双ISP接入负载均衡NAT与IP SLA链路检测实验配置.doc

双ISP接入负载均衡NAT与IP SLA链路检测实验配置CE路由器为企业边缘路由器，f0/0,f2/0分别为ISP1，ISP2接口做负载均衡，loopback0接口模拟内部主机。内部流量负载均衡到ISP1与ISP2两条链路上，为模拟出负载均衡流量，CE的loopback0、f0/0、f2/0接口上禁用了快速交换（ip route cache）以及CEF并启用了基于per-packet的负载均衡（ip load-sharing per-packet）。通过在CE路由器上配置IP SLA来检测ISP链路的可用性。Internet-server路由器的loopback0接口模拟internet上的某个server，并且此server也是双ISP接入。CE configurationCE#sh runBuilding configuration.Current configuration : 2288 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname CE!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cefno ip domain lookup!ip sla monitor 1 type echo protocol ipIcmpEcho source-interface FastEthernet0/0ip sla monitor schedule 1 life forever start-time nowip sla monitor 2 type echo protocol ipIcmpEcho source-interface FastEthernet2/0ip sla monitor schedule 2 life forever start-time now!track 1 rtr 1 reachability #将track与ip sla 关联起来，track根据ip sla的返回代码来断定链路UP/DOWN!track 2 rtr 2 reachability!interface Loopback0 ip address 55 ip load-sharing per-packet ip nat inside ip virtual-reassembly no ip route-cache cef no ip route-cache!interface FastEthernet0/0 description isp1 ip address ip load-sharing per-packet ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 description isp2 ip address ip load-sharing per-packet ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto!ip http serverno ip http secure-server!ip route FastEthernet0/0 track 1 #根据track reachability状态UP/DOWN默认路由ip route FastEthernet2/0 track 2ip route 55 FastEthernet0/0 #首先解决IP SLA 检测目标的路由，而后默认路由才能UPip route 55 FastEthernet2/0!ip nat inside source route-map isp1 interface FastEthernet0/0 overloadip nat inside source route-map isp2 interface FastEthernet2/0 overload #通过使用route map来匹配数据包的路由出接口!access-list 1 permit access-list 100 permit ip host host # 此ACL仅用于debug调试!route-map isp2 permit 10 match ip address 1 match interface FastEthernet2/0!route-map isp1 permit 10 match ip address 1 match interface FastEthernet0/0!control-plane!line con 0 logging synchronousline aux 0line vty 0 4 login!EndISP1 configurationISP1#sh runBuilding configuration.Current configuration : 955 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ISP1!boot-start-markerboot-end-marker!no aaa new-model!resource policy!ip cef!no ip domain lookup!interface FastEthernet0/0 ip address duplex half!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 ip address serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 no ip address shutdown duplex half!ip route 55 Serial1/1no ip http serverno ip http secure-server!logging alarm informational!control-plane!line con 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!EndISP2 configurationISP2#sh runBuilding configuration.Current configuration : 955 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ISP2!boot-start-markerboot-end-marker!no aaa new-model!resource policy!ip cef!no ip domain lookup!interface FastEthernet0/0 no ip address shutdown duplex half!interface Serial1/0 ip address serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 ip address duplex half!ip route 55 Serial1/0no ip http serverno ip http secure-server!logging alarm informational!control-plane!line con 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!EndInternet-server configurationInternet-server#sh runBuilding configuration.Current configuration : 1065 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Internet-server!boot-start-markerboot-end-marker!no aaa new-model!resource policy!ip cef!no ip domain lookup!interface Loopback0 ip address 55!interface FastEthernet0/0 no ip address shutdown duplex half!interface Serial1/0 ip address serial restart-delay 0!interface Serial1/1 ip address serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 no ip address shutdown duplex half!ip route Serial1/0ip route Serial1/1no ip http serverno ip http secure-server!logging alarm informational!control-plane!line con 0 logging synchronous