Cisco IOS IPサービス – NAT TCP Load Distributionの設定

スポンサーリンク

Cisco IOSを用いたNATによる負荷分散方法について動作確認を行います。NATによる宛先を交互に変更する事で負荷分散を実現しています。

概要

NATを用いて負荷分散する方法についてまとめます。

コマンド一覧

このシナリオで重要なコマンド一覧は以下の通りです。

Router(config)# ip nat pool <pool_name> <low_addr> <high_addr> prefix-length <length> type rotary
Router(config)# access-list <1-99> permit host <virtual_server_addr>
Router(config)# access-list <100-199> tcp permit <src_addr> <src_wild_card> <virtual_server_addr> eq <port>
Router(config)# ip nat inside destination list <list> pool <pool>

Router(config)# interface <interface>
Router(config-if)# ip nat inside
Router(config)# interface <interface>
Router(config-if)# ip nat outside

構成図

以下の構成で動作確認を行います。

         e0/0    e0/1      e0/0    e0/1      e0/0    e0/1
 +--------+.1    .2+--------+.2    .3+--------+.3    .4+--------+
 |   R1   +--------+   R2   +--------+   R3   +--------+   R4   |
 +--------+        +--------+        +--------+        +--------+
        192.168.12.0/24   192.168.23.0/24    192.168.34.0/24

 R1 Loopback0      R2 Loopback0      R3 Loopback0      R4 Loopback0
 10.1.1.1/32       10.2.2.2/32       10.3.3.3/32       10.4.4.4/32
 [R1,R2]
router rip
 version 2
 network 10.0.0.0
 network 192.168.123.0
 network 192.168.34.0
 no auto-summary

 [R3]
router rip
 version 2
 network 10.0.0.0
 network 192.168.123.0
 network 192.168.34.0
 no auto-summary

 [R4]
router rip
 version 2
 network 10.0.0.0
 network 192.168.34.0
 no auto-summary

設定全文は下記ファイルです。詳細設定は下記を参照ください。

R1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.123.1 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.123.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
R2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.2.2.2 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.123.2 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.123.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
R3
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.123.3 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.34.3 255.255.255.0
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.34.0
 network 192.168.123.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
R4
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.4.4.4 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.34.4 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.34.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

仕様説明

TCP Load Distribution

まず以下のようなコマンドでNAT poolを定義します。poolには負荷分散の対象となる実サーバのIPアドレスを記述します。

Router(config)# ip nat pool <pool_name> <low_addr> <high_addr> prefix-length <length> type rotary

サーバにアクセスする際の仮想アドレスをaccess-listで指定します。特に詳細な要件がない場合はstandard ACLを使用し、送信元やポート番号を制御したい場合はextended ACLを使用して下さい。

Router(config)# access-list <1-99> permit host <virtual_server_addr>
Router(config)# access-list <100-199> tcp permit <src_addr> <src_wild_card> <virtual_server_addr> eq <port>

NATを設定します。通常のNAT設定と異なり、”ip nat inside destination“コマンドになる事に注意して下さい。

Router(config)# ip nat inside destination list <list> pool <pool>

inside, outside interfaceを指定します。サーバが存在する側がinsideです。

Router(config)# interface <interface>
Router(config-if)# ip nat inside
Router(config)# interface <interface>
Router(config-if)# ip nat outside

TCP Load Distribution

事前準備

R1, R2において、telnet, httpを有効にします。

 [R1, R2]
ip http server
!
line vty 0 15
 password cisco
 login

設定投入

 [R3]
ip nat pool real-host 192.168.123.1 192.168.123.2 prefix-length 24 type rotary
access-list 100 permit tcp any host 192.168.123.100 eq telnet
ip nat inside destination list 100 pool real-host
!
interface Ethernet0/0
 ip nat inside
!
interface Ethernet0/1
 ip nat outside

動作確認

telnetについて負荷分散されている事が分かります。

 [R4]
R4#telnet 192.168.123.100
Trying 192.168.123.100 ... Open


User Access Verification

Password:
R1>exit

[Connection to 192.168.123.100 closed by foreign host]
R4#telnet 192.168.123.100
Trying 192.168.123.100 ... Open


User Access Verification

Password:
R2>

ACLで許可されていないhttpについては疎通不能になっている事が分かります。

 [R4]
R4#telnet 192.168.123.100 80
Trying 192.168.123.100, 80 ...
% Connection timed out; remote host not responding

R4#
タイトルとURLをコピーしました