首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
网络知识 :: 网络管理

电信网通双出口负载分担配置指导


http://www.gipsky.com/
这个配置是在华为的产品上面实现的,可以参考这个配置在Cisco上面做一些调整就可以了。



  <B>负载分担配置指导</B>



  定义监测组,分别监测电信和网通网关:



  进入系统视图,创建detect-group 1,监测电信网关:



<Quidway>system

System View: return to User View with Ctrl Z.

[Quidway] detect-group 1

[Quidway-detect-group-1]

[Quidway-detect-group-1]detect-list 1 ip address 60.190.80.113

[Quidway-detect-group-1]quit





  创建detect-group 1,监测网通网关:



[Quidway]detect-group 2

[Quidway-detect-group-2]detect-list 1 ip address 221.12.79.49

[Quidway-detect-group-2]quit

[Quidway]





  注:以上以地址60.190.80.113最为电信网关地址,地址221.12.79.49为网通网关地址为例,可以根据实际组网情况修改。



   配置两条默认路由互为备份,优先走电信线路:



[Quidway]ip route-static 0.0.0.0 0.0.0.0 60.190.80.113 preference 60 detect-group 1

[Quidway]ip route-static 0.0.0.0 0.0.0.0 221.12.79.49 preference 100 detect-group 2





  注:以上以地址60.190.80.113最为电信网关地址,地址221.12.79.49为网通网关地址为例,可以根据实际组网情况修改。



   配置静态路由与监测组关联,使访问网通流量优先走网通线路:



  以下配置较多,配置过程中可以用实际网通网关地址替换地址221.12.79.49后直接复制粘贴:



ip route-static 58.16.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 58.100.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 58.240.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.0.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.8.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.12.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.13.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.13.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.16.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.24.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.31.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.208.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.216.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 60.220.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.48.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.52.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.54.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.55.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.133.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.134.64.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.134.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.135.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.136.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.138.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.139.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.148.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.149.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.156.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.158.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.159.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.161.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.161.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.162.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.163.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.167.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.168.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.176.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.179.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.180.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.181.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.182.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 61.189.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 124.90.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 124.162.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 192.168.2.246 255.255.255.255 192.168.2.254 preference 60

ip route-static 202.32.0.0 255.224.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.96.64.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.97.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.98.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.99.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.102.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.102.224.0 255.255.254.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.106.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.107.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.108.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.110.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.110.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 202.111.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.79.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.80.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.81.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.86.32.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.86.64.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.90.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.90.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.90.192.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 203.92.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.12.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.12.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.13.0.0 255.255.255.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.14.160.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.14.192.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.15.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.15.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.16.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.21.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.22.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.51.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.52.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.52.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.53.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.74.64.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.74.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.78.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 210.82.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 211.100.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 211.101.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 211.147.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 211.167.96.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.4.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.10.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.21.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.24.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.26.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.27.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.28.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.56.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.60.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.62.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.67.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.68.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 218.109.159.0 255.255.255.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.141.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.142.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.154.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.156.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.158.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 219.159.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 220.248.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 220.252.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.0.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.4.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.6.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.7.128.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.8.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.10.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.11.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.12.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.12.0.0 255.255.128.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.12.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.192.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.195.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.196.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.199.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.199.32.0 255.255.240.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.199.128.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.199.192.0 255.255.240.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.200.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.204.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.207.0.0 255.255.192.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.208.0.0 255.240.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.208.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.213.0.0 255.255.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 221.214.0.0 255.254.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 222.128.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 222.132.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 222.136.0.0 255.248.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 222.160.0.0 255.252.0.0 221.12.79.49 preference 60 detect-group 2

ip route-static 222.163.0.0 255.255.224.0 221.12.79.49 preference 60 detect-group 2

ip route-static 0.0.0.0 0.0.0.0 20.1.1.2 preference 60





  注:以上路由已经包含大部分网通地址段,如有更新可以动态添加。



  经过如上三个配置步骤后,路由器便能自动区分网通流量和电信流量,使访问网通站点走网通线路,访问电信站点走电信线路。并且当网通线路出问题后所有流量都会自动切换到电信线路上,使用户能够不间断访问网络。

添加防火墙配置,增加网络的可性:



   定义电信线路使用的acl 3001:



  可以用实际电信网关地址替换地址60.190.80.112,实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:



acl number 3001

rule 10 deny tcp destination-port eq 445

rule 11 deny udp destination-port eq 445

rule 20 deny tcp destination-port eq 135

rule 21 deny udp destination-port eq 135

rule 30 deny tcp destination-port eq 137

rule 31 deny udp destination-port eq netbios-ns

rule 40 deny tcp destination-port eq 138

rule 41 deny udp destination-port eq netbios-dgm

rule 50 deny tcp destination-port eq 139

rule 51 deny udp destination-port eq netbios-ssn

rule 61 deny udp destination-port eq tftp

rule 70 deny tcp destination-port eq 593

rule 80 deny tcp destination-port eq 4444

rule 90 deny tcp destination-port eq 707

rule 100 deny tcp destination-port eq 1433

rule 101 deny udp destination-port eq 1433

rule 110 deny tcp destination-port eq 1434

rule 111 deny udp destination-port eq 1434

rule 120 deny tcp destination-port eq 5554

rule 130 deny tcp destination-port eq 9996

rule 141 deny udp source-port eq bootps

rule 160 permit icmp icmp-type echo

rule 161 permit icmp icmp-type echo-reply

rule 162 permit icmp icmp-type ttl-exceeded

rule 165 deny icmp

rule 200 deny tcp destination-port eq www

rule 202 deny tcp destination-port eq ftp

rule 204 deny tcp destination-port eq 3389

rule 2000 permit ip destination 60.190.80.112 0

rule 2001 permit ip destination 192.168.2.0 0.0.0.255

rule 2002 deny ip





   定义网通线路使用的acl 3002:



  可以用实际网通网关地址替换地址221.12.79.49,实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:



acl number 3002

rule 10 deny tcp destination-port eq 445

rule 11 deny udp destination-port eq 445

rule 20 deny tcp destination-port eq 135

rule 21 deny udp destination-port eq 135

rule 30 deny tcp destination-port eq 137

rule 31 deny udp destination-port eq netbios-ns

rule 40 deny tcp destination-port eq 138

rule 41 deny udp destination-port eq netbios-dgm

rule 50 deny tcp destination-port eq 139

rule 51 deny udp destination-port eq netbios-ssn

rule 61 deny udp destination-port eq tftp

rule 70 deny tcp destination-port eq 593

rule 80 deny tcp destination-port eq 4444

rule 90 deny tcp destination-port eq 707

rule 100 deny tcp destination-port eq 1433

rule 101 deny udp destination-port eq 1433

rule 110 deny tcp destination-port eq 1434

rule 111 deny udp destination-port eq 1434

rule 120 deny tcp destination-port eq 5554

rule 130 deny tcp destination-port eq 9996

rule 141 deny udp source-port eq bootps

rule 160 permit icmp icmp-type echo

rule 161 permit icmp icmp-type echo-reply

rule 162 permit icmp icmp-type ttl-exceeded

rule 165 deny icmp

rule 200 deny tcp destination-port eq www

rule 202 deny tcp destination-port eq ftp

rule 204 deny tcp destination-port eq 3389

rule 2000 permit ip destination 221.12.79.54 0

rule 2001 permit ip destination 192.168.2.0 0.0.0.255

rule 2002 deny ip





  定义内网使用的acl 3003:



  可以用实际内网地址网段替换192.168.2.0 0.0.0.255后直接复制粘贴:



acl number 3003

rule 10 deny tcp destination-port eq 445

rule 11 deny udp destination-port eq 445

rule 20 deny tcp destination-port eq 135

rule 21 deny udp destination-port eq 135

rule 30 deny tcp destination-port eq 137

rule 31 deny udp destination-port eq netbios-ns

rule 40 deny tcp destination-port eq 138

rule 41 deny udp destination-port eq netbios-dgm

rule 50 deny tcp destination-port eq 139

rule 51 deny udp destination-port eq netbios-ssn

rule 61 deny udp destination-port eq tftp

rule 70 deny tcp destination-port eq 593

rule 80 deny tcp destination-port eq 4444

rule 90 deny tcp destination-port eq 707

rule 100 deny tcp destination-port eq 1433

rule 101 deny udp destination-port eq 1433

rule 110 deny tcp destination-port eq 1434

rule 111 deny udp destination-port eq 1434

rule 120 deny tcp destination-port eq 5554

rule 130 deny tcp destination-port eq 9996

rule 141 deny udp source-port eq bootps

rule 160 permit icmp icmp-type echo

rule 161 permit icmp icmp-type echo-reply

rule 162 permit icmp icmp-type ttl-exceeded

rule 165 deny icmp

rule 2030 permit ip source 192.168.2.0 0.0.0.255

rule 3000 deny ip





  在全局和接口下分别启用防火墙:



[Quidway]firewall enable

[Quidway]firewall default deny

[Quidway] interface Ethernet 1/0

[Quidway-Ethernet1/0]firewall packet-filter 3001 inbound

[Quidway-Ethernet1/0]quit

[Quidway]interface Ethernet 2/0

[Quidway-Ethernet2/0]firewall packet-filter 3002 inbound

[Quidway-Ethernet2/0]quit

[Quidway]interface Ethernet 3/0

[Quidway-Ethernet3/0]firewall packet-filter 3003 inbound

[Quidway-Ethernet3/0]





  以上配置为Ethernet 1/0连接电信线路,Ethernet 2/0连接网通线路,Ethernet 3/0连接内网,可以根据实际组网进行调整。
<< 中小型机房超温报警解决方案 路由器软件BUG 引起地址冲突故障 >>
API:
gipsky.com& 安信网络
网友个人意见,不代表本站立场。对于发言内容,由发表者自负责任。

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号