假设网络有这样一个需求,同时拥有两条相同运营商的出口(切记在国内是相同运营商),一条8M,一条是25M,为最大化有效利用线路,将两条线路按照流量比例实现权重的路由策略,我们可以通过PCC来实现。
平常我们都是用PCC做多条相同带宽出口的负载均衡,而这次则通过实现比例分配到每条线路上,虽然Nth也可以实现,但Nth缺乏对每条会话的hash算法处理,不能做到相同会话走相同线路,出现不稳定情况。
实现原理比较简单,一条8M,一条是25M,后者大约是前者的3倍出口,所以约等于1:3,那就是要按照1:3的比例分配路由,策略将PCC策略看成4份,然后指定按照1:3的路由策略规则分配。
先定义用户IP地址,通过src-address-list定义
/ip firewall address-list
add address=192.168.88.0/24 list=userip
add address=192.168.80.0/24 list=userip
配置PCC规则,即把2条出口,看成4份数据进行PCC的策略配置,即我们在mangle中配置4组PCC的标记规则,和配置4条负载均衡的规则一样,下面是命令行配置:
/ip firewall mangle
add action=mark-connection
chain=prerouting dst-address-type=!local new-connection-mark=pcc1
passthrough=yes per-connection-classifier=both-addresses:4/0
src-address-list=userip
add action=mark-routing chain=prerouting connection-mark=pcc1 new-routing-mark=r1 passthrough=yes src-address-list=userip
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=pcc2 passthrough=yes per-connection-classifier=both-addresses:4/1 src-address-list=userip
add action=mark-routing chain=prerouting connection-mark=pcc2 new-routing-mark=r2 passthrough=yes src-address-list=userip
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=pcc3 passthrough=yes per-connection-classifier=both-addresses:4/2 src-address-list=userip
add action=mark-routing chain=prerouting connection-mark=pcc3 new-routing-mark=r3 passthrough=yes src-address-list=userip
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=pcc4 passthrough=yes per-connection-classifier=both-addresses:4/3 src-address-list=userip
add action=mark-routing chain=prerouting connection-mark=pcc4 new-routing-mark=r4 passthrough=yes src-address-list=userip
路由配置
其实按照比例的分配关键就在路由设置上,这里我们把网关命名为8M和25M以示区分。将分配好的路由标记按照1:3的比例分配到各条线路上
/ip route
add check-gateway=ping gateway=wan-8M routing-mark=r1
add check-gateway=ping gateway=wan-25M routing-mark=r2
add check-gateway=ping gateway=wan-25M routing-mark=r3
add check-gateway=ping gateway=wan-25M routing-mark=r4
nat配置
配置nat规则类似的操作
/ip firewall nat
add chain=srcnat action=masquerade out-interface=wan-8M
add chain=srcnat action=masquerade out-interface=wan-25M
配置完成后流量几乎按照预想的方式运行 ,这样的操作建议使用到相同类型的出口,不建议在不同运营商出口上采用这样的规则,避免延迟和dns解析等问题。
2023-12-13T11:46:19
2023-12-13T11:48:22
2024-01-02T09:07:42
2024-01-02T09:07:20
2024-01-02T09:06:50
2024-01-02T09:06:26
2024-01-02T09:06:01
2024-01-02T09:05:20
2024-01-02T09:04:49
2024-01-02T09:04:17