.0
network 192.168.123.0
network 192.168.34.0
no auto-summary
[R4]
router rip
version 2
network 10.0.0.0
network 192.168.34.0
no auto-summary
設定全文は下記ファイルです。詳細設定は下記を参照ください。
R1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
!
router rip
version 2
network 10.0.0.0
network 192.168.123.0
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.2 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
!
router rip
version 2
network 10.0.0.0
network 192.168.123.0
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R3
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.123.3 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip address 192.168.34.3 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
!
router rip
version 2
network 10.0.0.0
network 192.168.34.0
network 192.168.123.0
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
R4
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
half-duplex
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
!
router rip
version 2
network 10.0.0.0
network 192.168.34.0
no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
仕様説明
TCP Load Distribution
まず以下のようなコマンドでNAT poolを定義します。poolには負荷分散の対象となる実サーバのIPアドレスを記述します。
Router(config)# ip nat pool <pool_name> <low_addr> <high_addr> prefix-length <length> type rotary
サーバにアクセスする際の仮想アドレスをaccess-listで指定します。特に詳細な要件がない場合はstandard ACLを使用し、送信元やポート番号を制御したい場合はextended ACLを使用して下さい。
Router(config)# access-list <1-99> permit host <virtual_server_addr>
Router(config)# access-list <100-199> tcp permit <src_addr> <src_wild_card> <virtual_server_addr> eq <port>
NATを設定します。通常のNAT設定と異なり、”ip nat inside destination“コマンドになる事に注意して下さい。
Router(config)# ip nat inside destination list <list> pool <pool>
inside, outside interfaceを指定します。サーバが存在する側がinsideです。
Router(config)# interface <interface>
Router(config-if)# ip nat inside
Router(config)# interface <interface>
Router(config-if)# ip nat outside
TCP Load Distribution
事前準備
R1, R2において、telnet, httpを有効にします。
[R1, R2]
ip http server
!
line vty 0 15
password cisco
login
設定投入
[R3]
ip nat pool real-host 192.168.123.1 192.168.123.2 prefix-length 24 type rotary
access-list 100 permit tcp any host 192.168.123.100 eq telnet
ip nat inside destination list 100 pool real-host
!
interface Ethernet0/0
ip nat inside
!
interface Ethernet0/1
ip nat outside
動作確認
telnetについて負荷分散されている事が分かります。
[R4]
R4#telnet 192.168.123.100
Trying 192.168.123.100 ... Open
User Access Verification
Password:
R1>exit
[Connection to 192.168.123.100 closed by foreign host]
R4#telnet 192.168.123.100
Trying 192.168.123.100 ... Open
User Access Verification
Password:
R2>
ACLで許可されていないhttpについては疎通不能になっている事が分かります。
[R4]
R4#telnet 192.168.123.100 80
Trying 192.168.123.100, 80 ...
% Connection timed out; remote host not responding
R4#