Radware链路负载均衡双机注意事项

 

拓扑说明：

 

网络描述：

网络出口4条公网线路接入，如上图，两台出口防火墙作HA，且防火墙出口地址是教育网的地址，即Radware LP 负载均衡设备教育网的接入端口应该启用VLAN；那么两台LP在作高可用的时候须要注意如下问题，这里介绍的是基于VRRP的模式；

 

条件需求：

两台LP型号必须同样，且须要相同的软件版本。功能许可例如BWM,IPS能够不用考虑，内存大小也不用考虑，可是吞吐最好也要相同。

这里实施的软件版本是ODS2 6.12.02，目前最新的软件版本

问题描述：

一、当启用VRRP之后，发现主设备的VLAN接口运行状态老是不能UP，可是物理状态是UP的；

二、LP的VLAN接口不是很稳定，时段时通；

解决办法：

一、当启用VRRP的时候，主设备须要开启Interface Grouping,此选项的功能是检查设备端口运行状态，当他发现一个端口DOWN了，那么该机制会强制让其余端口也DOWN。因此在给VLAN接口作VRRP的时候必定要将全部的

VLAN接口都UP，这样VLAN才是激活的状态

 

Interface Grouping

To provide a complete solution for redundancy against all failures, LinkProof employs a mechanism called Interface Grouping. If LinkProof notices that one of its physical ports is down, it intentionally brings all other active ports down.

When a physical port on LinkProof goes down, because of a cable failure, switch port failure, hub failure, or other problems, LinkProof performs the following tasks:

 

1.	LinkProof examines the configuration to see if any IP addresses were configured on the port that just went down.
2.	If there were IP addresses configured on the port that went down, LinkProof deactivates all other active ports.

3.	If there were no IP addresses configured on the port that went down, nothing happens and normal operation continues.

>>	Using Regular VLAN, when any of the ports associated with a VLAN is down, Interface Grouping is triggered.
>>	Using Switched IP VLAN, Interface Grouping is triggered only when all ports on a Switched IP VLAN are down.

>>	When using VLAN with interface groupings, a group may go down as a result of a failing interface. In such an event, all traffic to the interfaces belonging to the group will be discarded including management traffic.

 

二、能够从拓扑中看出，这样的部署是有环路的，多是这个缘由致使了LP VLAN接口不稳定，可是在VRRP的全局设置中能够经过 Backup-In-Vlan 选项解决此问题，他的做用是若是状态选择为BACKUP，那么备设备是不处理任何流量的。

 

主设备配置

 

备设备配置

 

 

全局参数