ROS 3.3PCC负载均衡
pcc只能用于同ISP情况下
A基础设置
#接口配置
/ip address add address=192.168.0.1/255.255.255.0 interface=lan comment=lan
/interface pppoe-client
add name="pppoe-out01" max-mtu=1440 max-mru=1440 interface=WAN1 \
user="adsl1" password="adsl1" profile=default \
service-name="" ac-name="" add-default-route=yes dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
add name="pppoe-out02" max-mtu=1440 max-mru=1440 interface=WAN2 \
user="adsl2" password="adsl2" profile=default \
service-name="" ac-name="" add-default-route=yes dial-on-demand=no \
use-peer-dns=no allow=pap,chap,mschap1,mschap2 disabled=no
#DNS配置
/ip dns set primary-dns=202.102.192.68 secondary-dns=202.102.199.68 allow-remote-requests=yes
#路由配置
/ip rout
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01
add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out02
#伪装
/ip firewall nat
add action=masquerade chain=srcnat disabled=no src-address=192.168.0.0/24
B高级配置
/ip firewall mangle
add action=change-mss chain=forward comment="" disabled=no new-mss=1440 protocol=tcp tcp-flags=syn
#标记pcc负载均衡的第一条连接和路由
add chain=prerouting dst-address-type=!local in-interface=lan \
action=mark-connection new-connection-mark=conn1 per-connection-classifier=both-addresses:2/0 passthrough=yes
add chain=prerouting connection-mark=conn1 in-interface=lan \
action=mark-routing new-routing-mark=rout1 passthrough=yes
#标记pcc负载均衡的第二条连接和路由
add chain=prerouting dst-address-type=!local in-interface=lan \
action=mark-connection new-connection-mark=conn2 per-connection-classifier=both-addresses:2/1 passthrough=yes
add chain=prerouting connection-mark=conn2 in-interface=lan \
action=mark-routing new-routing-mark=rout2 passthrough=yes
#配置路由指向
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01 routing-mark=rout1 check-gateway=ping
add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out02 routing-mark=rout2 check-gateway=ping
C为了使内网服务器可以被内外网的机器正常访问 设置回程路由
#标记连接先
add chain=input in-interface=pppoe-out01 action=mark-connection new-connection-mark=conn1 passthrough=yes
add chain=input in-interface=pppoe-out02 action=mark-connection new-connection-mark=conn2 passthrough=yes
#对上述的连接做路由标记
add chain=output connection-mark=conn1 action=mark-routing new-routing-mark=rout1 passthrough=yes
add chain=output connection-mark=conn2 action=mark-routing new-routing-mark=rout2 passthrough=yes
#对上述路由标记做路由指向,前面已配置过路由指向故这里可省略
#/ip route
#add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out01 routing-mark=rout1 check-gateway=ping
#add distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out02 routing-mark=rout2 check-gateway=ping
备注:
当你有多个内网卡的时候,在B高级配置中,每条标记中in-interface=lan就显得不够用了,解决方法是
1,/ip firewall address-list add list=lan address=192.168.1.0/24
/ip firewall address-list add list=lan address=192.168.2.0/24
2,在#标记pcc负载均衡的第一条连接和路由
add chain=prerouting dst-address-type=!local in-interface=lan \
action=mark-connection new-connection-mark=conn1 per-connection-classifier=both-addresses:2/0 passthrough=yes
add chain=prerouting connection-mark=conn1 in-interface=lan \
action=mark-routing new-routing-mark=rout1 passthrough=yes
#标记pcc负载均衡的第二条连接和路由
add chain=prerouting dst-address-type=!local in-interface=lan \
action=mark-connection new-connection-mark=conn2 per-connection-classifier=both-addresses:2/1 passthrough=yes
add chain=prerouting connection-mark=conn2 in-interface=lan \
action=mark-routing new-routing-mark=rout2 passthrough=yes
中,in-interface=lan替换为src-address-list=lan即可
|
|