(原创)网通电信目标地址策略路由完整配置

studyboy

另外，为什么要用SNAT？ 有什么好处呢？

简单的NAT
MASQUERADE 不如SNAT？

studyboy

加个球球吧

576579
^_^

platinum

用 SNAT 要比用 MASQUERADE 快
用 SNAT 却不如 MASQUERADE 有只能选择路由的功能
一般策略路由都用 MASQUERADE 来做，LLB 还须结合 iproute2 才可以

studyboy

oo……
网内就几台机器，简单的就可以拉

另外有个几百台机器的也是这么做的呀，跑了1年没down
有一次把硬盘错拔了出来，看了半天发现拔错机器了，插回去居然没事

hoho

cnadl

偶也说一下：

一般策略路由policy based routing（pbr）指基于策略进行路由（下一跳）选择的路由方式，只要是为了区别基于最长匹配/查找forwoarding表或tcam传统路由方式。

pbr的好处是可以不仅仅根据目的地址进行路由选择，缺点就是慢。

话说回来，看到各位的需求，偶觉得完全不必要上到pbr的层次，传统方式一般就能搞定了（当然，linux偶不熟悉，不是很确定偶地方法是否在linux上通用）。

以双ISP接入（就CT和CNC吧）为例子：

添加到网通的路由条目，然后其它的统统扔到电信，这一步之后，如果没有NAT需求和inbound负载均衡需求的，问题就已经解决了（当然由于进出流量线路可能不一样，会有些小小的问题，不过一般没人用public地址上网^_^，所以我们接着往下看）；

接下来我们看outbound的nat，pat类似不多讨论，一般来说nat都是指定接口的，所以只要对每个需要load balancing的内部源地址，在出去的接口上进行nat即可，配合前面做的路由选择，如果数据通过该接口，则会自行nat为正确地址；

若本身用的就是某ISP的public地址，那么在该接口上不作nat就行了；

最后考虑inbound情况，因为偶们没有f5、radware等设备，只好手动执行静态的lb了，在前面的基础上，这一步只要考虑DNS对某ISP发过来的请求能够回应我们期望的地址即可。至于怎么实现，偶不是bind的牛人，但是似乎也不复杂，希望哪位能来补完。

总结：此方法仅仅执行了静态路由方式的负载均衡，缺点有：不能自动检测是否走了最佳路径（比如CNC哪天加了个地址段，我们又不知道，那里的人就得走电信了）；不能自动检测ISP链路健康（这个倒是可以解决，router上可以做route monitor，linux写个脚本不停ping就行了）；不能基于应用作lb（简单一点的情况是基于端口，那要用pbr，再复杂些直接监视应用恐怕就只有f5了，radware虽然快而且简单易用，但是和应用绑得却不是很紧密）。

此外还有些方案使用BGP的方式，BGP本身就是基于策略的，虽然配置十分复杂，与ISP沟通也有困难，但是如果能克服的话也不失为一种比较好的解决方法，这里就不介绍了。

donetx

恳请楼上讲讲BGP的方式。
我最近尝试用OSPF配制策略路由，我不知道在isp的router上跑的是什么路由协议，我估计是ospf，我想尝试跟isp沟通，这样在我们的网关上维护一个动态的路由表，而且ospf能自动归纳，估计表也不会太她
楼上有什么思路恳请指点

donetx

up

我没那个命

原帖由 "platinum" 发表：
虽然可以实现，但是复杂了，不用 ip 命令创建特殊路由表也可
你只需考虑 2 个步骤即可
1、让到目的地址的路由走指定网卡的指定网关
2、让到那个地址的数据包原地址伪装成相应网卡的外网地址

能说说详细的步骤么？
或者给出脚本？？？

好好先生

原帖由 "我没那个命" 发表：


能说说详细的步骤么？
或者给出脚本？？？

8要总等着别人给你脚本，网上这样的文章和脚本很多，找来研究一下，写出自己适用的脚本，然后就是自己的了。。。。。等着别人给脚本，还是别人的。。。

修理工

#Add the route rules for the  chinanet addresses
ip rule add to 58.32.0.0/13 table 300
ip rule add to 58.40.0.0/15 table 300
ip rule add to 58.42.0.0/16 table 300
ip rule add to 58.43.0.0/16 table 300
ip rule add to 58.44.0.0/14 table 300
ip rule add to 58.48.0.0/13 table 300
ip rule add to 58.56.0.0/15 table 300
ip rule add to 58.58.0.0/16 table 300
ip rule add to 58.59.0.0/17 table 300
ip rule add to 58.60.0.0/14 table 300
ip rule add to 58.208.0.0/12 table 300
ip rule add to 59.32.0.0/13 table 300
ip rule add to 59.40.0.0/15 table 300
ip rule add to 59.42.0.0/16 table 300
ip rule add to 59.43.0.0/16 table 300
ip rule add to 59.44.0.0/14 table 300
ip rule add to 59.48.0.0/16 table 300
ip rule add to 59.49.0.0/17 table 300
ip rule add to 59.49.128.0/17 table 300
ip rule add to 59.50.0.0/16 table 300
ip rule add to 59.51.0.0/17 table 300
ip rule add to 59.51.128.0/17 table 300
ip rule add to 59.52.0.0/14 table 300
ip rule add to 59.56.0.0/14 table 300
ip rule add to 59.60.0.0/15 table 300
ip rule add to 59.62.0.0/15 table 300
ip rule add to 60.160.0.0/15 table 300
ip rule add to 60.162.0.0/15 table 300
ip rule add to 60.164.0.0/15 table 300
ip rule add to 60.168.0.0/13 table 300
ip rule add to 60.176.0.0/12 table 300
ip rule add to 61.132.0.0/16 table 300
ip rule add to 61.133.128.0/17 table 300
ip rule add to 61.134.0.0/18 table 300
ip rule add to 61.134.64.0/19 table 300
ip rule add to 61.136.128.0/17 table 300
ip rule add to 61.137.0.0/17 table 300
ip rule add to 61.138.192.0/18 table 300
ip rule add to 61.139.0.0/17 table 300
ip rule add to 61.139.192.0/18 table 300
ip rule add to 61.140.0.0/14 table 300
ip rule add to 61.144.0.0/14 table 300
ip rule add to 61.152.0.0/14 table 300
ip rule add to 61.157.0.0/16 table 300
ip rule add to 61.159.64.0/18 table 300
ip rule add to 61.159.128.0/17 table 300
ip rule add to 61.160.0.0/16 table 300
ip rule add to 61.161.64.0/18 table 300
ip rule add to 61.164.0.0/15 table 300
ip rule add to 61.166.0.0/16 table 300
ip rule add to 61.169.0.0/16 table 300
ip rule add to 61.170.0.0/15 table 300
ip rule add to 61.172.0.0/14 table 300
ip rule add to 61.177.0.0/16 table 300
ip rule add to 61.178.0.0/16 table 300
ip rule add to 61.180.0.0/17 table 300
ip rule add to 61.183.0.0/16 table 300
ip rule add to 61.184.0.0/14 table 300
ip rule add to 61.188.0.0/16 table 300
ip rule add to 61.189.128.0/17 table 300
ip rule add to 61.190.0.0/15 table 300
ip rule add to 125.64.0.0/13 table 300
ip rule add to 125.72.0.0/16 table 300
ip rule add to 125.80.0.0/13 table 300
ip rule add to 125.88.0.0/13 table 300
ip rule add to 125.104.0.0/13 table 300
ip rule add to 125.112.0.0/12 table 300
ip rule add to 202.96.96.0/21 table 300
ip rule add to 202.96.104.0/21 table 300
ip rule add to 202.96.112.0/20 table 300
ip rule add to 202.96.128.0/21 table 300
ip rule add to 202.96.136.0/21 table 300
ip rule add to 202.96.144.0/20 table 300
ip rule add to 202.96.160.0/21 table 300
ip rule add to 202.96.168.0/21 table 300
ip rule add to 202.96.176.0/20 table 300
ip rule add to 202.96.200.0/21 table 300
ip rule add to 202.96.208.0/20 table 300
ip rule add to 202.96.224.0/21 table 300
ip rule add to 202.97.0.0/21 table 300
ip rule add to 202.97.8.0/21 table 300
ip rule add to 202.97.16.0/20 table 300
ip rule add to 202.97.32.0/19 table 300
ip rule add to 202.97.64.0/19 table 300
ip rule add to 202.97.96.0/20 table 300
ip rule add to 202.97.112.0/20 table 300
ip rule add to 202.98.32.0/21 table 300
ip rule add to 202.98.48.0/20 table 300
ip rule add to 202.98.64.0/19 table 300
ip rule add to 202.98.96.0/21 table 300
ip rule add to 202.98.128.0/19 table 300
ip rule add to 202.98.160.0/21 table 300
ip rule add to 202.98.168.0/21 table 300
ip rule add to 202.98.192.0/21 table 300
ip rule add to 202.98.200.0/21 table 300
ip rule add to 202.98.208.0/20 table 300
ip rule add to 202.98.224.0/21 table 300
ip rule add to 202.98.232.0/21 table 300
ip rule add to 202.98.240.0/20 table 300
ip rule add to 202.99.192.0/21 table 300
ip rule add to 202.100.96.0/21 table 300
ip rule add to 202.100.104.0/21 table 300
ip rule add to 202.100.112.0/20 table 300
ip rule add to 202.100.136.0/21 table 300
ip rule add to 202.100.160.0/21 table 300
ip rule add to 202.100.168.0/21 table 300
ip rule add to 202.100.176.0/20 table 300
ip rule add to 202.100.192.0/21 table 300
ip rule add to 202.100.208.0/20 table 300
ip rule add to 202.100.224.0/19 table 300
ip rule add to 202.101.0.0/18 table 300
ip rule add to 202.101.64.0/19 table 300
ip rule add to 202.101.96.0/19 table 300
ip rule add to 202.101.128.0/18 table 300
ip rule add to 202.101.224.0/21 table 300
ip rule add to 202.102.0.0/19 table 300
ip rule add to 202.102.32.0/19 table 300
ip rule add to 202.102.64.0/18 table 300
ip rule add to 202.103.0.0/21 table 300
ip rule add to 202.103.8.0/21 table 300
ip rule add to 202.103.16.0/20 table 300
ip rule add to 202.103.32.0/19 table 300
ip rule add to 202.103.192.0/19 table 300
ip rule add to 202.103.224.0/21 table 300
ip rule add to 202.104.0.0/15 table 300
ip rule add to 202.107.128.0/17 table 300
ip rule add to 202.109.0.0/16 table 300
ip rule add to 202.110.128.0/18 table 300
ip rule add to 202.111.0.0/17 table 300
ip rule add to 203.130.32.0/19 table 300
ip rule add to 203.212.0.0/20 table 300
ip rule add to 210.192.96.0/19 table 300
ip rule add to 218.4.0.0/15 table 300
ip rule add to 218.6.0.0/16 table 300
ip rule add to 218.13.0.0/16 table 300
ip rule add to 218.14.0.0/15 table 300
ip rule add to 218.16.0.0/14 table 300
ip rule add to 218.20.0.0/16 table 300
ip rule add to 218.21.0.0/17 table 300
ip rule add to 218.22.0.0/15 table 300
ip rule add to 218.30.0.0/15 table 300
ip rule add to 218.62.128.0/17 table 300
ip rule add to 218.63.0.0/16 table 300
ip rule add to 218.64.0.0/15 table 300
ip rule add to 218.66.0.0/16 table 300
ip rule add to 218.67.0.0/17 table 300
ip rule add to 218.70.0.0/15 table 300
ip rule add to 218.72.0.0/13 table 300
ip rule add to 218.80.0.0/12 table 300
ip rule add to 219.128.0.0/12 table 300
ip rule add to 219.144.0.0/13 table 300
ip rule add to 219.152.0.0/15 table 300
ip rule add to 219.159.64.0/18 table 300
ip rule add to 219.159.128.0/17 table 300
ip rule add to 220.160.0.0/11 table 300
ip rule add to 221.224.0.0/13 table 300
ip rule add to 221.232.0.0/14 table 300
ip rule add to 221.236.0.0/15 table 300
ip rule add to 221.238.0.0/16 table 300
ip rule add to 221.239.0.0/17 table 300
ip rule add to 221.239.128.0/17 table 300
ip rule add to 222.72.0.0/15 table 300
ip rule add to 222.74.0.0/16 table 300
ip rule add to 222.75.0.0/16 table 300
ip rule add to 222.76.0.0/14 table 300
ip rule add to 222.80.0.0/15 table 300
ip rule add to 222.82.0.0/16 table 300
ip rule add to 222.83.0.0/17 table 300
ip rule add to 222.83.128.0/17 table 300
ip rule add to 222.84.0.0/16 table 300
ip rule add to 222.85.0.0/17 table 300
ip rule add to 222.85.128.0/17 table 300
ip rule add to 222.86.0.0/15 table 300
ip rule add to 222.88.0.0/15 table 300
ip rule add to 222.90.0.0/15 table 300
ip rule add to 222.92.0.0/14 table 300
ip rule add to 222.168.0.0/15 table 300
ip rule add to 222.172.0.0/17 table 300
ip rule add to 222.172.128.0/17 table 300
ip rule add to 222.173.0.0/16 table 300
ip rule add to 222.174.0.0/15 table 300
ip rule add to 222.176.0.0/13 table 300
ip rule add to 222.184.0.0/13 table 300
ip rule add to 222.208.0.0/13 table 300
ip rule add to 222.216.0.0/15 table 300
ip rule add to 222.218.0.0/16 table 300
ip rule add to 222.219.0.0/16 table 300
ip rule add to 222.220.0.0/15 table 300
ip rule add to 222.222.0.0/15 table 300
ip rule add to 222.240.0.0/13 table 300