Options
Carrier LLB aFlex
Posted by a10jliu
We are using AX 3200 for certain ISP as LLB solutions.
For LLB we need NAT sticky functionality similar to LSN to make sure certain NAT used during client-> server connections.
So we achieve this by define single IP nat pools and naming them accordingly.
Code:
when CLIENT_ACCEPTED {
#Drop some packet going to a certain black list (this is in China, you understand)
#
set remote_addr [IP::local_addr]
set checkIP [ POLICY::bwlist id $remote_addr blacklist ]
if { $checkIP equals "20" } {
drop
}
# A group of 3 links, used for certain Dest IPs
#cuc 1: MT 2: MT-2 3:LX
set cuc1 [LB::status node 122.193.15.189 ]
set cuc2 [LB::status node 122.193.15.37 ]
set cuc3 [LB::status node 10.61.2.17 ]
#
#A second group of 2 links, used for a different certain Dest IPs
#ctc 1: AM 2: WB
#
set ctc1 [LB::status node 192.168.0.1 ]
set ctc2 [LB::status node 60.55.192.2 ]
# A backup link
#ex
set ex [LB::status node 172.16.1.1 ]
# Select NAT by a simple Hash based on Dest-IP
#
scan $remote_addr "%d.%d.%d.%d" a b c d
set hash [ expr { 1+$d%15 } ]
# We have a IP list to classify different ISPs and
# select link based on IP belongs
#
#Also link redundancy is achieved here
#
switch [ POLICY::bwlist id $remote_addr chinaall ] {
"2" -
"4" { if { $cuc1 == "up" and $d%3 == 0 } {
snatpool cuc1-$hash
pool cuc1
} elseif { $cuc2 == "up" and $d%3 == 1 } {
snatpool cuc2-$hash
pool cuc2
} elseif { $cuc3 == "up" } {
snatpool cuc3-$hash
pool cuc3
} elseif { $cuc2 == "up" } {
snatpool cuc2-$hash
pool cuc2
} else {
pool return-5000e
}
}
"1" { if { $ctc1 == "up" and $d <= 42 } {
snatpool ctc1-$hash
pool ctc1
} elseif { $ctc2 == "up" } {
snatpool ctc2-$hash
pool ctc2
} elseif { $cuc2 == "up" } {
snatpool cuc2-$hash
pool cuc2
} else {
pool return-5000e
}
}
default { if { $ex == "up" } {
snatpool ex-$hash
pool ex2200
} else {
pool return-5000e
}
}
}
}
Some configurations related
...
ip nat pool cuc3-1 125.39.171.131 125.39.171.131 netmask /24
.....
ip nat pool cuc3-15 125.39.171.145 125.39.171.145 netmask /24
ip nat pool ctc1-1 115.174.129.1 115.174.129.1 netmask /24
...
ip nat pool ctc1-15 115.174.129.15 115.174.129.15 netmask /24
We are using AX 3200 for certain ISP as LLB solutions.
For LLB we need NAT sticky functionality similar to LSN to make sure certain NAT used during client-> server connections.
So we achieve this by define single IP nat pools and naming them accordingly.
Code:
when CLIENT_ACCEPTED {
#Drop some packet going to a certain black list (this is in China, you understand)
#
set remote_addr [IP::local_addr]
set checkIP [ POLICY::bwlist id $remote_addr blacklist ]
if { $checkIP equals "20" } {
drop
}
# A group of 3 links, used for certain Dest IPs
#cuc 1: MT 2: MT-2 3:LX
set cuc1 [LB::status node 122.193.15.189 ]
set cuc2 [LB::status node 122.193.15.37 ]
set cuc3 [LB::status node 10.61.2.17 ]
#
#A second group of 2 links, used for a different certain Dest IPs
#ctc 1: AM 2: WB
#
set ctc1 [LB::status node 192.168.0.1 ]
set ctc2 [LB::status node 60.55.192.2 ]
# A backup link
#ex
set ex [LB::status node 172.16.1.1 ]
# Select NAT by a simple Hash based on Dest-IP
#
scan $remote_addr "%d.%d.%d.%d" a b c d
set hash [ expr { 1+$d%15 } ]
# We have a IP list to classify different ISPs and
# select link based on IP belongs
#
#Also link redundancy is achieved here
#
switch [ POLICY::bwlist id $remote_addr chinaall ] {
"2" -
"4" { if { $cuc1 == "up" and $d%3 == 0 } {
snatpool cuc1-$hash
pool cuc1
} elseif { $cuc2 == "up" and $d%3 == 1 } {
snatpool cuc2-$hash
pool cuc2
} elseif { $cuc3 == "up" } {
snatpool cuc3-$hash
pool cuc3
} elseif { $cuc2 == "up" } {
snatpool cuc2-$hash
pool cuc2
} else {
pool return-5000e
}
}
"1" { if { $ctc1 == "up" and $d <= 42 } {
snatpool ctc1-$hash
pool ctc1
} elseif { $ctc2 == "up" } {
snatpool ctc2-$hash
pool ctc2
} elseif { $cuc2 == "up" } {
snatpool cuc2-$hash
pool cuc2
} else {
pool return-5000e
}
}
default { if { $ex == "up" } {
snatpool ex-$hash
pool ex2200
} else {
pool return-5000e
}
}
}
}
Some configurations related
...
ip nat pool cuc3-1 125.39.171.131 125.39.171.131 netmask /24
.....
ip nat pool cuc3-15 125.39.171.145 125.39.171.145 netmask /24
ip nat pool ctc1-1 115.174.129.1 115.174.129.1 netmask /24
...
ip nat pool ctc1-15 115.174.129.15 115.174.129.15 netmask /24
0
Comments
can you provide any test case ? POC scenario for LLB solution that you implemented above ?
Thanks