Linux 策略路由

1.添加網卡
插入網卡，啟動機器，修改/etc/modules.conf并加入
alias eth2 driver.o
2.配置adsl撥號
通過adsl-setup程序創建ppp0和ppp1的撥號配置文件，并保存配置。
修改/etc/sysconfig/network-script/ifcfg-ppp*文件，將其中的PIDFILE參數設為：
PIDFILE=/var/run/ppp-adsl*.pid
其中*對應0、1等
如果不修改此參數將無法啟動第二個ppp接口。

3.啟動ppp接口
因為adsl-start 命令缺省只能啟動第一的ppp接口。所以要啟動兩個接口，必須指定配置文件。
adsl-start /etc/sysconfig/network-script/ifcfg-ppp0
adsl-start /etc/sysconfig/network-script/ifcfg-ppp1

4.添加路由表
缺省情況下，系統只有3個路由表，local、main、default，路由規則為所有進入的數據報都參照main、defaul來決策路由，這可以通過ip rule ls來查看。其輸出如下：
代碼:
[root@linuxrouter root]# ip rule ls
0: from all lookup local
32766: from all lookup main
32767: from all lookup 253
[root@linuxrouter root]#

要實現策略路由，添加額外的路由表是必須的。
下面兩條命令分別添加名為ppp0和ppp1的路由表。

echo 201 ppp0 >> /etc/iproutes/rt_tables
echo 202 ppp1 >> /etc/iproutes/rt_tables

5.創建路由表項
上面創建的兩個路由表都是空表，需要在其中注入路由表項。
本人編寫了如下腳本用于注入路由表項：

代碼:
#!/bin/bash
# Name: cprt
# This program copy the route from route table to route table,
# exclude the default route entry.

if [ -z "" -o -z "" ]; then
echo $"usage: cprt <source_table> <dest_table>"
exit 1
fi

SOURCE=
DEST=

# Clear the destination route table
echo $"Clearing route table $DEST ......"
echo
/sbin/ip route flush table $DEST

# Inject routes from source to destination
echo $"Injecting route from $SOURCE to $DEST ......"
/sbin/ip route ls table $SOURCE | grep -v default > /tmp/route-tmp
while read line; do
/sbin/ip route add table $DEST $line
done < "/tmp/route-tmp"


把main表中的路由表項復制到ppp0和ppp1中。
將下面命令加入到/etc/rc.d/rc.local中。
cprt main ppp0
cprt main ppp1

此時，兩個路由表中都有相同的路由表項了，除了default路由以外。缺省路由的添加要通過另外的途徑添加。當ppp激活，或者掉線時，pppd守護進程會調用/etc/ppp/目錄下的ip-up、ip-down腳本，這些教本又分別調用ip-up.local、ip-down.local。在此我們利用這兩個腳本來對路由表和流量控制策略進行維護，此腳本需要人工創建。

下面時本例中的腳本：
代碼:
#!/bin/bash
# Name: ip-up.local
# Created by lyking@CU
check_default_route ()
{
LC_ALL=C ip route list table match 0/0 | grep -q default
}


# Determin device here
# We should use IFNAME as the interface name.For some reason, the IFNAME maybe not
# same as the LINKNAME. And the route table should associate with the IFNAME. For
# some conveniency, I name the route table as "ppp0" and "ppp1".
RT_TABLE=$IFNAME


# Add or change static route here
if [ ! `check_default_route $RT_TABLE` ] ; then
ip route change default dev $IFNAME table $RT_TABLE
else
ip route add default dev $IFNAME table $RT_TABLE
fi

# Write some messages for later trubleshooting.
echo >> /var/log/ifchang.log
echo ": $IFNAME going up at `date`." >> /var/log/ifchang.log
echo ": $IFNAME got address: $IPLOCAL, peer address is $IPREMOTE." >> /var/log/ifchang.log
echo ": Table $RT_TABLE default route change to `ip route ls table $RT_TABLE | grep

default`." >> /var/log/ifchang.log

# Refresh routing cache to activating the routing immediately.
ip route flush cache



代碼:
#!/bin/bash
# Name: ip-down.local
# Created by lyking@CU
cd /etc/sysconfig/network-scripts
. network-functions

# Determin device here
# We should use IFNAME as the interface name.For some reason, the IFNAME maybe not
# same as the LINKNAME. And the route table should associate with the IFNAME. For
# some conveniency, I name the route table as "ppp0" and "ppp1".
RT_TABLE=$IFNAME
PPPS="ppp0 ppp1"

# Looking for a valide connection to Internet
DEFAULT_RT=""
for i in $PPPS ; do
echo "Checking $i ..." >> /tmp/if-down.log
if [ ! `is_available $i` ] ; then
echo "$i is available." >> /tmp/if-down.log
DEFAULT_RT=$i
break
fi
done


# Update default route here
if [ $DEFAULT_RT != "" ] ; then
ip route add default dev $DEFAULT_RT table $RT_TABLE
else
ip route del default dev $IFNAME table $RT_TABLE
fi

# Write some messages for later trubleshooting.
echo >> /var/log/ifchang.log
echo ": $IFNAME going down at `date`." >> /var/log/ifchang.log
echo ": Connection lasted $CONNECT_TIME seconds." >> /var/log/ifchang.log
echo ": $BYTES_SENT bytes sent, $BYTES_RCVD bytes received." >> /var/log/ifchang.log
echo ": Table $RT_TABLE default route changed to `ip route ls table $RT_TABLE | grep

default`. " >> /var/log/ifchang.log

# Refresh routing cache to activating the routing immediately.
ip route flush cache


注意，創建完腳本后必須將其屬性改為可執行，否則不會被執行。


6.路由策略的選擇
策略路由可以通過源地址、目標地址、ToS或者fwmark標記來進行選擇。在此，為了利用iptables的強大的過濾功能采用fwmark標記來決策路由。
在/etc/rc.d/rc.local中添加如下命令：
/sbin/ip rule add fwmark 1 table ppp0
/sbin/ip rule add fwmark 2 table ppp1

7.防火墻規則的添加
這里利用的iptables的強大過濾功能來對流量進行標記。本例中僅根據ip地址的奇偶性來拆分流量，根據具體需求，你還可以根據第4層端口號、ToS等來拆分流量。防火墻需要添加如下命令：

代碼:
# Divid traffic to different mark
iptables -t mangle -A PREROUTING -s 10.0.0.0/255.255.255.1 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -s 10.0.0.1/255.255.255.1 -j MARK --set-mark 0x2

# NAT
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE

至此，雙adsl鏈路的熱互備及負載分擔基本完成。

原文轉自：http://www.anti-gravitydesign.com