现场问题描述:
现场部署SecPath L5000-C(V7)配置七层服务器负载均衡,根据HTTP报文头中的“trffweb”字段进行负载,配置完成后发现服务器负载不成功。
过程分析:
1、排查配置,发现客户配置无误。
loadbalance policy "http80_url redirection" type http
class fw action fw
#
virtual-server "http80_url redirection" type http
virtual ip address 20.3.8.1
parameter http http_any
lb-policy "http80_url redirection"
service enable
sticky-sync enable
#
loadbalance class fw type http match-any
match 1 url trffweb
#
loadbalance action fw type http
server-farm fw sticky sip_300s
#
real-server fw_1
ip address 10.24.89.75
port 9080
server-farm fw
success-criteria at-least 1
#
real-server fw_2
ip address 10.24.89.75
port 9081
server-farm fw
success-criteria at-least 1
#
real-server fw_3
ip address 10.24.89.76
port 9080
server-farm fw
success-criteria at-least 1
2、上述配置排查无问题,所以下一步需要deubg LB会话来看服务器负载均衡是否工作正常?
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Virtual server received a notification, type: 1.
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] received request successfully: Event=User-Input.
*Apr 10 11:20:03:072 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079]: Direction=Request, State=Request_line --> Done, Parse Length=495.
*Apr 10 11:20:03:072 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079], HTTP packet header:
GET /trffweb HTTP/1.1 \\报文头部携带了“trffweb”字段
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 20.3.8.1
Connection: Keep-Alive
COOKIE: JSESSIOnID=0000ujzQ37ZQuiMzlhGSDQdaCyE:18kehkg2a
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] forwarding method is Server-farm. \\已经匹配了负载均衡到Server-farm
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] used the previous real server. \\选择实服务器
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] got an idle connection successfully.
*Apr 10 11:20:03:072 2019 H3C LB/7/FSM: -COntext=1; Transaction [11079]: State=WAITING -> TRANSMITTING, Direction=Request.
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Sent 0 packets to TCP.
*Apr 10 11:20:03:072 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] sent request successfully [Local=20.3.8.1/1473, Peer=10.24.89.75/9081]. \\数据的目的地址已经变更为实服务地址,说明负载均衡是正常的。
*Apr 10 11:20:03:072 2019 H3C LB/7/FSM: -COntext=1; Transaction [11079] State=TRANSMITTING -> TRANSMITTING, Direction=Request.
*Apr 10 11:20:03:073 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.
*Apr 10 11:20:03:073 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11079] received response data successfully: Event=Server-Input.
*Apr 10 11:20:03:073 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079]: Direction=Response, State=Status_line --> Done, Parse Length=144.
*Apr 10 11:20:03:073 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11079], HTTP packet header: \\但是当LB将此HTTP请求交给服务器时,服务器却回复302错误。
HTTP/1.1 302 Found
Location: http://20.3.8.1:9081/trffweb/
Content-Language: zh-CN
Content-Length: 0
Date: Wed, 10 Apr 2019 03:20:04 GMT
3、进一步测试客户实服务器服务是否正常,让客户跨过LB直接使用http:// 10.24.89.75:9081/trffweb发现服务器还是无法访问,但是客户反馈当输入http:// 10.24.89.75:9081/trffweb/时发现可以访问服务器服务。再次deug LB策略发现使用http:// 20.3.8.1:9081/trffweb/访问时发现此时可以正常访问到实服务器。
正常时的DEBUG信息:
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] received request successfully: Event=User-Input.
*Apr 10 11:20:20:272 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078]: Direction=Request, State=Request_line --> Done, Parse Length=496.
*Apr 10 11:20:20:272 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078], HTTP packet header:
GET /trffweb/ HTTP/1.1 \\对比发现“/trffweb/”字段后多个“/”。
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 20.3.8.1
Connection: Keep-Alive
COOKIE: JSESSIOnID=0000ujzQ37ZQuiMzlhGSDQdaCyE:18kehkg2a
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] forwarding method is Server-farm.
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] used the previous real server.
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] got an idle connection successfully.
*Apr 10 11:20:20:272 2019 H3C LB/7/FSM: -COntext=1; Transaction [11078]: State=WAITING -> TRANSMITTING, Direction=Request.
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Sent 0 packets to TCP.
*Apr 10 11:20:20:272 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] sent request successfully [Local=20.3.8.1/1473, Peer=10.24.89.75/9081].
*Apr 10 11:20:20:272 2019 H3C LB/7/FSM: -COntext=1; Transaction [11078] State=TRANSMITTING -> TRANSMITTING, Direction=Request.
*Apr 10 11:20:20:294 2019 H3C LB/7/EVENT: -COntext=1; Received 1 packets from TCP.
*Apr 10 11:20:20:294 2019 H3C LB/7/EVENT: -COntext=1; Transaction [11078] received response data successfully: Event=Server-Input.
*Apr 10 11:20:20:294 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078]: Direction=Response, State=Status_line --> Chunked, Parse Length=1448.
*Apr 10 11:20:20:294 2019 H3C LB/7/PACKET: -COntext=1; Transaction [11078], HTTP packet header:
HTTP/1.1 200 OK \\此时发现服务器回复正常
Content-Type: text/html; charset=gb2312
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: zh-CN
Transfer-Encoding: chunked
Date: Wed, 10 Apr 2019 03:20:20 GMT
至此原因已经找到非我司L5000-C问题,而是客户本身实服务就存在问题,但是目前业务服务器侧无法做变动,只能在设备侧想办法解决。
此类需求可以通过HTTP重写解决,但是和产品线确认目前SecPath L5000-C(V7)版本暂时不支持url改写,只能通过url重定向解决。
修改配置将/trffweb改写为/trffweb/,使用户使用携带“/trffweb/”字段的HTTP请求报文访问后解决。
具体配置:
virtual-server "http80_url redirection" type http
virtual ip address 20.3.8.1
parameter http http_any
lb-policy "http80_url redirection"
default server-farm fw
service enable
sticky-sync enable
#
loadbalance policy "http80_url redirection" type http
class redirect action redirect
class fw action fwq
class zhzy action zhzy
#
loadbalance class fw type http match-any
match 1 url /trffweb$ \\$表示结束
#
loadbalance action fw type http
redirect relocation /trffweb/
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作