设为首页收藏本站网纵官网

网纵论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 12126|回复: 2

[案例分享] ROS+流控分流详细设置方案

  [复制链接]
发表于 2014-3-22 15:54:21 | 显示全部楼层 |阅读模式
基于带宽环境(联通100M,6条20M ADSL),把联通作为默认线路,AD做分流为客户配置策略。

ROS配置
先为联通线路配上IP,routes,DNS,NAT转发
/ip address
add address=218.1.1.2/29 broadcast=218.1.1.55 comment="\C1\AA\CD\A8100M" \
disabled=no interface=unicom network=218.1.1.48
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=218.1.1.54 scope=30 target-scope=10
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=512KiB max-udp-packet-size=50 servers=222.1.1.85,222.1.1.88
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no
为AD做pcc并加上分流ip(192.168.1.100)
/ip firewall mangle
add action=change-mss chain=forward comment="" disabled=no new-mss=1440 \
    protocol=tcp tcp-flags=syn tcp-mss=1441-65535
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con1 passthrough=yes per-connection-classifier=\
    both-addresses:6/0 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con1 \
    disabled=no new-routing-mark=rou1 passthrough=no src-address=\
    192.168.1.100
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con2 passthrough=yes per-connection-classifier=\
    both-addresses:6/1 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con2 \
    disabled=no new-routing-mark=rou2 passthrough=no src-address=\
    192.168.1.100
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con3 passthrough=yes per-connection-classifier=\
    both-addresses:6/2 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con3 \
    disabled=no new-routing-mark=rou3 passthrough=no src-address=\
    192.168.1.100
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con4 passthrough=yes per-connection-classifier=\
    both-addresses:6/3 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con4 \
    disabled=no new-routing-mark=rou4 passthrough=no src-address=\
    192.168.1.100
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con5 passthrough=yes per-connection-classifier=\
    both-addresses:6/4 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con5 \
    disabled=no new-routing-mark=rou5 passthrough=no src-address=\
    192.168.1.100
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=con6 passthrough=yes per-connection-classifier=\
    both-addresses:6/5 src-address=192.168.1.100
add action=mark-routing chain=prerouting comment="" connection-mark=con6 \
    disabled=no new-routing-mark=rou6 passthrough=no src-address=\
  192.168.1.100
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out1 routing-mark=rou1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out2 routing-mark=rou2 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out3 routing-mark=rou3 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out6 routing-mark=rou6 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-out5 routing-mark=rou5 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
  pppoe-out4 routing-mark=rou4 scope=30 target-scope=10


配置内网lan IP
/ip address
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="added by setup" \
  disabled=no interface=lan network=192.168.1.0

接下来做流控配置
流控接线:ros lan口接流控外网口,流控内网口接核心交换机,流控管理口接核心交换机。
管理口设置为192.168.1.105,掩码255.255.255.0.
QQ图片20140322154615.jpg


增加分流代理,192.168.1.100 网关192.168.1.1
dd.jpg

然后用策略向导增加策略。详细步骤请点流控大师--策略向导
http://bbs.netzone.com/thread-1170-1-1.html

PS,建议在所有地址都确保正后调用策略,否则分流失败会导致分流的应用无法正常联网

回复

使用道具 举报

发表于 2017-6-15 15:31:00 | 显示全部楼层
看了一遍原文,不懂;又看了一遍原文,还是不懂。再看了一遍原文,实在不懂。最后看了一遍回帖,懂了我为什么不懂……于是我懂了,人有时候要学会放弃
回复 支持 反对

使用道具 举报

发表于 2017-7-18 16:39:55 | 显示全部楼层

国外uu,国产uu最新地址开放注册了,网站难找



iujlb.com
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|网纵论坛 ( 粤ICP备12009713号  

GMT+8, 2017-8-19 09:53 , Processed in 0.062427 second(s), 29 queries .

Powered by Discuz! X3.2 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表