服务器lol服务器连接异常

知四层服务器负载均衡NAT朱尘炀2016-03-19发表V7版本LB服务器负载SNAT导致业务异常问题分析1、LB服务器负载组网拓扑2、实现需求按照上述拓扑实现LB旁路部署时的服务器负载,因为LB旁路部署,服务器原有网关均为核心交换机,在不改变服务器网关配置的前提下,为了保证来回的流量全部经过LB需要在LB上配置SNAT3、故障现象配置SNAT之后,通过LB上的虚服务无法访问后端服务器提供的web服务;如果不配置SNAT,同时在交换机上配置PBR保证来回流量都经过LB,此时可以通过LB的虚服务正常访问web业务1、查看实服务和虚服务状态均为active2、查看其中一个实服务组SNAT状态[Sysname]displayserver-farmServerfarm:sf1Description:Predictor:HashaddresssourceIPNAT:EnabledSNATpool:snatFailedaction:KeepActivethreshold:DisabledSlow-online:DisabledSelectedserver:DisabledTotalrealserver:1Activerealserver:1Realserverlist:NameStateAddressPortWeightPriorityrs1Active192.
168.
1.
101004其中SNAT地址池配置为:loadbalancesnat-poolsnatiprangestart178.
1.
1.
3end178.
1.
1.
33、查看实服务和虚服务统计信息[Sysname]displayvirtual-serverstatisticsnamevsSlot1:Virtualserver:vsTotalconnections:3Activeconnections:0Maxconnections:3Connectionspersecond:0Maxconnectionspersecond:1Clientinput:1717bytesClientoutput:2750bytesThroughput:0bytes/sInboundthroughput:0bytes/sOutboundthroughput:0bytes/sMaxthroughput:1423bytes/sMaxinboundthroughput:673bytes/sMaxoutboundthroughput:750bytes/sReceivedpackets:37Sentpackets:45Droppedpackets:0[Sysname]displayreal-serverstatisticsnamers1Slot1:Realserver:rs1Totalconnections:1Activeconnections:0Maxconnections:1Connectionspersecond:0Maxconnectionspersecond:1Serverinput:0bytesServeroutput:915bytesThroughput:0bytes/sInboundthroughput:0bytes/sOutboundthroughput:0bytes/sMaxthroughput:915bytes/sMaxinboundthroughput:0bytes/sMaxoutboundthroughput:915bytes/sReceivedpackets:12Sentpackets:0Droppedpackets:0Receivedrequests:0Droppedrequests:0Sentresponses:0Droppedresponses:0[Sysname]displayreal-serverstatisticsnamers2Slot1:Realserver:rs2Totalconnections:1Activeconnections:0Maxconnections:1Connectionspersecond:0Maxconnectionspersecond:1Serverinput:0bytesServeroutput:559bytesThroughput:0bytes/sInboundthroughput:0bytes/sOutboundthroughput:0bytes/sMaxthroughput:559bytes/sMaxinboundthroughput:0bytes/sMaxoutboundthroughput:559bytes/sReceivedpackets:12Sentpackets:0Droppedpackets:0Receivedrequests:0Droppedrequests:0Sentresponses:0Droppedresponses:0[Sysname]displayreal-serverstatisticsnamers3Slot1:Realserver:rs3Totalconnections:1Activeconnections:0Maxconnections:1Connectionspersecond:0Maxconnectionspersecond:1Serverinput:0bytesServeroutput:599bytesThroughput:0bytes/sInboundthroughput:0bytes/sOutboundthroughput:0bytes/sMaxthroughput:559bytes/sMaxinboundthroughput:0bytes/sMaxoutboundthroughput:599bytes/sReceivedpackets:13Sentpackets:0Droppedpackets:0Receivedrequests:0Droppedrequests:0Sentresponses:0Droppedresponses:0从实服务的统计信息来看,serverinput和sentpacket两个统计项均为01、根据LB的虚服务和实服务统计信息来看,终端和LB之间报文交互有收有发属于正常情况;但是LB和服务器之间,只有LB发送报文但是LB没有收到服务器的任何回应报文2、经过在服务器上抓包发现,服务器收到了LB的TCP请求,也回应了LB的TCP请求3、在交换机连接服务器和LB的端口上分别同时做端口镜像抓包,发现交换机收到了服务器的回应请求,但是交换机没有把服务器回应请求转发给LB4、现场交换机是正常转发数据的,但是报文却丢在交换机上,查看交换机的ARP表项,发现没有LB上SNAT地址池中对应地址的转发表项5、针对LB上服务器负载的SNAT地址池测试发现,如果SNAT地址池中的地址在对应接口上不存在时,LB不会响应该地址的任何ARP报文,所以导致直连核心交换机上没有对应的ARP表项,故LB和服务器无法正常转发数据1、服务器负载SNAT地址池中的地址务必配置在对应的出接口上2、不使用服务器负载SNAT方法来保证来回的流量都经过LB,可以在核心交换机上配置PBR保证来回流量都经过LB1、在LB服务器负载组网时,一般旁路部署都是为了不改变客户处原有网络拓扑环境,包括不改变服务器原有网关地址等,此时需要保证来回流量都经过LB,最简单同时对客户网络改动最少的方法就是在LB上开启服务器负载SNAT2、服务器负载SNAT地址池中的地址务必配置在对应的出接口,保证LB正常响应地址池中对应地址的ARP请求,可以通过在接口上配置sub地址实现,所以在配置SNAT地址池的时候需要注意