ADC

LSN 配置示例

以下是通过命令行界面配置 LSN 的示例。

使用单个订阅者网络、单个 LSN NAT IP 地址和默认设置创建简单的 LSN 配置:

add lsn client LSN-CLIENT-1

Done

bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-1

Done

bind lsn pool LSN-POOL-1 203.0.113.3

Done

add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1

Done

bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1

Done
<!--NeedCopy-->

使用扩展 ACL 创建 LSN 配置,用于识别 LSN 订阅者:

add ns acl LSN-ACL-2 ALLOW -srcIP 192.0.2.10-192.0.2.20

Done

apply acls

Done

add lsn client LSN-CLIENT-2

Done

bind lsn client LSN-CLIENT-2 –aclname LSN-ACL-2

Done

add lsn pool LSN-POOL-2

Done

bind lsn pool LSN-POOL-2 203.0.113.5-203.0.113.10

Done

add lsn group LSN-GROUP-2 -clientname LSN-CLIENT-2

Done

bind lsn group LSN-GROUP-2 -poolname LSN-POOL-2

Done
<!--NeedCopy-->

使用 HTTP 协议(端口 80)和 SSH 协议(端口 22)的地址端口相关映射创建 LSN 配置。此外,限制每个订阅者最多使用 1000 个 NAT 端口用于 TCP 协议,最多使用 100 个 NAT 端口用于 UDP 协议。限制每个订阅者具有 TCP 协议的最多 2000 个并发会话。将组限制为 TCP 协议的最多具有 30000 个并发会话:

add lsn client LSN-CLIENT-3

Done

bind lsn client LSN-CLIENT-3 -network 192.0.3.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-3

Done

bind lsn pool LSN-POOL-3 203.0.113.11

Done

add lsn group LSN-GROUP-3 -clientname LSN-CLIENT-3

Done

bind lsn group LSN-GROUP-3 -poolname LSN-POOL-3

Done

add lsn appsprofile LSN-APPS-HTTPPROFILE-3 TCP -mapping ENDPOINT-INDEPENDENT

Done

bind lsn appsprofile LSN-APPS-HTTPPROFILE-3 80

Done

bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-HTTPPROFILE-3

Done

add lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP -mapping ADDRESS-PORT-DEPENDENT

Done

bind lsn appsprofile LSN-APPS-SSHPROFILE-3 22

Done

bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-SSHPROFILE-3

Done

add lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000

Done

bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3

Done

add lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100

Done

bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-UDP-3

Done
<!--NeedCopy-->

为大量订阅者创建 LSN 配置:

add lsn client LSN-CLIENT-4

Done

bind lsn client LSN-CLIENT-4 -network 192.0.4.0 -netmask 255.255.255.0

Done

bind lsn client LSN-CLIENT-4 -network 192.0.5.0 -netmask 255.255.255.0

Done

bind lsn client LSN-CLIENT-4 -network 192.0.6.0 -netmask 255.255.255.0

Done

bind lsn client LSN-CLIENT-4 -network 192.0.7.0 -netmask 255.255.255.0

Done

bind lsn client LSN-CLIENT-4 -network 192.0.8.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-4

Done

bind lsn pool LSN-POOL-4 203.0.113.30-203.0.113.40

Done

bind lsn pool LSN-POOL-4 203.0.113.45-203.0.113.50

Done

bind lsn pool LSN-POOL-4 203.0.113.55-203.0.113.60

Done

add lsn group LSN-GROUP-4 -clientname LSN-CLIENT-4

Done

bind lsn group LSN-GROUP-4 -poolname LSN-POOL-4

Done

add lsn appsprofile LSN-APPS-WELLKNOWNPROFILE-4 TCP -mapping ENDPOINT-INDEPENDENT

Done

bind lsn appsprofile LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 1- 1023

Done

bind lsn group LSN-GROUP-4 -applicationprofilename LSN-APPS-WELLKNOWN-PORTS-PROFILE-4

Done
<!--NeedCopy-->

通过在多个 LSN 组之间共享 NAT 资源创建 LSN 配置。在此示例中,LSN 池 LSN-POOL-5 与 LSN-GROUP-5 和 LSN-GROUP-6 共享:

add lsn client LSN-CLIENT-5

Done

bind lsn client LSN-CLIENT-5 -network 192.0.15.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-5

Done

bind lsn pool LSN-POOL-5 203.0.113.12-203.0.113.14

Done

add lsn group LSN-GROUP-5 -clientname LSN-CLIENT-5

Done

bind lsn group LSN-GROUP-5 -poolname LSN-POOL-5

Done

add lsn client LSN-CLIENT-6

Done

bind lsn client LSN-CLIENT-6 -network 192.0.16.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-6

Done

bind lsn pool LSN-POOL-6 203.0.113.15-203.0.113.18

Done

add lsn group LSN-GROUP-6 -clientname LSN-CLIENT-6

Done

bind lsn group LSN-GROUP-6 -poolname LSN-POOL-6

Done

bind lsn group LSN-GROUP-6 -poolname LSN-POOL-5

Done
<!--NeedCopy-->

创建具有确定性 NAT 资源分配的 LSN 配置:

add lsn client LSN-CLIENT-7

Done

bind lsn client LSN-CLIENT-7 -network 192.0.17.0 -netmask 255.255.255.0

Done

add lsn pool LSN-POOL-7 -nattype DETERMINISTIC

Done

bind lsn pool LSN-POOL-7 203.0.113.19-203.0.113.23

Done

add lsn group LSN-GROUP-7 -clientname LSN-CLIENT-7 -nattype DETERMINISTIC -portblocksize 1024

Done

bind lsn group LSN-GROUP-7 -poolname LSN-POOL-7

Done
<!--NeedCopy-->

使用具有相同网络地址但每个网络属于不同流量域的多个订阅者网络创建 LSN 配置。此外,限制与 HTTP 协议(端口 80)相关的出站流量,通过特定流量域(td 5)发送它:

add lsn client LSN-CLIENT-8

Done

bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 1

Done

bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2

Done

bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 3

Done

add lsn pool LSN-POOL-8

Done

bind lsn pool LSN-POOL-8 203.0.113.80-203.0.113.86

Done

add lsn group LSN-GROUP-8 -clientname LSN-CLIENT-8

Done

bind lsn group LSN-GROUP-8 -poolname LSN-POOL-8

Done

add lsn appsprofile LSN-APPS-HTTP-PROFILE-8 TCP -td 5

Done

bind lsn appsprofile LSN-APPS-HTTP-PROFILE-8 80

Done

bind lsn group LSN-GROUP-8 -applicationprofilename LSN-APPS-HTTP-PROFILE-8

Done
<!--NeedCopy-->

创建 LSN 配置,限制特定协议 (TCP) 的出站流量,并通过特定流量域 (td 5) 发送它。使用与端点无关的筛选,在任何流量域上接收与此协议 (TCP) 相关的入站流量:

add lsn client LSN-CLIENT-9

Done

bind lsn client LSN-CLIENT-9 -network 192.0.9.0 -netmask 255.255.255.0 -td 1

Done

add lsn pool LSN-POOL-9

Done

bind lsn pool LSN-POOL-9 203.0.113.90

Done

add lsn group LSN-GROUP-9 -clientname LSN-CLIENT-9

Done

bind lsn group LSN-GROUP-9 -poolname LSN-POOL-9

Done

add lsn appsprofile LSN-APPS-PROFILE-9 TCP -filtering ENDPOINT-INDEPENDENT -td 5

Done

bind lsn group LSN-GROUP-9 -approfile LSN-APPS-PROFILE-9

Done
<!--NeedCopy-->

创建限制出站 HTTP(端口 80)流量的 LSN 配置,并通过特定流量域 (td 10) 发送它。通过与地址相关的筛选,在指定流量域 (td 10) 上接收与此协议 (HTTP) 相关的入站流量:

add lsn client LSN-CLIENT-10

Done

bind lsn client LSN-CLIENT-10 -network 192.0.10.0 -netmask 255.255.255.0 -td 1

Done

add lsn pool LSN-POOL-10

Done

bind lsn pool LSN-POOL-10 203.0.113.100

Done

add lsn group LSN-GROUP-10 -clientname LSN-CLIENT-10

Done

bind lsn group LSN-GROUP-10 -poolname LSN-POOL-10

Done

add lsn appsprofile LSN-APPS-PROFILE-10 TCP -mapping ENDPOINT -INDEPENDENT -filtering ADDRESS-DEPENDENT -td 10

Done

bind lsn appsprofile LSN-APPS-PROFILE-10 80

Done

bind lsn group LSN-GROUP-10 -approfile LSN-APPS-PROFILE-10

Done
<!--NeedCopy-->
LSN 配置示例

在本文中