ros多线路叠加策略pcc超详细教程图文

1、PCC的负载均衡<互联网共享 人人为我 我为人人>这是ros最基本最重要的应用，网络上很多教程都比较笼统,新手基本看不懂!此教程,详细图文+脚本, 新手老手都可以借鉴.通分组源地址和源端口实现负载平衡，这里我们建立2个WAN出口分别是wan1和wan2，内网接口是lan1 网络环境如下：  · ISP1地址10.200.15.99/24，网关：10.200.15.1； · ISP2地址10.200.100.99/24，网关：10.200.100.2； · 内网IP地址192.168.100.1/24； · 启用DNS缓存功

2、能，用192.168.100.1作内网DNS解析； 基本配置首先进入ip address配置IP地址：    Mangle标记配置接下来我们进入ip firewall mangle标记连接和路由，我们使用per-connection-classifier双向地址进行分类做连接分类标记。首先我们需要将进入路由的的链接进行标记如下图，我们进入一条mangle规则，中的advanced标签内容可以看到per-connection-classifier分类器，选择both-addresses的分类：  然后选择dst-address-type

3、=!local，即除了目标地址是本地以前的地址：  注：2条线的分类代码定义是第一条线为2/0，第二条为2/1  同样选择一下地址类型：  下面命令是提取走第一条线路的连接标记取名位1st_conn，并从连接里提取路由标记名位1st_route，设置：per-connection-classifier=both-addresses:2/0, 设置in-interface=lan/ip firewall mangleadd action=mark-connection chain=prerouting comment="&qu

4、ot; disabled=no     in-interface=lan new-connection-mark=1st_conn passthrough=yes     per-connection-classifier=both-addresses:2/0add action=mark-routing chain=prerouting comment="" connection-mark=1st_conn     disabled=no in-interface=lan new-r

5、outing-mark=1st_route passthrough=yes提取走第二条线路的连接标记取名位2nd_conn，并从连接里提取路由标记名位2nd_route，设置：per-connection-classifier=both-addresses:2/1，设置in-interface=lan: /ip firewall mangleadd action=mark-connection chain=prerouting comment="" disabled=no     in-interface=lan new-connection-

6、mark=2nd_conn passthrough=yes     per-connection-classifier=both-addresses:2/1add action=mark-routing chain=prerouting comment="" connection-mark=2nd_conn     disabled=no in-interface=lan new-routing-mark=2nd_route passthrough=yes在winbox在mangle中设置完成后如下： &

7、#160;回程路由设置我们需要将从那个口进入就从相应的口回去，即保证每个外网口的数据能得到正确的路由/ip firewall mangleadd chain=input in-interface=wan1 action=mark-connection new-connection-mark=1st_connadd chain=input in-interface=wan2 action=mark-connection new-connection-mark=2nd_connwinbox设置  标记完进入接口的链接后，将这些链接指定到相应的路由标记上： add chain=o

8、utput connection-mark=1st_conn action=mark-routing new-routing-mark=1st_routeadd chain=output connection-mark=2nd_conn action=mark-routing new-routing-mark=2nd_routewinbox设置  路由配置配置完标记后路由后，我们进入ip route配置路由，首先设置负载均衡的标记路由，首先设置第一条线路的路由标记，设置routing-mark=1st_route：  设置第二条线路的路由标记，设置rou

9、ting-mark=2nd_route：  配置默认网关和备份网关，默认网关的distance设置为1，并设置check-gateway=ping，通过ping监测网关状态:  备份网关的distance设置为2，并设置check-gateway=ping，通过ping监测网关状态:   配置完成后的路由标如下图：  配置nat最后配置nat转换规则，进入ip firewall nat中配置action=masquerade，分别对2条线路做伪装：/ip firewall natadd action=masquer

10、ade chain=srcnat out-interface=wan1add action=masquerade chain=srcnat out-interface=wan2 命令代码如下：# 添加ADSL1的pppoe-out帐户密码并取取消自动添加网关及DNS/interface pppoe-client add name="pppoe-out1" interface="wan1" user="adsl1name" password="adsl1pass" add-default-route=no

11、disabled=no/interface pppoe-client add name="pppoe-out2" interface="wan2" user="adsl2name" password="adsl2pass" add-default-route=no disabled=no# 激活pppoe-out拨号/interface pppoe-client enable pppoe-out1/interface pppoe-client enable pppoe-out2# 添加本地连接配置/ip addre

12、ss add address=192.168.1.254/255.255.255.0 interface=lan1 comment="LAN1"# 设置DNS缓存/ip dns set primary-dns="202.103.224.68" secondary-dns="202.103.225.68" allow-remote-requests=yes# 设置MSS值为1440/ip firewall mangle add action="change-mss" chain="forward"

13、 comment="change-mss" disabled=no new-mss="1440" protocol="tcp" tcp-flags="syn"# 设置input/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out1" new-connection-mark=

14、"pppoe-out1_conn" passthrough=yes/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out2" new-connection-mark="pppoe-out2_conn" passthrough=yes# 设置output/ip firewall mangle add action=&

15、quot;mark-routing" chain="output" comment="" connection-mark="pppoe-out1_conn" disabled=no new-routing-mark="to_pppoe-out1" passthrough=yes/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mar

16、k="pppoe-out2_conn" disabled=no new-routing-mark="to_pppoe-out2" passthrough=yes# PCC设置/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-co

17、nnection-mark="pppoe-out1_conn" passthrough=yes per-connection-classifier="both-addresses:2/0" src-address="192.168.1.0/24" /ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!l

18、ocal" in-interface="lan1" new-connection-mark="pppoe-out2_conn" passthrough=yes per-connection-classifier="both-addresses:2/1" src-address="192.168.1.0/24"/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connec

19、tion-mark="pppoe-out1_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out1" passthrough=yes src-address="192.168.1.0/24"/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-o

20、ut2_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out2" passthrough=yes src-address="192.168.1.0/24"/ip route add comment=1 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out1" routing-mark="to_pppoe-out1" check-gateway="ping" /ip route add comment=2 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out2" routing-mark="to_pppoe-out2" check-gat