RadwareAppDirector负载均衡器维护手册.docx

第1章系统维护11保存配置文件DownloadConfigurationFileConfigurationTypeRegularIncludePrivateKeys口从1.06.09以后的配置文件全是文本格式的，可以干脆斓林修放上传.不须要收换.打开File>(ConfigurationFile>ReceiveFromI>evke.FileSoftwareUpdateDnfigurationFileDeviceSupportBridgeConfigurationSendtoDeviceRouterSoftware1.istReceivefromDeviceAppDirector1.ogfileM%IUFileDeviceBndgeRouterAppDirectorHealthMonitoringSecurity在中.输入你想保存的文件K点击*set"保存配置1.2 复原配置文件打开FileConfigurationFile)SendtoDevice.FileSoftwareUpdateguratonFiletoD&viceBridgeSupportConfigurationSendtoDevice1RouterAppDirectorI>.UI.»4.4.-.Software1.istReceivefromDevice1.OgfileUploadmodeConfigurationfileReplaceconfigurationfileUploadConfigurationFiletoDeviceAppendcommandstoconfigurationfileAppendcommandstoconfigurationfilewithrebootSet点击“set”系统会提示你.须要汆用设备才能使限置生效.1.3 SNMP的字串管理修改SNMP的字串打开Serity>ConmuityTable.F4eD¼icB11(RorApprctorHoatthMonrtcmgSccurrtyBWWClassesPerfwmanceSefvscesHelpSNMPCommunityTableTargetAddressTeMeTrge<ParemetecsIMexICommwWtyNemeSealmyNftme1°npo<tCgMan>gemerrtPortsSnmpPingPhysicalPortsUsersSignatureProtectedBehaMoralDoSReporting»AitackDatabaseUpdMePoteiesPack«Anomp*cKGIobllParametersUserTabIeCommunityTaMeGroupsTableAccessTaNeViewTabIeNotifyTnbleTaggParameiersTableTrge(AddmgTaWe加入新的管理字f|；"FJJJ2006”.安排”S“pe产权限给它.SNMPCommunityTableUpdateTargetAddressTableTargetParametersIndex：SecuntyNameCommunityName,publicTransportTagCancel点击,sel"字申修改1.4用户名和密码管理打开Serily>Userj.,StatusOKFileDeviceBridgeRouterAppDirectorHealthMonitoringSecurityBWMClassesPerformanceServicesUserTableandAuthenticationTelnetParametersSecureShellParametersWebServejAuthenticationMethod1.ocalUserTableYManagementPortsSnmpPingPhysicalPortsUsersSignatureProtectionBehavioralDoSSetUserTablerdIEmailSeverityAccess1.evel'noneRead-WriteDeleteCreate点击CNate、添加料的用户.假如须耍修改用户密码,干脆点击用户名，在PaSSword中输入新的密码,可以给用户以只读权限.UserTableCreateTelnetParametersSecureShellParametersWebServerParametersSecuteWebParamolors1.5 修改系统日期时间新的设备到时，粒如没后用NTP.最好同时修改主备机的系统时间.进入Dcvice-XiIobalPanimctersFileDe¼e-11d9RouterAppDirectorHealthMonitonngSecurityBVVMClassesPerformanceSewcesHelpGlobalParametersOescnpdonAppO<ectofGobXwuhCookiePfsMeryBWMIPSNameAD-GZ1.ocationSystemUpTime14days9hours52minutes51secondsCMXtSytttmTifmIhhmm$005103SystemDatod&mm/yyyy)1犹3/2009octpSogrAddress0000BootpThreshold0SenalHUmxrSoftwareVersion10711D1.HMgarOVersion450时间格式为时：分:杪口期格式为口/月，年吩咐行配置如下工ADBackupffsrAZemtimeset160000Newineis；160000AD-BackupffSj.Vremdateset22052009Newdateis：22052(X)91.6 NTP配置有时为了管理须要，必需运用NTPNetworkTimeTPServer1721120NTPpollingInterval1728001.IPTim介7Cna1,17,4anNTPServerPort123NTPSlatU6.enableVSetNTPServer,配员NTP服务湍的IP施址NTPTimeZOne$依据当地时区设置，中国配置为X)8,00NTPStatUS:谀置enable吩咐行配置如F：AD-Backup才SrrViyTUPserver$e72.11.20AD-Backup",enrc<sntimezoneset+8:00AD-Backup#sen,icesn%tatussetenable1.7检查设备CPUAD可以通过Web方式检荏负较均衡设备的CPU运用率.进入Device-)DeviceMonitoringFileDeceBndgeRouterAppD*9ctorHealthMorrfonngSecurityBvVMClassesPStatisticsSFMPAppOirectorStatisticspROUtgrProtocolStatisticsOSPFPerformanceElementStatisticsServersTCPSplittingStatisticsRsourcsResourceUtilizationReowceUtHlZaHon:6RSResourceUtilization:OREResourceUtilization:61.ast5sec.AverageUtiHzadon:281.ast60sec.AverageUtilization:23RcsouceUtilization表示CPU的运用率.以百分比计算.为RSRE的值RS衣示管理占用的CPURE表示系统负我均衡和粒发占用的CPU正常状况下，REWJRS.CPU运用率在60以内是正常的，假如超过80%,须要分析缘由.1.8检查设备运行状态AD可以通过Web方式检衣负载均衡设备的运行时间.进入Devicc->DeviceinfomationDeviceInformationTypeAppDirectocGlobalwithCoofeiePersistency.BwMIPSandEnhancedDoSPlatformApplicationSwitch2Ports21PortsCOnM16FastEthernet5GigaEthernetHWVersion450SWVersion1O711D1.BuiMFeb92009144030(Buiki20)ThroughputNongVersionStateFinalAPSoIuteOS1031-0303A.20608NetworkDrw115202RAM256Flassize8RegisteredNoDate07042009Time143146UpTime24days22hours5minutes.20seconds吩咐行操作如下；AD-Backup“ystemdevice1.9 检查服务器状态AD可以通过Web方式检查各Farm卜.面的服务器负载分担状况以及服务器的状态.进入PerfOrmanceServersAppliaitionServerStatisticsApplicationServersSummaryStatusFarnVSefvefKbitsPacke<sComecbonsTCPDlSeOnne<onsINewTCPICOnDeEOnSInOutInOutCPcPTcPTOFannTeSt00000000o00oToOSe(Verl192168IftO000000000000I0°ActiveNoNewSessionsoNOtInSerwceCCurrentTTotalPPeakIn表示流入服务器的字节数或数据包个数OUt表示流出服务腓的字节数或数据包个数C表示当前的连接数.假如为0.须要明点关注T表示总的连接数，之而全部的处理过的连接数相加P表小服务铃经的最大修值连接数1.10 获得SUPPort文件，寻求帮助进入菜郎File(Support,然后下载Support文件，获得到的SUPPOrl文件包含了设符当前纪置和全部的系统内部状态参数.假如调测过程遇到问题£法解法,可以收集该文件后联系技术支挣或厂家.F-Ie|softwareUpdatechSUPPortInfoFileDeViC8SupportFlBridggConfigurationRoUterSoftWare1.istAnnfPrtr吩咐行操作如下rAD-Backupffm4yu7<ksupportdisplay除了干脆显示.也可以通过TFTP上传AD-BackupnmanagesupporttftpCOMMANDmanagesupportISenerIP<-v>DESCRiFriONSendtheoutputofa'managesuppo<display*invocationoverTFTP.1.11 分析会话表我们可以对会话去进行过滤分析,检位应用的分发状况.此过程分为两步，第部是创建条过也规则，其次步是吉看会话表，进入菜单进入AppDirctor>(lients>ViewFiltersFileViewFiltersDwceGlobal>rredClientTableBridgeFarmsRouterServersarmNameRequestedPortFromStatus'AppDirector1.ayer4FarmSelectionigIfcmHealthMonitoring1.ayer7FarmSelectionSecurrty1.ayer7ModificaiionBWM1.ayer7SenrPersistencyClassesSNMPBasedDHatChPerformanceMATSenicesDNSHelpDistributedSystemProximilyRedundancySMiCClientTablePoweredby.ClientsFilteredClientTableWEBSERVERSegmentationViewFiNers创建一条新的条目.ViewFiltersCreateIndeX1vjStatusActrVe;SourceIPFrom0.0.0.0SourceIPTo:OOOORequestedIPFromI0000RequestedIPTo0000VSourcePortFrom0SourcePortTo.0RequestedPortTo0StaticClientTableFilteredClientTableFarmNameClientTypeAny*SerVefNat一ServerIP0000|_j_Action.NoActionjvfj11Tag-OutboundMATDynamicStaticAnyClientNatRequestedPortFrom0Rltcr的参数和1.4Policy类蚁.网洛的耍益都可以用来定义策珞.还可以选择Farm和SCrVer以及CIientTabIe的类型,实际须要考叱的是如何过滤出相确的会话分析间即。SUHUS用来定义规则的状态，可以定义多条Filler来同时,乔，多条Fiker之间是“或-的关系。分析完后，请刚好关闭FiltCr或郡州除.下面是吩咐行下的曰段.及上面配置的效果相同，可以自行选择配置方式.ADMaSIer#ap)directorclientviewfiltenhelpdppdirec(orclientviewfiltershelp:(gct><Indcx>set(Index)VTWilChvaluc>(IeMrOy/del<Index>CrCatC/add<lndcx>(switchvaluc>help<switch)Switches：SourceIPFromSal:SourceIPTodaf：RequestedIPFrxmi<latRequestedIPTo-f：SourcePoitFrom-spl:SourcePbrtTo-<ipfiRequestedPortEromdpi：RequestedPortTosa:ServerIP- ci:ClientType- s:Status- ac:Action- v:VIanTag- fn:FarmNaineIndex(I)I(2)2(3)3(4)4(5)5DisplaysIhCFilteredClientTabkViewFillers然后,就可以IS看就可以在看符合全郃Filler规则的会话我.进入菜i入AppDirctor>Clients>FilteredClientTableFilteredClientTableOrtceBndgeRouterAppDifeclorHealthMonfloringSecurityBWMCtassPerformanceSemcesHelpPowerodbyWEBSERVERGlobalFarmsServers1.ayer4FarmSelection1.ayer7FarmSelection1.ayer7Modificacion1.ayer7PersistencySNMPBasedD½patchNATDNSDistributedSyaQrnProximityRedundancyCirrt5SegmentationcClientTableViewFIhert!(*RequestedAddreuRequeuedPortServerAddressStaticChemTableFIltgwjClientTaNQViewFiItert吩咐行看君方法:ADMitser#appdirectorclientfilieredtableFilteredClientTableClientAddressSrcPDsiPFarmNameSBrVerAddressTimeTo1.iveNATAddressNATPSrvPViPAddrcssTypeModeSCSSoUptime1.12 抓包分析在处理故障时,我们可能须要分析数据包，ADIQ7的版本供应了提包功能,1.12.1 全局配置进入菜单进入Services>Diagnostics->Capture->ParametersStatisticsMonitorFileDeviceTuningBridgeDaylightSavingRouterAudrting(c4t3nOeivefyAppDirectorDiagnosticsCaptureParametersHealthMonitoringSecurityTelnetSSHTrace-1.ogFilesBWMManagementInterfacesPoliciesClassesWebServerEvent1.ogPerformanceDNSServicesMTD全局设置须要分为两步：第步,先设湿好参数,其次步才使开启功能.CaptureToolConfigurationFilesPoliciesWarningdiagnostictoo½maycause$6WeperformancedegradationStatusDisabled*IOulputToFiler¾mdr¾TOutputToTerminalDisabledTCapturePointbothvTraftcMatchF<odInbtxindarjOutboundv我们将收据包保存在内存中.双向进出的包全制抓取.CaptureToolConfigurationFilesPoliciesWarningdiagnostictoolsmaycauseSgeeperformancedegradationStatusEnabledvOutputToFilefamdriveIWOutputToTerminalDisabledJ；CapturePointbothvToflicMatchModeInboundandOutboundVISet然后才能将Suitus设计为Enabled,1.12.2 定义网络划过ClaSSCS菜单.定义抓取数抠包的源和目标】P地址.进入菜单进入Classes>Modify>NetworksModifyNetworkTableDeviceBridgeRouterAppDifectorHealthMonrtonngSecurrtyBWMClassesPerformanceSwesHelpNameAddre»MaskFSOmIPlToIPMode皿OOOO00000000255255255255IPRange口DeleteCreate网络可以通过两种方式设置.子网+掩玛和地址徒阳定义.假如地址是离散的，可以陨置相同的Name.SubIndex不同来定义多条NCtWOrk.引用时只须要运用Name,就可以同时运用多个Network,网络创建完不会马上生效,须要UPdate才能生效.ModePMaskVFromIP0000CancelModifyNetworkTableCreateName:tst-tSubIndex0AddressV2I5O2611Mask255255255255ToIP0000进入菜单进入Classes>UpdatePoliciesFileOceBfidgeRoutrAppQrectorHealthMomtonngSecurty6VMCietPerformanceSerwcesINameAddrenMaskIFromIPoIPModeMX0000000000002552S5255255IPRange17215026112552552552S500000000IPMaskgg23iKSEBModifyNetworkTableModifyVwAct*UpdatePoliciesActivate1.atestChangesActivate1.atestChanges点iiSCt生效.否则不能在Policy引用.1.12.3 定义POliCyPoliCy的参数和14Policy类似JW络的要点都可以用来定义策略,实际须要考出的是如何抓到相确的数据包分析问题.进入菜单进入SerVkCS->Diagnostics>PoliciesFileDeviceBndggRoultrAppDrectOfHeaRhMonitoringSecurity8WMStatisticsMonitorTuningDaylightSawig”VlANTagGroup*MACAddressGroupsAuditingopORGroup*FilwCap<wParametersDiagnosticsTelnetSSHManagementInterfacesCaptureIService卜Trace-1.ogFilesPoliciesrDiagnosticsPoliciesCreateNi>PortGroup.V1.ANTgGroup.MACAddmsGroupsBMieFi，ANDCoup.ORCoup,File.CaaePmMMSerwceTypeDwtmationMACGroupMaXEalrAmX，4PacketsKcnevEOSeZCeSourceMACGroupMaximalPcket1.engthTracAogSUlus三可OCaptureStatus血3d三Erubtodvj这里我们定义抓取全部来门IZ-IKI的数据包.抓完包后，务必将CaptureSUlulS设置为Dgabk,否则设备会始终抓取.1.12.4保存抓包进入菜鲍进入Services>Diagnostics>FilesDiagnosticToolsFilesManagementCpiurPmnhMhsPOlIdMFilesOnRAMDrive:FileNameFSS<ze(yte9)AcbonC3p(ure,8p<>rect(-210÷2009,131909.1cap5014IdoM11k>BdtFiIesOfihUinnash:FiloNameFileSae(Bytes)Actionidrdownload卜我文件下皱免投打Jl或保存此文件四7船型从名类CftPtmPPdlrQctor_2105200931909.CwPYirashorkfile172.150269打开、打升(三)东自InternetI危等爆的计机该文件.运用免费的Wircshart;软件可以干Ift查看分析数据包.Q说明：抓包会影响设备性能,在实做曲,尽量设置好过港规则，抓取须要的数据包.抓完后，请刚好停止功能和删除Policy,否则会始终抓下去.1.13 软件升级在某些状况下，软件存在一些小的问题，须要通过升级软件来解法.在升级前，清先取得设位的MAC地址。因为大版本的软件升级过程须要密码,定码是弼过MAC生成的，请将缗码发给RadwarcI：程师,他们将负责生成密码和发送相应软件.对于ADlO(Jo(AS2)以上的平台在开缎前,请先确认卜imemain稣h存在系统.NumNameversionMediaActive正常状况下，AS2以上型号的设iCFEMimcmaIIlwsh各有一套系统，正常状况下,运用CF卡的软件，当升级时.须要临时运用internalflash来为新的软件写BgtR<>m.当软件升级完重启时.你会发觉从InternalFlaSh引导.当internalflash系统没育软件时.会回到原来的系统.所以，你很要以下几步来完成升汲.m3<H8.14。12-01JUn2005-1951548，14OnBoardFlashw三d-8.l.21-23Fb2ConpactFlash009281.07CcxnpactFlash2appdrector-1.071ID1.r9F8b200920将CF卡上的系统copy一份到intcmaJfla6.红色数字衣示软件的编号ADlsysfilescopy-to-flash1MMANDsystemfilescopy-to-flashversionindexDESCRIPTIONCopyselectedversiontoInternalflash进入菜单FileSoftwareUpdate).DeviceBridgeRouterAppDirectorHealthMonitoring输入取得的PaSSWOnI,SOnWareVerSiOn输入软件的大版木号：比如1.07oI1.File中选挣相应的版本.软件为Iar压缩包的形Jh系统会自动解乐缩.：«认为EnabICNwVCrsion印物件开被后马上重启生效;假如不选中则只是将软件copy到CF卡上,并不激活，UpdateDeviceSoftwareSetUi说明：在吩咐行下面,也可以通过"syslicensed"device-inW吩咐得到相关信总，G好将这两行吩时的输出同时记录下来发给Radware工程怵，这样.Radware工程师就知道运用的平台类型,便利发送相关的软件版本.CF后上,般会保存2套系统，升级时，会自动将未运用的老系统删除.1.14 吩咐行维护吩咐1.14.1查看接口地址SppdirectorlnetIpInterfaceTabloIPAddressNetworkMaskIfNumberVlanTag1.1.1.110.130.31.5125525S255.080255.255。255.2241701.14.2查看路由表SppdlrectoxInetroutetableRoutingTableDestinationAddressNetworkMaskNextHopInterfaceTypeIndex0.0。0.01.1。U010。130.31.320.0.0.010.130.31.621?remote255.253.23S0D。0008local255.255.255。2240.0.0,017local1.14.3查看CPUAppDirectorsyso三cpuI>eviceResourceUtilizationRSResourceUtilization:QREResourceUtilization：01.ast5三ec.AverageUtilization01.ast60sac.AverageUtilization：0MasterUtilization:0假如行一项假超过90,就须亶出起留意1.14.1 查看设备温度（仅限ODS）这条吩咐可以显示当前设备CPU的温度.正君值在70掇氏度以Kgi过73摄氏度.系统会自动关机，请检套通风状态.AppDlrectorIayshardwaretenp«rature-3howSensornurti>er：0-Statnormal.Te方PeratUre：53en三ornumber:1-Status:normal.Teirperature:521.14.2 查看服务器的连接用户数红色郃分发当前连接的用户数.app<lirector«appdlrctorfarmservertableServerTableFarENameServerNaJJeServerdescriptionSrvrAcMresaSrvrPortAdminStAttchUserTyRClntNatBckupPrBQkUPStvrAdrsConnectRedirectToBndwdth1.mOptModePeak1.oad1.rr.OPtrStatFrameladCNC1.1.1.10Enable0RegularCNC-10。D。000Regular0Disable0Active0EnableCNCM30.980EnableODstrlbutCT0.0.0.00Regular0Disable0Active0EnableFartn_Test192.168.1.100Enable0RegUIarServer!RegularODlaableNotInSrvOEnable1.14.3 查看ApPDireCtor的会话表appdirector"appdlrectotclienttableRSC1.IENTSTableTotalnujherofclients:2ClientAddressStCPD3tPFarnAddressServerAddressAttachDateNATAddresaNATPSrvP1.4PolicyAddrClientTypeAttachTime10.130.31.226568fi716110.130.31.3310.130.31.3402-03-20060.D.0.001610.00.0Dynanic12:01:0210.130.31.2260010.130-31.3310.130.31.3402-0-20060.0.0.0000.0.0.0Dynaaic11:44：13留意视察客户去的大小.不要超过太大位.i股状况下,几千条是正常的.这个表的大小及FamI中设置的老化时间有很大关系，老化时间越短，我也就越小.1.14.4 查看AppDirector的动态Cookie表appdirectorappdirector17server-persistencydyn-sea三ion-id-tableSessionIDPersistencyTableTotalEntrlea:16000FreeEntriesi16000SeeClock:841341.14.5 查看APPDireCtOr双机冗余状态下而为主机的状态,全部为MasterAD-MasterredvvvirtualRouterTableIfIndexVRIDVRMACStateAdnrdnStatusF-1.100005e000101masterdownF-9200005c000102masterdown下而为备机的状态,全部为BilCkuPAD-BackupIredvvvirtualRouterTableIfIndexVRIDVRMACStateAdrr；inStatusF-I100005c000101backupdownF