Khóa luận tốt nghiệp: Tìm hiểu hệ thống máy chủ cân bằng tải

BQ GLAD DVC VA DAO T$0

TRUONGDS1 HQC MANG LONG

KHOA LUAN TOT NGHIEP

DE TAI: TIM HIEU HE THONG MAY CHU CAN BANG TAI

(cid:9)

(cid:9)

(cid:9)

(cid:9)

Ts.Pham Thanh Giang DO Van Thinh A13439 CONG NGHt THONG TIN

Ciao vien hirfrng gin Sinh vien thyc hien Ma sinh vien Chuyen ngInh

HA NQI — 2013

2

MAY CHU CAN BANG TAI

CHUONG 1: GICII THIEU (cid:9)

1.1. Su can t thiet cita can bang tai (cid:9) 1.1.1. Mei trubng may chit (cid:9) 1.1.2. Mei truong mung (cid:9)

1.2. Can bang tai: dinh nshia vi img dung (cid:9) 13. Cac san pharn can bang tai (cid:9)

TM (cid:9) CHUONG 2: MAY CHU CAN BANG TM

2.1. Tong quan (cid:9) 2.2. Luan chuyen yang DNS , (cid:9) 2.3. Cum may chit yeti be can bang tii (cid:9) 2.4. Lueng WA tin ca ban trong can bang tii (cid:9) 2.5. Kiem tra tinh tang sire khoe (cid:9)

2.5.1. Clic quit trinh Idem tra ca ban (cid:9) 2.5.2. Clic cuec kiem tra tren the img dung cu the (cid:9) 2.5.3. Su php thueac via img dung (cid:9) 2.5.4. Kjch Bin (cid:9) 2.5.5. Kat Luon (cid:9)

2.6. Djch dja chi mpg (NAT) (cid:9)

2.6.1. NAT dfch (cid:9) 2.6.2. NAT ngwin (cid:9) 2.6.3. NAT nguqc (cid:9) 2.6.4. NAT nang cao (Enhanced NAT) (cid:9) 2.6.5. Djch dja chi ding (PAT) (cid:9)

2.7. Tritiai tir may chit trvt tiep (Direct Server Return - DSR) (cid:9)

CHUONG 3: THUAT TOAN CAN BANG TM (cid:9)

6 6 7 7 8 9 11 11 11 15 19 22 22 23 23 24 24 25 25 25 28 28 29 30 32 32

3.1. Nei dung Ichai quit (cid:9) 3.2. Geri thieu met se thuot man can bang tai (cid:9)

3.2.1. Thuat town Round Robin (cid:9) 3.2.2. Thuat toin Weighted Round Robin (cid:9) 3.2.3. Thuat toan Least Connection (cid:9) 3.2.4. Thuet town Weighted Least Connection (cid:9) CHUONG 4: THIET ICE MANG yen Bo CAN BANG TM (cid:9)

4.1. BO can I bit, tai Whir la met be chuyen mach so yeti met be dinh tuyen (cid:9) 4.2. Cac thiet ke don gian (cid:9) 4.3. Thiet ke cho tinh sin sing cao (cid:9)

4.3.1. Active - Standby (cid:9) 4.3.2. Active - Active (cid:9) 4.3.3. Chuyen dei du phi:mg co tang thai (cid:9) 4.3.4. Da dja chi VIP (cid:9) 4.3.5. Quit trinh khei phuc b0 can bang tai (cid:9) 4.3.6. Toy chip thiet ke tinh sin sang cao (cid:9) 4.3.7. Su ciao tiep gill, ate b0 can brill tii (cid:9) CHUONG 5: CAU HINH CAI EMT VA THU. NGHIEM (cid:9)

33 33 33 34 34 35 35 38 39 40 42 45 46 47 47 56 58 58 58 59

5.1. Gi6i thieu (cid:9) 5.2. Tong quan HAProxy (cid:9) 5.3. Cid dirt gilt phip HAProxy cho may chit Web tren CentOS (cid:9)

3

5.3.1. Thiet ice h" tilting (cid:9) 5.3.2. Hoat dOng (cid:9) 5.4. CM dat eau hinh (cid:9)

5.4.1. CM dat du hinh HAProxy (cid:9) 5.4.2. Cal dat dich vn WebServer tren Server 1 va Server 2 (cid:9) 5.4.3. CM dat vit c.4u hinh KeepAlived tren Haproxy, Server 1, Server 2 (cid:9)

5.5. Kiem tra & Danh gia ket quit (cid:9)

59 60 60 60 61 62 65 70 71

TONG !CET (cid:9) DANH MVC TAI Lieu THAM MAO (cid:9)

4

Tir vih tat "lir Day dii

Giai ngltia

OSI MAC ISP HTTP FTP SMTP DNS NFS URL TCP UDP IP VIP ARP RTSP STP VRRP SSL NAT PAT DSR CPU VLAN RS

Open Systems Interconnection Media Access Control Internet Service Provider Hypertext Transfer Protocol File Transfer Protocol Simple Mail Transfer Protocol Domain Name System Network File System Uniform Resource Locator Transmission Control Protocol User Datagram Protocol Internet Protocol Virtual Internet Protocol Address Resolution Protocol Real Time Streaming Protocol Spanning Tree Protocol Virtual Router Redundancy Protocol Secure Sockets Layer Network Address Translation Port Address Translation Direct Server Return Central Processing Unit Virtual Local Area Network Real Server

MO hinh ket not cac he thong ma Kiem soat truy cop phuang tien Nha cung cap dich vp Internet Giao that truyen tai sieu van ban Giao thin truyen tai teP tin Giao thin truyen tai thu don gian He thOng phan giii ten mien He thOng tep tin mang Dinh vi thong nhat tai nguyen Giao thirc dieu khien truyen Van Giao thin gai tin ngtroi dimg Dia chi giao thin mang Dia chi giao thirc mang ao Giao thirc phan giai dia chi Giao that trvc tuyen then gian thvc Giao thin ma rOng cay Giao thin du phong dinh tuyen ao Giao thirc lap mot ma Dich dia chi mpg Dich dia chi ding Quay troy bye tiep may chit Don vi xir 19 trung tarn Mang cvc bt) ao May chit thvc

5

Chuang 1: GU% thieu (cid:9) DO Van Minh - A13439

CHUONG 1: GIOI THItU

Ngay nay can bang tai khong con la met khai niem meri trong khong gian mang va may chit. Moi loai san phim thuong thgc hien cac cons viec lchac nhau trong qua trinh can ban! tai. Vi du, cac 110 djnh tuyen do the phan phoi luu lucmg truy cap th8ng qua Mien tuyen duerng de den cling met dia chi dich vi can bang tai ten cac tai nguyen mang khac nhau. Trong khi di met may chi can bang tai phan phoi luu 'wing giera cac tai nguyen may chi chi khong phai la cac tai nguyen mang. Ban dAu be can bang tai bit du veri qua With can bing tai don gian, chimg nhanh chOng duqc phat trien de thgc hien met bat cac chic nang: can . bAng tai, Icy thu#t phan ph& luu Itrqngt chuyen mash lugng thong minh. Be can bang tai cling c6 the thuc hien cac cuOc kiem tra sic khoe met cach tinh vi ten cac may chii, cac ing dung, va ca nOi dung de cai thien firth sin sang va Ich# Wing quan IS,. Bei vi b0 can bang tai dugc trien khai nhu met may chit tiep nh#n you cau cult met nhim cac may chii, chting cling bao ve cac may chi ti ngueri ding dec hai, va tang cuang kha nang an ninh bao mat. Dtra‘ tren th8ng tin trong cac g6i tin IP hoac nei dung trong cac you cau ing dung, be can bang tai Qua ra cac quyet dinh thong minh de dinh huang cac luu Wang thich hqp den ding trung tam de lieu, may chi, tiring lira, b0 nher cache, hoac img dung.

De tai nay se tap trung nghien ciru tong quan ve may chi can bing tai, cach thic hot dOng cia be can bang tai trong Wan be he thong mang, tir d6 img dung tren dux to trien Mud be, can bang tai tren toan b0 he thOng met cach hieu qua va (tat dugc hieu suit tot nhat. De tai se dtra ra met m8 hinh cu the, ap dung thu#t toan di chqn Itra de dtra ra cach nhin re hon ve yin de thing to dang Wang teri.

1.1. Sr can fillet cia can bing tai

CO hai xu huortg clan den sy can thiet cia can bang di lit may chi va mang. Veri stir vtrgt trei dm Internet va Intranet, ket not mang giita may chi va may tinh ca nhan cia !than vien, khach hang hoac nha cung img di trer titbit 'diem vu quan trong. se khong the chap flan dirge khi mang bi sap hay the hien kha nang lam viec yeu kern, khi d6 no hau nhu se tri tre moi host &Ong kinh doanh trong nen kinh to dua nhieu vkInternet. MOt vi du nhu xay dtmg met website thuong mai Bien tir, c6 rat nhieu be phan can dugc xem xet nhu la: b0 djnh tuyen, be chuyen mach, Wang lia , be the dem, may chi web, may chit ca ser cla lieu. Hon Ilea viec gia tang nhanh cia ck may chi cho hang lost cac img dung di kW& cho trung tan.' dit lieu day ip cac cum may chi. Su r6i ram va thach thirc trong khit nang nier rOng, kha nang quart ly va khit tiling sin sang cia cia cac nhim may chi la met nhin to dimg ding sau den hei can ci met su thay doi thong minh. Met thir ma .n8 phai chic chin ve kha nang mer reng va firth sin sang cao cho mgi thanh phan, bat dau tir be dirt tuyen ket not voi Internet, cho to; tat ca cac con dutng teri may chi de lieu ben trong. Tir di thiet bi can bang tai St hien nhu la met vu khi mang me de xi ly nheng van de tren.

6

Chuang 1: Gi6i thieu (cid:9)

DS Van Thinh — A13439

1.1.1. Mai trwang may chu

Sp phat trien manh me cea may chti trong cac doanh nghiep ngiy nay va viec cung cap dich vu Internet (ISP) xuat phat tir hai do chink. Tar& het, co rat nhieu cac Img dung hay dich vu can den trong k9 nguyen dm Internet nhu Web, FTP, DNS, NFS, Email,

Thech thzec ve kha ?long ma rang: van de ve quy me ding suet may tinh khong con la mai. Tn.rerc day, met may chti duqc clanh de chay met img dung. Neu may chii de khong hoan thanh nhiem vu, thay vac) de met may chit mph han se dugc mu, meri. Stic manh cua cum may chi' tang len khi tong bo ph#n khic nhau trong town he thong tra len manh me han. Vi du, chung ta da thay toc do elm be xti 19 duce Ling gap deli cu sau mai 18 thang - met hien Wong ngly nay dirge biet tai nhu la luOt clia Moore, dOt theo ten dui Gordon Moore dm top doan Intel. Nhtmg nhu eau sir dung may tinh tang thorn chi con nhanh han. Gong nghe cum (clustering) do de da dugc phat mink

Tat database, ... Tha hai, rat nhieu img dung deli hai can co nhieu may chu cho moi ling dung bed vi met may chit khong the cung cap MI sirc mph hay !chit nang de dux wen cac you cdu ctia Ung dung do. Nei chuyen v6i bat dr met ngueri nao lam viec von hanh trong tam dii lieu, he) se cho ban biet can bao nhieu thin gian de xix 19 nhang van de ve kha nang quan 19, kha nang ma rOng va tinh skin sang dm nhieu loci img dung tren cac may chti. Vi du, neu met tiring dung email lchting the xi: 19 stir tang len ye nguiri dung, met may clui mail se duqc bo xung trien khai them. Ngutri vim ly cling phai nghi cach de phan tai gitta hai may cliff nay. Neu met may chi' gap van de, ngueri quin trj ngay luc de phai chay ung van de duqc sin chila. Khi no da dung ten met may chif khic trong khi may chit dugc sin xong, no phai dua ter lai de phuc vu. Tat ca nhftng nhiem vu do inh huerng tai tinh skin sang va hieu qua dm CEng dung d6 deli v6i ngtreri &mg.

1.1.2. Mai truirng mgng

Thiet bi chuyen mach truyen thong va be dint' tuyen host dOng tren dja chi IP hoac dia chi MAC de xac djnh diem den curt gel tin, tuy nhi 'en, chimg kh8ng the xi: 19 cac nhu cern dm cac cum may chti phtirc hop hien du. Vi du, cac be dinh tuyen hoac b0 chuyen mach khong the thong minh khi girl ltru luong truy cop den met may chit cu the hoOc be nher cache. Neu met may chil dang bj hang, thiet b1 chuyen mach truyen thong yin tiep tuc gfri Iuu Itrqng truy cop vim melt may chi' da chet, de hieu dugc chirc nang ctia HU& N chuyen mach vi thiet 111 (firth tuyen truyen thong thi dau tien chung ta phai kiem tra m8 hinh mang OSI.

7

Chuang 1: Gieri thi0 (cid:9)

DO Van Minh — A13439

Layer 7

Application Layer

Layer 6

Presentation Layer

IITIR F17. SNMP. Telnet. DNS

Layer S

Session Layer

Layer 4

Transport Layer

TCP. UDP

Lam 3

Network Layer

IP

Layer 2

Data Link Layer

Layer

Physical Layer

Hinh 1.1: so tla ma hinh

MO hinh OSI la mOt tieu chitin ma de xac djnh Mm the nao ma cac thiet bj hoc may tinh khac nhau co the giao tiep dugc yeti nhau. N6 bao gtim 7 tang, Ur tang vat 1S7 den tang (rug dung tuang Mfg vai cac tang la cac giao thfrc ph6 bien. BO chuyen mach va b0 djnh tuyen lam viec a lap 2 va 16.p 3, se xac dinh mOt gei tin phai duqc xir IS, nhu the nao va not ma gei tin phai &gm girl dua tren !hong tin trong phan header. Tuy nhien chang to se khong di qua sou vao m8 hinh trong de tai nay.

1.2. Can bing (cid:9)

dinh nglifit va frng dying

VOi su ra dai dm Internet, mang hien nay hien chiEm san khau trung tam. IChi ma Internet ket not the gith vOi mang b0 ne se ter thank xucmg song hour dOng cho cac doanh nghiep, lac nay co se hu tang cling nghe thong tin ce the duce coi nhu la hat loai thiet bj: may firth ce chat Ming nhu may khich/ hoc may clth, thiet bj chuyen mach/ b0 djnh tuyen kEt not cac may tinh. BO can bang tai la eau n6i gifts cac may cho vi mang. dirge the hien ton§ hinh. Mitt mitt, bel can bing tai hieu nhieu giao thirc lop cao hon, do de ne c6 the giao tiep vai cac may chil thong minh. Mat khac, bij can bang tai hieu cac giao thine mang, do d6 n6 co the tich hap yen cac mang khic mOt each hieu qua.

Hinh 1.2: cam may cho vari ba can bang tai

8

D6 Van Thinh - A13439 Chuong 1: Giai thieu (cid:9)

Can bang tai dirge img dung trong rat nhieu twang hap nhu

• Can bang tai may chit (Server load balancing) • Can bang tai may chit town cau (Global server load balancing) • Can bang tai tubing lira (Firewall load balacing) • Chuyen mach be nha cache (Transparent cache switching) • Can bang tai tren &rang truyen Internet (Load Balancing with multi wan and

failover) ... •

Can bang tai may chti xir ljr v&i viec phan chia tai theo cac may chit (multiple servers), quy m6 hea trong kha nang litm viec cita timg may chit va dam bao kha nang chit' dung khi met may chit nao de khong host clang.

Can bang may chti tat town cau xir l5r viec htrang ngu&i dung truy cap tai nhung diem khac nhau not dat trung tam du lieu, bao grim cac cum may chit c6 kha Ong cung 1mg cho ngtrai dung thai gian phan hei nhanh nhat c6 the va chili dung khi met trung da lieu mat kha nang lam viec.

Can bang tai twang hia phan phei tai qua cac twang lira (multiple firewalls), quy mo hoa trong kha nang cita tong tubing lira vi dam bio kha nang chili dung khi met tubng lira mat kha nang lam viec hoan town.

Chuyen mach 60 nha cache la Wang ltru lugng fly cop den cac cache de tang tee theri gian dip thig cho khich hang hoac cai thien hieu sat cim cac may chit Web bang viec tai cac net dung tinh dua den cac cache.

Can bang tat tren (twang truAn Internet la giii phip &up tang bang th8ng co sin do ca kha nang sir dung deng thtri nhieu lien kat. NO cung cap can bang tai cho cac nha cung cap dich vu khic nhau va cho cac ket not wan bang viec tOng slicip va tao dieu kien gitip tang kha nang 161 cho mpg dien renf thong qua chuyen doi du phOng. Do d6. cac ket not Internet duqc bao dim an Wan, ket not On dinh vol ben ngoii va dam bio chat 'mpg dang tin city trong truyen din.

1.3. Cic san phfim can bAng tai

Cac san phim can bang tai co sin duch nhieu hinh thirc khac nhau. Chung co the duck phan chia thanh ba loai: sin pham phan mem, thiet bj, vi thiet bi chuyen mach. Phan mieu to ciia 3 loai theo sau dual day: • Phan main can bang tdi la phan mem chat' tren ck may chit to can bang tai, Slang phan mem nay thuc hien cac thuat toin di dieu phial quit trinh phfin phoi tai.

9

Chuang 1: Gith thieu (cid:9) DO Van Thinh - A13439

• That 14 can bAng tai IA dm phAm hOp den bao gem phAn ming NM phan mem an duet de thvc hien nhiem vu. HOP c6 the don gian nhu met may tinh hoac met may chi, dugc dang gal yeti met s6 hg dieu hint' va phan mem dac bigt hoac met hOp dee quyen vOi phan cling vA phan mem tay chink.

• Thiit bf chuyin much ma rOng cac chile nang cim mot lap truyen thong (16p 2/3) chuyen dei thAnh cac 16p cao hon bang cach sir dung met so phan cling va phan mem.

10

Chuang 2: May chic can bang tai (cid:9)

DO Van Thjnh - A13439

CHIANG 2: MAY CHU CAN BANG TAI

2.1. Ding quan

Ngay nay may chit can bang tai khong con la mOt khai niern mai trong the gieri may chit. Ck Gong nghe dun may chit da duqc phat minh d'e c6 the thus hien cac uhiem vu tinh toan, nhung lei chi c6duqc thitnh ding trong mOt s8 it cac th8ng dOc quyen. Tuy nhien can bang tai da xuat hien nhu mOt giii phitp mph me clanh cho cac img dung chinh cung nhtr giai quyet cac van de cho timg khu Arc , ne bao gom lcha ndng mer rOng cac nham may chit, tinh san sang, !chit Wins bao mat va khi ndng %Wit ly, not each khk can bang tai la mOt phucmg pluip phan phoi khOi luqng tai tren nhieu may tinh hoac mOt cum may tinh de c6 the sir dung t6i uu cac ngurin lye, tOi da hOa thong lucmg, giam theri gian dap ting va tranh firth trong qua tai tren may chit.

Cac lqi ich khi sir dung phucmg phip can bang tai: Tang khd ndng ddp itng nto rPng cai thin clang ke kha ndng ma rOng vita mOt ting dung hoac nhem cac may chit bang each phan ph6i tai th8ng qua cac may chit dam bio firth firth host va ma rung cho he th8ng.

Tang 60 tin cPy link sin sing gitip tang grill sin sang cao (High Availability) cho he thing, bed vi n6 co the dinh huemg cac Itru luqng truy cop den cac may chit thay the neu mOt may chit hoc Ung dung kh8ng the dap img dirge d6ng thin dim bao cho ngtrai dung khong bj gian down dich vu khi xay ra l6i str c6 loi tat mOt diem cung cap djch vu.

Cdi thin khd ndng quits iy theo nhieu each thirc thong qua viec cho phop nhimg ngtrai quan trj mang va may chit chuyen cac img dung tir mot may chit nay den mOt may chit khac hoac c6 the them nhieu may chit de chay the ang dung nhanh nhat

Tang link bdo mPt cho he lung, thong thuang khi ngueri dung giri you au djch vu den hg thong, zyeu au do se duce xir tren boa can bang sau de phin can bang tai mai chuyen tiep cac you eau cho cac may chit ben trong. Qua trinh tra lai cho khach hang ding thong qua thinh phin can bang tai, vi voy ma ngtrai dung khong the Wit duqc chinh xac cac may chit ben trong ding nhtr phuang ?hap phan tai dugc sit dung. Bang each nay c6 the nglin chan ngu&i dimg giao tiep (rut tiep veri cac may chit, an cac thong tin va cau trite mpg nOi b0, ngan ngua cac cuOc tan cling tren mang hoc cac djch vu khong lien quan dang hoot &Ong tren cac ding khk.

2.2. Luan chuyen Wong DNS

11

Chuang 2: May chit can bang tai (cid:9)

DO Van Thjnh - A13439

De can bang tit may chit, he th8ng an phai phan. phiii ck yeu a (cid:9) u den nhieu may chit it khac nhau ben trong ctun may cho, vii mix dich toi uu h6a hieu suit he thong. Dieu nay se mang den cho mang hieu suit cao han, khi nang ma reng, tranh rat vao tinh trong tong thieu tit nguyen mang trong met doanh nghiep hay met img dung nao do.

Tinh sin sang cao co the dtrqc hieu 11 firth trong du thira. Neu met may chit Ichong the plan 19 met you cau thi .cic may chit khac ton* cum may chti do co quart 19 di:cc ne khong? Trong met th6ng c6 !chi nitng‘ cung cap cao, net met may chit bi thi may chd khac se tiep quin ngay dezir 19 yeu cau.

Kha nang ma reng dm met *rig dung ce the 118 trq duqc so lucmg ngueri ngly met tang. Neu no can 10ms de met img dung co the dip Uzi cho met yeu cau thi khoang th6i gian se la bao lau de n6 dap tra den 10.000 yeu cau cling met Mc? Kha nang ma reng v8 hurt se cho phdp no dap tra ck you cau nay chi trong khoing 10ms. Kha nang ma reng la don vi do cho met lost cac he' so nhu so Itrqng ngubi dimg dung thtri ma met cum may chtl c6 the h43 trq va thbi gian no can de xir 19 met you au.

Frau het chung to co le deu da biet rang, DNS ban di\ h6a ten host thanh ck ilia chi IP.

Ngubi dung nhip wwwkoircom vio hitp tha chi cite trinh &wet web

Web Bravest

Database

Cho UN met Oa chi IP cOa www.kok.com

DNS Sena

Database

web Dro'neer

Dia chi P cua www.koiccom 222 255.31 160

DNS Saver

GET 222 255 31.160

Web Stores

web &o'er

Hinh 2.1 qua trinh chuyin deli host thanh Ma chi

12

Chuang 2: May chi' can bang tai (cid:9)

Da Van Thjnh — A13439

Khi nhap mot URL vao trong trinh duy (vi du ram www.kok.com ) thi trinh duyet se giri mot yeu cau den DNS yeu cau no tra ve dja chi IP dm site. Day dugc goi 11 viec tra ciru DNS. Sau khi trinh duyet Web co dugc dja chi IP cho site thi ne se lien he yeti site bang dja chi IP, vi hien thi trang vim yeu cau. May cha DNS thubng co mot dja chi IP dugc ban do boa yeti mot ten site nlo d6. Trong vi du thi site la www.kok.com ban do hos thanh dja chi IP la 222.255.31.160.

De can bin tai bang DNS, may chii DNS phai duy trinh mot s6 dja chi IP khac nhau cho cling mot ten site. INThieu dja chi IP the hien nhieu may trong mot emu may chia, tat ca trong so chung deu dugc ban do hem den mot ten site logic. Trong vi du, www.kok.com c6 the dugc cau hinh tren ba may cha trong mot cum may cha yen cac dja chi IP dual day: 222.255.31.160 222.255.31.161 222.255.31.162 Trong trutmg hop nay, may chi) DNS dugc ban do hea nhu sau: www.kok.com 222.255.31.160 www.kok.com 222.255.31.161 www.kok.com 222.255.31.162

auster

222.255.31.160

www.kok.com

222.255.31.161

Luan chuyon Ana DNS (cid:9)

222.255.31.162

Hinh 2.2: Luein chuyin yang DNS

Khi yeu au diu tien den dugc may chi' DNS, no se tra V& dja chi IP 222.255.31.160, may dau tien. Khi c6 yeu cau thir hai, n6 se tra ve dja chi IP this hai: 222.255.31.161. Tiip tic nhu vay, veri yeu eau thli tu, dja chi IP diu tien lai dugc lap lai.

13

Chuang 2: May chit can bang tai (cid:9) 06 Van Thjnh — A13439

Bang each sir dung luan chuyen wing DNS nhu a tren, tat ca cac you cau dot yeti mot site nao do deu &me phan phot i deu den tat ca cac may trong cum may chit (cluster server). Chinh vi vay, vai phuong phap can bang tai nay, tat ca the may chit trong cum may chit deu duqc sir clung.

diim chink ctia phuong plulp

- Khong dit vi a ding thiet lip: Cac quan tri vien hg thiing chi can tao mot se thay dot trong may chit DNS de hi!, trq duqc viec luan chuyen yang, va nhieu may chit DNS da co te, stir ho trq nay. N6 thong you cau den stir thay del ma cita (mg dung Web; trong that cac (mg dung Web khong he biet ye co the can bang tai ma no hi that hien.

- Don gian: Phuong phap nay khong yeu cau den the chuyen gia ye mpg trong vik thiet lap hoac gia r6i he thong trong twang hqp co van de nao de xay ra.

Nhuvc dam min phweng phdp

Co hat nhuqc diem chinh cart phuong phap dtra tren phin mem nay la no thong cung cap sr ht!) trq m8i quan hg thai gian that gifta the may chit veri nhau va khong ht) trq Icha nang co sin cao.

- Khong ht3 trq m6i quan hc. thai gian that gitka cac may chit. MOi quan hg thin gian that gift cac may chit la kith nang cita he thong trong viec quart 1Sr cac yeu cau cita nguiri dung, may chit nay hok bat kt may chit nao, phu thuOc vio th6ng tin phial .' duqc duy tri tren may chit hoac tai mire co sit, mac co sit dft

- Khong co duqc kha nang ht!) trq mei quan he gift cac may chit, phuang phap loan chuyen yang DNS dtra vio mot trong ba phuong phap de duqc dtra ra de duy tri sit kiem soat cac phial hoc sit nhan clang nguoi clang 461 yea cac you cau dang den ten HTTP.

• Cac cookie • Cac trutmg An • viEt URL

Khi mot nguai dung dux hien mot yeu cau dAu tien, may chit Web se tra mot the bang van bin duy nhit de phan biet nguai dang do. Cac you cau tiep theo co the nay de sir dung cookie, viet 10 URL hoc cac truang An, cho phdp may chit xuat hien de duy tri mot phien glen may khich vi may chit. Khi nguai dimg duet lop mot phien veri mot may chit, thi tat ca cac yeu cau den sau thuang deu di den cling mot may chit.

Van de a day la trinh duyet luu dia chi IP cart may chit do. Khi Cache het han, trinh duyet se that hien mot yeu cau khac din voi may chit DNS de co duqc dia chi IP co lien ket yen ten mien. Neu may chit DNS tra ye mot dia chi IP khac, mot may chit khac trong cum may chit, thi cac th8ng tin ye phien se bi mat.

14

Chuang 2: May chit can bang tai (cid:9) DO Van Thjnh — A13439

- IChong ha trq cho kha nang c6 san cao. Xem xet met gun may chit co n may. Neu met may chit nao d6 gap van de ye stir co (vi dy la may chit thir n) thi cu yeu au thin n den may chit DNS deu huemg yeu au din may chit hong nay. MOt be djnh tuyen thong minh co the giai guy& duqc van de nay bang cach kiem tra cac may chit 6 cac khoang uteri gian nao do, phat hien ra cac may chti bj h6ng vi ger b6 chimg ra Ichoi danh sach, chinh vi vAy se khong co yeu cAu nao duqc gfri den chting nits. Tuy 4y, van de a day van ton tsi neu may chili van c6 nhung Cling dung Web dang chay tren may chit eta bj hang.

Thay dot cum may chit se mat nhieu thiri pian de truyen bi den toan be plan con lai cita Internet. MOt IY do 6 day la trong nhieu to chirc tern — cac ISP, cac cong ty, hay dui ly — hru cac you au DNS dm hp de giam Itru luqng mang va thai gian you au. Khi ngtreri dimg ben trong cac t6 chirc nhu v0y thuc hien met yeu au thi hg thong se duqc kiem tra danh sach cac ten DNS cita Cache da duqc ban do h6a (Ha chi IP. Neu hg th8ng phat hign thiy met muc nao thi no se tra dja chi IP ve cho ngueri dimg. Neu no kh8ng phat hien thay muc nao trong cache nei be thi ISP se giri yeu cau DNS nay den may chit DNS vi km sr dap tra.

Khi met muc da duqc luu het hen, ISP se nang cap ca so da ligu n6i be dm no bang ach lien he voi cac may chit DNS khk. Khi danh sach cac may chit thay dai, no c6 the can den met Ichoang uteri gian ngin cho cac muc da duqc Iuu tren mang cita ac to chat khic het han va tim kiem danh sach cac may chti da duce cop nh#t. Trong su6't chu trinh nay, may khach van co the thuc hien hanh deng " Hit " may chit 1)1 hang, neu ISP cita may khach do van c6 met mix tr6 den no. Trong twang hcq? nhu 4y, met so ngueri dimg cita ISP d6 khong the truy c#p tir nhemg lin truy c$p ban dliu, tit* tri hien tai cum may chit van con cac may chit du thira van dang host deng.

Met van de con Ion han xuat hien khi ger be met may chit so veri viec ba sung. Khi bat di met may chit, ngueri dung co the dang thuc hien " Hit " met may chit khong ton tsi. Con khi them met may chit thi may chit de van chtra duqc sir dung cho toi khi dja chi IP cita n6 den duqc tat ca cac may chit DNS.

Mac clit phuong phip nay c6 the can bang ducc met s6 lircong ngutri dimg tren mai may chit, nhung n6 kh8ng hoin toan can bang tai may chit. Met so ngued dimg co the you au mirc tai cao han trong suot met phien cita hp so veri nhang ngtrai dung khic a tren may chit khic, vi phtrcmg phap nay khong the bao dam chang lai duqc sit bat cong bing do.

2.3. Cym may chit voti bt, can bing tai

Met vii nha quin tri may chit se trien khai nhieu may chit de dam bao muc dich tang tinh san sang vi kha nang mer ding. Neu met may chit nao do gap phiti van de kh8ng the dap *rig duqc nhu au, ngay 10p tire met may chti khic cet the duqc mua trong khi may chit gap van de se trong qui trinh sira chaa. Tnrerc khi cac sin phan can pang tai duce phat minh thi DNS thutrng duqc sir dung de phew ph8i tai thong qua nhieu may chit. Vi du,

15

Chuang 2: May chit can bang tai (cid:9)

DO Van Thjnh — A13439

DNS quan IS, dja chi www.kok.com c6 the dirge cau hinh yeti hat hoac nhieu dja chi IP cho site www.kok.com DNS sau d6 c6 the cung cap mOt trong cac dia chi IP da ductc cau hinh bang cich lam chuyen yang cho mot truy van DNS. Day mei chi la sv hob thanh the,' scr oh qua trinh can bang tai, cach tiep cjn nay can bj giOi hart trong nhieu van de khac. DNS khong the biet duqc kha nang tai va firth trang cim mOt may chit. N6 co the cung cap dia chi IP cim mOt may chit ngay ca khi may chit nay dang gap van de.

Bo can bang tits xuat hien va duqc trial khai tnretc nhOm may chit, tat ca cac may chit nay hoac trvc tiep ket not yeti can bang tai hoac ket not thong qua b0 chuyen mach, b0 can bang tai chay dvc theo cvm cac may chit xuAt hien nhu mOt may chit a° di den cac may khach. Cling nhu la may chit that may chit ?to phii co dia chi IP cho cac may may khach truy cap vao n6, day &gm goi la dia chi IP ao (Virtual IP - VIP ). Dia chi IP ao dirge cau hinh tren b0 can bang tai va dai dien cho toan b0 nh6m may chit ben trong.

Rtal %PMI'S

(cid:9)

ars (cid:9)

Memo Sinn 1111 n 102.121.10.1 1.00d Man

11kb WM

1 16.2 11110102

ItS3: 1010103 SMIP

Hinh 2.3: nhom may chit yogi ba can bang tai

De truy cap (mg dvng tren cac may chit, dja chi may may khach phai you cau den VIP. Trong truing hqp cita vi dv trang web www.kok.com , DNS phiti sauce cau hinh tra lei VIP gi6ng nhu dja chi IP www.kok.com . Dieu nay cho tat ca cac trinh duyet cita may khach girl yeu cau teri cac VIP thay vi mOt may chit thvc. BO can bang tai nhan dirqc you cau beri vi n6 so hau VIP va phan phoi chimg qua cac may chit thvc sit c6 an.

Khd hang mi ring: Ben vi can bang tai phan phoi cac you au dm may khach thong qua tat ca cac may chit thvc sari c6 vi the cong suet zit ly dm may chit Ito cling lem hen Ming suet cita mOt may chit. BO can bang tai sir ding mOt thuat toan phan phoi tai de phan phoi den dm yeu cau cua timg may Ichich. Neu thuat toan toi tru, kha nang nang cita may chit ao se bang ming suit Ping hqp dm tat ca cac may chit thvc. Nhung truing hqp nay la rat hiem do mOt so yeu t8 bao gom ca hieu qua phan ph8i tai. Tuy nhien ngay ca khi ding

16

Chuang 2: May chit can bang tai (cid:9) DO Van Thjnh - A13439

suit dm may chit ao dat khoang 80-90% ding suit tong hop cita tat ca cac may chit Sic thi dieu nay cling dg cung cap kha tiling ma tong that tuyet vet

u

Tann sin sang: BO can bang tai lien tic theo dei tinh trong ctia cac may ,cha,thoc va cac ling don chay tren chimg. Neu mot may chit thoc hoacimg ding gap van d'e kh8ng dap Ong ducifc yeu cau, b0 ram bang tai tranh gut bat kY yeu ca cita may khach den may chit de. Mac di" bat cir mot so ket not hok cac you cau dang &roc xir 1S, khi mot may chit dang gap yin de thi b0 can bang tai van se dj enh Wong tat ca cac yeu cau den mot trong so cac may chit c6 tinh tang kit& manh. Neu khong co bo can bang tai, ngulyi ta phai doa tren mot c8ng co giam sat mang de kiem tra tinh tang cua mot may chit hoac ling ding, va chuyen huOng may khach den mot may chi) thoc khac. BOA vi 130 can bang tai thoc hien ding vi'ec nay mot cac nhanh chong , nen thoi gian chat ducic giam thieu ding ke. mot khi may cha bj 16i dtroc sua chea, b0 can bang tai se phat hien so thay dOi vi bat diu chuyen tiep you cau den may chit.

Khd ming van /57: Neu phan ding cua mot may chit can duce ang cap, hok hg diau hanh, hoac ling ding phan mem ctia no phiti nang cap len mot phiety ban men, may chti serhai dimg hoot dOng. Mac do viec nano cap nay co the duqc sap xep vilo gib cao diem de gram thieu tic (tong cua that gian chet vi se co mot vii doanh nghiep kh8ng ce co du kha nang dank cho khoang thai gian chet nay. MOt s6 doanh nghiep thin w con khong the tim thay bat ky thai gian nap ngoai gib cao diem, dac biet la neu may cha dugc truy cop bed nguOi dung tren town the gieri trong nhftng mui gib khac nhau. Bang cach trien khai b0 can bang tai, chting ta co the ngimg may chit can bao tri ma kh8ng phai chill bit cir thai gian chat nao. Ck can bang tai se thoc hien mot cach khdo leo viec tat may chit, theo d6 can bing tai se dung dua ra yeu cau meri voi may chit d6 va cho dqi cho den khi bit Ick mot ket not hien c6 cham dirt. MOt khi tat ca cac ket not hien c6 duce dang 10, may chit co. the an town ngimg lam viec de bao tri. Vic nay dim bito may khkh kh8ng he hay Wet va bo can bang tai se tiep toe phoc vi cac yeu cau gin den den dja chi IP ao bang cach phan phoi chimg qua den cac may chit thoc con lit.

BO can bang tai cling tang kha nang quan 15, bang each ttich (mg ding tit may chit. Vi do, chimg ta c6 tat ca !man may chit thoc sari sang lam viec, va cluing ta can chay hai ling citing: Web (HTTP), va FTP. Chimg ta chon chay FTP tren hai may chit va chay Web server tren tam may chit can Iii Uri vi nhu cau can Web server la nhieu han. Khong co b0 can bang tai, chimg ta se sir don DNS de thoc hien luau chuyen yang glib hai dja chi IP may chit cho FTP, va gifta tam dja chi may chit cho HTTP. Neu nhu cau cho FTP dot ngOt tang len, va chimg ta can chay no tren mot may chit nao d6 trong so cac may chit cluing ta c6, cluing ta phai sira dOi ngay 10 DNS vi them ba dja chi IP may chit. Cling viec nay mat mot khoang thai gian de co hieu qua thanh conp va se kh8ng the giai quyet duqc cac van de hieu suit ngay 1(tp hie. Neu cluing ta thay the ba, cach sir ding can bang tai, cluing ta chi can th6ng bao mot dja chi IP ao. Chimg ta co the cau hinh b0 ,can bang tai de lien ket dja chi IP ao yeti may chit 1 va2 danh cho FTP, va may chit? den 8 danh cho ling ding web. Dieu nay ducyc coi la mot so ring buk. Tit ca cac yeu cau FTP &roc nhon tren dong

17

Chuang 2: May chit can bang tai (cid:9)

DS Van Thjnh - A13439

duqc biet den la 21. BO can bang tai nhon ra kieu you au nao dia tren ding dich TCP va huang no den may chit thich hqp. Neu nhu cau cho FTP tang len, clugg ta co the co may chit 3 choy img ding FTP, va buk may chit 3 dua IP lo &AA cho (mg ding FTP. 134 gib b0 can bang tai se nhon ra rang c6 ba may chit chay FTP, vi phan phoi cac you cau gifts ba may, do do ngay 14p tirc se tang tong ding suit danh cho cac you cau FTP. KM Wing di chuyen cac (mg ding tit mOt may chit nay den mot may chit khic hoc tang them nhieu may chit cho mOt img ding nhat djnh voi dieu kien khong mOt may chit nao bj gian don viOc dap img cac yeu can nia may Ichitch la mOt ding co molt me cho cac quan trj vien may chit.

Can bang tai cung giap quan ly mot kh6i lugng Ion not dung dft yen. MOt so may chit Web co the co rat nhieu not dung de phvc vi nhtmg n6 lei khong the phi" hqp net chi hog dOng ten mOt may chi. Chigg ta co the t6 chirc cac may chit thigh cac nhOm khic nhau, trong do mai nh6m may chit se phai chin trach nhiem cho mOt phAn nhAt djnh cua not dung, va b0 can bang tai se djnh gran cac yeu du Whom may chi thich hqp dtra teen URL trong cac you cau HTTP.

Can bang yin hog dOng dtra tren cac giao that mpg tieu chuin bon vOy no co the phan phoi tai den bit ky may chi nao ma khong can phiti phan biet he diet hanh cent may chit. Dieu nay cho phep cac quan tri vien co the pha trOn phi! hqp cac may chi khac nhau, va tan ding lgi the dm mil may chit de c6 dttqc ding suit tong hqp len nhat.

An ninh: BIN vi b0 can bin tai ey phia truac nhom cac may chit nen b0 can bang tai co the bao vO de may chit ti" nhemg ngteti clang dOc h3i. Nhieu san pham can bang tai di kern veri mOt s6 tinh nanf bio mot ngan chart cac cuOc tan ding den cac may chit. Ck may chit thvc cung c6 the duqc cung cap dia chi IP private de chart bit 14 truy cOp rnrc tiep nao ta nguid dim& ben ngoai. Cac dia chi IP private khong the dinh tuyEn chung frog Internet, bit cir you cau noo trong mang Internet deu phii di qua mOt thiet bi thot hien dich dia chi mang de giao tiep Arai mOt may chit ce dia chi IP private. BO can bang nghiem nhien the trey thinh thiet bi trung gian dich dia chi mong nhtr mOt phan ph6i va chuyen tiep yeu au cita may khich den timng may chit thwc. Dia chi IP lo ten can bang tai c6 the la mOt dia chi IP public de ngtrei sir dung Internet co the troy cap IP lo. Tuy !glen, cac may chit thvc ding sau b0 can bang tai ce the co dia chi IP private de butjc tat ca cac thong tin lien lac phai thong qua cac can bang tai.

18

Chat luting dick lc Chit luqng dich vi co the di:cc dinh nghia bang nhieu each khic nhau. NO c6 the &Km dinh nghia nhu la then gian dap img dm may chit hok (mg ding, hok la kha nang cung cap cac dich vi khac nhau dtra tren timg nhom nguoi ding. Vi do, d6i veri dich vv cim mOt website, n6 loon muon dap img mOt each nhanh nhat cac thong tin gin den cac thigh vien platinum, sau de mai den nhem cac thank vien gold va cac thanh vien silver. Lac nay can bang tai c6 the duqc sir ding de phan biet ngutri sir ding Oa tren mOt s6 th8ng tin trong cac geli tin yeu au, va din chting den mOt may chit hok mOt nhom cac may chi, hok thiet lop cac bit tru tien trong cac &Si tin IP de cung cap cac dich vi mong muon.

Chuang 2: May cha can bang tai (cid:9)

DO Van Thinh — A13439

(cid:9)

2.4. Luling g6i tin co ban trong can bing tai

DE hieu n3 dugc lutmg di chuyen cua cac gal tin trong can bang tai chang ra hay quay ter lai yeti viec thiet lap can bang tai nhtr trong hinh:

Real Sentra

(cid:9)

Car

ats

(cid:9)

Maud Font,. VIIP••123.122121.1 l oad Raton,

VIP to Real Sent Blythe to lit Abort

Ira 1014103 SNIP

YIP

VIP Pat Red Sena Real Sara Pat

123.122 121.1 30 113.122.121.1 n

S2

123.122 121.1

32

RS1 itsz RSI 1C lea

Ifinh 2.4. nhom may cIni vat be) can bang tell

Co ba may chit RSI den RS3 vi co ba ung dung dirge tai dat tren the may chit li Web(HTTP), FTP, SMTP. Ba img dung nay doge phan phial thong qua ba may chit. Trong vi dv nay tat ca cac img dung deu sir dung giao thac TCP, va mOi ang dung kheri chay dugc biet den tren moi dm* khac nhau. Ling dung Web chay tren cong 80, FTP chay tren cong 21, SMTP chay tren cong 82. Be can bang tai sir dung ding dich trong cac giao thac TCP cua cac gei tin den de than ra tins dung mong muon cua cac may khach vi Iva chgn met may chti thich hgp cho moi yet& cau. Qua trinh xac dinh may chit del gin you du can phai zee dinh re qua hai phan sau. Dau nen, can bang tai phai xac dinh rang cac thiet lap may chu dang chay cac ang dung dirge yeu cau can phiti c6 tinh trang tot. Thu hai, be can bang tai sir dung mOt thuat toan phan phei tai hoc phucmg thirc de Iva chgn mOt may chit, dva vao the dieu kien tai tren cac may chit khic nhau. MOt vii vi dv caa cac phucmg thac thuat toan can bang tai bao OM thuat toan lufin chuyen yang (round robin), ket not it that (least connection), phan phoi trong s8 (weight distribution) hoac dva tren thei gian dap ang de Iva chgn cac may chit. Cac phucmg lilac phan phoi tai se dugc than lujn chi riot ham trong cac phan sau.

Qua trinh cau hinh hi) can bang tai cho vi dv nay lien quan den cac butt sau:

1. Dinh nghia mOt dia chi ip ao cho b0 can bang tat: 'VLP = 123.122.121.1 2. Xac dinh cac ang dung can can bang tai: Web, FTP vi SMTP

19

so am 21 12 IR

Chucmg 2: May chii can bang tai (cid:9)

131) Van Thinh — A13439

3. D6i voi moi ling dung, ring buOc dia chi IP ao cho moi may Si thuc dang chay ling dung do. Ring buOc dia chi VW den RS1 va RS2 cho ling dung Web, RS1 cho FTP, vi RS2 va RS3 cho SMTP. Dieu nay c6 nghia cong 80 cho VIP duqc ring buOc den cong 80 cho RS1 vi RS2, cling 21 cho VIP duqc ring buOc den cong 21 ten RS1, :.

4. Cau hinh de di the kiem tra duqc tinh tang ciia moi may chi\ b0 can bang tai can phai dimg de xac dinh dieu kien sac khae coa moi mOt may cha va ling dung.

5. Cau hinh phuong thirc phan ph6i tai cai dugc sir dung de phan chia

Bing viec phan pheoi cac ling dung qua ba may chii va ring buOc VIP den cac may chi] thvc cho cac cong TCP khic nhau. Chimg ta da tach ling dung tit may chti de tit d6 cii thien han tinh Iinh hoot. Vi du, neu ling dung FTP c6 nhu cau sir dung cao, rat don gian chong ta c6 the them mOt may chi, nao d6 chity FTP bang each ring buOc them may chit den VIP tren cling 21. Neu RS2 co nhu cau can duqc bao tri,chCmg ta co the sg dung b0 can bang tai khdo leo thgc hien buck b6 qua RS2. CO nghia la no se gift lai cac yeu cau moi den RS2 va cher dqi mot khoing tiled gian nhit dinh cho den khi cac ket not hien c6 bi dgng lai.

Can phai km y rang that cac cac may chi, thvc phai dirgc chi dinh mOt dia chi IP private nhu 14 10.x.x.x, 172.16.x.x — 172.31.x.x, 192.168.x.x cho hai muc dich chinh. Thu ngt, chimg ta bao ton khong gian dia chi IP public bang each chi sir dung mOt dia chi IP public cho dia chi VIP dai dien cho tom 1)0 he thong may chi' : Thu hai la Ling cueing an ninh khi kh8ng c6 mOt ai ngoai Internet cif) the truy cap trirc tiep tai cac may chi) ma khong phai th8ng qua by can bang tai.

Bay WO chting ta hay cling xem nhemg gi 1)0 can bang tai thgc hien vi kiem tra luu lugng g6i tin Mau khi sir dung can bang tai.

Sir dung mOt eau hinh don gian vai by can bang tai duqc dat truck 2 may cha Web nhu trong hinh ben duai, de c6 the hieu !thing gai tin trong moi phien you cau hoac tra lai. May may khach dau tien se thiet lap mOt ket not TCP, gai rmOt you cau HTTP, nhan duqc mOt phan ling , va dang ket not TCP. Qua trinh duet ket not TCP la mOt cai bat tay ba chieu. Khi by can bang tai than yeu eau TCP SYN, neo chira cac thong tin sau day:

1. Dia chi ngvein (Source IP address). Bieu thi dia chi IP ciia may khfich. 2. C8ng nguon (Source port). Qin duqc sir dung bai may khach trong ket not

TCP.

3. Dia chi IP dich (Destination IP address). Day la dia chi IP ao dai dien cho cum

may chfi chay ling dung Web.

4. ding dich (Destination port) Day la deg 80, theo tieu chuk Wirth cho may

chii Web , la citing y8u eau cua mOt ling dung Web.

20

DO Van Thinh — A13439

Chuang 2: May chit can bang tai

Client es 11111.1.1.100

Source IP

Deg IP

..

100.1.1.100

141.149 65.3

Source MAC MI

lest MAC Nt2

0

M2

Mr

2

ILI 1 1.100 10.10 1020

3 10.101020

108.1.1.100

3411

M2

111.149.65.1 MAC-MI

M2

MI

141.149.65.3 100.1.1.100

VIP - 141.119.65.3 MAC al

(cid:9) (cid:9) (cid:9)

RS1 10. 0.10.10 MAC -M3

RS2 10 10.10.20 MAC -M1

Hinh 2.5: luang g6i tin trong can bang tai

Khi nhan duce gill tin TCP SYN, b0 can bang tai se chon may chit de chuyen tiep you cAu, vi do chqn may chit RS2 de gin xeu cAu. De cho may chit RS2 chip nhon can ea tin TCP SYN thi goi tin phai duqc giri den n6. Dia ‘ chi IP dich g6i tin phai c6 dja chi IP da RS2 khong phai dia chi IP ao. Vi voy can bang tai thay d6i ilia chi IP ao bang dja chi IP dm RS2 va chuyen g6i tin di. Qua trinh djch dja chi IP duqc gqi la djch dja chi mpg.

Khi nguiri dung go www.kok.com trinh duyet se too ra mot truy yin gin den DNS va biet duqc VIP nhu la chit chi IP phoc vo www.kok.com . Trinh duyet cita may khach giri mot goi tin TCP SYN de thiet lap mot ket net TCP. Khi b0 can bang tai nhin duqc g6i tin TCP SYN, dau tien ne se xac djnh g6i tin nhu lit mot img vien cho viec can bang tai bed vi g6i tin chira VIP nhu la mot dja chi IP dich. Do day la mot ket net mai, b0 can bang kh8ng tim duqc mot myc trong bang phien cua n6 can duqc xac dinh bin dia chi IP nguen, IP dich, cling ngu6'n, cling dich nhu da duqc guy djnh trong goi tin. Dtra teen cAu hinh can bang tai va viec kiem tra tinh trong. BO, can bang tai xac djnh hai may chit RS 1 va RS2 nhu la vien cho ket mai nay. Bang each sir dong mot phuang thirc phan ph8i tai da duqc quy djnh, bi) can bang tai se chqn ,m0t may chi thus, RS2, cho phien nay. MOt khi may chit dich duqc xac djnh, b0 can bang tai too ra mot moc phien min trong bang phien cua no. BO can bang tai thay d6i dia chi IP dich va dia chi MAC dich in &Si tin thanh dia chi IP va dja chi MAC cis RS2 sau d6 chuyen tiep goi tin den RS2.

Khi RS2 tra lai (von TCP SYN ACK,) bay gib goi tin den b0 can bang tai vin dja chi IP ngu'on da RS2 va dja chi IP dich cita may khach. BO can bang tai Hum hien viec thay the

21

Chucmg 2: May chit can bang tai (cid:9) DS Van Thjnh - A13439

dja chi IP dm RS2 thinh VIP va chuyen tiep gen tin den b0 dinh tuyen phan phut gni tin den may khach. Tat ca cac gei tin yeu cau vi tri liti trong phien TCP nay se trai qua qua trinh tuong tor. Cu8i cling khi ket not duqc chfun dirt hoac duce thiet lop lai, can bang tai se x6a mac phien trong bang phien dm n6.

Th8ng qua luting gni tin chting to hay cling tim hieu 6 nai nao va lam the nao ma dja chi IP va dja chi MAC duqc thao tac. Khi bo djnh tuyen &tan &tic gin tin tir may khach, goi tin c6 mOt dia chi IP dich la VIP vi dja chi MAC dich la MI 11 dia chi MAC dial* djnh tuyen. Trong buoy thin nhat nhu da the hien trong bang luting gel tin trong hinh. BO djnh tuyen chuyen tiep cac g6i tin cho b0 can bang tai bang ckh thay . &di dja dia chi MAC dich M2 la dia chi MAC dm can bang tai. Trong Mac hai, can bang tai chuyen tiep gel tin den RS2 bang ckh thay doi dja chi IP dich vi dja chi MAC dich dm RS2. Trong bit& ba, RS2 tra lai lai cho may khich nen dja chi IP vi dja chi MAC nguon la cita RS2 vi IP dich la cita may khach. Cac dja chi cong mat djnh (default gateway) cho RS1 va RS2 &Km thiet lOp tir dia chi IP cita b0 can bang taivi vay dia chi MAC dich trong buck nay la dja chi dm bo .can bang tai. Trong buac bon, can bang tai nhan duqc gni tin vi thay doi dja chi IP nguon thanh VIP, dia chi MAC ngulin la dja chi MAC cita chinh na. BO can bang tai can phai xac dinh b0 dinh tuyen yen dja chi MAC dich II MI.

2.5. Kiem tra tinh trang stir khoe

di mire dO cao ham, viec iciEm tra trinh trang sat khoe dm-tic chia thanh hai loci: kiem tra trong vanh dai va kiem tra ben ngoili vanh dai. Vai cuOc kiem tra trong vinh dai, 130 can bang tai sir dung luting lint luting to nhien glum may may khach va may chit de xem xet neu mot may chit khOe manh. Vi du neu bp can bang tai chuyen tiep gei tin SYN ciut may khach den may chit thuc, nhung !thong thity gni tin SYN ACK phin img lai tir may chit, b0 can bang tai c6 the nghi net c6 van de gi d6 din yeti may chit. Lac nay b0 can bang tai se kick hoot mOt cuOc kiem tra den cac may chit thuc va xac thuc lai ket qua kiem tra de. Kiem tra ben ngoli vii dai 11 qua trinh kiem tra duqc tien hank bit nguan tir b0 can bang

Thuc hien cac cuOc kiem tra de xac dinh tinh trang sire Moe cita cac may chit vi cac *Jig dung la men trong nhfng lqi ich quan tang nhat cita can bang tai. Khong ca b0 can bang tai, may khach co the se girl gni tin you du den mOt may chit dA chet va luc nay ngubi quan tri phai can thiep de thay the may chit da chat bang mitt may chit men hoac phai khic phuc duqc stir co. Han nfta cac dung duqc cal int tren mOt may chit c6 the gap phiti mot so van de lien quan den lin pha'n mem. Bei vay khi b0 can bang di duce trien khai de c6arthe phut hien cac. van de nay va ngay lap tire hung may khach den mOt may chit thay the ma khong can den six can thiep huang dun sir dung tir ngueri quail tri.

2.5.1. Cic qui trinh kiem tra co bin

22

DO Van Thjnh — A13439 Chucmg 2: May chit can bang tai (cid:9)

BO can bang tai co the thvc hien cac cuOc kiem tra khac nhau. 0 mire thip nhat, b0 can bang di thin hien mOt s6 cuOc kiem tra o cac tang khac nhau trong mo hinh OSI.

Qua trinh kiem tra 6 tang 2 trong m8 hinh OSI lien quan den met s6 giao thfrc phin gill dja chi (ARP), yeu cau duqc sir dung de tim dja chi MAC ttrcmg tang vai (Id chi IP. Khi 130 can bang tai duqc eau hinh c6 thong tin dia chi IP cim may chit thvc, no girt ARP ten mai (Id chi IP cim may chit thvc de tim dia chi MAC. Ck may chn se phai tra lbi loi cac yeu cau ARP trir khi n6 gap phai van de.

Qua trinh kiem tra 6 tang 3 lien quan den viec ping dia chi IP ctia may ,chit thvc. Ping 11 mOt chuong trinh duqc sir dung pile, bien nhat hien nay de hem tra stir ton di cim mOt dja chi IP trong mong.

6 tang 4, b0 can biing tai co gang ket not tai mOt cling cu the TCP hoac UDP not ma cac img dung dang hoot dOng. Vi du, Net' VIP biang bu(ic v6i cac may chit that tat-el don& 80 danh cho img dung Web, b0 can bang tai co8 gang thiet mOt ket, not hoc Co gang de gan vao cong dd. BO can bang tai girl mot yeu eau TCP SYN den c ling 80 ten mai may chit thuc vi kiem tra bang each xem gai tin TCP SYN ACK co quay tr6 loi khan*. Neu goi tin kh8ng quay tr6 loi, co nghia la viec tra 101 yeu cau that boi, n6 se danh dau cling 80 tren may chit ko c6 yeu cau tra lot. Dieu quan tong can luu 5 , la b0 can bang tai xir ly min cling tren tong may chit 11 dOc lap. Do da cling 80 ten tren mOt may cha nio da c6 the gap van de nhung ding 21 co the van duqc sir dung tot. Trong twang hqp do, WO can bang tai ti6p tut xir dung may chn nay cho cac img dung FTP nhung se &nit dau tat a cac may chit khong sir dung duqc img dung Web. Dieu nay cung cap can bang tai rat hieu qua, sir dung tai da nang lye ctia timg may chit.

2.5.2. Cic cuOc kiem tra tren cac lug dyng cy the

BO can bang tai c6 the thvc .hien cac cuOc kiem tra tang 7 trong m8 hinh OSI vi tren cac img dung. Khong co qui de trong vipec lam the nao de mer rung viec kiem tra cac img dung nhung n6 kh6ng khac nhau la may khi kiem tra tren cac sari phim can bang di.

Doi vai cac may chit Web, bij can bang tai c6 the girl mOt yeu cau HTTP GET hoc HTTP HEAD den may chit. Chang to c6 the cau hinh b0 can bang de kiem tra cac dour[ ma HTTP quay tit loi ?hang hurt nhu "404 Object can not find" co the duqc pldt hien. Doi WA DNS, 130 can bang tai c6 the girl mOt truy van DNS de giii quyet ten mien duac lua chqn tir ngtrai dimg thanh dja chi IP. DOi voi FTP, b0 can bang cho the dang nh$p den mOt may chit FTP vesi mOt useriD vi mot khau cu the.

2.53. Sy phy thui}c via on dung

23

Chuang 2: May cha can bang tai (cid:9)

DO Van Thjnh — A13439

Doi khi chi:mg ta co the mu6n sir dung nhieu img dung co lien quan den nhau tren ding mOt may chti thuc. Lay vi du, cac may cha Web cung cap cac img dung gi6 hang mua sam co img dung Web tren cong 80, de dam bao nOi dung vi cac in dung khac no sa dung them lap cong bao mat (SSL) tren cong 43, SSL cho phip cac may may khach vi may chi' Web trao doi nhang thong tin nhity cam nhu la thong tin the tin dung mOt each an toan bang each ma has luu !IN:mg truy cop. MOt Ichich hang dau tien se duyet trang web, dua them mOt vii muc =Jon mua vao trong gib hang ao vi nhan vao may cha thanh town. Trinh duy'et sau da se chuyen doi sang img dung SSL, trong d6 co the thong tin dui the tin dung mua cac mat hang trong gio hang. Die nay cac img dung SSL se lay ck thong tin gin hang tir cac img dung Web. Neu img dung SSL gap phai van de, may chit Web can phai duqc xem xet lai. Neu khong, ngutri dimg co the them cac muc mua sam vao gi6 hang, nhung se khong the truy cap cac img dung SSL de kiem tra. Nhieu 1)0 can bang tai ho trq tinh nang gqi Whom cong, cho phep nhieu citing TCP hoac UDP duqc Whom tai yeti nhau. Neu mOt img dung chay tren bat kjr mOt cong trong ahem khong thanh b0 can bing tai se danh dau toan b0 nham cac *rig dung tren may chit thuc. Dieu nay dam bao ring ngutri ding duqc djnh huOng den nhemg may chit c6 tat ca cac img dung can thiet de hoar' thanh mot giao dich.

2.5.4. lqch Bin

MOt so b0 can bing tai cho phep ngutri dung c6 the via ra mOt kjch ban ap dung tat bo can bang tai, ne se chtia cac thong tin logic hoac nhemg chi dan kiem tra tinh trang sirc khoe aim may chit. Tinh nang nay duqc sir dung pho bie'n trong cac thiet hi can bang tai co chira mOt bien the dm mOt he dieu hinh tieu chain nhu Unix hay Linux. ice tir khi cac he dieu harth cung cap mOt so loci ngon ngit kjch bin, thong co the de dang khai thk de cung cap cho nguEri sir dung yeti kha nang via huOng din chi tiet cho cac img dung, may chi, hoac kiem tra nOi dung.

MOt s6 nha quan tri may cha thich each tiep can nay bOi vi hq di biet cac ngon nger kjch ban, hq se tat dung sq linh hoot va sue math cum ca the kiem tra duqc cung cap bai kith ban.

2.5.5. Ket Luin

Vi co fa nhiEu each khac nhau de kiem tra firth trang sire khae cila may chit cling nhu img dung, vay eau hei dat ra la mire dO kiem tra nao la thich hqp? That tuyet veri khi sir dung b0 can bAng tai, no dua tren cac tieu chart di kiem tra tinh trang sire khee ma khOng you catu bAt IcSr ma doe quyen nao hoac bit kS, giao diet chuong trinh irng dung nao duqc tai dat tren may chi. Dieu nay dam bao ring thong ta ce the to do thay the mot san phim bo can bang tai nay bing mOt sin phim b0 can bang tai Ichic, trong truang hqp 46 la mOt y'et cau. Mat khac, muc dich chinh etia hi) can bang tai vin la kha nang phan phoi tai, neu n6 danh qua nhieu thin gian cho viec kiem tra tinh tang sue kh6e, thi se phai can thbi gian di

24

Chuang 2: May cha can bang tai (cid:9)

1)6 Van Thjnh — A13439

xir 15/ cac g6i tin you au, va ‘vin de nay !cluing phai la muc dich chinh chung ta mong muon. That tuyet khi b0 can bang tai c6 the ket help va sir dung cac phtremg phap di duqc de cap tren de tien hanh cac cuOc kiem tra mot each hieu qua nhat, vi quan trong la viec sir dung duqc toi da ngutm lye dim bao nhiem vv phan phoi tai.

Djch dja chi mpg la cac kh8i xay dung co bin trong can bang tai. BO can bang tai ca ban sir dung NAT de you cau true tiep den cac may chit thvc khac nhau. CO rat nhieu kieu NAT khac nhau. ice tir khi b0 can bAni tai thay 461 dja chi IP dich tir VIP den dja chi IP cita mot may chi' thyc, ne duqc blest den nhtr la NAT dich. Khi may chit thvc tra 18i, b0 can bang tai bay gib phai thay 6i dia chi IP cim may chit thvc trey Ivi thanh dja chi VIP. Qua trinh dich dia chi IP xay ra tren IP nguon eim gin tin, trong khi d6 cau tra kri c6 nguon goc tir may chu den may khich.

C6 ba thong s6 ma chimg ta can dac blest chu y de hieu ve NAT trong can bang tai d6 la: dja chi MAC, dia chi IP, va so cimg TCP / UDP.

2.6. Djch dja chi ming (NAT)

Qua trinh thay 461 dja chi dich trong cac g6i tin duqc gqi la NAT dich. Hitt het cac b0 can bang tai thyc hien NAT dich theo each mac dinh. Hirsh 2.5 da cho chimg ta thay each NAT dich lam viec nhu la mot phan ciut can bang tai. Mai g6i tin deu c6 mot dia chi nguon va dja chi dich. Khi NAT dich chi thvc hien thay dai veri dja chi dich del khi na duqc gqi nhu la mot nira cim qua trinh NAT.

2.6.1. NAT dich

2.6.2. NAT ngutal

25

Neu b0 can bang tai thay 461 dia chi IP nguon trong cac g6i tin cimg yen quit trinh dich dia chi IP dich, n6 duqc ‘gqi hi NAT nguen. Dieu nay d8i khi cling duqc coi nhu la town b0 qua trinh NAT, vi dieu nay lien quan den den viec dich ca dia chi nguon va dia chi dich. NAT ngutm thutmg khong duqc sir clung trir khi ce mgt cau true lien ket mpg cu the can del hbi phai c6 NAT nguon. Neu cac m8 hinh mpg the hien viec cac g6i tin tra Ibi tir may chti thvc c6 the vtrqt qua No' can bang tai, NAT ngutin phai &Km thvc hien. Minh 2.6 cho melt vi du ye cal nhin cap cao mot eau true lien ket mpg. Hinh 2.7 cho thay mot thiet ke mpg dam gian Tuning ,d6i heti phai sir dyng NAT nguon. Dana each sir dtmg NAT nguon trong nhfmg thiet ke nay, chin ta da buOc may chit phan ph8i tra 161 thong qua 1,45 can bang tai.

Chtrcmg 2: May chit can bang tai (cid:9)

DO Van Thjnh — A13439

Client

C.) Client requests to VIP.

0 Real server replies to client bypass the load balancer. Load Balancer

.01=1•111=1•

0 Load balancer to real servers.

1711111

•

Hinh 2.6: Off nhin cap cao ve mot du true lien kit 'ming

Client (cid:9) I I (cid:9) 0 , Client requests to VIP.

Load Balancer

Load Load balancer to real servers.

Hinh 2.7 Mang don gidn nhung dot hid phiti sit dung NAT nguan

Khi duqc cAu hinh de thuc hien NAT ngu6n, by can bang tai se thay d6i dja chi IP ngtnin trong tit ca cac gOi tin thanh mOt dja chi IP duoc cac djnh tren b0 can bing tai, dtroc goi nhu la IP nguern, trtrerc khi chuyen tiep cac gei tin den may chit thuc nhu trong hinh 2.8. Dia chi IP ngu6n nay co the gi6ng veri dja chi VIP hoac la khac nhau tity thuOc vao sin

26

Real server replies to client bypass the load balance.

D8 Van Thjnh — A13439

Chuang 2: May chit can bin tai

phim can bang tai dang sit dung. Khi may chit Uwe nhOn dtrqc cac goi tin, ne Ichong biet chinh xac may may khach nao da yeu cau b?ri vi got tin da dtryc giri thong qua be, can bang tai. Cac may chit thut se tra Iai lai 130 can bang tai sau d6 nhimg gi bay gig can phai lam la bq can bang tai se Bich dia chi IP dich thanh dia chi IP clia may khach.

(cid:9)

f0rm1-1111.1.MS

Saone IP 7 bra tr

Scone MM: Deg MOW.

1

1110 1 1 1011

MI

112

i (cid:9) 141 no SS 3

INIt 1 1.101 1141 149663

MI

; 10 10 /Oa

10.1010.1

M2

14E10 SS MAC ...M1

W o A I 4 10 1111141.70 1010101

M4

9 : 9 142

3 141.141.05 1 flail 1.101

1111

BIZ

Id lialwattr Viral 141 le GS.3 MAC .-MZ Smarr Irs141.111 101

t3

1010 1010 MAC- M3

10101020 MAC -M4

HInh 2.8: Luting gal tin trong NAT ngucin

Tir quan diem thong qua b0 can bang tat, c6 hai phien hqp IS, a day: phien tir phia may may khach va phien tir phia may chit. mOi Olen tir phia may khach c6 mqt phien tir phia may chit ttromg img. Hinh 2.9 se chi cho thay lim the nao de lien ket cac ‘phien, tir phia may khach tir phia may chit. Ikea cac phien tit phia may chit ce IP nguon thikt lop IP ngu8n, duce xic djnh tren b0 can bang tat. 80 can bang tat sir dung mOt ding nguon khk nhau de cho mai phien phia may chit de lien ket n6 veri mOt phien phia may may khach. Dieu nay c6 hai tac dung. Thu nhat, set ILK:mg tqi da cac phien dims thtri dtrqc bq can bang tai ho trq vtri mOt IP nguOn 11 65.536 (64K), b6i vi d6 11 gia trj tot da cho mqt cOng TCP. De h8 trq nhieu phien dung that, can bang tai cho phdp ngutri dimg cau hinh nhieu (Ha chi IP ngutin

Clan* esiott

Sena-sae MOM

Son W Sown

D141 IP

Deo Port San IP Some

nest IP

Ikst Pc;

Pon

111.1.1.1113

Pon 10001 1.10.111. le *

MI 1 110

20* 141.141203 0 21 141 latIS 3

18.111.101 HI 111.10 1 Nal 1010 10 Ill

2e11 2000 141.141153 a algal

2001

141.141.613

a

141.16.101 WC Mita

21 10102 alma a ZI

111.1.1.111 la•t.ia

Hinh 2.9: Lien ket phien phia khcich hang va phia may chit khi sit dung NAT nguiin

27

Chuang 2: May che can bang tai (cid:9) DO Van Thjnh — A13439

Un diem cita NAT ngulin la n6 cho phdp ban hien khai be can bang tai 6 bet cu dau ma khong giei hart bat ky met cau tree lien ket mpg nito. Diem bat Iqi la cac may chit thvc kung the thay dia chi IP dm may khitch ban dau, bei vi can bang tai da , thay dei dja chi IP nguon. M01 so img dung dva tren viec xac thvc IP ngu8n kungthe thvc hien duqc neu NAT ngu8n duqc sir dung. MOt so nha quart tri Website cling thireng dva tren Whit ky may chit Web de xac djnh h8 so ngtrtri dimg dva tren dja chi IP nguon, va do do c6 the hp khong muon sir dung NAT nguOn. Met so san phiun can bang tai co the giai guy& van de nay bang each cung, cap met so thy chon cho phdp dang nh'ap hoc bao cao dia chi IP nguon cac you cau gin den.

2.63. NAT nglrot

Khi sir dung be can bang tai, cac may chit thvc thirtmg duqc gin dia chi IP private de tang artmg anh ninh bao msat va bito ton dia chi. Be can bang tai thvc hien NAT dich cho tatca cac hru lupng truy, c#p duqc (cid:9) xtremg boi khach hang den ,cac may chit thvc. Neu cac can bang tai muOn duqc ket non ra, ben ngoli, chung phai may chit thvc dang sau (cid:9) thong qua NAT bei vi may chi] thvc chi c6 IP private. Be can bang tai c6 the duce can hinh de thvc hien qua trinh NAT nguqc lai non ma be can bang tai thay d6i dia chi IP elm cac may chikthvc thank dia chi IP public da dirpt xac dinh teen be can bang al Dia chi IP public co the giong nhu dia chi IP ao duqc xac dinh teen be can bang tai hoac la met dia chi IP rieng biet.

2.6.4. NAT nfing cao (Enhanced NAT)

Nhang Icy thuot NAT vita trinh bay 6 tren deu xoay quanh viec thay dot dja chi IP, cling nhu dja chi cOng trong goi tin header. Tuy &lien c6 'Mang giao thirc dac biet chira thong tin dja chi hay cOng tilning trong payload coa g6i geti tin, ding can phai duqc thay don cling yeti header gen tin.

Dieu nay did hed be djnh tuyen phai hieu biet theo timg giao thirc cu the. Khai niem NAT nang cao (enhanced NAT) nei den kieu NAT phirc tap dirge thvc hien voi tilifing lieu biet theo timg giao thirc cu the de lam cho Siang giao thirc de host d'Ong duqc von viec djnh tuyen goi tin.

Cic giao lac truyen dicing thirtmg gem c6 hai ket nor, met ket not dieu Ithien xay dung tren TCP vi met ket not du lieu dva ten UDP. De khtd dau, may khach lchtri tao met kenh dieu khien den met cong da biet tren may chi,. May khach vi may chit se thoa thuon

Trong só cac giao thirc dac biet do, thong dung nhat la the giao ,thirc plurong tin truyen thong (vi du RTSP). Day ding la cac giao thirc sir dung can bang tai , ph6 bison that, vi chimg kit non tai nguyen mpg va tinh toan khi phai phvc vv d8ng th&i cho hang tram den hang ngin ngu&i sir dung.

28

DO Van Thjnh — A13439

Chucmg 2: May chit can bang tai (cid:9)

cac di'Eu lchoan cho kenh dieu khien. Su thoa thuan g6m co IP caa may chit va s6 eking dm may ma may khach se gin du lieu den tren ket not dCr lieu.

Neu cac may chit c6 dja chi IP private, be ,dInh tuyen se thuc hien NAT dich cho ket not ng phai xem cac thong tin thoa thuan va dieu lchien. Nhung dong, thin be djnh tuyen cli thay dei mei thong tin ye dia chi IP hay cong ma may chit va may khach trao doi sao cho may khach se girl du wou den dia chi VIP public chit khong phai IP private cim may chit (nhang thong tin nay nam trong payload dm geti tin).

Han nun, cong dich duce chqn trong qua trinh thoa thuan 13i khong biEt truck duce nen phai xir 19 you cau ngay ca khi cong chua duqc lien ket den bit 1c9 may chit nao.

Tuy nhien, nhieu doanh nghiep lai co nhftng chinh rich bao mot tren ttrimg lira lam cho nhftng ket not dft• lieu tren nen tang UDP c6 the khOng thanh cong. Do do nhieu he thong truyen thong cho phen lung tren nen HTTP, nghia la town by thing du lieu se duqc girl di bing ket not duqc thiet lap bei giao tiep HTTP. DiEu nay lam cho viec NAT ter nen nhg nhang hon.

Qua trinh djch cong thuting duqc Wet ten la viec djch s6 cong trong cac gen tin TCP/UDP, di cho so dm* co the duqc sir dtmg trong cac giao thirc ;chic. Qua trinh djch dja chi cong tren be can bang tai, khi gin cong 80 tren VIP thanh cong 1000 tren may chi' thtrc.130 can bing tai da djch so cong va chuyEn tiep yeu eau den may chit thtrc. Djch dja chi cong dem lai ba lqi ich: dim bao an ninh, kha nang ma fen ting dung, kha nang quan 19.

Bing cach chay nhieu img dung tren cac ding private, no co thE dam bao an ninh tot hun cho cac may chit then bing cach dung cac cong thutmg duqc biet den. Vi du, chang to c6 the chay cac may chit Web tren ding 4000, va gin cong 80 dm VIP tren be can bang tai thanh cong 4000 tren may chit thuc. Cac may khkh se khong nhan ra bit Ic9 sir khk biet nao va trinh duyet web tiep tuc gut cac yeu clw den con; 80 dm VIP. BO can bing tit djch s6 cong trong tat ca cac yeu caur den vi chuyin tiep den cong 4000 tren may chit thuc. Bay gib, khong met ai co thE tan cong cac may chit truc tiep bang cach thong qua viec 1, 11m luqng nguy hie'm den cong 80, bed vi no da duqc den. Mac divoy, tin tac co the co ging de tim niang cong dang ma, diEu nay chi tao ra Wit chat kh6 khan hon.

2.6.5. Djch dja chi cling (PAT)

29

Gan (Ha chi IP private den cac may chit thtrc hoc thtrc hien kiem soat danh sach cac truy cap de tit chei tat ca cac ltru luqng truy cap den dia chi IP cita .may chit thuc, diEu nay se buetc tat ca nortri ding phai thong qua bo' can bang tai de co the truy cap vao cac may chit dive. BO can bang tai sau d6 co the ethqc thi chinh sach truy cap nhat dinh vi cling co the bao ve may chit ch8ng lai mgt so loci hinh tan cling.

DO Van Thjnh — A13439

Chuang 2: May chit can bang tai (cid:9)

Dich dja chi cong giiup cal thin kha nang me rung bang cach cho phep chay nhieu img dung tuong tfr ten nhieu cong. Ben vi yeti cach mOt so img dung duqc thiet ke chimg ta co the ma rang hiOu suit ang dung bang each chay nhieu ban sao elm no. Thy thuijc vao img dung, chay nhieu ban sao co the sir dung nhieu CPU hieu qua han. De dua ra mOt vi du, chting ta c6 the chay Microsoft IIS (Internet Information Server — Microsoft -- phan mem may chit Web) tren nhieu cong. Chin ta co the chay HS troll cong 80, 81, 82, va 83 tren min may chit thurc va can rang buoc cong 80 tren VIP cho mot cong chay HS. BO can bang tai se phan ph6i luu Krung truy cap khong chi ten khip the may chit thue, ma can ca cac cong tren mot may chit thirc.

Dich dja chi ding cling co the cat thin kha nang quan ly trong cac tinh huang nhat dinh. Vi du, khi chitng ta luu tit cac trang web tren mOt tap the may chit that, chimg ta co the sir dung dja chi VIP de dai din cho tat ca cac website. BO can bang tai nhan dirge tat a cac yeu eau web ten cong 80 cho cong mgt dja chi VIP. Chimg ta co the chay cac ang cbmg may chit Web ten mOt cong khic cho mot ten mien website. Chit han, cac may chit Web http•//www.abc.com chay tren cong 80, va http://www.xvz.com chay tren cong 81. BO can bang co the duqc eau hinh giri cac luu lugng truy cap vao cong thich hqp, thy thuk vao ten mien trong URL cita mot yeu cau HTTP.

2.7. Trir lai tir may cho film tiep (Direct Server Return - DSR)

DSR lien quan den, viOe chophdp may chit Ulm tiep tra km lugng tray cop ma khong th8ng qua b0 can bang tai. Bang cach ;thong th8ng qua b0 can bang tai, thong ta co the co dirge hieu suet tot han neu b0 can bang tai la nth c8 ehai, bai vi bay gia ,b0 can bang tai chi phai xir19 cac luu lugrig you eau, cat giam doge so lugng the goi tin can phai xir 19.

Qua trinh thiet lap de that hiOn DSR, b0 can bang tai se khong chuyen dia chi IP dich thanh IP cita may chit ma van gift nguyen la ilia chi VIP (IP public). BO can bang tai chi dOi dia chi MAC dich thinh dia chi MAC cita may chit de gai tin co the den dugc may chit. Van de con 13i la lam sao de khi may chit nhan gal tin you eau tir 116 dinh tuyen chuyen den se khong tir ch6i, vi dja chi IP dich kh8ng phai la IP cita may chit, ma la dia chi VIP. MOt each dim gian, ta cau hinh de dia chi VIP la dja chi cita loopback interface tren mot may chit. BO dinh tuyen dung cach nay vi lqi dung nhUng tinh chat thti vi sau day cita loopback interface:

• Co the gin bat Ict dia chi IP nao, khong bit buOc phai bit dAu bang 127.x.x.x • Vi loopback interface khong phai la mOt thiet bi that, no kh8ng co dia chi MAC, nen hg thong se khong tra lai cho cac yeu cau ARP. Do 66 se khong co hg thiing ben ngoiti nit° ilia dirge dja chi IP cita loopback interface. Tuy nhien, hg thong van nhan you cau den IP cita loopback interface va tra leti tutu la cac interface Ichic.

Nhu vay, bang mOt chit thin thuat vii cac dja chi, may chit thfrc khong an dja chi IP public van co the nhan you cau va tra Itri trip tiep cho may khach.

30

Chuang 2: May ch6 can bang tai (cid:9)

DO Van Thjnh — A13439

Hinh 2.10 the hien luting gal tin khi sir dung DSR. Dim tien, b0 can bing . titi gift nguyen dja chi IP dich van nhu la dja chi VIP trong gei tin yeu ceu, nhtmg thay doi dia chi MAC dich cua may chit da duqc chqn Itra. BO chuyen mach lap 2 gifta bo can bang tai va may chit chuyen ti .ep g6i tin den dung may chi' dua tren dia chi MAC dich. May chit thuc se chap nhan gai tin bai vi dia chi IP dich caa goi tin vi dja chi VIP da duqc djnh nghia nhu la dia chi IP loopback tren may chit. Khi may chit tra 16i, dia chi VIP bay gibt trot thkh dja chi IP nguon, va dja chi IP dm may khkh tra thank Elia , chi IP dich. ,Goi tin duqc chuyen tiep thong qua b0 chuyen mach lap 2 den b0 djnh tuyen, vi sau do den may khach ma Ichong can phai sir dung NAT.

Chen • HS 1.1 100

Same 111'

Dna 111

Sown MAC One MAC

1 Mill 180

141 148115.3

MI

MZ

2 Ull I 1.180

141 I 411 116.3

MI

M2

141 140116.3

M2

MI

3 188 Lo 110

41.14E65. MAC -MI

4 141 1046 3 188 I 1 100

9114

MI

5 141 IWO 3 18111.1 108

544

MI

141 141148.3

MAC-M2

10 0.10.10 MAC-M3

10.10 1• 28 MAC

Hinh 2.10: Luting goi tin khi s& dung DSR

DSR rat hftu ich cho nhftng img dung ton bang thong nhu FTP, phtrcmg tien truy'en thong, Ida ma kich thuac cac ged tin tra led la rat Ian so yen kich thuac cac gai tin you cau. thuat nay cung duqc img dung cho nhftng &iao thirc dei h6i phirc tap khi thuc hien NAT hay khong duqc bp djnh tuyen h8 trq. Chang han nhftng giao thirc phucmg , tien truyen thong nhu trong phan NAT nang cao (Enhanced NAT) da de cpp, thi ta co the dung DSR thay vi NAT. Chang ta ding nen can nhAc sa dung DSR khi trien khai tren mo hinh mang, khi ma hru luting tra 1oi tir may chit kh6ng dam Ho IA se di dung dich.

31

DO Van Thinh - A13439 Chuang 3: Thu* toan can bing tai (cid:9)

CHIYONG 3: THWiT TOAN CAN BANG TAI

3.1. Nie dung kluii quit

Be can bang tai sir dung thuot toan I9c phan tan hoan toan de anh xa cac may khach den cac may chit trong nh6m. Thuat toan nay cho phip cac may chit trong nh6m din ra cac quyet djnh can bang it met each dec lap va nhanh chong cho ,timg gei den. NO duqc toi tru hoi de cung cap kha nail can bang tai mOt each thong ke doi yeti met soItrqng 16n cac yeu eau nho do vo so may khach tao ra. Neu so may khach hoc cac ket not may khfich tao ra cac tai qua chenh tech nhau tren may chit, thuat toan can bang it se it hieu quit. Tuy ninon, unit don gian va toe dO cua thuet thin cho phdp cung cap hieu nang rat cao bao gom ca thong luqng cao va thei gian dip Ong ngiin trong met dai rOng cac img dung may khich / may chit thong clang.

Be can biing tai xi: ly cac you cau ctia may khach bang cach din dui:mg cho met if le phan tram da ch9n nhOng yeu cau men cho timg may chit trong nh6m. Thuat toan !thong dap img nhftng thay doi ye tai tren mtii may chit (chling han nhtr tai CPU hay van de sir clang be nh6). Tuy nhien, qua trinh anh xa se duce thay d6i Ida quan he thanh vien trong nh6m thay d6i vi ti le phial tram tai phan b6 se duqc tai can bang.

Khi xem xdt met g6i den, tat ca cac may chit thvc hien clang thai viec anh thiing ke de xac djnh nhanh cheng may chit nio se xi) ly poi do. Qua trinh anh xa sir dung mOt ham ngau nhien de tinh mirc tru tien dm may chit dva tren dja chi IP NIA cling den caa may khkh cimg cac thong tin trans thai khac de .t6i tru hoa viec can bing di. May chit tuong img se chuyen gal d6 tir the tang clued len tang TCP/IP con cac may chit khac se loai be goi nay. Qua trinh anh xa kh6ng thay d8i trir phi quan he gifra cac may chit trong nhOm thay doi, de dam bao rang dia chi IP vi cOng den cna may khach cho trutc se luon duqc anti xa den cang met may chi) trong nhom. Tuy nhien, may chit cu the trong thorn ma dja chi IP va cOng den dm may khich anh xa ten khong the duqc xac djnh tram do ham ngau thanh vien trong nh6m hien tai vi qua khir de toi thieu hoa kha nhien c6 tinh den quan nang anh xa lai.

Nhin chung, chat Itrqng can .bing duqc xac dinh met each thong ke bed s6 luqng may khach tat) ra you cau. Nhu ket cau tang giarn ve so lucong may khach theo thong ke, sv deu don ye chat luqng cita thuat toan can bang tai se thay d6i nhe. De host di-ging can bang it co do chinh xac cao tren mil host trong nhom, met phan tai nguyen he th6ng se duqc sir dung de do va phan Ung Mr& nheng thay doi ciut dd. Str tra gia ye hieu rang nay phai duqc can nhac so yeti lqi ich cua viec tot da holt khil rang sir dung cac it nguyen trong nhOm (ve ca ban li CPU va bit) Trong bit dr twang hqp nao, viec sir dung hqp ly cac ngu6n tai nguyen may chit phai duqc duy tri de co the phvc vv cho cac tai may khach khk trong traimg hqp xay ra 16i.

32

DI" Van Thjnh — A13439

Chuang 3: Thuat toga' can bang tai (cid:9)

Khi mOt may chit meri tham gia vao nh6m, n6 se kith hoat qua trinh hOi tu va mot quan hg thanh vien mai trong nhOm se duqc tinh town. Khi qua trinh hOi to holn thanh, mOt phin tai thieu may khkh see duqc anh xa tai host mai. BO can bang tai do cac ket not TCP tren mai host vi sau khi ket not TCP hiEn tai cua chfing holm thank, ket not tiep theo tir cac may khkh bj inh huong se duqc xir 15r btri host mai. Do d6, cac . host nen duqc bo suns vio nh6m nhftn thtri diem tai tang qui manh nham ten thieu hod hiEn turyng ngat quang cac phien. De trinh van de nay, trong thai phien phai duqc , quan bei 1mg dung may chit sao cho n6 co the duqc ten du true hay duce tra lai tir bat Icy mOt may chit nio trong nhom. Vi du, trong thai phien co the duce day den may chit ca sec dft lieu va lint trong the cookies dm may khach.

3.2. Gaol thieu mOt so thu#t twin can bAng tai

3.2.1. Thu#t twin Round Robin

Day gqi 11 thuat than Ink chuyen yang, cac may chit se duct xem ngang hang vi sap xep theo mOt yang quay. Cic truy van dich vu se !An luqt duqc giri tai cac may chit theo this tir sap xep.

:

Vi Cau hinh mOt cum Cluster bao wim 03 may chit: A, B, C. You cau djch vu this nhat se duqc giri den may chit A. You cau djch vµ this hat se duqc giri den may chit B. Yeu cau djch vµ this ba se duqc giri den may chit C. You eau djch vitt this to se 1a1 duqc girl cho may chit A....

Nhu \ray b0 can bang tai se phan phai tai va giri you cau Ian WO den timg may chit thyt trong cum may chit. S6 ltrong cac truy van den timg may chit la ngang bang nhau, dieu nay dam bao rang cac may chit deu phai host dOng vii mOt cong suit ttrcmg tu nhu nhau.

3.2.2. Thu#t twin Weighted Round Robin

Ban chit gitmg nhu thuat tom Round Robin, My nhien chung ta co the eau hinh cho mOt hay nhieu may chit nao d6 thutmg xuyen duqc sir dung hen, hay not each khic chting ta co the dieu chinh sao cho cac may chit ea Wing lye xir ly khac nhau. Mai mOt may chit den duct gin mOt tong s6, d6 la mOt gia trj so nguyen cho biet ding suit xis ly. Trqng so mac djnh la 1. Lay vi du, c6 ba may chi A, B va C &Km On tong so tucmg img Ian lusrt la 4, 3, 2. MOt trinh tu lap ke hoach se duqc clurc hien trong mOt chu ky, va cac truy van you cau djch vu se Ian luqt duce giri den timg may chi theo trinh tu nhu sau ABCABCABA. Nhu vay trong qua trinh thuc hiEn, mOt trinh tu da duqc tao ra Wan theo tong so tren mai may chit.

33

DO Van Thjnh — A13439

Chuang 3: Thuat toan can bing tai (cid:9)

Thuat toan Weighted Round Robin khong can phai tinh den cac you cau ket not cho mai ke hoach dong, mot may chi, va chi phi lap ke nnanh la nho hem so veri cac thuat town no cfmg co the c6 nhieu may chi hcrn. Tuy nhien no co the dan den mat can bang tai Ong giaa cac may chi neu cac you cau tai qua Ion. Dieu d6 la co the bon hau het cac yeu cau deu duqc dinh hueng den mot may chi.

Thuat than Round Robin la mot throng hqp dac Wet cua thuat Wan Weigth Round Robin, trong do tat ca cac trong so deu bang nhau. Chi phi cia viec tao ra cac trinh t1r lop Ice hoach khi sirs di); cac twig s6 6 min may chi la khong clang Ict. Ben vay khong nhit thiet chi sir dung thuat toan Round Robin.

3.2.3. Thu@ ban Least Connection Thuat toan Least Connection dua teen tinh toan s6 luqng ket n6i a thirc hien can bang tai cho may chi, no se lir dOng bra chqn may chi veri so lining ket not dang host dOng la nho nhat. Co nghia la n6 se djnh huang cac yeu cau nhan &lux tit mang den cac may chi v6i so luqng cac ket not duqc thiet lap la it nhat. Day la mot trona nhung thuat toan lap ke hoach ,d6ng, ben vi ne can phai tinh toan so cac ket not truc tiep cho men may chit. Khi mot so may chi c6 cing mot hieu suat xir 19 tucmg to nhtr nhau, viec 1#p ke hnach vat thuat toan Least Connection de Oki phoi tai nhieu yeu cau kha la "min" beri vi hau het cac yeu cau se khong ce co hoi de duqc djnh hyena den mot may chit nao khac.

Nhin so qua, thuat toan Least Connection au% co the sir dung hi'eu qua ke ca khi co nhieu may chi co nang lye xir 15, khac nhau, bed vi may chit nhanh hon se c6 nhieu ket not hon. Nhung thuc te, no khong the lam viec that tot nhu vay beri vi trang thai TIME_WAIT cia giao thirc TCP thuemg chi keo dai 2 phin, trona khi 2 phit nay mot may chi may co luu luqng truy cap 16n thu&ng len den hang nein ket nen. Vi da may chi A manh gap d8i may chi B, may chi A dang xir 1S hang ngan yeu cau va Oa china lai o trang thai TIME_WAIT nhung lie nay may chi B cling dang chat vat de XII 1S, cho xong hang ngan nhang ket not cia no. Chinh vi vay, sir dung thuat toan Least Connection khong the can bing tai tot gifta cac may chi co kha 'tang xir 1S , khk nhau.

3.2.4. Thutit bin Weighted Least Connection

Thuat toan Weight Least Connection ban chit gieing thuat toan Least Connection, nhung ching to co the cau hinh uu tien cho mot may chit trong curn may chi host dOng bang cach gan trong so cho mOi may chi. Nhitng may chi co gig tri tong so lem hon se nhan duqc ti le ket not 'Neu hon. Ngu&i quart trj mang co the du hinh phan chia Mpg so cho min may chit vet cac ket not mpg se duqc ten ke hooch den min may chit ma 6 do ti 10 phan tram cia s6 cac ket not hien then 6 men may chi la ti da cho khi thiet 1#p gan tong so.

34

Chuang 4: Thiet ke mang WA be can bing tai (cid:9)

D6 Van Thjnh — A13439

CHVONG 4: THIET Kt MANG VOI BO CAN BANG TAI

Trong chuang nay, chimg ta se tap trung vao viec then khai b0 can bang tai tren he thong mans, can nhic va lua chgn cac this& kE co lien quan. Can xay dung met , thitt ke giai quyet duce tinh sari sang cao, kha nang ma rang, kha nang quan va van de an ninh cho toan b0 he th6ng, dung then co the dam bao ,chiu dugc cac van de phat sinh khac nhau trong timg thanh phan mang khac nhau, bao germ ca can bang tai.

Truerc, khi chimg ta di sau vao mat cau trtic (cid:9) ket mang cu the, chimg ta can bao quat mOt so khai niem ca ban. Bat dau veri cac van de cim b0 can bang tai dugc then khai nhu mOt bo chuyen mach lop 2 hoac mOt b0 dinh tuxen I6p 3, vi die!' nay di y nghia quan tang trong viec thiet ke mang. Sau do chang ta bat dau veri mot so mau thiet ke don gian ma kh8ng giai quyet duqc tinh siin sang cao. Tiep theo chimg ta thao Juan lam the nao di bey can bang tai lam viectheo cap de cung cap tinh sin sang cao, fru& khi chuyen sang de cap Ong rai cacthiet ke c6 tinh sari sang cao va dua ra nhthrtg can nhac lien quan. Chuang nay se co gang cho that' ,str phat trien caa cac nuo hinh mang khac nhau trai ngugc veri viec chi trinh bay mOt thiet ke mo hinh mang cu the.

4.1. BO can bang tai nhw lit mOt bQ chuyen mach so vtri mOt bO dinh tuyen

Cac boat dOng co ban cim mOt b0 chuyEn mach la nhon get tin tren moat cong veto, xac djnh cac giao din dau ra, gui cac g6i tin tren cong ra. Lam the nao dE bo chuy . En mach xac dinh duqc giao din ra cho mOt gel tin can phy thuOc vao tong loai chuyEn doi.

Ethernet lap 2 chuyen d6i sir dung dia chi MAC c6 sin trong lop lien ket da lieu coa met g6i tin (16p 2 trong m8 hinh OSI) de xac dinh cac cong giao din dau ra cho mOt g6i tin. MOt b0 chuyen mach 16p 3, ding dugc biet den nhu mOt bo djnh tuyen, sir dung thong tin lop mang (16p 3 dugc the hi'en trong mo hinh OSI) de xac dinh cac cong giao din dau ra dm met g6i tin. Khi sir dung giao thirc intemet, bo chuyen mach 16p 3 sir dung thong tin dia chi IP trong g6i tin de xac dinh cac giao din dau ra cac gal tin.

May lchach va may chit thubng dugc ggi nhu la cac host, tra den b0 dinh tuyen qua mOt default gateway c6 dirt chi IP duce cung cep bed ngueri quart tri mang. Khi Wit host can phai girt mOt g6i tin den mOt, dia chi IP ma kh8ng c6 trong cling mot dja chi mang con cim ne, host se giri cac g6i tin den default gateway cim ne, default gateway dm be) dinh tuyen se sir dung melt giao thirc dinh tuyen d'E' xac dinh nai girl g6i da lieu du tren cac thong tin dia chi IP.

BO can bang tai hoat dOng o lop 4 hoac cao hcrn phu thuOc vim cac tinh nang ma chin ta sir dung, Nhu da de cap, khi be) can bang tai nhan dugc mOt gel tin, g6i tin co dja chi VIP nhu la dja IP va dia chi MAC dm can bang tai la dia chi MAC dich. BO can bang tai se

35

DO Van Thinh — A13439

Chuang 4: Thiel k'e mang veri b0 can bimg tai (cid:9)

xem xet thong tin tai lop 4 vi b ben trong g6i tin de xac dinh loai chirc nang can bang tai can [him hien. Bang each sir dung the thong tin trong cac g6i di lieu cling veri viec kiem tra tinh trang sire kh6e may chit va dieu kien tai may chit, b0 Gang bang , tai se xic dinh may dich cho you cAu. BO can . bang tai sfra &di cac throng can thiet trong goi tin, chang han ram dja chi IP dich va so ding TCP hoAc UDP. MOt khi &Ai tin da duqc sin ded, b0 can bang tai ,an phai xic dinh giao din dAu ra vi chuyen tiep gel tin. BO can bing tai co the chuyen tiep cac goi tin neu n6 la mOt Ns) chuyen mach holm mOt bo dinh tuyen tny thuOc vio no duqc cau hinh nhu the nao.

Hinh 4.1 cho thay luu luqng goi tin va dia chi IP qua b0 can bang ma kitting thqc hien dinh tuyen lop 3. Default gateway cho the may chi' va b0 can bing tai da dutyc thiet l'Ap den b0 dinh tuyen tren. Cac may chu trong cling mot mang con, va do do c6 the giao tiep veri nhau thong qua viec can bang tai ma Ichong an phii lien quan den cac b0 dinh tuyen. Dieu quan frog la phai chu y IuOng cac gel tin to Rn lai cho may khich tir may chil dia chi MAC dich den Ml, dia chi MAC dm bij dinh tuyen. Tuy nhien ac may ch8 ce dia chi IP public n6i chung thutmg kh8ng dirge mong muon bed vi chting ta khong the brio ton doge kW:Mg gian dirt chi. Vies sir dung IP public tren cac may chi thirc se kitting the ngan chan mOt ngutri nio d6 muon truy cop tut tiep vao cac may chit, trir khi co cac chinh sach kiem soat truy cAp thich hqp dirge thuc thi tren bo can bang tai hoAc tren b0 dinh tuyen. Chung ta cling co the sir dung dirt chi IP private cho the may chit, nhung bAy gitr echang ta se co hai mang con khac nhau ket not ten cling mOt interface cia b0 dinh tuyen. BO can bang tai veri dia chi VIP public la mOt mang con vi the may chi WA dia chi IP private li cac mang con ;chic nhau. Ching ta can phai xac dinh hai dja chi IP tren b0 dinh tuyen ket not veri can bang tai: mOt Ii dirt chi IP trong mane con cia dia chi VIP va cac dia chi khac trong mang con dm the may chi. MOt s6 sin pham can bing tai c6 the cung cap cac tinh Ming nham tranh sir can thiet khi xac dinh dia chi W tren interface cia b0 dinh tuyen.

Cliental, 166.1.1.100

Source IP

Oset IP

Soures Dee MAC

142

0

M4

644

141.149.65.1 MAC-MI

MI MI

1 106.1.1.100 141 .149.66.3 ml 11411 2 110.1.1.100 141.14985.11 9 141 14966.11166 1 1 100 4 141.i49.65.3i96.1.1 100

614

VIP 141.146.66 MAC-642

Dealt gamey for servers is at b Me IP address on Ire totem ewers — 141 .140.65.1

RS2 141.140.65.11 MAC-164

RS1 141.14965.10 MAC-M3

36

Hinh 4.1: Bo can bang tai khong Mm nhiem vu clinh tuyin

DO Van Thinh - A13439 Chuang 4: Thiet ke mang veibt) can bang tai (cid:9)

Hinh 4.2 cho they luting g6i tin vi dja chi IP veri cAu hinh hrcmg to nhu trong hinh 4.1, nhung cac default gateway cho cac may chit duct thiet 1{ip den dja chi IP ten be can bang tai. BO can bang tai hoat dOng nhu met be dinh tuyen chuyen tiep cac g6i tin met cach thich hop. pia chi IP default gateway duqc thiet 1.#p 1# 10.10.10.1. nhu duqc djnh nghia b be can bang tai ket not den cac may chit. Bari vi default tren cac cong giao dien (cid:9) gateway tren dm may chit duqc thiet 1(ip den dia chi IP tren be can bang tai, cac g6i tin tra len dm may chit se c6 dja chi MAC dich M2 ctia be can bang tai nhu trong hinh 4.2

own- Isti.1.1oo

Sousa P (cid:9)

Dest P Son

es.1

0

OM MAC 142 M4

14114966.1 MAC• MI

M4 M2

V2 MI

MAC t 100.1.1.100 141.149053 MI 0/12 2 106.1.1.100 10.10.10.20 3 10.101020 11111.1.1.100 190.1.1.100 4 141.149. (cid:9)

VIP R 141.149.663 MAC 1442 CIMetway IP-10.10.10

0

WW1 often for movers Is eel lots load bolsocers P address- 10.10 10.1.

(cid:9) (cid:9) (cid:9)

RS2 10,10 1020 MAC 4.14

RS1 10,10.10 10 MAC-M3

Hinh 4.2: Bo can bang tai hoot (long nhu bo djnh tuyin

Chat nang dinh tuyen hoac chuyen mach thuc sir rieng biet so veri town be cac chin nang dm be can bing tai. CA djnh tuyen vi chuyen mach deu xac djnh hop tiep theo vi giao dien dau ra dua ten dia chi IP vi dja chi MAC. Neu cac may chit thin vi be can bang tai cling mang con hoc mien quang ba, be can bang tai c6 the thuc hien chuyen mach lerp 2 de giri cac g6i tin den cac may chit thuc, !feu be can biing tai yi cac may chit thut kh8ng nam trong cling mien quartg ba , cac gal tin sau d6 duce chuyen tiep den may chit thuc se biphu thuec vio be can bang tai ceo chirc nang cue b0 chuyen mach dm 16p 2 hay 16p 3. Neu be can bang tai nhu met be chuyen mach 16p 2, be can bang . tai se giri g6i tin den default gateway dm na vi g6i tin se duqc giri den may chit thuc. Neu be can bang tai nhu la met be chuyen mach lerp 3, net se cac djnh hop tiep theo dua tren bang djnh tuyen. Ngoai ra neu be can bang tai hoat dOng nhu met be dinh tuyen 16p 3, se c6 met lqi ich rat quan tong, cac may chit c6 the 1r6 den be can bang tai nhu la met default gateway cue n6. Dieu nay dam bao rang cac luring g6i tin tra Ibi tir may chit se phai thong qua be can bang tai.

37

DI) Van Thinh — A13439

Chuang 4: Thiet ke mang yeti be can bang tai (cid:9)

Trong phan con 13i cua chuang nay, chi mg ta se xem xet cac tin& ke trong do be can bang tai duqc sir dang nhu met be djnh tuyen, default gateway cho cac may chit co the duqc thiet 18p den ilia chi IP dm be can bang tai.

4.2. Cie thiet ke Han gain

Bay gia chimg se de cop ve met s6 thiet Ice mpg don gian cho viec trien khai , m0t can bang tai ma khong giii quyet dtrqc tinh san sang cao. Sau d6 chting ta se phat trien nhftng thiet ke co ban de giai quyet san sang cao.

bang

nhu trong hinh 4.1 va 4,2, trong do cac may chtl &Km ket not mit tiep Thiel ke don den 130 can bang tai. Cac may chit thutmg duqc ket not den.b0 can bang tai bang cach sir clang cac ket 100-Mbps va b0 can bang tai duqc ket not yeti the be djnh tuyen bang each sir clang lien ket 100-Mbps hok lien ket gigabit. Chimg ta ding co the ket not tat ca cac may chit can bring tai yeti cac ket gigabit, va sir clang hai hoc nhieu lien ke't gigabit router. Thiet ke nay giffri hart s6 lucing may chit WA so luqng cong c6 san tren b0 can bang tai. Mot dO cong tren men san pham can bang tai 11 khk nhau, mot do cong va gia cho mot citing tren b0 can bang tai ding c6 the kh8ng eon nhu ctia N chuyen mach 16p 2 hay lop 3. VI vay, Ihieu khach hang trien khai mot be chuyen mach 16p 2 de ket not cac may chit, va be chuyen mach lap 2 Mn ltrqt ket not den be can bang tai thong qua lien ket 100-Mbps hok gigabit, nhu the hien trong hinh 4.3

Client-188.1.1.100

I C I (cid:9)

141.149.65.1 MAC=141

Load Balancer

MAC M2 Gateway IP-10.10.10.1

I VIP•.141.149.65.3

12 Swat*

(cid:9) (cid:9)

10 10.1020 MAC M4

10.10.10.10 MAC ••143

Hinh 4.3: Cac miry cirri drew kit nil thong qua bo chuyin mach lop 2

38

Chuang 4: Thiet ke man ved Kt can bang tai (cid:9) DO Van Thinh - A13439

Trong thiet Ice dugc hien thj o hinh 4.3, tit ca cac luu lugng den cac may chi chat' theo luong thong qua 130 can bang tai. Nhieu may chi khac nhau deu dugc ket not den b0 chuyen mach lop 2 tilt nhUng may cha nay clang chay nhang fmg dung khong nhat thiet phai thong qua b0 can bang tai. Trong thiet ke nay, cac luu lugng truy cop den cac may chit deu th8ng qua No can bang tai. Tay thuOc Nth° cac sin pham can bang tai, kien trim cia no va hieu suit, cluing ta c6 the gap phai mOt so nut c6 chai o trong thiet ke nay. Neu citing ta mon tranh viec grid luu lugng khong can thiet thong qua 130 can bang tai, cluing ta co the di den thiet ice mOt canh tay nhu trong hinh 4.4. Thiet ke nay thuang duce sir dung trong thuc to di c6 hieu suit cao hcm, hoc de tranh djch dia chi mang cho mOt s6 loci ing dung 'that djnh. Trong thiet ke mot atilt tay, b0 can bang tai dugc ket not nhu mot canh tay dEn b48 chuyen mach Idp 2. Tat ca cac may chi vOi cac ing dung dugc cau hinh cho can bang tai dugc gin dia chi IP private. Tat ca cac may chit nhung may khong can can bang tai dugc gan dja chi IP public v6i default gateway trO den dja chi 141.149.65.1 dm b0 djnh tuyen. Chi c6 luu lugng truy cop girt den dja chi VIP mai qua b0 can bang tai.

Client • 1114.1.1.100

141.14945.1 MAC-MI

traffic addresord to VIP

frank addressed to oral miners 141.149.65.10 through 141.149.65.12

Vfl ,, 141.14!.653 MAC 1,412 Gnaws 1Pat 10 10.10.1 r

Applicators nor configured for load balancing 141.14945.10 through 141.14945.12

10.10.10.10 it o.1020 MAC -M3 MAC- M4

RS I (cid:9)

RS2

Hinh 4.4: Thiet ice mgng m 'en tay

4.3. Thiet ke cho tinh sin sang cao

NEu mOt may chi hong, hi) can bang tai co the phat hien thong qua cac cuSic kiem tra firth trans sic khoe va djnh htreng luu lugng den cac may chi thay the. Nhung (lieu gi se xay ra neu 130 can bang tai bj 10i? Trong phin nay thing ta se xem zit va lua chQn mo hinh thiet ke dam bito dugc tinh sin sing cao, chju dung dugc cac su co khac nhau bao gom ca can bang tai.

39

DO Van Thinh — A13439

Chuang 4: Thiet ke mang vtri b0 can bang tai (cid:9)

BO can bins tai c6 the lam viec thanh cap theo hai cach khac nhau: the dO active-standby hoac lit che dO active-active. Trong the di) , active-standby, mot can bang di . se char dv phong trong khi cac chtic nang caa b0 can bang tai Ida se hoat dOng. Trong che dO active- active, ca hai b0 can bang tai deu thvc hien nhiem AI can bang tai va hoat Ong sao luu cho nhau. Vic sir dung cling lac hai b0 can bang tai 6 ding mot vi tri de cung cap !chit nang chju 161, trash str co khong phai la mot khai niEm men trong khong gian mang, van de nay da dugc then khai nhieu tren nhieu thiet bj mang !chic cha ha ► nhu tren bq djnh tuyen.

4.3.1. Active - Standby

Cau hinh active-standby lien quan den hai b0 can bang tai lam viec o the dO mot dv phong va mot hoat Ong, nhu trong hinh 4.5

141.149011 sun I

Dedlease4J brat for loot

I (cid:9)

MK .411

„

774 ,,,-*"i balawer conflation

(cid:9)

Swab, us VIP- 141.14145.10

tad (cid:9)

ad-7 I (cid:9)

Balsam 2 MAC- YS

Gateway IP = 10 10 10 I

Active WI VIP- 111.14110 10 MAC -.1111 Gateway W 1010101

103010 N 10111 1020 10.10.10-30 10.10.1040 MAC-MS MAC .M7 MACs1011 MAC • le

RS3 (cid:9)

RS4

RSI (cid:9)

RS2 (cid:9)

Hinh 4.5: Hoot &Ong czia chi do Active-Stanby

40

D6i vtri vi du nay, Chang ta thiet thiet ke mot b0 dinh tuyen 6 phia mite cac b0 can bang tai va mot b0 chuyen mach 16p 2 6 phia sau de ket not tat ca cac may cha. BO dinh tuyen vi b0 chuyen mach co the coi nhu la nhemg diem duy that tren thiet ke c6 the gap phii cac sv co ma khong co phucmg an dv phong, chung ta se gild quyet van de nay sau. Bay gib, chung ta se tap trung vao ‘ liun the the nao clam nang active-standby hog dong trong cac b0 can bang di. BO can bang tai dtr phong se khong dap ling bat Ick yeu eau girl den no va se khong xir ly bat Ick Itru Itrung truy cap nao. Trong khi do b0 can bang tai dang 6 the dO hoat dOng ser hall VIP se quang bit vi dip 1mg cac yeu cau truy van ARP. Citc truy van ARP dugc sir dung de lien ket cac dia chi IP vtri dia chi MAC. Bang cac tra ltri cac

DO Van Thinh — A13439 Chuang 4: Thiet ke mang yeti 60 can bang tai (cid:9)

truy van ARP va quang bra chinh n6 voi cac ARP khac, b0 djnh tuyen va cac may chit se nhan ra dja chi VIP va lien ket dja chi MAC dia be can bang tai dang hog dOng tree giao dien mang de ket not den. Dieu quan tong lit ix) can Wing tai co mot dia chi IP wan 19 khac veri dja chi VIP. Dia chi IP guan ly et bet can bang tai thuang duce sir dung cho viec cau hinh va quan ly b9 can bang tai. Neu chting ta can truy cap den biti can bang di sir dung Telnet, chimg ta can sir dung dia chi IP quart 15/ nay. Mac di" be can bang tai do phong khong so but dja chi VIP, nhung n6 van dip img ARP cho dia chi IP quan 1Y de chting ta co the cau hinh va quart 19 cac don vi do phong.

BO can bang tai hoat dOng vi do phong duqc ket not yeti nhau thong qua mot lien ket rieng vi viec kiem tra fifth trong sirc kh6e cite mot thiet bi duqc th8ng qua mot giao thirc ket rieng nay cho dac biet gifta chimg. Nei chung cac ,b0 can Wing tai throng sir dung (cid:9) khee va tranh bat Icji so chuyen tiep du lieu tren lien ket nay. Trong viec kiem tra (cid:9) ket nay, vi b0 can bang tai trueing hop active-standby, cac agei de lieu IA chan tren (cid:9) hog dOng che de ch6 charbat cir yang lap 616p 2 chuy'en tiep den. Neu lien ket rieng gift hai b0 can bAng, tai bi cac 130 can bang tai phai c6 gAng sir dung mot duerng din thay the sin c6 kiem tra tinh tang six kit& ciut nhau. Trong hinh 4.5, cac bo can bang tai do the sir dung dutmg din ,theing qua be djnh tuyen hoc thong qua b0 chuyen mach 16p 2 de tiep can nhau. MOt so sin pham can bAng tai c6 the cho phep hai hay nhieu lien ket dugc cau hinh nhu met Whom trunk sir dung nhu mot lien ket rieng. Cac nhem trunk nay bao ve thong lei bat Icy *a so co nio bang each sir dog mot lien kif khic , trong nhom khi mot lien ket rieng 16 gap phai van de. Nguti ta co the tranh cal c6 can thiet phai sir dung met lien ket rieng gifta hai b0 can bang tai khi ma dA co cic lien ket thong qua b0 djnh tuyen hoc b0 chuyen mach 16p 2 nhu trong hinh 4.5. Nhtmg khi gap phai van de tat nghen tren cac lien ket d6, gel tin chuyen flap gifts hai be can bang tai co the se kitting den duqc dich. MOt lien ket (lath rieng gifta hai b0 can bang tai cung cap so lien giao tiep danh tin cay hon vi cho phep phit hien *it cich nhanh chang neu c6 so co xay ra.

Neu NI can bang tai duqc thiet lop 6 the do hog dOng gap phai so c6, be can bang tai dang che dO ch6 do phong se phit hien va ngay lap thay the. Nhieu sin pharn can bang tai co the phat hien ra so co trong khoing thbi gian chua den 2 giay vi hoat dOng ngay lap tire. Trong qua trinh tiep quin, bo can Wing tai do pheng quang ba ARP vi noi rang no dang sec hitt' dja chi VIP va dja chi MAC lien quan. Dieu nay se gulp cho bo dinh tuyen vi bo chuyen mach lop 2 ngay lop tirc nhan ra duqc edia chi VIP vi dia chi MAC lien quan bay gib dang nArn tren mot cOng interface khk ket not den Kt can Wing tai do phOng. Cac may chit se khong nhan thiy ‘ dieu gi khic biet, chimg dang duqc ket not vori bo chuyen mach 16p 2 de teli bO can bAng tai.

Neu NI can bang tai hoat dOng nhu mot 130 dinh tuyen, cac may chit to den dia chi IP gateway lucre djnh nghia tren bij .can bang tai nhumOt default gateway. Khi may chit do phong tiep quan, no ding phii tiep quin dia chi IP gateway de dam bio cic may chit di the truy cap t6i dia chi IP default gateway. Neu be can bang tai hog dOng nhu mot be chuyen mach 16p 2, khong phai nhu met bo dinh tuyen, cic may chti tro se to den 130 djnh tuyen lam default gateway.

41

DO Van Thinh — A13439 Chuang 4: Thiel ke mang v6i be can bang tai (cid:9)

CA'u hinh tren b0 can bang tai hog dOng vi du phong phai duqc chinh xfic nhu nhau, ngoai trir viec quin 19 dia chi IP vi cac thong so du hinh cha han nhu lacOng duqc ket not tai )0 can bang tai du phong. Mot so san pham can bang tai cung cap kha Jiang to dOng tong b0 hea v6i bit kj/ thay dOi du lath nao tit the 40 active-standby. Dieu nay gulp darn bao rang dja chi VIP vi cac may chit hog dOng phi) hqp gifta b0 can bang tai dang hoat dOng va b0 can bang tai du ph6ng.

Khi b0 can bang tai du phong tiep quan, no phii co cac kien thin day du ve dieu kien sirc Ithoe cac may chit de nhanh cheng thut hien phan pluSi tai, tuy nhien ,n6 se khong ,c6 bat Ick thong tin nao ye cac phien hien tai. Dieu nay se pha v6 cac ket not hien c6. De trail' truang hqp nay, b0 can bang tai phai thud hien giai ikon chuyen d8i du phong.

CO nhieu sit co khac nhau , dim den vied be can bang tai du phong phai tiep Tian, cha han nhu ket gift b0 can bang tai hog dong vi b0 djnh tuyen gap phai van de, bo can bang tai se khong the cung cap dich vu den cac may chit va do do b0 can bang Lai du phong duqc thay the. Tuong to nhu vay, neu b0 can bang tai dang hoot dOng mat ket not tai bo chuyen mach lop 2, b0 can bang tai du phong se duqc thay the.

136i vi cac may chit duqc ket not thong qua mOt b0 chuyen mach 16p 2, lin Itro het not tai WO can bang tai hoot C16'ng hoac du phong, cac may chit c6 the dtrqc truy cap thong qua cac 1)0 can bang tai nay. Chung ta da giai quy'e't duqc van de san sing cao cho can bang tai, nhung chimg ta van co met diem yeu duy that can den sit co, do la khi b0 dinh tuyen hoac b0 chuyen mach gap phai van de. Chting ta se leu len phuong phip khic phut trong phan sau cua chtrcmg, nhung tram tien chin% ta se de cap den the do active-active.

4.3.2. Active - Active

vat (cid:9) sang cao (cid:9)

Chung ta da dot ,dtrqc tinh (cid:9) hinh active-standby, thy nhien khi chua xay ra c8 trong he thong mang, 1)0 can bang .tai du phong hoat dOng kha than rot. Trong che dO cAu hinh active-active, ca hai b0 can bang tai ding lam vied tong thoi vi co the sao ltru cho lan nhau. Dieu nay cho phep chimg ta co lieu slat can bang tai cao han bait vi ca hai bo can bang di dieu lam vied cuing mOt Itic. Neu mOt trong hai b0 can bang tai gap phai sr c6, b0 can bang tai Ida se thud hien Ilion nhiem vu cua ca b0 can bang tai dang gap sit co.

CO hai each flip can trong the do active-active. Cach tiep can thu nhat lien quan den vied sir clung nhieu (ha chi VIP. Vi du trong hinh 4.6 chi re 2 dia chi VIP li VIP1 va VIP2. Dja chi VIP1 hog dOng trong khi dia chi VIP2 trong the dO chi& tren Ix) can bing tai 1, hoac dia chi VIP2 hoot Ong trong khi dia chi VIP1 clang tong the dO ch6 tren be, can bling tai 2. Neu b0 can bang tai 1 gap phiti sit c8, b0 can bang tai 2 se tiep quan dja chi VIP1, cling giong nhu trong kich ban hoot Ong the dO active-standby. Neu be can bang tai 2 gap phai sit c8, b0 can bang tai 1 se tiep tan dja chi VIP2 va cac dich vu cua ca hai dia chi VIP. Bfiy gi6 clung ta phai tim cach de cac you cau dm may khach duqc phan b8 gina hai

42

DO. Van Thinh — A13439

Chucmg 4: Thiet ke mang v6i by can bang tai (cid:9)

dja chi VIP va th6ng qua 2 b0 can bang tai. Chung ta can sir dung DNS a phan giii dja ten mien thanh dja chi IP va thkrc hien luan chuyen Wong (round-robin) gift dja chi VIP1 va dja chi VIP2 de c6 the than luting truy cap den ca 2 dja chi VIP. Cach tiep can thir hai la sir dung cac img dung khic nhau vOi mai dja chi VIP. Vi du chimg ta c6 the sir dung dja chi VIP1 cho cac may chti HTTP vi dia chi VIP2 cho cac may chu FTP de chia tai gitta cac b0 can bang tai.

141 1006.1 MAC

Dodicard Nit for load Sawn rommaraion

Aught CM Ville 141 1 WU 20 MAC •43 Gaterfay1112:- 10111102

Active US V1P1 • 141 10 .461 MAC• MI Cana) 1P1-10.1010.1

Dgdicamd WM for Naar lorvading

10 10 IS 10 10 111111 20 10 0 100 10 10 10 40 MAC-MS MAC-Mr MAC -MS MAC-MP

KM (cid:9)

163 (cid:9)

RS4

RS2 (cid:9)

Binh 4.6: Hogt &Ong ctia chi do Active-Active

Bay gits, chimg ta se de cop din truang bp tong d6 moi dia chi VIP phut vu tat ca cac img dung va chimg ta sir dung !win chuyen yang DNS de phan ph8i giva hai dja chi VIP. Chimg ta rang bu(ic mOi dja chi VIP den mOt trong cac may ch6 thvc, va mai bij can bang tai ce mOt dia chi IP khac nhau, vi mcii may chti chi c6 the dutp cau hinh von mOt dja chi default gateway. Neu thing ta thiet lap default gateway cho tat ca the may chi' den IP1, thi sau de tat ca the luu lacing tra 16i se quay trey 1 i N can bang tai 1, di' cho ,bat ke b0 can bang tai nio da xir 1y luu luting yeu cau trudfc do. Bay gi6 chimg ,ta phai do" ph6 vesi Wong luu Itrqng killing doi ximg ding giong nhu truemg phai thiet ke mo Milkman mOt canh toy : Chimg ta phai sir dung NAT nguen de buOc cac g6i tin tra 161 quay veching ved b0 can bang tai chinh xac hoac sir dung DSR cho phep cac luong luu ltrqng bat dOi ximg. tvlOt cach de tranh tinh yang nay . la rang buOc dia chi VIP khac nhau. Lien ket VIP1 den RS1 vi RS2, lien ket VIP2 den RS3 vi RS4 . Thiet lap default gateway RS1 vi RS2 den IP1, va cho RS3 RS4 den IP2. Ming ta da plan chia phan chia cac may chi) thanh hai ithem yeti m p6i nhom dirge quan 1S, boi mpt b0 can bang tai. Tat ca cac luu luting tra 16i tir moi may chi) se thong qua dung b0 can bang tai, tranh viEc sir dung NAT nguon hoac DSR. Neu b() can bang thi 1 gap six co, by can bang tai 2 se tiep quail djch vu tha dia chi 'VIP1 nlur la IP1.

43

D6 Van Thinh — A13439

Chtrcmg 4: Thiet ke mang voi 130 can bang tai (cid:9)

MOt each tiep can khac de cau hinh the dg active-active la cane nhau chia se dia chi VIP gitta hai b0 can bang tai. Trong twang hqp nay, ca hai b0 can bang tai deu c6 sir phtic vu cis dia chi VIP, nhtmg tai bat kS , Mai diem nao chi co mOt b0 can bang tai ser hau dja chi VIP. Chi co be, can bang tai sof hftu dia chi VIP mai dap ling cac troy van ARP. Trong thiet ke duct the hien trong hinh 4.6, tat ca cac pi tin you cau cho dja chi VIP I se di den 130 can bang tai 1 bei vi 130 can bang tai I la thiet bi duy nhat dap ang lai ARP cho VIPI. Tuong to nhu vay, tat ca cac gel tin you cau cho dja chi VIP2 se di den 130 can bang tai 2. Nhung neu ca hai 130 can bang tai ch the phtic v4t cac &Si tin cho mOt trong hai dja chi VIP, thing ta c6 the thiet lap cac ding mac djnh cho default gateway cho mOt nira so may chit den b0 can bang tai 1 va mOt nira con lai den b0 can bang tai 2. Dieu nay cho phep luu ltrqng dap zing duqc phin phOi thong qua ca hai b0 can bang tai.

De phtic ch dirge stir phyc Al tits ca hai dja chi VIP, m6i b0 can bang tai phai than thirc (lucre tat ca cac phien lam viec. Do d6, cac No can bang tai phai, dong b0 thong tin ve phien mOt each lien Mc de dam &to cho qua trinh can bang tai nhat quan va ben bi trong moi phien. Tucmg,tu nhtr vay, cac goi tin tra 16i may c6 the den va di thong qua mOt trong hai 130 can bang tai trir khi cac may chit duqc gin true tiep den bp can bang tai. Viec sir dung cling dja chi VIP th8ng qua ca hai b0 can bang tai co mOt s8 lqi the. Nhu da de cap 6 tren, thing ta kh8ng phai lo hang rang lam tke nao de cac get tin tra leri tra lai trong cau hinh active-active, beri vay chimg ta Ic.h6ng can lo ling ve viec phai sir dung NAT nguOn hay DSR. Chia se cling mOt dja chi VIP thing qua hai b0 can bang tai hog dOng co the gap phai mOt so Ich6 khan khi qua With thuc hien bj tri hoan. IChi mai g6i tin yeu cau chinh sirs lai s6 thir fib 130 can bang tai phai doing 130 cho moi gei tin. Trong khi halt het cac b0 can bang tai deu he trq cau hinh active-active cho nhieu dja chi VIP khac nhau, chi co mOt so la M trq this se hog dOng cos dja chi VIP gift hai bo can bang tai. Do do, chi:mg ta se sir dung thiet ke mang v6i nhieu dja chi VIP khk nhau cho phan con lai cua chuung nay.

Thy thuOc vao cau hinh sir dung, thing ta co the can mot lien ket chuyen tiep dit lieu gifta be, can bang tai 1 va b0 can bang tai 2 trong cau hinh active-active. Hinh 4.6 the hien hai lien ket gitta hai b0 can bang tai, mot danh rieng cho viec lciem tra tinh tang sic khoe, va mOt danh cho viec chuyen tiep dCt lieu. Mk da cau tric lien ket mans cg the sir dung trong hinh 4.6 !thong can dieu nay, tuy vay se ce mOt, so mau thiet ke sap duqc de cap se can phai co. Vi dtt, trong thiet ke hinh 4.6, b0 can bang tai 1 co the sir dung lien ket dft lieu den b0 can bang di 2 va coi b0 can bang tai 2 la mOt 130 chuyen mach neu lien ket bo can bang tai 1 va b0 chuyen mach 16p 2 gap phai van de. Ching ta ce mOt trong hat b0 can bang tai chuyen dot sang du pheng, 130 can bang tai 1 ding yen dja chi VIP I se tiep the phuc At thong qua 130 chuyen mach bay gib la 130 can bang tai 2. Cach tiep can nay c6 the cho thing ta mOt hieu suit tot hcrn chit.

Trong thiet ke active-active, co nhieu !chi Wing bj dinh cac wing lap lap 2 nhu dirge the hien trong hinh 4.7. Vi du, c6 mot Wing lap gifta cac 130 dinh tuyen va hai can bang tai. Con co mOt vong lap khac gitta hai b0 can bang tai va b0 chuyen mach 16p 2. Chang ta c6 the tranh cac yang lap 616p 2 bang each sir dung cac mang con khic nhau hok VLAN

44

DO Van Thinh - A13439 Chuang 4: Thiet k'e mpg vOi b0 can bang tai (cid:9)

cho mot may chil. Neu chitin ta kitting the tranh yang lip 6 lap 2, citing ta buoc phai chay STP, chQn lQc cac kit& lien ket de ngan chin cac Wing lap.

Load Balancer 2

Load Balancer I

L2

Hinh 4.7: Vong ldp lop 2 trong cdu hinh active-active

4.3.3. Chuyea 061 dv phong có trim thii

Twang hqp b0 can bang tai dg phong tiep (wan nhiem vo khi c6 str co yeti b0 can bang tai hoot dOng, cac ket not TCP hien cit dang duqc thvc hien bai bi) can bang tai hoot dOng se bi pha ver ben vi b0 can bang tai dtr phong khong c6 thong tin trang thai cacket n ot TCP trong qua trinh giri va nhon ltru Itryng gOi tin vei b0 can bang tai hoat dOng. Dieu nay duqc gni la chuyen doi dv phong phi trang thai. Ngusic lai, chuyen doi dtr phong 0 Wang thai la phuong phap, de bt) can bang tai dv phimg tiep quan tir b .() can bang tai hoat dOng ma khong phi vet bit ky ket not TCP nao hien c6. Day khong phai 11 van de danh cho Itru luqng UDP, beti ban chat 1th not UDP la phi trang thai. Tuy nhien, cac phien UDP c6 the pha ver ket not va tit thanh chuyen dot dv phong phi Wang thai, nEu cac img dung doi, had v6i bat loai phien viec nao.Wri chuyen doi dtr phong co trang thai, b0 can bang tai dv phong phai duy tri ben vtIng cac phien bang cach gfri tat ca cac you tau tir mOt ngtr6i dung nhat dinh den cling mOt may chit don vi dang hoat dOng.

Chuyen dot di; phong 0 Wang thai yeu cau hai b0 can bang tai giao tiep yeti nhau bit cir luc nao khi mOt phien duqc thiet lop hoc duqc chtun dirt. Cac giao thirc va nger nghia

45

De, Van Thjnh - A13439 Chucmg 4: Thiet ke mang yeti b0 can bang tai (cid:9)

chinh xac se khac nhau gifta cac san phAm, nhung b0 can bang tai di/ phi:mg phai theo del town be bang phien, nhu da duqc duy tri trong be can bang tai boat dOng, va gift no In& duqc cap nhat dtra tren ca so lien toc. Khi be can bang tai hoot dOng gap phai van de, be, can bang tai cly pheng phai biet duqc luqng tai tree mei may chit nha met ban sao chdp chinh xac toan be bang phien lam viec, va cho phdp duy tri ben yang phien lam viec met cach can thiet.

Cung cap chuyen del cly phong c6 trang thai la rat phirc tap vi khi cac be can bang tai Bang thvc hien cons viec thi bi rang buec tri hoan trong URL, cookie, hoac ID phien SSL .. a trong mai gai tin you can clya tren chuyen dei. Bed vi thu to hoacs6 ACK duqc sirs va tra loi, be can bang tai do phong phii car nhat sau mei goi tin cho dung trinh to va s8 ACK de dam bao rang thvc hien dang chuyen doi do phong c6 trang thai. Dieu nay co the tao ra rat nhieu chi phi. De cung cap chuyen d8i do phong co trang thai cho ID phien SSL clya tren chuyen mach, be can bang tai di; phong phii duac cap nhat yen bang ID phien SSL bat dr khi nao co so thay dei trong bang. Khi be can bang GM dy phong tiep quart, n6 phai c6 kha nang ket hqp von met ID phien SSL yen may chit chinh xac de dam brio duy tri ben bi.

h

Chuyen dei dy phong c6 trang thai la met tinh nang tuyet vol vOl tinh satt sang cao bei vi no khong chi cho phdp chung ta khoi phuc 10 so co cho be can bang di, ma con kheng gay ra bat ky so gian door' nao trong cac hoot dOng ket noi. Tam quan acing cua chuyen doi do ph6ng c6 trang thai la rat h!rn doi von met so img dung. Nhin chung, chuyen den do pheng co trang thai cung cap nhieu lqi ich ham cho cac (mg . dung se dung cac ket not ton tai lau dai. Vi do, cacce ket noi video thutmg thin gian song. kha lau tir me ket not trong khi de cac ket not HTTP co t &i gian song thueng rat ngan, beri vi trinh duyet tao ra met hoac nhieu you cau HTTP trong met ket not TCP va sau de se deing ket noi. Thy thuOc vao timg loai san phAm can bang tai, ma taco the kich hoot firth nang chuyen del do . de c6 &Km hieu qua tot phang c6 trang thai danh cho cac Ong dung co the vai dia chi VIP, trong viec sir dung cac nguon lye dm be can bang tai.

Chuyen dei cly phong co trang thai co the anh huang den , hieu suit dm bo can bang tai trong thiet ke mang. Cac be can bang tai can phai giao tie veri nhau de" co the dong be hem bang phien lam viec, dieu nay tao them cling viec cho cac b0 can bang tai.

4.3.4. Da dja chi VIP

Chimg ta da de cap ve cac trutmghqp trong de mai 1)0 can bang tai chi ca met dia chi VIP, nhung thud te, chimg ta co the co nhieu dia chi VIP cho moi be can bang tai. Cac be can bang tai ca the giao djch yeti cac dia chi VIP dang hoot (tong ten nhung bo can bang tai khk, hoac yeu cau nguoi quan tri mang &Au hinh hog dOng nay. IChi ‘moi dja chi VIP. , c01 bang tai, d6 se la dieu quart acing. de dai din cho met se luqng tai nhAt dinh tren be) co the cAu hinh met cach chinh va plan phoi lugng tai ,dong deu tren cac be can bang ta toy thuec vao thiet ke va me hinh mang, c6 the tao ra so phan dorin nhat (firth tai. Han n

f

46

Chuang 4: Thiet ke mang vat b0 can bang tin (cid:9) DO Van Thinh — A13439

cho the dia chi VIP duqc phvc vu bEri mpt bO can bang tai so vEri cac b0 can bang Gal khac. Vi du, neu b0 can bang tai 1 bi mat ket not den cac may chit thut trong dia chi VIP10, no se chon loc chuyEn din du phong dia chi VIP10 clan b0 can bang tai 2.

4.3.5. Qua trinh khoi phyc b4 can bang tai

Khi mot b0 can bang tai gap phai van de, mot by can bang tai khac ngay lip titre se tiep quan nhiem vu. Nhtmg dieu gi se xay ra neu b0 can bang tai gap phai sr co duqc sirs ch0a va quay tit lai cong viec? Khi sir dung chuyen din du phong co trong thai, se mat mot khoang‘thiri gian de‘cho b0 can bang tai duce khoi phue va d8ng WO tat ca thong tin phien lai dau. BO can bang tai co the duqc coi flu hoar tom khoi phue chi sau khi qua trinh dong b0 duqc hoan tat. Khi khong sir dung chuyEn &Si du phong co trong thai, di chuyen dja chi VIP tir b0 can bang tai nay den b0 can bang tai Ichic la nguyen nhan an den st ir gian doan ket not boi tat ca cac phien hien co deu bi chain dirt. Nhtmg do to the IA dieu may man de cho b0 can bang tai duqc khoi phuc tiep quan tat ca cac dja chi VIP no timg so hau. Cung cap nay lam cho khi nang mEr rung b0 can bang tai tar nen tot has nhtmg nguai quan tri co the muon kiem soat khi dieu nay xay ra trill sit gian doan vi mat tat ca cac phien hoat dung dang duqc thuc hien.

4.3.6. Tay chyn thief ke tinh sin sing cao

Trong phan nay, chimg ta se luErt qua sit phut then cua the mau thiet k'E mang co tinh sAn sang cao va xem xot cac lqi ich, cac van de trong mai thiet ke.

Bat Mu vai mot thiet kE dun gifin cua mot bet djnh tuy'E'n va mot b0 can bang tai sled cac may chit true thu0e, da duqc the hien trong hinh 4.1 va 4.2. De chili duqc the sit co xay ra d6i vdri cac can bang tai, cluing ta se thitt ke hai bo can bang tai boat Bongo the dO cau hinh active-standby, duce the hien trong hinh 4.8. De cho dun gian, chi:mg ta se chia the may chit gifta hai b0 can bang tat trong each tiep can nay. Dia chi VIP duqc gas den tat ca cac may chit !lux. Neu che dO du phong chart tat ca cac km lucmg truy cop, cac may chit duqc ket not den b0 can bang tai du phong trong twang hqp nay se kh8ng the chuyen den b0 can banktai dang hoat dOng. Dieu nay chi cung cap mot nira so may chit hoot clang dOng cho van de can bang tai. Han nag, neu b0 can bang tai hogt dung gap phai sit co, ehting ta cung se mat tat ca cac may chit duqc ket not den can bang tai nay. Day la hart the lon nhat cita thiet ke nay.

47

Chuang 4: Thiet ke mang yeti 130 can bang tai (cid:9)

DO Van Thinh — A13439

111. 149.1$,1 MAC-MI

1

YIP-HLIN.0.10 MAC-MI Gateway W-1011101

Stardby lMM YIP - 111.119 65 le MAC n M4 Cava) W=1010101

(cid:9) (cid:9)

W.10.10.10 MAC a MS

MUCOUS 10.10.111.30 (cid:9) MAC=M? MAC MN (cid:9)

(cid:9)

MIL to 010.10 MAC =MI 164

Wg

WO (cid:9)

Hinh 4.8: Tinh san sang cao #1

MOt cat tien trong thiet Ice nay la sir dung cic b0 can bang tai trong the dO eau hinh active-active, nhu the hien trong hinh 4.9. Bang each sir dvng thiet 10p active-active, bay gib chi:mg ta c6 the truy cop den tat ca cac may cha tir bat 14 mOt b0 can bang tai nao. CO mgt dia chi VIP hoot dOng va mOt. dia chi VIP du phong tren m8i 130 can bang di. Chung ta can phai dk bit ch6 St lam the nio ae cac dirt chi VIP duqc lien ket tai cac may ch6 thvc, va lam the nao dia chi default gateway duqc cau hinh ten cac may chi thvc. Neu chimg ta gan mOi dia chi VIPI din RS I va RS2, va dja chi VIP2 den RS3 va RS4, chimg ta khong the dot duqc tinh sin sang cao. Rang b?ri vi khi b0 can bang tai 1 gOp phai sv c6, chimg ta cling mat tat ca cac may chit thvc duqc gin den dja chi VIP1. BO can bang tai 2 khong the co duqc sv phvc vv clia VIP! 136i cac may chi' duqc gin den dja chi VIPI khong san sang. Vi va'y chimg ta phai gin m6i dia chi VIP den cac may chir duqc ket not yr% ca hai be) can bang tai de c6 duqc tinh sin sang cao.

MAC -MI

1011620 Aram.

YIP2 - 111.100521 Standby Gana, e 10_1010 1

1711 .111 1015.21Sertyy %111 - 141 10 021 Anne Gainsay 0P2-10 10 10 2

0.52 (cid:9)

RS1 (cid:9)

10101010 101010N 1010.111.30 10101040 14ACOA7 MAC-MI MAC ell, 151

63 (cid:9)

Hinh 4.9: Tinh (cid:9)

sang cao #2

48

Chucmg 4: Till& ke mpg vet b0 can bang tai (cid:9) DO Van Math — A13439

Chang ta co the cAu hinh default gateway cho moi may chi' thac de fro den b0 can bang tai ma no ket not RA. Doi v692S1 va RS2, default gateway diroc thiet lap den dja chi IP1. Chung ta da not den luting bat doi ming, trong truang hop nay, neu b0 can bang tai 2 giri mot yeu cau tir dja chi VIP2 den RS1, gei tin tra Itri tir RS1 se den b0 can bang tai 1 ma khong quay tr6 ye b0 can bang tai 2. Do da chimg ta phii sir clang NAT nguon hok DSR. Cach lchac, chimg ta co the sir dung chung dja chi VIP giva hai b0 can bang tai de cho bat ky b0 can bang tai nio cling co the xi' 1St cac gai tin tra Rd.

MOt trong nhang van de 16n nhit chimg to vira xu 13% trong cac thiet kt da duqc the hien trong hinh 4.8 va 4.9 la chimg ta se mat tat ca et may chi' ket not den mot 130 can bang tai neu b0 can bang tai gap phai sa co. Xung quanh van de nay 3 thiet ke hinh 4.10 se them mot b0 chuyen mach 16p 2 dirth cac b0 can bang tai de ket not tat el cac may chi' cling nhau. MOt 15, do quan tong trong viec sir dung cac b0 chuyen mach h5p 2 co the la mat dO deg va gia/cOng san co cua cac san pham can bang tai. Bo chuyen mach yen nhieu c8ng ham co the cung cap them nhieu cOng trong Wit yeu to hinh that nhe gun, giam thieu kh6ng gian.

141.14913.1 MAC /41

111P1 -141,104420 Arch, Y1PZ 14E10.021 Sundb, Gann" nii-tom_ set t

VII01•141 149111.0Susedby VIIPZ =1 41 1491321 Actin, Gann IPI-11.10

It2

10.1010 10 MAC-M0 151

111 10 1010 MAC - W1 RSZ

10101030 MAC - MB 153

1010.10 0 MAC -Ml RS4

Hinh 4.10: Tinh salt sang cao #3

Thiet ke duqc the hien trong hinh 4.10 giOng tnur mot thiAt ke_lchac da duqc trinh bay trong hinh 4.6. Nhung chung ta can phai gill quyet duqc tinh sari sang cao cho b0 djnh tuyen va b0 chuyen mach 16p 2.

Thiet ke duqc the hien trong hinh 4.11 cal thin tir thiet ke trong lath 4.10 bang cach cung cap kha nang chju sa c8 cho b0 chuyen mach 16p 2 Ida ket not von cac may chi'. Twat do, chting ta da co cac thiet ke cung cap kha nang chju sv co dei von cac b0 can bang tit, trong cac truang hop da chimg ta co* the se mat quyen truy cap tai cac may chit

49

Di; Van Thinh — A13439

Chuang 4: Thiet Ice mang yeti bi) can bin tai (cid:9)

nett b0 chuyen mach 16p 2 gap phai str ca. Trong thiet ke nay, cach tat nhit la Wan chia cac may chit thuc gifta hai dia chi VIP, va thiet lip dja chi default gateway cho mei may chit tuong img voi b0 can bang tai. Vi vay, chimg ta co the On dia chi VIP1 den RS1 va RS2, va dja chi VIP2 den RS3 va RS4. va thiet lop default gateway cho RS1 va RS2 den IP1, RS3 va RS4 den IP2. Dieu nay se tranh duqc su xuAt hien dm luting ltru Iugng bit doi ximg. Cach khac, chting ta co the rang buac mai dja chi VIP den tat ca cac may chi' dx, phan chia cac may chi' dux gift hai dia chi default gateway, va sir dung each chia se dja chi VIP tren cac b0 can bang tai. Cach lam nay se kh8ng co van de gi yen cac luring geoi tin tra loi, va cac b0 can bang tai se co the xir Iy chimg.

111 10.113.1

141 10020Staby

%IP? - 141 181621 Attn. Garen Me 101010 2

V110 1-141 161120 Act.. 111P2 - In 18E11 Stab Gann 1P11 n 110 10 10 1

11010 IQ II 10101020 10.1.10 X 1010106 MAC e$11 MAC -Mr MW•MI MAC-IM

164

RS1 (cid:9)

PSI (cid:9)

lea (cid:9)

Hirsh 4.11: Tinh sin sang cao #4

Khi Chang ta di thiet lap duqc kha nang chiu loi cho by chuyen mach lap 2 va cho cac bij can bang tai, thi b0 Binh tuyen se la khuyit diem duy nhat con xot lai trong mo hinh mang hien c6. Hinh 4.12 the hien thiet kt bao ptim co hai by dinh tuyen..MOt nhom trunk veri hai hoc nhieu lien ket duqc sir dung de ket not den hai thiet bj chuyen mach. Nhem trunk cung cap hai lqi fch d6 la kha nang mo rOng va kha Wing chiu 18i. Tat ca cac lien ket trong nhom trunk duqc sir dung de cung cap mgt bang thong tang hgp bing yogi tang cac bang thong duqc cung cap beri mai lien ket trong nhom trunk. Neu men lien ket bj loi, luqng tai to dOng ducat chia se tren cac lien ket khac trong nhom trunk. Thuat toan dirge sir dung de phan phOi tai giOn cac lien ket va so the lien ket 118 trq trong nhom trunk phu thuOc vao cac thiet bi san phim duqc sir dung. Trong cac thiet ke truck do, mei lien ket gap phai sir co se bien cac be) can bang tai va b0 dinh tuyen trit nen ve dung. Trong thief ke dusk the hien trong hinh 4.12, chimg ta sir dyng cac nheim trunk de han the vin de nay.

50

DO Van Thinh — A13439

Chuang 4: Thiet ka mang voi bi) can bang tai (cid:9)

VItKr Irle141.111265.3 VW Meal 1490.4

141 14145.1 (cid:9)

1//101152

V4P1 AN 141 10 14,11154andby VIP!-141 14915 21 Arse Sass IP-10 10 102

V1P1 -1u 10040 Arse vin-141 104521 Standby San Me 191010 I

10101010 10.101029 10101010 10 10 1010 MA[ -111 MAC-10 MAC-Mt MAC -MI

ltS1 (cid:9)

452 (cid:9)

453 (cid:9)

RS4

Hinh 4.12: Tinh sr5n sang cao #5

Trong thiet ke dugc the hien trong hinh 4.12, chimg ta sir clang hai be dinh tuyen cling met hic bang cach sir dung VRRP de cung cap tinh sari sang cao. Chung to sir clang hai dja chi IP VRRP, trong de mai dja chi IP duct s6 halt ben mOi be (Anil tuyen. Chung ta c6 the eau hinh tie• can bang tai 1 tro den dia chi IP1 VRRP vi be can bang tai 2 tro den dja chi IP2 VRRP cho tau lugng ra ben ngoei. Dieu pity chophop phan phoi ltru lugng ben ngoii phAi thong qua ca hai be djnh tuyen. MOt so sin pham ding cho phop phin phoi tai tren nhieu tuyen dtrimg tinh. Trong trutmg hop nAy, chting ta c6 the xic (firth hai tuyen dueng tinh tren moi be can bang tai den mai dja chi IP VRRP, vi phan ph6i luu lugng truy cap tren ca hai be djnh tuyen.

Thief ke dugc the hien trong hinh 4.13 dai dien cho bien the c6 tinh sin sing cao trong thiet 1ce met earth tay; Thiet ke nAy gieri thieu bo chuyen mach ler 2/3 trai ngtrge voi be chuyen mach 16p 2 ket not veri may eh& Ngoiti ra, cac diem lien ket gina lx") chuyen mach lop 2/3 vi be djnh tuyen 41 (lien cho cac Han ket tiny chinh. Neu chung ta sir dung be chuyen mach lop 2 vi su dung cac diem lien ket by chinh nhtr dA bier., se c6 met Wing lap vi chung ta phiti chay STP. Bat cu khi nAo c6 STP, chin ta can can than ngAn chart cac lien ket de cung cap luong Itru lugng tai uu. Neu chimg ta sir dang ‘be chuyen mach lop 3 vi sir dung cac ket filar tren, chung ta se tranh dugc STP bang cach eau hinh cac mang con khde nhau. Trong !hi& ke par. mai 1)0 can bang tai truy cap den tat ca cite may chit. Nhung neu chimg ta mat be chuyen mach 16p 2/3, chting ta se mat met tiers so may chit vi ca be can bang tai dugc ket not den lx) chuyen mach. Nhung nhin chung, be chuyen mach 16p 2/3 thtremg it gap phid sa co hcrn so veri met may chit hay met be can bang tai, bOi vi c6 it tinh nang vi cAu hinh lien quan den be chuyen mach 16p 2/3.

51

(cid:9) DO Van Thjnh — A13439 Chucmg 4: Thiet k'e mang tr6i b0 can bang tai

%IMP 1P1 - 111 110115 VRkP 11•2 -141.1411.10

I

Load (cid:9) Balainfr 2

Lod Elahorn

11PI -111 I* * 20 Mouthy Un- 111 1* IS 21 Mine Canary - 1011/10

VIM -111 100.20Arthe 111P2 111 141114541 fandby Canty WI .• It M101

a

10 10 11110 10 1010 20 10.10 10 3$ 10.1010* MAC** MACcM7 MAC-IS MAC- lb

RS3

1154

161

1CM

Hinh 4.13: Tinh san sang cao #6 Co ba each a sir clung cac thiet ke the hien trong hinh 4.13. Phuomg phap tiep can eau tien la sir dung DSR, chimg ta co the thoai mai ring bubc bat Icj , dja chi VIP nao den bat kS, cac may chit. Tat ca ding viec chimg ta can lam la diun bao can bang tai trog giEra cac bo can bang tai bang cach phan phoi cac dia chi VIP. Chimg ta can thiet lap default gateway den dirt chi IP VRRP tren mai b0 dinh tuyen ben vi lint Itrqng etra Rd 'thong phai thong qua bo can bang tai khi sir dung DSR.. Dieu (Juan trqngtrong thiet ke nay la 1St ' can bang tai sir dung dubng lien ket th6ng qua the thiet bi chuyen mach I6p 2/3 de lciem tra sire Ichee cita nhau. Vi dv, neu b0 chuyen mach 16p 2/3 gap phai sv co, by can bang tai 2 se phat hien va ngay tirc tiep quan tat ca cac dja chi VIP tir bo can, bang tai 1. Neu cac ket private de kiem tra sire kh6e, bo can bang tai dugc ket noi (cid:9) chimg se khOng the phat hien neubb chuyen mach 16p 2/3 gap phai sv c8.

tiep th8ng qua I (cid:9)

Thiet ke nay kheo leo khi sir dung cac dja chi IP private cho cac may chit chi tin. Neu chin% ta sir d‘mg bo chuyen mach 16/3 ,2 de ket tbi the may chit, thi sau d6 cac ,b0 djnh tuyen phai duqc can hinh de djnh tuyen den the dja chi IP private. Ching ta ce the sir dung thay the bo chuyen mach 16p 3 bang b0 chuyen mach 16p 2 de cung cap kha nang dinh tuyen tir bo djnh tuyen dEn cac may chit v6i dia chi IP private.

Cach tiep can thin hai, chin ta c6 the rang bubc mai dja chi VIP den mot min so may chit, va thiet lap default gateway den cac bo can bang tai ttrcmg ling. Neu chin% ta gan VIP1 den RS1 va RS2, default gateway cho RS1 va RS2 phai phat duqc thiet lap den IP1 de dam bao luting hit Wong tra 1Cri thong qua 1.30 can bang tai 1. Neu bb can bang tai , 1 gap phai sir co, b0 can bang tai 2 se phvc vv hai dia chi VIP va cling c6 the to cap kha nAng chuyen clOi dlr phong co trang thai trong khi sir dung tat ca cac may chit de can bang tai. Trong cach can hinh nay, lien keit gifa b0 can bang tai vi bo chuyen mach 16p 2 phai bane thong thich hqp bed vi cac xeu cau bang th6ng duqc tanglen. Cacyeu cau di fir b0 chuyen mach lop 2 den bo can bang tai vi tr6 ra tir bo can bang tai den bb chuyen 52

DO Van Thinh — A13439 Chuang 4: Thiet ke mang vtri NI can bang tai (cid:9)

luting tra 16i se quay trtr 10 b0 can bing tai sau goi tin yOu

mach Itrp 2 den cac may cha ‘thvc. Cac (cid:9) do den 130 chuyen mach vi roi den Ix) djnh tuyen trtrac ,khi tai may khach. (cid:9) cau va tra lm se phai vuqt qua hai Ian thong qua lien kat gifra chuyen mach lop 2 va can bang tai. Chung ta dang. giai quyet van de nay bang cach sir Ong mot nhem trunk giaa can bang tai vi b0 chuyen mach bang each sir dung cac lien ket toe dO cao ham (gigabit).

Ckh tie)) can thir ba, chung ta co the sir Ong NAT nguOn va ring bur)c bat ky dia chi VIP nao den bat kY may chit thvc Nth &Km tinh than linh host day di". Tat ca cac gei tin you cau va tra 16i se di qua hai Ian b0 can bang tai vi bo chuyen mach lop 2.

Nhin chung ckh hieu qua nhAt la sir dvng ,DSR trong thiet Ice nay txii vi no cung cap thong luting cao cling nhu luting tau luring toi uu khi six Ong lien kat.

Trong cac thiet ke da duqc chung ta de cap din, cluing ta mai chi sir Ong mot card mang trong moi may chi" ket not den N can bing tai hoac b0 chuyen mach 16p 2. Khi chimg ta ket non may chit den 1)0 can bing tai, chting ta se mat cac may ,chil neu b0 can bing tai gip phai sv co. Do d6. Chung ta sir dung b0 chuyen mach lop 2 de ket not den cac may chit va glop cho cac may chit co the duqc truy cap tir cac b0 can bing tai. Neu 1)0 chuyen mach lap 2 gip phai van de, chung ta cling se mat guy& truy cap den cac may chief. Hinh 4.14 the hien mot thiet ke yeti hai card mang trong moi may chit , de duy tri quyen truy cap den cac may chit neu co *it hi) can bing tai gap phai sv co ; Dieu nay cling bao vg guy& truy cap den may chit' va tinh salt sing cao mia may chit nett lien ket den may chit hoac mot card mang nao d6 tren may chit gap sv c6.

latter In - 141.141.41S3 YrtllY Irte141.1410 GSA

141.1065 MAC at /A2

141.14365 1 (cid:9) MAC-MI (cid:9)

toad Balancer 1

YIP-141.149.65 10 MAC grin (cid:9) Caws) W-10 10 10 1

Sundt, Unit YIP-111 141.65.10 MAC-MI Gateway

— 10.10101

if (cid:9)

III

g1 (cid:9) talcum se. (cid:9) 10.1010.36 1010.10.40 SAC-MS MAC-Mi MAC-M1 MAC =Mg

RS► (cid:9)

RS2 (cid:9)

RS3 (cid:9)

RS4

Hinh 4.14: Tinh siin sang cao #7

53

Chuong 4: Thiet lee mang voi bi can bang tii (cid:9) DO Van Thinh — A13439

Sir (cid:9) hai card mang trong met may chi can dam bio firth chinh xac khi nang hoot deng doing thii dm card mang. Dieu nay pho thuec vao tirng loai sin pham va he' dieu hanh duqc sir (long trong moi may chit Met so loci card mang co hai cling vi ca hai Gong cling hoat deng ding thtri hoOc hoOc met cling hoot deng nhu la met ban sao luu cho met ding khac. MOt so nha cimg cap card mong co the lu!) trq kha nang nhom hai card mang ding nhau nhu met cep hoat deng h the de active-standby hoOc active-active.

Trong thiet ke duqc the hien trong hinh 4.14, m81 may chi co hai card mpg. cac interface nay co the ding nand tren met card mang hoc hai card mang khac nhau. Tuy nhien, ca hai interface duqc nh6m Iii vao met clip hoot dOng h che de active-standby, card hoat deng duqc ket not den be can bang tii hoot deng vi card do phing duoc ket not den be can bang tii du phong. Khi bk can bang tai hoot deng gip phai so co, be can bang tai do phong se tiep quan. V(i): neu be can bang di do phing tiep quail lieu rang cac card do phing se hoat dOng? Neu no ;thong hoot deng, be can bang tai do phing se !dieing co duong mang truy cap den cac may chi]. Dieu kien de cho interface do phong tiep quan ail pho thuec vao nhi cung cap card mang, cac trinh dieu khien phan mem cho card mang, vi he, dieu hanh dm may chit Dieu quan tong can luu Y rang be can bang tai hoat dOng c6 tile gip phai so c8 bang nhieu cach Ichic nhau. Met truing hqp de ding la khi be can bang tai hoat dOng co the bi mat dien, card mpg che de hoot Ong c6 the de ding phit hien th8ng qua trang thai, kit vi doll card mang do phing. Mot truerng ,hqp kW) khan hon la khi be can bang tai hoat Ong bi treo do 18i phan cimg hoat phan me trong trinh dieur khien hoOc quan ly. Trong truing hqp nay se khong co luu luring truy ?Op tren cac ket not hoot deng den may chi, nhung do tong thai lien ket ‘van kh8ng co van de $t c8ng phan cimg tren be can bang tai van On djnh. Be can bang tai do ph6ng se tiep quin nhiem vi can bang tai b?ri vi no khong they tin hieu dip tir qui birth kiem , tra tinh trang sirc khie den tir be can bang hoot dOng. Neu interface do phing kh8ng clang thai tiep quin, be can bang tai do phong se khong ci each nao truy cop den cac may chit

Met van de khac trong thiet ice nay li neu card mons 6 the de hoot deng hoc lien ket den card mango the de hoat Ong co the Op phiti so co tren met hoc nhieu may chi gay ra card mang dµ phong se tiep quan nhiem vv. Be can bang tai hoot deng se tiep tic chat nang nhung se kheng co truy cOp nio den cac may chi neu be can bang tai do phing khong chuyen tiep hni luqng thong thtrang. Nhin chung, thiet . ke nay de bi 18i vi nen tranh sir (long trir khi dam bio duqc cac dieu kien xung quanh de giai quyet duqc cac van de xay ra.

Trong thiet ice duqc the hien trong hinh 4.15, cac interface hoot deng tir cac may chi duqc phan chia gifta hai be can bang tii. Chang ta can tau hinh cac be can bang tai trong the de active-active vi rang buec djac chi VIP1 den RS1 vi RS2, vi dja chi VIP2 den RS3 vi RS4. Thiet lOp dia chi default gateway cho RS1 vi RS2 den IP1, va cho RS3 vi RS4 den IP2. Khi ca hai be can bang tii ding lam viec, chiing ta se co the s* ding tat ci cac be can bang CIi vi may chit Neu b9 can bang tai 1 gip phai so co, dja chi VIP I vi dja IP1 se duqc tiep quin boi be can bang tai 2. Nhtmg quan trong can dam bio rang interface card mang hoot Ong duqc ket n6i din be can bang tai dang hoot Ong (be can bang tai tiep

54

Chuang 4: Thiet ke mpg yeti be• can bang tin (cid:9)

DO Van 'Minh — A13439

quan tir be can bang tai g#p phai sv c0) a cling met then diem de cung cap ket not den bp can bang tai 2. Nhu da de cap trong thiet ke hinh 4.14, nhung met cat tien trong thiet ke nay IA neu , met trong cac interface card mpg hoat don? gap phai sr co, interface dv phong se tiep quan de cung cap ket not thong qua be can bang tai khac. Neu interface card mang hoat dOng a may chit RS 1 gap phiti van de, b0 can bang tai van se truy cap den RS 1 thong qua be can bang tai 2 beri vi khi chimg ta sir dvng che de active-active, be can bang tai 2 cling se chuyen tiep luu lugng. Khi cluing ta thiet lap default gateway cho RSI den IP I, luu lung tra leri may chit van se thong qua be can bang tai 1. Neu default gateway dugc thiet lap de djnh tuyen thay vi IP nguem cita be can bang tai, cluing ta se co met luring tra 16i bit doi ximg.

War in ..141.14.163 %UP 1P2 .041 143664

141 10 MAC 012

141 1066 1 (cid:9) MAC•141 (cid:9)

rel • 141 141.61/0 Antre Yin- Ill 141 6311 Sardby Gen, IP1 II 10 III

1114 • 141.111.46 111Sungby Vitt -141 ISIS n Mime Camta, 1P2 1010102

1111111211 1•14111120

141101140

1010 1010 MAC-116 MAC a In MAC-10 MAC

151

145

RS2

RS!

HInh 4.15: Tinh (cid:9)

sang cao #8

Chang ta co the tan dung viec chia se dja chi VIP trong thiet ke nay trong do ca hai be can bang tai co the xir 157 luu lugng cimg met lOc cho cling met (ha chi VIP. Veri viec chia se dja chi VIP, cluing ta khOng phai lo lang lam the new luu Ku:mg tra leri quay tra lai va lieu default gateway duce thiet 1#p dting. Chimg ta co the rang bueic moi dja chi VIP den tit ca cac may chit va bit cu be can bang tai nao nhon dugc gel tin dau tien se xis ly no.

Trong thiet ke dugc the hien trong hinh 4.16, cluing ta se de cop den cac card mang hoat dOng a che de active-active, trong d6 ca hai interface hoat tong cling met hic. Dieu quan trong can luu ST rang dja chi IP moi may chit thvc phiti trong gi6ng nhu met may chit thvc den be can bang tai. Phu thuec veto he dieu hanh train men may chit, chimg ta can cau hinh dja chi IP cho interface card mang. Vi dv, Linux cho phop cac dja chi IP cho ca hai interface card mpg cling chung mot mpg con. Met so hg dieu hanh co the you du rang cac dja chi IP cho hai interface card mane phai train mang con khac nhau. Chang ta can phai kiem tra lieu chimg ta co the thiet 1#p default gateway cho mtii interface card mang hay khong. Neu he dieu &nth chi cho phep mot default gateway dugc thiet lip, tit

55

Do VAn Thinh — A13439

Chuang 4: Thiet kt mang veri hi) can bin tai (cid:9)

ca cac get tin tra lati se thong qua cimg. mot default gateway vi dieu nay , gay ra luting luu lucmg bat doi ximg. Do 46, each tot nhat la sir dung DSR hoac NAT nguon khi ket not cac may chit den nhieu be can bang tai sir dung hai hay nhieu interface card mang trong may chit, trir khi chung ta hieu chinh xac hg dieu Wirth va hoat dung dm card mang.

%UP J 1-141.1Mf03 VRRP Q2-141 100 4

141 1045.2

141 1001 (cid:9)

V1P1 n 141_1 We a Standby VIrt- 141 10021 AS.. Gatnrin *Isla 10 10 2

VW's. 1 41.10.0.20 4rftny VW? - 141.1011121 Standby Garay WI -.10 10 10 1

141.10.141,1

10.101020

tt 10. IRO

103

WM It 10 14AC•115 MAC 412 MAC • 5111 MAC n RS4

R52

101

Hinh 4.16: Tinh sin sang cao #9

Khi mot card mang gap phai stir co, bo can bang tai s6 xem xet may chit thvc ducm xitc dinh ved dia chi IP tren card mang do, sau 46 may chi, thine tiep tvc hoat dOng thong qua card mpg thin hai. Nhin chung, interface card mang trong the dO active-active ce the gay ra cac van de nhu da d'e cap.

43.7. Si giao tiep gifra cac bq can bang tai

active-active, cac be can

Cho dit cluing ta sir dung the de hoot dOng active-standby bang tai van se giao tiep ved nhau bang each sir dung met so giao thine. so (cid:9)

Khi sir dung cau hinh active-standby, cac be can bang tai can xic dinh .b0 can bang tai lam viec the d¢ hoat dOng va the dO du phOng. Thy thueic vao sin pham can bang tai, dieu nay c6 the, van de nay c6 the la met eau hinh bang tay frac tlr dOng. gifta hai bo can bang tai. Trong the dO cau hinh active-active, min bi) can bang taiphai xac dinh cac dja chi VIP hoat dOng va cac dja chi VIP dy phong tren mot be can bang tai. MOt each tiep can phirc tap hon se duqc xem xet khi be can bang tai ce duqc sv phuc vv tot tin met dja chi VIP dtra vao nang lye sin co tren mid bo can bang tai.

56

Chuang 4: Thiet ke mpg voi 1)(1 can bing tai (cid:9)

DO Van Thjnh — A13439

tiep

Dieu quan tong la hai can bang tai hoat dOng trong ciu hinh co tinh san sang cao co mot con duemg giao tiep clang tin coy giffa chimg. Twc tiep ket not hai NO can bang tai ding nhau th8ng qua mot idiom trunk cita hai hoOc nhieu lien ket de dam bao thong tin lien 1pc dang tin 0y, trir khi chimg to dang d8i phe veri mot thiet ke da duot trinh bay trong hinh 4.13. Nhin chung, mOt san pham can bang tai tot nen sir dung tat ea cac ,dtrang dan co san de giao tiep sled mot1)0 can bang tai !chic neu tat ca cac ket truc tiep gitta hai l%) can bang tai gap phai str co vi mOt ly do nao do.

57

DO VAn Thinh - A13439

Chacmg 5: ciu hinh cal dat vi thir nahiem

CHU'ONG 5: CAU HINH CAI HAT VA THU' NGHItM

5.1. Gifri &Fitt

• HAProxy la phin mem mien phi, cung cep cac giii phap mang tinh sin sang cao. HAProxy rat nhanh va tin cjy cho cac Ung dung TCP/IP, dec biet la HTTP. No thich kip cho cac trang web hog Ong tai cao, hog dOng yeti hang chuc ngin ket

• Giai phap HAProxy giai quyet ducyc cac nhu au hien nay nhu: can bing tai cho cac trang web hog dOng tai cao, dam bao cho djch vv web hog dOng lien tvc ngay ca khi c6 cac sv c8 ye logical hay vet 19 xay ra.

MO kink HAProxy

5.2. TOng quan HAProxy

lsibt fang itã try

HAProxy duce hi) try ten cac nen tang he dieu hinh nhu: Linux 2.4 on x86, x86_64, Alpha, SPARC, MIPS, PARISC Linux 2.6 on x86, x86_64, ARM (ixp425), PPC64 Solaris 8/9 on U1traSPARC 2 and 3

58

Chuang 5: cau hinh cal dat vi thin nghiem (cid:9)

DO Van Thinh — A13439

Solaris 10 on Opteron and U1traSPARC FreeBSD 4.10 - 6.2 on x86 OpenBSD 3.1 to -current on 1386, amd64, macppc, alpha ...

Char nang

• Dinh tuyen cac yeu cau HTTP (Kra ten cac cookies chi duqc chi dinh sin; • Can bang tai de dam bio cac may chit host dOng lien tpc bang cach su dung HTTP cookies

iru diem

• Chuyen d8i sang may cho du phong ngay khi may chn chinh gap su co • Chap nhan cacket not den cac ding chi dinh sin phuc v4 cho viec theo dOi

• Cung cap cac giai phap can bang tai, proxy nhanh vi tin cay • Nang cao tinh bao mat cim he thong • Nang cao hieu nang vi tinh an than cfut 4 th8ng nhei chirc Jiang can bang tai vi sao luu du phong.

Khuyit diem

• Lam tang chi phi khi trien khai he th8ng • He th8ng phIrc tap ham nen se kho khan trong viec van hanh va bao tri

5.3. Chi dot giiii phi!) HAProxy cho may chi' Web teen CentOS

5.3.1. Thiet Ice h? thOng

59

Chuang 5: cau hinh cai dat va thir nghiem (cid:9)

DO Van Thinh — A13439

HAProxy co dia chi 192.168.10.10 May chit 1 chay WebServer 1 va Database c6 dja chi IP 192.168.10.11 May chit 2 chay WebServer 2 NIA Database c6 dja chi IP 192.168.10.12 HAproxy, may chit 1 Nth may chit 2 ding sir dung mOt dia chi IP a° la 192.168.10.15

5.3.2. Hoot Ong

Khi may lchach c6 nhu au ket n6i toi may chit Web, se kat n6i vao dia chi 192.168.10.15 . Khi d6 ket not se tr6 tai HAProxy. Sau d6 HAproxy se Olen tai ye may chit 1 vi may chit 2 Neu may chit 1 hoac may chit 2 gap phai sr co thi HAProxy se tr6 kat not ye may chit con lai Neu HAProxy gap phai van de thi kat not dm may khich den dia chi 192.168.10.15 se tr6 truc tiep den mOt trong 2 may chit 1 vi may chit 2

5.4. Chi city au hinh

5.4.1. Chi '1St au hinh HAProxy

Download haproxy # yum -y install haproxy

Xem phial.' bin cai dat haproxy # rpm -qa I grep haproxy

default

listen webfann 192.168.10.10:80 mode hap stats enable stats auth admin:admin stats uri /haproxy-status stats refresh lOs stats hide-version balance roundrobin cookie JSESSIONID prefix option httpclose option forwardfor option httpchk HEAD /check.txt HTTP/1.0 server webl 192.168.10.11:80 cookie A weight 70 check server web2 192.168.10.12:80 cookie B weight 30 check

60

du nth HAproxy # vim /etc/haproxy/haproxy.cfg

DO Van Thinh — A13439

Chuang 5: au hint' cai dat va thir nghiem

_ 7 X

thinhdy'l server: home thinhdv (cid:9)

pie Edit ylew imTNInal Tabs yelp

maxconn (cid:9) retries (cid:9)

68089 3

listen webfarm 192.168.10.10:88

mode http stats enable stats auth admin:admin stats uri /haproxy-status stats refresh 10s stats hide-version balance roundrobin cookie SERVERID insert indirect cookie ISESSIONID prefix option httpclose option forwardfor option httpchk HEAD /check.txt HTTP/1.0 server webl 192.168.10.11:80 cookie A weight 70 check server web2 192.168.10.12:80 cookie 8 weight 36 check

I main frontend which proxys to the backends a

backend static

static 192.168.10.10:80 check

balance roundrobin server (cid:9)

x

thmhdv7server home thrthdy

pie Edit Veva pinta' Tabs Help

* static backend for serving up images, stylesheets and such

backend static balance (cid:9) server (cid:9)

roundrobin static 192.168.18.10:80 check

* round robin balancing between the various backends

backend app balance (cid:9)

roundrobin

Kheri dOng Haproxy # service haproxy start

5.4.2. Citi dirt dich vy WebServer tren Server 1 vit Server 2

Tren hai may chit cai dat djch vg Web va deu chay c6ng mac djnh

61

Chuang 5: cAu hinh cai dat vii thin nghiem (cid:9)

DO Van Thinh — A13439

Ngoai ra can to 1 file check.txt trong thu mpc /var/www/html de HAProxy doe trong thai caa 2 web server # touch /var/www/html/checktxt # echo "Web Server [1]" > /var/www/html/index.html # service httpd start

Truy cAp http://192.168.10.10 /haproxy-status trinh duyet Web se you cAu nhop uesr/pass daa vao tep thu hinh HAProxy.

x

(cid:9)

Statl,,- tics Report for HAP rory Fi onlla Flrefor

.51,41

¤

ji92.169.10.10Thaproxnutusi (cid:9)

- si ti- (cid:9)

gil A

I (cid:9)

de Edit yiew History fioolanarics "lois Help Ej Statistics Report for HAProxy a Vial" roanrerl „,„ , (cid:9) * (cid:9)

HAProxy

Statistics Report for pid 25794

> General process Information

awlsanis: (cid:9)

'SW (mann

pia

(cid:9) (harm

.25724 (flan PI, Manx • 1)

Who UP (cid:9)

laclusp UP (cid:9)

• 12112:220USea (cid:9)

wave UP. going dawn (cid:9)

Inaba/ U0 li 0•2 dam, (cid:9)

• mania = • liming i.0

wive CONN. gang up (cid:9)

Isclomp DOWN. gong up

41/0014 atm: manna.. unlimaild. uliman . IOU auosaak • ODA maw • 4031 aulapipet .0

•• gehne many

• glabilatme (cid:9) len (cid:9)

scan

a 104130

na circled

C04,04

' 1 Caney.' PIM. 00

• maw

"".” came INS Mt Running

N.

UP Int

haci

Sluicing

ambled

a impend

a "Nat

Praamd

1 (cid:9)

2

1 (cid:9)

2 earn

75

• 41

Mt Cal

0

0 al

OPEN

02111

0

0 (cid:9)

1

0

•

0 (cid:9)

1

a

a

• 23

MO

0

0

0

a

0

0 Mt UP 70

r

0

well

0

0 (cid:9)

0 (cid:9)

-

a

0

0

0

0

0

0

0

0 28102 UP 10

V

0

0

0

2

0

at land

0

0 (cid:9)

1

0 1 ea

2 ••1 10 00

a

0

0

0

2

0 2mlb UP 10)

0

0

Download KeepAlived # yum install libcrypto.so.4 -y # rpm -ivh keepalived-1.1.13-5.e14.rf.i386.rpm

Cart hinh keepalived # vim /etc/keepalived/keepalived.conf

vrrp_script chk_httpd {

script "Wall -0 httpd" interval 2 weight 2

vrrp_instance

62

5.43. Cid Sat va citu birth KeepAlived trio Haproxy, Server 1, Server 2

DO Van Thinh — A13439

Chuang 5: cau hinh cal dat va thir nahiem (cid:9)

# 150 master on HAProxy; 120, 100 backup on server], server2

interface eth0 state MASTER virtual_router_id 51 priority 150 (cid:9)

authentication

auth_type PASS auth_pass 123456

}

virtual_ipaddress 192.168.10.15

}

track_script { chk_httpd

}

}

thinhclv :server home thInhchr

The Edit mew Serval labs help

vrrp_script chk_httpd {

script "killall -8 httpd" interval 2 weight 2

}

vrrp_instance VI _1 { state MASTER interface eth0 virtual_router_id 51 priority 150 advert_int 1 authentication {

auth_type PASS auth_pass 123456

} virtual_ipaddress {

192.168.18.15

} track_script { chk_httpd

}

}

virtual_server 192.168.208.180 443

delarloop 6

CAu hinh HAproxv voi Ao

# vim /etc/haproxy/haproxy.cfg default

63

DO Van Thinh — A13439

Chuong 5: cAu hinh cai dat va thir nuhiem (cid:9)

# Dori thimh clia chi IP cio

listen webfarm 192.168.10.15:80 (cid:9) mode hap stats enable stats auth admin:admin stats uri /haproxy-status stats refresh lOs stats hide-version balance roundrobin cookie JSESSIONID prefix option httpclose option forwardfor option httpchk HEAD /check.txt HTTP/I.0 server webl 192.168.10.11:80 cookie A weight 70 check server web2 192.168.10.12:80 cookie B weight 30 check

thinhdv 1 server home thinhdv

Ede Edit ylew Terminal Taps Help

listen webfarm

1 192.168.18.15:801

mode http stats enable stats auth admin:admin stats uri /haproxy-status stats refresh 10s stats hide-version balance roundrobin cookie SERVERID insert indirect cookie JSESSIONID prefix option httpclose option forwardfor option httpchk HEAD /check.txt H7715/1.0 server webl 192.168.10.11:80 cookie A weight 78 check server web2 192.168.18.12:88 cookie 8 weight 38 check

S main frontend which proxys to the backends

backend static

static 192.168.10.10:80 check

balance roundrobin server (cid:9)

64

DO Van Thinh — A13439

Chuang 5: cau hinh cal dat va thin nghiem

thinhdv 7 server: home , thinhdv

The Edit yievi Terminal Tags Help

* static backend for serving up images, stylesheets and such

backend static balance (cid:9) server (cid:9)

roundrobin 'static 192.168.10.15:80 check

S round robin balancing between the various backends

5.5. Kiem tra & Dinh gii ket qui

De kiem tra xem HAProxy co thwc hien can bang tai khong to can co hai trinh duyet web khac nhau nhu Mozilla Firefox vi Google Chrome. Hoac co hai may khitch kat not tai proxy de tranh tinh tang btu cookies.

Trwong hpp m(31 Truy cap thong ke http://192.168.10.15 /haproxy-status

(cid:9)

X

Stati• ics Report for HAPro.y - lgozllla 1 trefox

Ble Ern zee IUatoiy Boolanarks Dols lielp I 0 Statistics Report for HAProxy • 10041:4112.tat1eataiii.....#1.fri

I L 192.168.10.15Thaproxy-status

S

> General process Information

Extental 000,1

o1. (cid:9)

R:

solve UP (cid:9)

11200p UP

•

/10.2202S2111

mom• up yang dawn Stipp UP 0/9 00

wive C00. gc0 lacisp CONN. 030 up

• aorta • it= Ni • railin• no t

pid • 3251 (Pawl nOptx • I) • 00 • 00 mane. 22•0111.1ta: inemna• • unkmnd. Simon • 1011 mosaic • WA •owana • a 4,010•• .0 carnal Gonna. 1, carnal pipssat

mama ONicup C430 na chided

• RBIS • =Suss • Use

1

ROMNIIII

ED 171 510104 (cid:9)

0 (cid:9)

0 2 SO

WPM

3

•E (cid:9)

•

1 (cid:9)

0

web700•01

a MOM 21111 7

7 (cid:9)

3001 (cid:9)

0 (cid:9)

0

0

D 10E0 UP 70 • NEON

10 (cid:9)

0 (cid:9)

02

0

•

0

1

1 (cid:9)

•

3

0

NOn SIMI (cid:9)

0 (cid:9)

SE

Mc SS

0

0

0

2

0 1 O a 2

M

3 1011 (cid:9) 0 0 2 CO O Cl EIENEEME 0

0 1000 UP 3) • 0 33.a... a 2 13 .

1 I Y I

'

l ° I

1j

° °I 1 °I °I° °I I °I (cid:9)

] (cid:9)

°I (cid:9)

1 l (cid:9)

° 1 °."4"° I

°"&. (cid:9)

Truy cap may chit Web ten may may khach ved dia chi 192.168.10.15, kiem tra ck y'eu eau de duce truy xuAt den may chi' 1 va may clui 2 chua.

65

DO Van Thinh - A13439

Chuang 5: eau birth cai dat vi thir mdulem

(cid:9)

x

Manila f veto•

gle Edit glen History goolonarks Dots He

http://192.168.10.15/

(cid:9)

I + I

•

192.168.10.15

Web Server [1]

r elay

flookmarks gaols Help

E6e Era Von History

ir..] Otto //192 168 10 15/ E 192.168.10.15

6

Web Server [2]

Trwong Itcp hai Tren may chit 2, tat dich NT Web # service httpd stop Tren may khach, truy cop 13i (Ha chi may chit Web 192.168.10.15

Manila f irefov

gle Edit Vow History goolcmarks gaols yelp

I n ittp://192.166.10.15/

14A

•

IL; 192.168.10.15

V al 6

Web Server [1]

136'ng that kiem tra teen may ad Haproxy

(cid:9)

X

Stati:tirs Report for HAPror (cid:9)

Ftrefox

gle Es View History Bookmarks Isola yelp

r; Robotics Report for HOProxY

it 0 (cid:9)

• i

V to

192.168.10.15maproxy • status

re

(cid:9)

41 Statistics Report for pid 16478

> General process information

DiSplay apear (cid:9)

tatr•l to

oche up (cid:9)

Saco UP (cid:9)

• amismite • • nag

cam UR going dam Sap UR IMO aim Inn contr. aka up Yaw COOL Via up (cid:9) no a Setup DOWN no chided

pid • Sae Omni& Pans • A (cid:9) Maas • Od Ihierit231 • ato Nails: MINIXIM • ohms& WIMIIII . eon (cid:9) sass* • !Da someam • at pla•pIpes •0 (cid:9) current conns • L apnea paa• OD (cid:9) Running tam 314 (cid:9)

NOV UP IV. loadaJwarq day! s nand 'Nat

• nttlf.nta (cid:9) • aslitniogi (cid:9) stoatior (cid:9) • O • a • k

(cid:9)

OWN

1 32 •ISO fl la (cid:9)

1140100 aa0w 0

0 MB

1 XIS

(cid:9) (cid:9)

•

O a (cid:9)

II ad M (cid:9)

lain MOOS

0 (cid:9)

0

0

0

0

la UP

ID

O

0

O al

(cid:9) (cid:9)

MI UP

ID

1 (cid:9)

0

O 31 IM OD MO lsla 1700) e1a01e 0

0 (cid:9)

0

0

0

0

O la

acrl O 0

66

DI) Van Thinh — A13439

Chucmg 5: cau hinh cal dat va thir nghiem

Truing hip ba Tren HAProxy va may chi 1, tit djch vv keepalived # service keepalived stop Truy cap lai may chi Web 192.168.10.15

rionlla F Irigo

(cid:9)

Elie Edit Mew History ftookmada Dols Help i E.] hdp://192.168.10.15/

Lai

Ej 192168.1015

Web Server [2]

Qua ket qui tren, chting ta c6 the danh gia mot cach trvc quart khi sir dung bO can bin tai may chi nhu sau:

Thu !that la tang kha nail dap img mo rong, de ding them hoac bit may chi mot each de ding nham dap img nhu cau can thiet vii yeu cau cong viec. Trong twang hqp thir nghiem tren, thing ta c6 the them mot so may chit vii cling dii dja chi IP 192.168.10.x hoac gilm bit cac may chi nay di.

Thu hai la tang cuing do tin cay, dap img khi flan dg phong, khi mot may chit gap phii sty co thi he thong van dtrqc duy tri hog dOng khong he bj gian down.

Thu ba la chin ta ci the de ding theo dei tinh Wang cia cac may chi thong qua giao dien khi mot may chi nio di gap phii sv co.

Tiep theo chfing ta se ding danh gia hieu suit cong viec khi sir ding b0 can bang tai trong mo hinh thir nghiep tren vi so sinh yen viec chi sir ding mot may chi hoot dOng cung cap djch Ai Web.

Ching ta se sir thing phan mem WAPT la mot cong cv thir nghiem tai cung cap chi phi hieu qui de kiem tra bat Ict dich , vy may chit web nao bao g6m ea ling citing Icinh doanh, cong thong tin web, ... phan mem nay gitip thing ta c6 the tao ra cac bai kiem tra tai trong yang vii phit.

Qua trinh kiem tra va danh gia cis chin ta se &Km tien hanh yeti hai truing hqp tren thong qua each thirc sir ding mot Itnyng ngu&i ding that dinh tang tir 1 den 20 ngutii, thing th&i troy cop lay thong tin tren may chi web trong mot khoang thai gian ngan.

TrtrOng hqp thir nghiem can bang till vii HAproxy sir dtmg dja chi IP a° 192.168.10.15 cho ta ket qui nhu sau:

67

DO Van Thinh — A13439

Chucme 5: eau hinh cal dat vi thin nghiem

(cid:9)

Average response time (without page elements)

Profile 1.Load Solacing

ims.tri.ts:ani

httn•iii (cid:9)

20

0.1B

18

0.16

16

0.14

14

0.1.2

12

0.10

10

0.08

8

0.06

6

0.04

4

0.02

2

0.00

(cid:9) (cid:9) (cid:9) (cid:9)

0:01:40

0:00:40

0:01:00

0:01:20

0:00:00 (cid:9)

0:00:20

(cid:9)

• Avg response time, sec (cid:9)

la Avg 90% response One, sec

Active users

Tnging hop thin nghieM yea may cher djch vn Web thong during sir dung dia chi 192.168.10.11 cho to ket qua nhu sau:

Average response time (without page elements)

Profile1.Load Solacing

mtnun92.7 6s.in.LI :Rn/

68

Chuong 5: cau hinh cal dat va this nghiem (cid:9)

DO Van Thinh - A13439

Co the nhan xet inns sau: Khi chimg ta tien hanh kiem tra ltru luring tai voi mOt luring ngueri dung Ling dan trong mOt khoang thin gian ngin [that djnh. Doi ydi truing hop sir dong1340 can bang tai thong qua dia chi 192.168.10.15, that gian phitn hoi cac yeu dm se tang din theo so luring ngtricri dung, den ,m0t nguang nick djnh nao d6 khi qua trash tra 161 cac yeu cau girl , den khOng theo kip so luong cac yeu cau, lac nay thai gian phan hoi se lau han do co so tac nghen va can that gian xir 1St. Chimg ta co the thay trutmg hop nay khi chi sir dung mOt may chit cai dat djch vo Web thong qua dja chi )92.168.10.11. Thai gian phim hoi dm may chit nay dot net tang len khi so luring yeu cau tir nguei dimg tang len.

69

Ket luan va huong phat thin de tai

DO Van Thjnh - A13439

KET LUAN VA HUY/NG PHAT TRIEN DE TAI

Ket luen

Can bang tai mang lai Id ich to 16n bang each cai thien tinh sin sang dm he thong may chit, kha nails ma rung quart ljr va an ninh bao mat. Can bang tai may chit la img dung ph6 bien nhat cho bo can bang tai. Ngay nay ding veri sit phat trien vuqt bac cua cong nghe, can bang tai da vi dang phat trien mOt cach manh me de giii quyet cac sv co tat nghen mang va may chit, dem lai giai phap hieu qua nhat cho cac cong ty, doanh nghiep. Bang viec img dung va trien khai cac thiet ke m8 hinh can bang, tai mang tinh sin sang cao, cac cong ty, doanh nghiep cc!) the dap ling dirge Man b0 nhu clu trong cong viec.

Thong qua bao cao khaa luan "Tim hieu he thong can bang tai may chit", da co nhung dong gap, ye mat thuyet cling nhu ye mat cong nghe trong viec tim hieu va xay dung cac he thong can bang tai may chit. Sau day la ket qua chinh ma ae tai nay da dirt duqc:

• Trinh bay ding quan ve he thong may chit can bang tai. • Gieri thieu cac thuat town *rig dung trong can bang it • Xay dung car thiet ke mpg voi b0 can bang tai. • du hinh cal (tat thin nghiem mo hinh may chit can bang tai, dua ra (lath gia ding quat.

Trong pham vi mOt luan van, do han the ve theri gian nghien ciru vi cac yeu t6 khach quan khac, mOt so van de lien quan cna de tai co the vAn clam giii quyet duce mOt each trcm yen, nhung mong rang day la nhung n,Oi dung tim hieu ca ban ,dat nen tang cho sr phat trien nhung nghien sau them ye he thong may chit can bang tai.

Hurting phit trien de di

NhUng van de duqc de cap trong luan van nay men chi tap trung chit yeu vao nen tang ca ban cita he thong may chit can bang tai va l± thuyet xay dung no. Ngoai ra mo phOng mdi chi dap img phan nho trong trien khai thvc te. Mac du vay, luan van nay cling da dinh hang de phat trien mOt he thong may chit phuc vu Ott cho nhu cau cda cac ding ty vi doanh nghiep. Trong theri gian teri, luan van se di sau vao nhung Ichia canh khac Fla he thong can bang tai dien hinh nhu: can bang tai tren ettremg truyen Internet, can bang it tirtmg lira ...

70

Danh mvc tai lieu tham khao (cid:9)

DO Van Thjnh — A13439

1. Nguyen Truerng Giang. "Tai lieu HAproxy tren CentOS". Giang vien Trung tat' n

quan trj mpg PNH. Hit NOi. 2010.

2. Tran Binh. "Cong nghe can bang tat " http://www.vnnic.vtildns/congngheicong-

nghe-can-bing-tai . 2012.

3. Chandra Kopparapu. "Load Balancing Servers, Firewalls, and Caches". Wiley -

Canada. 2002.

4. Tony Bourke. "Server Load Balancing". O'Reilly & Associates, Boa K5/. 2001.

5. Yu ShengSheng, Lu Song, Zhou Jingli. "Load Balancing Algorithms". DO hoc

khoa hoc va cong nghe. Tnmg Quoc. 2004.

6. John Lewis.

"Icy

thuat tong quan mgng can bang tin".

http://technet.microsoft.comienus/1 ibrarv/bb742455 .aspx#X SLTsection124121120 120. 2003.

71

DANH MVC TAI LItU THAM MAO