单线多拨/一线多拨需要运营商的支持,可以达到叠加速度(也要运营商支持)以及获取多个IP地址的目的。
ROS可以通过VRRP显示PPPOE多拨,本文虚拟机虚拟ROS以及自建PPPoE服务器,WAN口是ether1,LAN口是ether2,来实现1线3拨以及使用PCC规则来达到负载均衡的效果。
1、VRRP设置
打开“Interfaces” – “VRRP”,点击“+”
添加3个VRRP,name分别为vrrp1,vrrp2,vrrp3
VRRP选项卡分别设置vrrp1的VRID为1,vrrp2的VRID为2,vrrp3的VRID为3
2、PPPoE Client拨号设置
打开“PPP” – “Interface”,点击“+”,选择“PPPoE Client”
创建3个pppoe拨号,name分别为pppoe-out1,pppoe-out2,pppoe-out3,以及Interfaces分别选择vrrp1,vrrp2,vrrp3
Dial out选项卡。分别去掉“Add Default Route”的勾(不添加默认路由)
3、配置LAN ip地址和激活vrrp虚拟接口配置ip地址
打开“IP” – “Addresses”,点击“+”
添加内网LAN:Addess:192.168.1.1/24 Network:192.168.1.0 Interface:ether2
添加外网WAN:Addess:192.168.88.1/24 Network:192.168.88.0 Interface:ether1
添加vrrp1:Addess:192.168.88.11/24 Network:192.168.88.0 Interface:vrrp1
添加vrrp2:Addess:192.168.88.12/24 Network:192.168.88.0 Interface:vrrp2
添加vrrp3:Addess:192.168.88.13/24 Network:192.168.88.0 Interface:vrrp3
PS:Wan口也就是ether1要和vrrp同一个网段的
4、路由设置
打开“IP” – “Routes”,点击“+”
添加3条默认路由Gateway:pppoe-out1,Gateway:pppoe-out2,Gateway:pppoe-out3,分别对标记为R1,R2,R3指定线路
5、标记内网要走的线路以及提取路由标记指定走pppoe线路
打开“ip” – “Firewall” – “Mangle”,点击“+”
添加3条标记规则
Chain选择“prerouting”,Src.Address填写内网ip(我这里是192.168.1.0/24),这边3条标记都是一样的
advanced选项卡,Per Connection Classifier选择“both addresses”
第一条标记:“both addresses”:3/0,
第二条标记:“both addresses”:3/1,
第三条标记:“both addresses”:3/2
Extra选项卡 Dst.Address Type中Address Type选择local,并勾上Invert,表示非本地,三条标记一样
Action选项卡 Action选择“mark connection”,New Connection Mark填写标记名称
第一条标记New Connection Mark填写PCC1
第二条标记New Connection Mark填写PCC2
第三条标记New Connection Mark填写PCC3
新建3条提取路由标记和指定路由的规则
Chain选择“prerouting”,Src. Address填写内网LAN地址,我这里是192.168.1.0/24,Connection Mark填写刚才标记的名称(需要创建3条规则)
第一条Connection Mark填写PCC1
第二条Connection Mark填写PCC2
第三条Connection Mark填写PCC3
这边Action选择“mark routing”,New Routing Mark填写要走pppoe的名称,这边3条规则分别填写R1,R2,R3
以上规则脚本代码:
/ip firewall mangle add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=PCC1 passthrough=yes per-connection-classifier=\ both-addresses:3/0 src-address=192.168.1.0/24 add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=PCC2 passthrough=yes per-connection-classifier=\ both-addresses:3/1 src-address=192.168.1.0/24 add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=PCC3 passthrough=yes per-connection-classifier=\ both-addresses:3/2 src-address=192.168.1.0/24 add action=mark-routing chain=prerouting connection-mark=PCC1 \ new-routing-mark=R1 passthrough=yes src-address=192.168.1.0/24 add action=mark-routing chain=prerouting connection-mark=PCC2 \ new-routing-mark=R3 passthrough=yes src-address=192.168.1.0/24 add action=mark-routing chain=prerouting connection-mark=PCC3 \ new-routing-mark=R2 passthrough=yes src-address=192.168.1.0/24
6、路由回路配置,确保同一个会话的数据从相同出口进出。
新建3条input规则,设置Chain:input,In.Interface选择入口
第一条规则:In.Interface选择pppoe-out1
第二条规则:In.Interface选择pppoe-out2
第三条规则:In.Interface选择pppoe-out3
标记入口连接,action选择mark connection,New Connectin Mark选择对应的标记
第一条规则:New Connectin Mark选择PCC1
第二条规则:New Connectin Mark选择PCC2
第三条规则:New Connectin Mark选择PCC3
新建3条output规则,设置Chain:output,Connectin Mark选择刚才标记的
第一条规则:Connectin Mark选择PCC1
第二条规则:Connectin Mark选择PCC2
第三条规则:Connectin Mark选择PCC3
标记默认路由,action选择mark routing,New Routing Mark选择对应的标记
第一条规则:New Routing Mark选择R1
第二条规则:New Routing Mark选择R2
第三条规则:New Routing Mark选择R3
以上规则脚本代码:
/ip firewall mangle add action=mark-connection chain=input in-interface=pppoe-out1 \ new-connection-mark=PCC1 passthrough=yes add action=mark-connection chain=input in-interface=pppoe-out3 \ new-connection-mark=PCC3 passthrough=yes add action=mark-connection chain=input in-interface=pppoe-out2 \ new-connection-mark=PCC2 passthrough=yes add action=mark-routing chain=output connection-mark=PCC1 new-routing-mark=R1 \ passthrough=yes add action=mark-routing chain=output connection-mark=PCC3 new-routing-mark=R3 \ passthrough=yes add action=mark-routing chain=output connection-mark=PCC2 new-routing-mark=R2 \ passthrough=yes
7、配置nat规则
打开“IP” – “Firewall” -“NAT” ,点击“+”
创建一条规则,Chain选择srcnat
action选项卡,action选择masquerade
以上规则脚本代码:
/ip firewall nat add action=masquerade chain=srcnat
到此差不多结束了。实际环境存在的问题就是当有PPPoE掉线的时候,会导致内网部分网络不通。可以使用脚本来解决。
快速配置脚本
#1.创建100个vrrp
for i from 1 to 100 do={/interface vrrp add comment=(“RP”.$i) interface=ether1 interval=1 name=(“vrrp”.$i) vrid=$i}
#2.修改vrrp 协议
for i from 1 to 100 do={/interface vrrp set v3-protocol=ipv6 numbers=(“vrrp”.$i)}
#3.创建pppoe
for i from 1 to 100 do={/interface pppoe-client add add-default-route=no allow=pap,chap comment=($i) interface=(“vrrp”.$i) max-mtu=1480 name=(“pppoe-out”.$i) user=0755001711 password=88888888 }
#4.设置NAT
for i from 1 to 100 do={/ip firewall nat add chain=srcnat action=masquerade out-interface=(“pppoe-out”.$i) comment=(“pppoe”.$i)}
#5.设置input
for i from 1 to 100 do={/ip firewall mangle add chain=input action=mark-connection new-connection-mark=(“pppoe-out”.$i.”_conn”) passthrough=yes in-interface=(“pppoe-out”.$i) comment=(“input”.$i)}
#6.设置output
for i from 1 to 100 do={/ip firewall mangle add chain=output action=mark-routing new-routing-mark=(“to_pppoe_out”.$i) passthrough=yes connection-mark=(“pppoe-out”.$i.”_conn”) comment=(“output”.$i)}
#7.设置连接标记
for i from 1 to 100 do={/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=(“pppoe-out”.$i.”_conn”) passthrough=yes src-address=192.168.2.0/24 dst-address-type=!local in-interface=bridge1 per-connection-classifier=(“both-addresses:100/”.$i-1) comment=(“pcc”.$i)}
#8.设置路由标记
for i from 1 to 100 do={/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=(“to_pppoe_out”.$i) passthrough=yes src-address=192.168.2.0/24 in-interface=bridge1 connection-mark=(“pppoe-out”.$i.”_conn”) comment=(“pcc”.$i)}
#9.手动设置路由
for i from 1 to 100 do={/ip route add comment=$i disabled=no distance=1 dst-address=”0.0.0.0/0″ gateway=(“pppoe-out”.$i) routing-mark=(“to_pppoe_out”.$i) check-gateway=(“ping”)}
#10.设置路由ping
for i from 1 to 100 do={/ip route add check-gateway=”ping” comment=(“pppoe-out”.$i) disabled=no distance=”10″ dst-address=”0.0.0.0/0″ gateway=(“pppoe-out”.$i)}