多ISP接入负载均衡分流冗余小实验.doc

刚刚学到的一个小实验，分享给大家，也是一个真实的项目，自己做不出来，路由器是ASR1004的，后来是一思科的工程师帮做的，做完后我把配置拷回来研究了几天。人笨，呵呵，现在跟大家一起分享！最后实现的功能是如果你在内网的电脑访问的是电信的网站，路由会自动把你的数据走电信，如果你访问的网站是移动的话路由也会把你的数据走移动！优先走电信，如果电信断了的话会自动走移动！忘了给PC加IP了，PC5的IP 是/24，PC9的是/24按图先把IP配置好。然后我们就到R4上！1.配置路由ip route 60 这是静态路由，指向R2的，优先级是60（高）ip route 80这是静态路由，指向R3的，优先级是80（低）ip route 明细路由，指向电信的，如果你访问的网站是，那路由不会把你的包放给R3.因为我这里有一条明细路由ip route 明细路由，指向移动的，如果你访问的网站是，那路由不会把你的包放给R2.因为我这里有一条明细路由2.配置ACLaccess-list 1 permit 55access-list 2 permit access-list 3 permit 这里的ACL我不想多说了，不会的自己去看一下ACL怎么写的吧！3.配置route-maproute-map R2_map permit 10 配置一个route-map，名字叫R2_map match ip address 1 匹配的IP地址是1，1就是access-list 1 permit 55 match ip next-hop 2匹配的路线是2，就上往那里走的意思，2就是access-list 2 permit =route-map R3_map permit 10 （同上） match ip address 1（同上） match ip next-hop 3（同上）4.配置地址池ip nat pool R2_pool 0 0 netmask ip nat pool R3_pool 0 0 netmask 假设电信给的IP是0-0假设移动给的IP是0-05.配置NATip nat inside source route-map R2_map pool R2_poolip nat inside source route-map R3_map pool R3_poolNAT我也不想多说，大家不会的看一下NAT6.应用到接口interface FastEthernet0/0 ip address 54 ip nat inside ip virtual-reassembly duplex auto speed auto！interface Serial1/0 ip address ip nat outside ip virtual-reassembly serial restart-delay 0!interface Serial1/2 ip address ip nat outside ip virtual-reassembly serial restart-delay 0红色部分和IP地址是我加的，其他的都是路由自己默认的不关我的事！默认配置就到这里完了，现在我们去配置ISP（一般ISP你是动不了的，我这里只是模仿ISP，）其实说白了也就是在路由上加一条默认路由R2上ip route R3上ip route 所有配置完成，接下来开始测试我们预先说的效果我们先用PC9，PC5去测试ISP1（R2）ISP2（R3）的环回口PC9PC5都通了，说明网络都OK。再traceroutePC9PC5在这里我们可以看得到，如果你PC访问的流量是电信（R2）的话，数据包会走电信，移动同理！这样就实现了我们刚才说的“如果你访问的网站是移动的话路由也会把你的数据走移动！优先走电信，如果电信断了的话会自动走移动！”同时也是负载均衡。然后我们再看一下冗余如果电信的线断了，我这里把R2的S1/2 shutdown然后我们再去各个PC那边PING和traceroute，如果电信（R2）断的话数据包会发给R3，然后再经过国际互联网再到R2.我们看一下是不是这样！PC9已经走R3了，也就是包已经经过了国际互联网再到R2.跟我们想的一样。再看一下PC5的。PC5也是一样！如果移动（R3）的断了的话也会跟我们所想的情况一样，这个就留给大家去测试了，希望大家能成功！下面把所有配置给发上来给你们看！希望能帮到大家R4#show running-config Building configuration.Current configuration : 1923 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R4!boot-start-markerboot-end-marker!enable secret 5 $1$r8iD$7yw0nPXmtUlmZTRkbddte.!no aaa new-modelmemory-size iomem 5ip cef!no ip domain lookupip auth-proxy max-nodata-conns 3ip admission max-nodata-conns 3!multilink bundle-name authenticated! !archive log config hidekeys! !interface FastEthernet0/0 ip address 54 ip nat inside ip virtual-reassembly duplex auto speed auto!interface FastEthernet0/1 no ip address shutdown duplex auto speed auto!interface Serial1/0 ip address ip nat outside ip virtual-reassembly serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 ip address ip nat outside ip virtual-reassembly serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip forward-protocol ndip route 60ip route 80ip route ip route !ip http serverno ip http secure-serverip nat pool R2_pool 0 0 netmask ip nat pool R3_pool 0 0 netmask ip nat inside source route-map R2_map pool R2_poolip nat inside source route-map R3_map pool R3_pool!access-list 1 permit 55access-list 2 permit access-list 3 permit !route-map R3_map permit 10 match ip address 1 match ip next-hop 3!route-map R2_map permit 10 match ip address 1 match ip next-hop 2!control-plane!line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4 password cisco login!endR4#R2#show runBuilding configuration.Current configuration : 1259 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R2!boot-start-markerboot-end-marker!enable secret 5 $1$Xvbz$TZHibb7Kw3WjNyIU4nP4g1!no aaa new-modelmemory-size iomem 5ip cef!no ip domain lookupip auth-proxy max-nodata-conns 3ip admission max-nodata-conns 3!multilink bundle-name authenticated! !archive log config hidekeys! !interface Loopback0 ip address !interface FastEthernet0/0 no ip address shutdown duplex auto speed auto!interface FastEthernet0/1 no ip address shutdown duplex auto speed auto!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 ip address serial restart-delay 0!interface Serial1/2 ip address serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip forward-protocol ndip route !ip http serverno ip http secure-server!control-plane! line con 0 exec-timeout 0 0 logging synchronousline aux 0line vty 0 4 password cisco login!endR2#R3#show running-config Building configuration.Current configuration : 1259 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R3!boot-start-markerboot-end-marker!enable secret 5 $1$tl5o$.ofOSaLVJPpiWnhCYfShk1!no aaa new-modelmemory-size iomem 5ip cef!no ip domain lookupip auth-proxy max-nodata-conns 3ip admission max-nodata-conns 3!multilink bundle-name authenticated! !archive log config hidekeys! !interface Loopback0 ip address 255.255.25