科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道电信网通双出口负载分担配置指导

电信网通双出口负载分担配置指导

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

这个配置是在华为的产品上面实现的,可以参考这个配置在Cisco上面做一些调整就可以了。

作者:zdnet安全频道 来源:论坛整理 2008年11月30日

关键字: CISCO

  • 评论
  • 分享微博
  • 分享邮件

  这个配置是在华为的产品上面实现的,可以参考这个配置在Cisco上面做一些调整就可以了。

  负载分担配置指导

  定义监测组,分别监测电信和网通网关:

  进入系统视图,创建detect-group 1,监测电信网关:

<Quidway>system
System View: return to User View with Ctrl+Z.
[Quidway] detect-group 1
[Quidway-detect-group-1]
[Quidway-detect-group-1]detect-list 1 ip address 60.190.80.113
[Quidway-detect-group-1]quit

  创建detect-group 1,监测网通网关:

[Quidway]detect-group 2
[Quidway-detect-group-2]detect-list 1 ip address 221.12.79.49
[Quidway-detect-group-2]quit
[Quidway]

  注:以上以地址60.190.80.113最为电信网关地址,地址221.12.79.49为网通网关地址为例,可以根据实际组网情况修改。

  2.2 配置两条默认路由互为备份,优先走电信线路:

[Quidway]ip route-static 0.0.0.0 0.0.0.0 60.190.80.113 preference 60 detect-group 1
[Quidway]ip route-static 0.0.0.0 0.0.0.0 221.12.79.49 preference 100 detect-group 2

  注:以上以地址60.190.80.113最为电信网关地址,地址221.12.79.49为网通网关地址为例,可以根据实际组网情况修改。

  2.3 配置静态路由与监测组关联,使访问网通流量优先走网通线路:

  以下配置较多,配置过程中可以用实际网通网关地址替换地址221.12.79.49后直接复制粘贴:

ip route-static 58.16.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 58.100.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 58.240.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.0.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.8.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.12.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.13.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.13.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.16.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.24.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.31.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.208.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.216.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 60.220.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.48.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.52.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.54.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.55.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.133.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.134.64.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.134.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.135.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.136.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.138.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.139.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.148.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.149.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.156.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.158.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.159.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.161.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.161.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.162.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.163.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.167.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.168.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.176.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.179.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.180.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.181.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.182.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 61.189.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 124.90.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 124.162.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 192.168.2.246 255.255.255.255 192.168.2.254 preference 60
ip route-static 202.32.0.0 255.224.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.96.64.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.97.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.98.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.99.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.102.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.102.224.0 255.255.254.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.106.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.107.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.108.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.110.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.110.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 202.111.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.79.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.80.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.81.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.86.32.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.86.64.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.90.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.90.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.90.192.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 203.92.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.12.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.12.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.13.0.0 255.255.255.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.14.160.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.14.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.15.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.15.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.16.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.21.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.22.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.51.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.52.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.52.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.53.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.74.64.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.74.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.78.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 210.82.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 211.100.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 211.101.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 211.147.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 211.167.96.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.4.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.10.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.21.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.24.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.26.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.27.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.28.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.56.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.60.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.62.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.67.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.68.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 218.109.159.0 255.255.255.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.141.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.142.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.154.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.156.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.158.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 219.159.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 220.248.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 220.252.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.0.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.4.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.6.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.7.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.8.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.10.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.11.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.12.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.12.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.12.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.192.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.195.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.196.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.199.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.199.32.0 255.255.240.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.199.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.199.192.0 255.255.240.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.200.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.204.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.207.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.208.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.208.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.213.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 221.214.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 222.128.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 222.132.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 222.136.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 222.160.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2
ip route-static 222.163.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2 preference 60

  注:以上路由已经包含大部分网通地址段,如有更新可以动态添加。

  经过如上三个配置步骤后,路由器便能自动区分网通流量和电信流量,使访问网通站点走网通线路,访问电信站点走电信线路。并且当网通线路出问题后所有流量都会自动切换到电信线路上,使用户能够不间断访问网络。

  2.4 添加防火墙配置,增加网络的可性:

  2.4.1 定义电信线路使用的acl 3001:

  可以用实际电信网关地址替换地址60.190.80.112,实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:

acl number 3001
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 200 deny tcp destination-port eq www
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 2000 permit ip destination 60.190.80.112 0
rule 2001 permit ip destination 192.168.2.0 0.0.0.255
rule 2002 deny ip

  2.4.2 定义网通线路使用的acl 3002:

  可以用实际网通网关地址替换地址221.12.79.49,实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:

acl number 3002
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 200 deny tcp destination-port eq www
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 2000 permit ip destination 221.12.79.54 0
rule 2001 permit ip destination 192.168.2.0 0.0.0.255
rule 2002 deny ip

  2.4.3 定义内网使用的acl 3003:

  可以用实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:

acl number 3003
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 2030 permit ip source 192.168.2.0 0.0.0.255
rule 3000 deny ip

  2.4.4 在全局和接口下分别启用防火墙:

[Quidway]firewall enable
[Quidway]firewall default deny
[Quidway] interface Ethernet 1/0
[Quidway-Ethernet1/0]firewall packet-filter 3001 inbound
[Quidway-Ethernet1/0]quit
[Quidway]interface Ethernet 2/0
[Quidway-Ethernet2/0]firewall packet-filter 3002 inbound
[Quidway-Ethernet2/0]quit
[Quidway]interface Ethernet 3/0
[Quidway-Ethernet3/0]firewall packet-filter 3003 inbound
[Quidway-Ethernet3/0]

  以上配置为Ethernet 1/0连接电信线路,Ethernet 2/0连接网通线路,Ethernet 3/0连接内网,可以根据实际组网进行调整。

 

    • 评论
    • 分享微博
    • 分享邮件
    VIP专区
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章

    业界热点:

    北京第二十六维信息技术有限公司(至顶网)版权所有. 京ICP备15039648号-7 京ICP证161336号 京公网安备 11010802021500号