ProHoster > Блог > Whakahaerenga > Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

He aha te mahi ki te kore e ranea te mana o te tūmau kotahi ki te tukatuka i ngā tono katoa, ā, karekau te kaihanga rorohiko e whakarato i te taurite kawenga? He maha nga whiringa, mai i te hoko taurite kawenga ki te whakaiti i te maha o nga tono. Ko tehea te mea tika me whakatau e te ahuatanga, me te whakaaro ki nga ahuatanga o naianei. I roto i tenei tuhinga ka korerotia e matou ki a koe nga mea ka taea e koe ki te mea he iti to tahua moni me te whai waahi kore utu.

Hei punaha e tika ana ki te whakaiti i te uta ki runga i tetahi o nga kaitoro, i whiriwhiria e matou te DLP (te punaha aukati korero) mai i InfoWatch. Ko tetahi ahuatanga o te whakatinanatanga ko te tuunga o te mahi taurite ki runga i tetahi o nga kaitoro "whawhai".

Ko tetahi o nga raru i pa ki a matou ko te kore e kaha ki te whakamahi i te Puna NAT (SNAT). He aha i hiahiatia ai tenei me te pehea i whakatauhia ai te raru, ka korero atu maatau.

Na, i te tuatahi ka penei te ahua o te hoahoa arorau o te punaha o naianei:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Ko te hokohoko ICAP, SMTP, nga huihuinga mai i nga rorohiko kaiwhakamahi i tukatukahia i runga i te tūmau Traffic Monitor (TM). I te wa ano, ka ngawari te mahi a te kaimau raraunga ki te utaina i muri i te tukatuka i nga kaupapa i runga i te TM, engari he taumaha te kawenga i runga i te TM ake. I kitea tenei mai i te ahua o te rarangi karere i runga i te tūmau Aroturuki Pūrere (DM), me te PTM me te uta mahara i runga i te TM.

I te titiro tuatahi, mena ka taapirihia e matou tetahi atu tūmau TM ki tenei kaupapa, ka taea te huri i te ICAP, i te DM ranei ki a ia, engari i whakatau matou kia kaua e whakamahi i tenei tikanga, na te mea kua whakahekehia te pai o te he.

Whakaahuatanga o te otinga

I te wa e rapu ana matou i tetahi otinga pai, ka whakatauhia e matou he raupaparorohiko toha noa ora tonu tahi me LVS. Na te mea ka whakatauhia e keepalived te raru o te hanga i tetahi tautau failover ka taea hoki te whakahaere i te taurite LVS.

Ko nga mea i hiahia matou ki te whakatutuki (whakaitihia te uta ki runga i te TM me te pupuri i te taumata o naianei o te kaaahara o naianei) me mahi i runga i te kaupapa e whai ake nei:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

I te tirotiro i nga mahi, ka puta ko te huihuinga RedHat ritenga kua whakauruhia ki runga i nga kaitoro kaore e tautoko i te SNAT. I roto i ta maatau take, i whakaaro matou ki te whakamahi i te SNAT ki te whakarite kia tukuna mai nga paakete me nga whakautu ki a raatau mai i te wahitau IP kotahi, mena ka riro mai i a maatau te pikitia e whai ake nei:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Kaore tenei e whakaaetia. Hei tauira, ko te kaituku takawaenga, kua tukuna e ia nga paakete ki tetahi wahitau IP Mariko (VIP), ka tatari he whakautu mai i te VIP, engari i tenei keehi ka puta mai i te IP2 mo nga waahi ka tukuna ki te taapiri. I kitea he otinga: he mea tika ki te hanga i tetahi atu ripanga ararere i runga i te taapiri me te hono i nga tūmau TM e rua ki te whatunga motuhake, penei i raro nei:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Tautuhinga

Ka whakatinanahia e matou he kaupapa o nga kaitoro e rua me nga ratonga ICAP, SMTP, TCP 9100 me te taurite kawenga kua whakauruhia ki runga i tetahi o ratou.

E rua a matou kaitoro RHEL6, i tangohia mai ai nga putunga paerewa me etahi kete.

Nga ratonga e tika ana kia taurite:

• ICAP – tcp 1344;

• SMTP – tcp 25.

Ratonga tuku waka mai i DM – tcp 9100.

Tuatahi, me whakamahere tatou i te whatunga.

Wāhitau IP Mariko (VIP):

• IP: 10.20.20.105.

Tūmau TM6_1:

• IP waho: 10.20.20.101;

• IP o roto: 192.168.1.101.

Tūmau TM6_2:

• IP waho: 10.20.20.102;

• IP o roto: 192.168.1.102.

Na ka taea e matou te tuku whakamua IP i runga i nga tūmau TM e rua. Me pehea te mahi i tenei ka korerohia i runga i te RedHat konei.

Ka whakatauhia e matou ko wai o nga kaitoi ka riro i a maatau te mea matua, ko tehea te mea hei taapiri. Ko te rangatira ko TM6_1, ko te tārua hei TM6_2.

I runga i te taapiri ka waihangahia he ripanga ararere taurite hou me nga ture ararere:

[root@tm6_2 ~]echo 101 balancer >> /etc/iproute2/rt_tables
[root@tm6_2 ~]ip rule add from 192.168.1.102 table balancer
[root@tm6_2 ~]ip route add default via 192.168.1.101 table balancer

Ka mahi nga whakahau o runga kia whakaara ano te punaha. Hei whakarite kia tiakina nga huarahi i muri i te whakaara ano, ka taea e koe te whakauru ki roto /etc/rc.d/rc.local, engari he pai ake ma te konae tautuhinga /etc/sysconfig/network-scripts/route-eth1 (Tuhipoka: he rereke te wetereo kei konei).

Tāuta keepalived i runga i ngā tūmau TM e rua. I whakamahia e matou te rpmfind.net hei puna tohatoha:

[root@tm6_1 ~]#yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/keepalived-1.2.13-5.el6_6.x86_64.rpm

I roto i nga tautuhinga pupuri, ka tohua e matou tetahi o nga kaitoro hei rangatira, ko tetahi hei taapiri. Na ka whakaturia e matou te VIP me nga ratonga mo te whakataurite kawenga. Kei konei te kōnae tautuhinga: /etc/keepalived/keepalived.conf.

Tautuhinga mo te TM1 Server

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state MASTER 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 151 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

virtual_server 10.20.20.105 1344 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 1344 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 1344
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 25 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 25 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 25
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

virtual_server 10.20.20.105 9100 {
    delay_loop 6
    lb_algo wrr 
    lb_kind NAT
    protocol TCP

    real_server 192.168.1.101 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }

    real_server 192.168.1.102 9100 {
        weight 1
        TCP_CHECK { 
                connect_timeout 3 
            connect_port 9100
        nb_get_retry 3
        delay_before_retry 3
        }
    }
}

Tautuhinga mo te TM2 Server

vrrp_sync_group VG1 { 
   group { 
      VI_1 
   } 
} 
vrrp_instance VI_1 { 
        state BACKUP 
        interface eth0 

        lvs_sync_daemon_inteface eth0 
        virtual_router_id 51 
        priority 100 
        advert_int 1 
        authentication { 
                auth_type PASS 
                auth_pass example 
        } 

        virtual_ipaddress { 
                10.20.20.105 
        } 
}

Ka whakauruhia e matou te LVS ki runga i te rangatira, ka taurite nga waka. Kaore he tikanga ki te whakauru i te taurite mo te tuarua o nga tūmau, na te mea e rua noa nga kaitoro kei roto i te whirihoranga.

[root@tm6_1 ~]##yum install https://rpmfind.net/linux/centos/6.10/os/x86_64/Packages/ipvsadm-1.26-4.el6.x86_64.rpm

Ma te keepalived e whakahaere te taurite, kua oti i a matou te whirihora.

Hei whakaoti i te pikitia, me taapiri te keepalived ki te tiimata aunoa i runga i nga tūmau e rua:

[root@tm6_1 ~]#chkconfig keepalived on

mutunga

Te tirotiro i nga hua

Kia rere tatou keepalived i runga i nga tūmau e rua:

service keepalived start

Te tirotiro i te waatea o tetahi wahitau mariko VRRP

Me whakarite kei te rangatira te VIP:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

A kaore he VIP i runga i te taapiri:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Ma te whakamahi i te whakahau ping, ka tirohia e maatau te waatea o te VIP:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Inaianei ka taea e koe te kati i te rangatira ka whakahaere ano i te whakahau ping.

Me noho tonu te hua, a i runga i te taapiri ka kite tatou i te VIP:

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

Te arowhai i te pauna ratonga

Me tango a SMTP hei tauira. Kia whakarewahia nga hononga e rua ki te 10.20.20.105 i te wa kotahi:

telnet 10.20.20.105 25

I runga i te rangatira me kite tatou kei te kaha nga hononga e rua me te hono ki nga kaitoro rereke:

[root@tm6_1 ~]#watch ipvsadm –Ln

Te whakarite i te taurite kawenga i runga i te InfoWatch Traffic Monitor

No reira, kua whakatinanahia e matou he whirihoranga whakaraerae o nga ratonga TM ma te whakauru i te taurite ki runga i tetahi o nga tūmau TM. Mo ta maatau punaha, na tenei i whakaiti te kawenga i runga i te TM i te haurua, i taea ai te whakaoti i te raru o te kore o te whakatauira whakapae ma te whakamahi i te punaha.

I te nuinga o nga wa, ka tere te whakatinana i tenei otinga me te kore utu taapiri, engari i etahi wa he maha nga here me nga uauatanga i roto i te whirihoranga, hei tauira, i te wa e whakataurite ana i nga waka UDP.

Source: will.com

Tāpiri i te kōrero