资源描述
双ISP接入负载均衡NAT与IP SLA链路检测实验配置
CE路由器为企业边缘路由器,f0/0,f2/0分别为ISP1,ISP2接口做负载均衡,loopback0接口模拟内部主机。内部流量负载均衡到ISP1与ISP2两条链路上,为模拟出负载均衡流量,CE的loopback0、f0/0、f2/0接口上禁用了快速交换(ip route cache)以及CEF并启用了基于per-packet的负载均衡(ip load-sharing per-packet)。通过在CE路由器上配置IP SLA来检测ISP链路的可用性。Internet-server路由器的loopback0接口模拟internet上的某个server,并且此server也是双ISP接入。
CE configuration
CE#sh run
Building configuration...
Current configuration : 2288 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip sla monitor 1
type echo protocol ipIcmpEcho 172.16.2.1 source-interface FastEthernet0/0
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 172.31.2.1 source-interface FastEthernet2/0
ip sla monitor schedule 2 life forever start-time now
!
!
!
!
track 1 rtr 1 reachability #将track与ip sla 关联起来,track根据ip sla的返回代码来断定链路UP/DOWN
!
track 2 rtr 2 reachability
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip load-sharing per-packet
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
interface FastEthernet0/0
description isp1
ip address 172.16.1.1 255.255.255.0
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
description isp2
ip address 172.31.1.1 255.255.255.0
ip load-sharing per-packet
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.1.2 track 1 #根据track reachability状态UP/DOWN默认路由
ip route 0.0.0.0 0.0.0.0 FastEthernet2/0 172.31.1.2 track 2
ip route 172.16.2.1 255.255.255.255 FastEthernet0/0 #首先解决IP SLA 检测目标的路由,而后默认路由才能UP
ip route 172.31.2.1 255.255.255.255 FastEthernet2/0
!
ip nat inside source route-map isp1 interface FastEthernet0/0 overload
ip nat inside source route-map isp2 interface FastEthernet2/0 overload #通过使用route map来匹配数据包的路由出接口
!
access-list 1 permit 1.1.1.1
access-list 100 permit ip host 1.1.1.1 host 3.3.3.3 # 此ACL仅用于debug调试
!
route-map isp2 permit 10
match ip address 1
match interface FastEthernet2/0
!
route-map isp1 permit 10
match ip address 1
match interface FastEthernet0/0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
End
ISP1 configuration
ISP1#sh run
Building configuration...
Current configuration : 955 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
duplex half
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.2.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
ip route 3.3.3.3 255.255.255.255 Serial1/1
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
End
ISP2 configuration
ISP2#sh run
Building configuration...
Current configuration : 955 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 172.31.2.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 172.31.1.2 255.255.255.0
duplex half
!
ip route 3.3.3.3 255.255.255.255 Serial1/0
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
End
Internet-server configuration
Internet-server#sh run
Building configuration...
Current configuration : 1065 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet-server
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 172.16.2.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 172.31.2.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
ip route 172.16.0.0 255.255.0.0 Serial1/0
ip route 172.31.0.0 255.255.0.0 Serial1/1
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
End
Show信息
Debug测试
走F2/0的包,源IP被NAT成ISP2接口IP
走F0/0的包,源IP被NAT成ISP1接口IP
Shutdown internet-server路由器的S1/0接口,测试IP SLA
由于IP SLA monitor 1 检测目标ping不同,ISP1的默认路由DOWN掉,只剩下ISP2的默认路由
IP SLA monitor 1 return code为timeout,track 1 reachability为down,因此ISP1默认路由DOWN掉
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
