• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
案例类型
搜索
取消
产品线
关键字
发布者
发布时间

SecPath L5000-C(V7) 配置七层服务器负载均衡后无法访问服务器业务解决方法

  • 0关注
  • 0收藏,251浏览
0

组网及说明

现场问题描述:


问题描述

现场部署SecPath L5000-C(V7)配置七层服务器负载均衡,根据HTTP报文头中的“trffweb”字段进行负载,配置完成后发现服务器负载不成功。

过程分析

过程分析:

1、排查配置,发现客户配置无误。

loadbalance policy "http80_url redirection" type http

class fw action fw

#

virtual-server "http80_url redirection" type http

virtual ip address 20.3.8.1

parameter http http_any

lb-policy "http80_url redirection"

service enable

sticky-sync enable

#

loadbalance class fw type http match-any

match 1 url trffweb

#

loadbalance action fw type http

server-farm fw sticky sip_300s

#

real-server fw_1

ip address 10.24.89.75

port 9080

server-farm fw

success-criteria at-least 1

#

real-server fw_2

ip address 10.24.89.75

port 9081

server-farm fw

success-criteria at-least 1

#

real-server fw_3

ip address 10.24.89.76

port 9080

server-farm fw

success-criteria at-least 1

2、上述配置排查无问题,所以下一步需要deubg LB会话来看服务器负载均衡是否工作正常?

deugging lb all

t m

t d

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Virtual server received a notification, type: 1.

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] received request successfully: Event=User-Input.

*Apr 10 11:20:03:072 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079]: Direction=Request, State=Request_line --> Done, Parse Length=495.

*Apr 10 11:20:03:072 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079], HTTP packet header:

GET /trffweb HTTP/1.1                                                   \\报文头部携带了“trffweb”字段

Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: zh-CN

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

Accept-Encoding: gzip, deflate

Host: 20.3.8.1

Connection: Keep-Alive

COOKIE: JSESSIOnID=0000ujzQ37ZQuiMzlhGSDQdaCyE:18kehkg2a

 

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] forwarding method is Server-farm.  \\已经匹配了负载均衡到Server-farm

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] used the previous real server.    \\选择实服务器

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] got an idle connection successfully.

*Apr 10 11:20:03:072 2019 H3C LB/7/FSM: -COntext=1; Transaction [11079]: State=WAITING -> TRANSMITTING, Direction=Request.

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Sent 0 packets to TCP.

*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] sent request successfully [Local=20.3.8.1/1473, Peer=10.24.89.75/9081].    \\数据的目的地址已经变更为实服务地址,说明负载均衡是正常的。

*Apr 10 11:20:03:072 2019 H3C LB/7/FSM: -COntext=1; Transaction [11079] State=TRANSMITTING -> TRANSMITTING, Direction=Request.

*Apr 10 11:20:03:073 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.

*Apr 10 11:20:03:073 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] received response data successfully: Event=Server-Input.

*Apr 10 11:20:03:073 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079]: Direction=Response, State=Status_line --> Done, Parse Length=144.

*Apr 10 11:20:03:073 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079], HTTP packet header: \\但是当LB将此HTTP请求交给服务器时,服务器却回复302错误。

HTTP/1.1 302 Found

Location: http://20.3.8.1:9081/trffweb/

Content-Language: zh-CN

Content-Length: 0

Date: Wed, 10 Apr 2019 03:20:04 GMT

3、进一步测试客户实服务器服务是否正常,让客户跨过LB直接使用http:// 10.24.89.75:9081/trffweb发现服务器还是无法访问,但是客户反馈当输入http:// 10.24.89.75:9081/trffweb/时发现可以访问服务器服务。再次deug LB策略发现使用http:// 20.3.8.1:9081/trffweb/访问时发现此时可以正常访问到实服务器。

正常时的DEBUG信息:

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Virtual server received a notification, type: 1.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] received request successfully: Event=User-Input.

*Apr 10 11:20:20:272 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078]: Direction=Request, State=Request_line --> Done, Parse Length=496.

*Apr 10 11:20:20:272 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078], HTTP packet header:

GET /trffweb/ HTTP/1.1         \\对比发现“/trffweb/”字段后多个“/”

Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*

Accept-Language: zh-CN

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

Accept-Encoding: gzip, deflate

Host: 20.3.8.1

Connection: Keep-Alive

COOKIE: JSESSIOnID=0000ujzQ37ZQuiMzlhGSDQdaCyE:18kehkg2a

 

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] forwarding method is Server-farm.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] used the previous real server.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] got an idle connection successfully.

*Apr 10 11:20:20:272 2019 H3C LB/7/FSM: -COntext=1; Transaction [11078]: State=WAITING -> TRANSMITTING, Direction=Request.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Sent 0 packets to TCP.

*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] sent request successfully [Local=20.3.8.1/1473, Peer=10.24.89.75/9081].

*Apr 10 11:20:20:272 2019 H3C LB/7/FSM: -COntext=1; Transaction [11078] State=TRANSMITTING -> TRANSMITTING, Direction=Request.

*Apr 10 11:20:20:294 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.

*Apr 10 11:20:20:294 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] received response data successfully: Event=Server-Input.

*Apr 10 11:20:20:294 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078]: Direction=Response, State=Status_line --> Chunked, Parse Length=1448.

*Apr 10 11:20:20:294 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078], HTTP packet header:

HTTP/1.1 200 OK                                                   \\此时发现服务器回复正常

Content-Type: text/html; charset=gb2312

Cache-Control: no-store

Pragma: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Language: zh-CN

Transfer-Encoding: chunked

Date: Wed, 10 Apr 2019 03:20:20 GMT

至此原因已经找到非我司L5000-C问题,而是客户本身实服务就存在问题,但是目前业务服务器侧无法做变动,只能在设备侧想办法解决。


解决方法

此类需求可以通过HTTP重写解决,但是和产品线确认目前SecPath L5000-C(V7)版本暂时不支持url改写,只能通过url重定向解决。

修改配置将/trffweb改写为/trffweb/,使用户使用携带“/trffweb/”字段的HTTP请求报文访问后解决。

具体配置:

virtual-server "http80_url redirection" type http

virtual ip address 20.3.8.1

parameter http http_any

lb-policy "http80_url redirection"

default server-farm fw

service enable

sticky-sync enable

#

loadbalance policy "http80_url redirection" type http

class redirect action redirect

class fw action fwq

class zhzy action zhzy

#

loadbalance class fw type http match-any

match 1 url /trffweb$                                  \\$表示结束

#

loadbalance action fw type http

redirect relocation /trffweb/


0 个评论

该案例暂时没有网友评论

编辑评论

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作