1 服务多网卡捆绑策略路由说明
在服务器做bond捆绑的条件下,做策略路由配置。
电信、联通、移动的网络地址分别为:
电信:11.11.11.128/27,对应vlan100
联通:22.22.22.128/27,对应vlan101
移动:33.33.33.128/27,对应vlan102,默认网关在这个方向
每台设备配置三个ip地址,网民请求哪个ip地址,从哪个ip地址回复。
1.1 服务器网卡bond捆绑配置
服务器上面记得卸载一下NetworkManager*,yum remove NetworkManager* -y
创建:/etc/modprobe.d/bond.conf,输入如下内容:
alias bond0 bonding
options bond0 mode=0 miimon=100
这个配置重启才能生效,因此可以先手动使配置生效,执行如下命令:
modprobe bonding
通过对服务器做vlan配置如下:
echo “VLAN=yes” >> /etc/sysconfig/network
然后配置网卡:
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-em1
DEVICE=”em1″
ONBOOT=”yes”
TYPE=”Ethernet”
MASTER=bond0
SLAVE=yes
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-em2
DEVICE=em2
TYPE=Ethernet
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-em3
DEVICE=em3
TYPE=Ethernet
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-em4
DEVICE=em4
TYPE=Ethernet
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
ONBOOT=yes
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-bond0.100
DEVICE=bond0.100
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=11.11.11.137
NETMASK=255.255.255.224
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-bond0.101
DEVICE=bond0.101
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=22.22.22.137
NETMASK=255.255.255.224
[root@BOND-NET-3a2 network-scripts]# cat ifcfg-bond0.102
DEVICE=bond0.102
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=33.33.33.137
NETMASK=255.255.255.224
GATEWAY=33.33.33.129
最终生效结果:
修改/etc/iproute2/rt_tables增加如下配置:
100 CNC
101 TEL
102 CMN
创建一个/etc/sysconfig/iproute2_table,增加如下配置:
route flush table TEL
route add default via 11.11.11.129 table TEL
rule add from 11.11.11.128/27 table TEL
route flush table CNC
route add default via 22.22.22.129 table CNC
rule add from 22.22.22.128/27 table CNC
route flush table CMN
route add default via 33.33.33.129 table CMN
rule add from 33.33.33.128/27 table CMN
修改网卡的启动文件/etc/init.d/network调用此文件:
在# Add non interface-specific static-routes.后面的if块后面【或者# Add non interface-specific static arp entries.这句话前面】
# Add non interface-specific ip rule
if [ -f /etc/sysconfig/iproute2_table ]; then
grep “^route” /etc/sysconfig/iproute2_table | while read ignore args ;do
/sbin/ip route $args
done
grep “^rule” /etc/sysconfig/iproute2_table | while read ignore args ; do
/sbin/ip rule $args
done
fi
输入如下命令:
ip route flush table TEL
ip route add default via 11.11.11.129 table TEL
ip rule add from 11.11.11.128/27 table TEL
ip route flush table CNC
ip route add default via 22.22.22.129 table CNC
ip rule add from 22.22.22.128/27 table CNC
ip route flush table CMN
ip route add default via 33.33.33.129 table CMN
ip rule add from 33.33.33.128/27 table CMN
[root@BOND-NET-3a2 network-scripts]# ip rule
0: from all lookup local
32763: from 33.33.33.128/27 lookup CMN
32764: from 22.22.22.128/27 lookup CNC
32765: from 11.11.11.128/27 lookup TEL
32766: from all lookup main
32767: from all lookup default
[root@BOND-NET-3a2 network-scripts]# ip route show table TEL
default via 11.11.11.129 dev bond0.100
[root@BOND-NET-3a2 network-scripts]# ip route show table CNC
default via 22.22.22.129 dev bond0.101
[root@BOND-NET-3a2 network-scripts]# ip route show table CMN
default via 33.33.33.129 dev bond0.102
1.2 juniper交换机千兆端口捆绑配置
这里以juniper为例
set vlans vlancmn description Yewu-cmn-ip
set vlans vlancmn vlan-id 102
set vlans vlancmn l3-interface irb.102
set vlans vlancnc description Yewu-cnc-ip
set vlans vlancnc vlan-id 101
set vlans vlancnc l3-interface irb.101
set vlans vlanipmi description IPMI-vlan
set vlans vlantel vlan-id 100
set vlans vlantel l3-interface irb.100
set interfaces irb unit 100 family inet address 11.11.11.129/27
set interfaces irb unit 101 description irbcnc
set interfaces irb unit 101 family inet address 22.22.22.129/27
set interfaces irb unit 102 description irbcmn
set interfaces irb unit 102 family inet address 33.33.33.129/27
set interfaces ae7 unit 0 description BGP-JS-YZ2-3a2-bond0
set interfaces ae7 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae7 unit 0 family ethernet-switching vlan members vlantel
set interfaces ae7 unit 0 family ethernet-switching vlan members vlancnc
set interfaces ae7 unit 0 family ethernet-switching vlan members vlancmn
set interfaces ge-0/0/28 description BGP-JS-YZ2-3a2
set interfaces ge-0/0/28 ether-options 802.3ad ae7
set interfaces ge-0/0/29 description BGP-JS-YZ2-3a2
set interfaces ge-0/0/29 ether-options 802.3ad ae7
set interfaces ge-0/0/30 description BGP-JS-YZ2-3a2
set interfaces ge-0/0/30 ether-options 802.3ad ae7
set interfaces ge-0/0/31 description BGP-JS-YZ2-3a2
set interfaces ge-0/0/31 ether-options 802.3ad ae7
配置上联点对点:
set interfaces xe-0/2/0 unit 0 description Uplink-To-Tel
set interfaces xe-0/2/0 unit 0 family inet address 10.100.2.118/30
set interfaces xe-0/2/1 unit 0 description Uplink-To-CNC
set interfaces xe-0/2/1 unit 0 family inet address 10.100.2.122/30
set interfaces xe-0/2/2 unit 0 description Uplink-To-CMN
set interfaces xe-0/2/2 unit 0 family inet address 10.100.2.126/30
配置策略路由:
set firewall family inet filter PR term cmn_src from source-address 33.33.33.128/27
set firewall family inet filter PR term cmn_src then log
set firewall family inet filter PR term cmn_src then routing-instance cmn_route_table
set firewall family inet filter PR term cnc_src from source-address 22.22.22.128/27
set firewall family inet filter PR term cnc_src then log
set firewall family inet filter PR term cnc_src then routing-instance cnc_route_table
set firewall family inet filter PR term tel_src from source-address 11.11.11.128/27
set firewall family inet filter PR term tel_src then log
set firewall family inet filter PR term tel_src then routing-instance tel_route_table
set firewall family inet filter PR term default then accept
set routing-options rib-groups fbf-group import-rib cmn_route_table.inet.0
set routing-options rib-groups fbf-group import-rib cnc_route_table.inet.0
set routing-options rib-groups fbf-group import-rib tel_route_table.inet.0
set routing-instances cmn_route_table instance-type forwarding
set routing-instances cmn_route_table routing-options static route 0.0.0.0/0 next-hop 10.100.2.125
set routing-instances cnc_route_table instance-type forwarding
set routing-instances cnc_route_table routing-options static route 0.0.0.0/0 next-hop 10.100.2.121
set routing-instances tel_route_table instance-type forwarding
set routing-instances tel_route_table routing-options static route 0.0.0.0/0 next-hop 10.100.2.117
set interfaces irb unit 100 family inet filter input PR
set interfaces irb unit 101 family inet filter input PR
set interfaces irb unit 102 family inet filter input PR
2 服务单网卡策略路由说明
在服务器单网卡条件下,做策略路由配置。
电信、联通、移动的网络地址分别为:
电信:44.44.44.64/27,对应vlan100
联通:55.55.55.32/27,对应vlan101
移动:66.66.66.32/27,对应vlan102,默认网关在这个方向
每台设备配置三个ip地址,网民请求哪个ip地址,从哪个ip地址回复。
2.1 服务器策略路由配置
服务器上面记得卸载一下NetworkManager*
yum remove NetworkManager* -y
配置服务器支持vlan:
echo ‘VLAN=yes’ >> /etc/sysconfig/network
[root@XG-NET-ii1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p4p1
TYPE=Ethernet
BOOTPROTO=static
NAME=p4p1
DEVICE=p4p1
ONBOOT=yes
[root@XG-NET-ii1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p4p1.100
NAME=p4p1.100
DEVICE=p4p1.100
ONBOOT=yes
IPADDR=44.44.44.66
NETMASK=255.255.255.224
[root@XG-NET-ii1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p4p1.101
NAME=p4p1.101
DEVICE=p4p1.101
ONBOOT=yes
IPADDR=55.55.55.34
NETMASK=255.255.255.224
[root@XG-NET-ii1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p4p1.102
TYPE=Ethernet
NAME=p4p1.102
DEVICE=p4p1.102
ONBOOT=yes
IPADDR=66.66.66.34
NETMASK=255.255.255.224
GATEWAY=66.66.66.33
DNS1=218.201.96.130
DNS2=223.5.5.5
修改/etc/iproute2/rt_tables增加如下配置:
100 TEL
101 CNC
102 CMN
输入如下命令:
ip route flush table TEL
ip route add default via 44.44.44.65 table TEL
ip rule add from 44.44.44.64/27 table TEL
ip route flush table CNC
ip route add default via 55.55.55.33 table CNC
ip rule add from 55.55.55.32/27 table CNC
ip route flush table CMN
ip route add default via 66.66.66.33 table CMN
ip rule add from 66.66.66.32/27 table CMN
创建一个/etc/sysconfig/iproute2_table,增加如下配置:
route flush table TEL
route add default via 44.44.44.65 table TEL
rule add from 44.44.44.64/27 table TEL
route flush table CNC
route add default via 55.55.55.33 table CNC
rule add from 55.55.55.32/27 table CNC
route flush table CMN
route add default via 66.66.66.33 table CMN
rule add from 66.66.66.32/27 table CMN
修改网卡的启动文件/etc/init.d/network调用此文件:
在# Add non interface-specific static-routes.后面的if块后面【或者# Add non interface-specific static arp entries.这句话前面】
# Add non interface-specific ip rule
if [ -f /etc/sysconfig/iproute2_table ]; then
grep “^route” /etc/sysconfig/iproute2_table | while read ignore args ;do
/sbin/ip route $args
done
grep “^rule” /etc/sysconfig/iproute2_table | while read ignore args ; do
/sbin/ip rule $args
done
fi
[root@XG-net-ii1 ~]# ip rule
0: from all lookup local
32763: from 66.66.66.32/27 lookup CMN
32764: from 55.55.55.32/27 lookup CNC
32765: from 44.44.44.64/27 lookup TEL
32766: from all lookup main
32767: from all lookup default
[root@XG-net-ii1 ~]#
[root@XG-net-ii1 ~]# ip route show table TEL
default via 44.44.44.65 dev p4p1.100
[root@XG-net-ii1 ~]# ip route show table CNC
default via 55.55.55.33 dev p4p1.101
[root@XG-net-ii1 ~]# ip route show table CMN
default via 66.66.66.33 dev p4p1.102
本文档pdf版本点击下载