您的位置:首页 > 职场人生

ROS负载均衡——PCC

2011-04-02 02:57 148 查看

PCC的负载均衡事例

通分组源地址和源端口实现负载平衡,这里我们建立2个WAN出口分别是wan1和wan2,网络环境如下:





ISP1地址10.200.15.99/24,网关:10.200.15.1;

ISP2地址10.200.100.99/24,网关:10.200.100.2;

内网IP地址192.168.100.1/24;

启用DNS缓存功能,用192.168.100.1作内网DNS解析;

基本配置

首先进入ip address配置IP地址:





在ip dns setting中配置好DNS缓存,DNS为:61.139.2.69





Mangle标记配置

接下来我们进入ip firewall mangle标记连接和路由,我们使用per-connection-classifier双向地址进行分类做连接分类标记。

首先我们需要将进入路由的的链接进行标记

如下图,我们进入一条mangle规则,中的advanced标签内容可以看到per-connection-classifier分类器,选择both-addresses的分类:





然后选择dst-address-type=!local,即除了目标地址是本地以前的地址:





注:2条线的分类代码定义是第一条线为2/0,第二条为2/1





同样选择一下地址类型:





下面命令是提取走第一条线路的连接标记取名位1st_conn,并从连接里提取路由标记名位1st_route,设置:per-connection-classifier=both-addresses:2/0, 设置in-interface=lan

/ip firewall mangle

add action=mark-connection chain=prerouting comment="" disabled=no \

in-interface=lan new-connection-mark=1st_conn passthrough=yes \

per-connection-classifier=both-addresses:2/0

add action=mark-routing chain=prerouting comment="" connection-mark=1st_conn \

disabled=no in-interface=lan new-routing-mark=1st_route passthrough=yes

提取走第二条线路的连接标记取名位2nd_conn,并从连接里提取路由标记名位2nd_route,设置:per-connection-classifier=both-addresses:2/1,设置in-interface=lan:

/ip firewall mangle

add action=mark-connection chain=prerouting comment="" disabled=no \

in-interface=lan new-connection-mark=2nd_conn passthrough=yes \

per-connection-classifier=both-addresses:2/1

add action=mark-routing chain=prerouting comment="" connection-mark=2nd_conn \

disabled=no in-interface=lan new-routing-mark=2nd_route passthrough=yes

在winbox在mangle中设置完成后如下:





回程路由设置

我们需要将从那个口进入就从相应的口回去,即保证每个外网口的数据能得到正确的路由

/ip firewall mangle

add chain=input in-interface=wan1 action=mark-connection new-connection-mark=1st_conn

add chain=input in-interface=wan2 action=mark-connection new-connection-mark=2nd_conn

winbox设置





标记完进入接口的链接后,将这些链接指定到相应的路由标记上:

add chain=output connection-mark=1st_conn action=mark-routing new-routing-mark=1st_route

add chain=output connection-mark=2nd_conn action=mark-routing new-routing-mark=2nd_route

winbox设置





路由配置

配置完标记后路由后,我们进入ip route配置路由,首先设置负载均衡的标记路由,首先设置第一条线路的路由标记,设置routing-mark=1st_route:





设置第二条线路的路由标记,设置routing-mark=2nd_route:





配置默认网关和备份网关,默认网关的distance设置为1,并设置check-gateway=ping,通过ping监测网关状态:





备份网关的distance设置为2,并设置check-gateway=ping,通过ping监测网关状态:





配置完成后的路由标如下图:





配置nat

最后配置nat转换规则,进入ip firewall nat中配置action=masquerade,分别对2条线路做伪装:

/ip firewall nat

add action=masquerade chain=srcnat out-interface=wan1

add action=masquerade chain=srcnat out-interface=wan2





命令代码如下:

# 添加ADSL1的pppoe-out帐户密码并取取消自动添加网关及DNS

/interface pppoe-client add name="pppoe-out1" interface="wan1" user="adsl1name" password="adsl1pass" add-default-route=no disabled=no

/interface pppoe-client add name="pppoe-out2" interface="wan2" user="adsl2name" password="adsl2pass" add-default-route=no disabled=no

# 激活pppoe-out拨号

/interface pppoe-client enable pppoe-out1

/interface pppoe-client enable pppoe-out2

# 添加本地连接配置

/ip address add address=192.168.1.254/255.255.255.0 interface=lan1 comment="LAN1"

# 设置DNS缓存

/ip dns set primary-dns="202.103.224.68" secondary-dns="202.103.225.68" allow-remote-requests=yes

# 设置MSS值为1440

/ip firewall mangle add action="change-mss" chain="forward" comment="change-mss" disabled=no new-mss="1440" protocol="tcp" tcp-flags="syn"

# 设置input

/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out1" new-connection-mark="pppoe-out1_conn" passthrough=yes

/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out2" new-connection-mark="pppoe-out2_conn" passthrough=yes

# 设置output

/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mark="pppoe-out1_conn" disabled=no new-routing-mark="to_pppoe-out1" passthrough=yes

/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mark="pppoe-out2_conn" disabled=no new-routing-mark="to_pppoe-out2" passthrough=yes

# PCC设置

/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-connection-mark="pppoe-out1_conn" passthrough=yes per-connection-classifier="both-addresses:2/0" src-address="192.168.1.0/24"

/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-connection-mark="pppoe-out2_conn" passthrough=yes per-connection-classifier="both-addresses:2/1" src-address="192.168.1.0/24"

/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-out1_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out1" passthrough=yes src-address="192.168.1.0/24"

/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-out2_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out2" passthrough=yes src-address="192.168.1.0/24"

/ip route add comment=1 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out1" routing-mark="to_pppoe-out1" check-gateway="ping"

/ip route add comment=2 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out2" routing-mark="to_pppoe-out2" check-gateway="ping"

/ip route add check-gateway="ping" comment="pppoe-out1" disabled=no distance="10" dst-address="0.0.0.0/0" gateway="pppoe-out1"

/ip route add check-gateway="ping" comment="pppoe-out2" disabled=no distance="10" dst-address="0.0.0.0/0" gateway="pppoe-out2"

# 配置pppoe-out数据转发共享及标记

/ip firewall nat add action="masquerade" chain="srcnat" comment="1" disabled=no out-interface="pppoe-out1"

/ip firewall nat add action="masquerade" chain="srcnat" comment="2" disabled=no out-interface="pppoe-out2"
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  负载均衡 职场 ROS 休闲 pcc
相关文章推荐
新的分享
章节导航