ros多线路叠加策略pcc超详细教程图文.docx
《ros多线路叠加策略pcc超详细教程图文.docx》由会员分享,可在线阅读,更多相关《ros多线路叠加策略pcc超详细教程图文.docx(10页珍藏版)》请在冰豆网上搜索。
ros多线路叠加策略pcc超详细教程图文
PCC的负载均衡
<互联网共享人人为我我为人人>
这是ros最根本最重要的应用,网络上很多教程都比拟笼统,新手根本看不懂!
此教程,详细图文+脚本,新手老手都可以借鉴.通分组源地址和源端口实现负载平衡,这里我们建立2个WAN出口分别是wan1和wan2,内网接口是lan1网络环境如下:
∙ISP1地址10.200.15.99/24,网关:
10.200.15.1;
∙ISP2地址10.200.100.99/24,网关:
10.200.100.2;
∙内网IP地址192.168.100.1/24;
∙启用DNS缓存功能,用192.168.100.1作内网DNS解析;
根本配置
首先进入ipaddress配置IP地址:
Mangle标记配置
接下来我们进入ipfirewallmangle标记连接和路由,我们使用per-connection-classifier双向地址进展分类做连接分类标记。
首先我们需要将进入路由的的进展标记
如如下图,我们进入一条mangle规如此,中的advanced标签内容可以看到per-connection-classifier分类器,选择both-addresses的分类:
然后选择dst-address-type=!
local,即除了目标地址是本地以前的地址:
注:
2条线的分类代码定义是第一条线为2/0,第二条为2/1
同样选择一下地址类型:
下面命令是提取走第一条线路的连接标记取名位1st_conn,并从连接里提取路由标记名位1st_route,设置:
per-connection-classifier=both-addresses:
2/0,设置in-interface=lan
/ipfirewallmangleaddaction=mark-connectionchain=preroutingment=""disabled=no\ in-interface=lannew-connection-mark=1st_connpassthrough=yes\ per-connection-classifier=both-addresses:
2/0addaction=mark-routingchain=preroutingment=""connection-mark=1st_conn\ disabled=noin-interface=lannew-routing-mark=1st_routepassthrough=yes
提取走第二条线路的连接标记取名位2nd_conn,并从连接里提取路由标记名位2nd_route,设置:
per-connection-classifier=both-addresses:
2/1,设置in-interface=lan:
/ipfirewallmangleaddaction=mark-connectionchain=preroutingment=""disabled=no\ in-interface=lannew-connection-mark=2nd_connpassthrough=yes\ per-connection-classifier=both-addresses:
2/1addaction=mark-routingchain=preroutingment=""connection-mark=2nd_conn\ disabled=noin-interface=lannew-routing-mark=2nd_routepassthrough=yes
在winbox在mangle中设置完成后如下:
回程路由设置
我们需要将从那个口进入就从相应的口回去,即保证每个外网口的数据能得到正确的路由
/ipfirewallmangleaddchain=inputin-interface=wan1action=mark-connectionnew-connection-mark=1st_connaddchain=inputin-interface=wan2action=mark-connectionnew-connection-mark=2nd_conn
winbox设置
标记完进入接口的后,将这些指定到相应的路由标记上:
addchain=outputconnection-mark=1st_connaction=mark-routingnew-routing-mark=1st_routeaddchain=outputconnection-mark=2nd_connaction=mark-routingnew-routing-mark=2nd_route
winbox设置
路由配置
配置完标记后路由后,我们进入iproute配置路由,首先设置负载均衡的标记路由,首先设置第一条线路的路由标记,设置routing-mark=1st_route:
设置第二条线路的路由标记,设置routing-mark=2nd_route:
配置默认网关和备份网关,默认网关的distance设置为1,并设置check-gateway=ping,通过ping监测网关状态:
备份网关的distance设置为2,并设置check-gateway=ping,通过ping监测网关状态:
配置完成后的路由标如如下图:
配置nat
最后配置nat转换规如此,进入ipfirewallnat中配置action=masquerade,分别对2条线路做伪装:
/ipfirewallnataddaction=masqueradechain=sratout-interface=wan1addaction=masqueradechain=sratout-interface=wan2
命令代码如下:
#添加ADSL1的pppoe-out某某密码并取取消自动添加网关与DNS/interfacepppoe-clientaddname="pppoe-out1"interface="wan1"user="adsl1name"password="adsl1pass"add-default-route=nodisabled=no/interfacepppoe-clientaddname="pppoe-out2"interface="wan2"user="adsl2name"password="adsl2pass"add-default-route=nodisabled=no
#激活pppoe-out拨号/interfacepppoe-clientenablepppoe-out1/interfacepppoe-clientenablepppoe-out2
#添加本地连接配置/ipaddressaddaddress=192.168.1.254/255.255.255.0interface=lan1ment="LAN1"
#设置DNS缓存/ipdnssetprimary-dns="202.103.224.68"secondary-dns="202.103.225.68"allow-remote-requests=yes
#设置MSS值为1440/ipfirewallmangleaddaction="change-mss"chain="forward"ment="change-mss"disabled=nonew-mss="1440"protocol="tcp"tcp-flags="syn"
#设置input/ipfirewallmangleaddaction="mark-connection"chain="input"ment=""disabled=noin-interface="pppoe-out1"new-connection-mark="pppoe-out1_conn"passthrough=yes/ipfirewallmangleaddaction="mark-connection"chain="input"ment=""disabled=noin-interface="pppoe-out2"new-connection-mark="pppoe-out2_conn"passthrough=yes
#设置output/ipfirewallmangleaddaction="mark-routing"chain="output"ment=""connection-mark="pppoe-out1_conn"disabled=nonew-routing-mark="to_pppoe-out1"passthrough=yes/ipfirewallmangleaddaction="mark-routing"chain="output"ment=""connection-mark="pppoe-out2_conn"disabled=nonew-routing-mark="to_pppoe-out2"passthrough=yes
#PCC设置/ipfirewallmangleaddaction="mark-connection"chain="prerouting"ment=""disabled=nodst-address-type="!
local"in-interface="lan1"new-connection-mark="pppoe-out1_conn"passthrough=yesper-connection-classifier="both-addresses:
2/0"src-address="192.168.1.0/24"/ipfirewallmangleaddaction="mark-connection"chain="prerouting"ment=""disabled=nodst-address-type="!
local"in-interface="lan1"new-connection-mark="pppoe-out2_conn"passthrough=yesper-connection-classifier="both-addresses:
2/1"src-address="192.168.1.0/24"
/ipfirewallmangleaddaction="mark-routing"chain=preroutingment=""connection-mark="pppoe-out1_conn"disabled=noin-interface="lan1"new-routing-mark="to_pppoe-out1"passthrough=yessrc-address="192.168.1.0/24"/ipfirewallmangleaddaction="mark-routing"chain=preroutingment=""connection-mark="pppoe-out2_conn"disabled=noin-interface="lan1"new-routing-mark="to_pppoe-out2"passthrough=yessrc-address="192.168.1.0/24"
/iprouteaddment=1disabled=nodistance=1dst-address="0.0.0.0/0"gateway="pppoe-out1"routing-mark="to_pppoe-out1"check-gateway="ping"/iprouteaddment=2disabled=nodistance=1dst-address="0.0.0.0/0"gateway="pppoe-out2"routing-mark="to_pppoe-out2"check-gateway="ping"
/iprouteaddcheck-gateway="ping"ment="pppoe-out1"disabled=nodistance="10"dst-address="0.0.0.0/0"gateway="pppoe-out1"/iprouteaddcheck-gateway="ping"ment="pppoe-out2"disabled=nodistance="10"dst-address="0.0.0.0/0"gateway="pppoe-out2"
#配置pppoe-out数据转发共享与标记/ipfirewallnataddaction="masquerade"chain="srat"ment="1"disabled=noout-interface="pppoe-out1"/ipfirewallnataddaction="masquerade"chain="srat"ment="2"disabled=noout-interface="pppoe-out2"
升级会员 