ROS负载均衡——PCC
2011-04-02 02:57
148 查看
PCC的负载均衡事例
通分组源地址和源端口实现负载平衡,这里我们建立2个WAN出口分别是wan1和wan2,网络环境如下:ISP1地址10.200.15.99/24,网关:10.200.15.1;
ISP2地址10.200.100.99/24,网关:10.200.100.2;
内网IP地址192.168.100.1/24;
启用DNS缓存功能,用192.168.100.1作内网DNS解析;
基本配置
首先进入ip address配置IP地址:在ip dns setting中配置好DNS缓存,DNS为:61.139.2.69
Mangle标记配置
接下来我们进入ip firewall mangle标记连接和路由,我们使用per-connection-classifier双向地址进行分类做连接分类标记。首先我们需要将进入路由的的链接进行标记
如下图,我们进入一条mangle规则,中的advanced标签内容可以看到per-connection-classifier分类器,选择both-addresses的分类:
然后选择dst-address-type=!local,即除了目标地址是本地以前的地址:
注:2条线的分类代码定义是第一条线为2/0,第二条为2/1
同样选择一下地址类型:
下面命令是提取走第一条线路的连接标记取名位1st_conn,并从连接里提取路由标记名位1st_route,设置:per-connection-classifier=both-addresses:2/0, 设置in-interface=lan
/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no \
in-interface=lan new-connection-mark=1st_conn passthrough=yes \
per-connection-classifier=both-addresses:2/0
add action=mark-routing chain=prerouting comment="" connection-mark=1st_conn \
disabled=no in-interface=lan new-routing-mark=1st_route passthrough=yes
提取走第二条线路的连接标记取名位2nd_conn,并从连接里提取路由标记名位2nd_route,设置:per-connection-classifier=both-addresses:2/1,设置in-interface=lan:
/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no \
in-interface=lan new-connection-mark=2nd_conn passthrough=yes \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=2nd_conn \
disabled=no in-interface=lan new-routing-mark=2nd_route passthrough=yes
在winbox在mangle中设置完成后如下:
回程路由设置
我们需要将从那个口进入就从相应的口回去,即保证每个外网口的数据能得到正确的路由/ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=1st_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=2nd_conn
winbox设置
标记完进入接口的链接后,将这些链接指定到相应的路由标记上:
add chain=output connection-mark=1st_conn action=mark-routing new-routing-mark=1st_route
add chain=output connection-mark=2nd_conn action=mark-routing new-routing-mark=2nd_route
winbox设置
路由配置
配置完标记后路由后,我们进入ip route配置路由,首先设置负载均衡的标记路由,首先设置第一条线路的路由标记,设置routing-mark=1st_route:设置第二条线路的路由标记,设置routing-mark=2nd_route:
配置默认网关和备份网关,默认网关的distance设置为1,并设置check-gateway=ping,通过ping监测网关状态:
备份网关的distance设置为2,并设置check-gateway=ping,通过ping监测网关状态:
配置完成后的路由标如下图:
配置nat
最后配置nat转换规则,进入ip firewall nat中配置action=masquerade,分别对2条线路做伪装:/ip firewall nat
add action=masquerade chain=srcnat out-interface=wan1
add action=masquerade chain=srcnat out-interface=wan2
命令代码如下:
# 添加ADSL1的pppoe-out帐户密码并取取消自动添加网关及DNS/interface pppoe-client add name="pppoe-out1" interface="wan1" user="adsl1name" password="adsl1pass" add-default-route=no disabled=no
/interface pppoe-client add name="pppoe-out2" interface="wan2" user="adsl2name" password="adsl2pass" add-default-route=no disabled=no
# 激活pppoe-out拨号
/interface pppoe-client enable pppoe-out1
/interface pppoe-client enable pppoe-out2
# 添加本地连接配置
/ip address add address=192.168.1.254/255.255.255.0 interface=lan1 comment="LAN1"
# 设置DNS缓存
/ip dns set primary-dns="202.103.224.68" secondary-dns="202.103.225.68" allow-remote-requests=yes
# 设置MSS值为1440
/ip firewall mangle add action="change-mss" chain="forward" comment="change-mss" disabled=no new-mss="1440" protocol="tcp" tcp-flags="syn"
# 设置input
/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out1" new-connection-mark="pppoe-out1_conn" passthrough=yes
/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out2" new-connection-mark="pppoe-out2_conn" passthrough=yes
# 设置output
/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mark="pppoe-out1_conn" disabled=no new-routing-mark="to_pppoe-out1" passthrough=yes
/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mark="pppoe-out2_conn" disabled=no new-routing-mark="to_pppoe-out2" passthrough=yes
# PCC设置
/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-connection-mark="pppoe-out1_conn" passthrough=yes per-connection-classifier="both-addresses:2/0" src-address="192.168.1.0/24"
/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-connection-mark="pppoe-out2_conn" passthrough=yes per-connection-classifier="both-addresses:2/1" src-address="192.168.1.0/24"
/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-out1_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out1" passthrough=yes src-address="192.168.1.0/24"
/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-out2_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out2" passthrough=yes src-address="192.168.1.0/24"
/ip route add comment=1 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out1" routing-mark="to_pppoe-out1" check-gateway="ping"
/ip route add comment=2 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out2" routing-mark="to_pppoe-out2" check-gateway="ping"
/ip route add check-gateway="ping" comment="pppoe-out1" disabled=no distance="10" dst-address="0.0.0.0/0" gateway="pppoe-out1"
/ip route add check-gateway="ping" comment="pppoe-out2" disabled=no distance="10" dst-address="0.0.0.0/0" gateway="pppoe-out2"
# 配置pppoe-out数据转发共享及标记
/ip firewall nat add action="masquerade" chain="srcnat" comment="1" disabled=no out-interface="pppoe-out1"
/ip firewall nat add action="masquerade" chain="srcnat" comment="2" disabled=no out-interface="pppoe-out2"
相关文章推荐
- Solution--Integration of PCC in the IMS
- PCC-F-02081, CMD-LINE: Unterminated option value list or value list was truncated. 错误原因及解决办法
- linux 版本中 i386/i686/x86-64/pcc 等... 的区别
- linux 版本中 i386/i686/x86-64/pcc 等... 的区别
- linux 版本中 i386/i686/x86-64/pcc 等
- routeros pcc 负载均衡资料(3.24及以上版本才支持)
- 策略与计费控制规则(Policy and Charging Control Rule-PCC Rule)解析及模板样例
- 点云压缩入门篇(1):参考软件pcc的编译调试
- linux 版本中 i386/i686/x86-64/pcc 等... 的区别
- PCC
- spark MLlib 概念 1:相关系数( PPMCC or PCC or Pearson's r皮尔森相关系数) and Spearman's correlation(史匹曼等级相关系数)
- RouterOS Vrrp多播及PCC负载均衡
- linux 版本中 i386/i686/x86-64/pcc 等... 的区别
- 关于pro*c编译时报PCC-S-02015
- proc * 11g PCC-S-02015 错误解决方案
- 获得PCC性能大赛背后的RocksDB引擎:5分钟全面了解其原理
- linux 版本中 i386/i686/x86-64/pcc 等... 的区别
- ros之pcc
- PHP.ini安全配置检测工具pcc简单介绍
- linux 版本中 i386/i686/x86-64/pcc 等的区别