前言
接前文RouterOS实现多线负载均衡之后,继续测试异地组网功能。
文章目录[隐藏] 前言 配置详情 效果 前言 目前芬兰的万兆交换机上联还是1G的公网,所以下载需求高的时候有点吃紧。如果要换到上联10G的话机房那边说要按流量计费,对于我们目前每月几百T的流量来说价格较高并不划算。 而每台物理机本身就附赠了1G的上联带宽,同时不计流量,所以考虑通过万兆内网将每台机器的千兆公网进行负载均衡。 之前尝试了爱快的方案,配置很简单,多WAN配置后开启多线负载即可,根据流量负载情况进行分流。但是爱快这边并不支持建立IPIP/GRE通道,考虑到后续的机房直接互联需求,这里决定购买RouterOS的CHR P10版实现多线分流+IPIP通道建立。 配置详情 网络构架 CHR软路由: 千兆公网eth0 IP 95.217.x.100 万兆内网eth1 IP 10.0.0.1 公网主网关 95.217.x.1 @ eth0 distance=1 公网副网关 10.1.1.1~5 @ eth1 distance=2 物理机1~5: 千兆公网eth0 IP 95.217.x.101~105 万兆内网eth1 IP 10.1.2.1~5 开启NAT转发:iptables -t nat -A POSTROUTING -s '10.0.0.0/8' -o vmbr1 -j MASQUERADE 开始配置 先配置路由器的公网和内网IP,然后去IP>Firewall>Mangle,设置分流标记,具体方法如下: 在Mangle下点击新建规则 在General下选择Chain为prerouting,src-address=10.0.0.0/8 在Advance下配置Per Connection Classifier,推荐选both addresses and […]
网络基础信息
CentOS7端,公网IP 5.x.x.x/32,tunnelIP 192.168.100.1/30
RouterOS端,公网IP 95.x.x.x/32,tunnelIP 192.168.100.2/30,内网IP 10.0.0.1/8
开启GRE Tunnel
CentOS端操作
这里用nmtui进行配置,所以:
yum install NetworkManager-tui smartmontools -y systemctl enable NetworkManager systemctl start NetworkManager
然后进nmtui中,新增IP Tunnel:
- Mode:GRE
- Local IP:5.x.x.x
- Remote IP: 95.x.x.x
- IPv4 CONFIGURATION:Manual
- Addresses:192.168.100.1/30
保存后启动tun0即可,验证:
[root@CentOS-78-64-minimal ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
--------
3: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
4: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000
link/gre 5.x.x.x peer 95.x.x.x
inet 192.168.100.1/30 brd 192.168.100.3 scope global noprefixroute tun0
valid_lft forever preferred_lft forever
inet6 fe80::e23e:4e46:a5ab:b1af/64 scope link noprefixroute
valid_lft forever preferred_lft forever
RouterOS端操作
Interface>GRE Tunnel新建,local和remote与CentOS7端反过来即可:
然后在IP>Addresses中添加IP 192.168.100.2/30,Interface选刚刚的GRE Tunnel名即可,验证一下是否能互相ping通:
[root@CentOS-78-64-minimal ~]# ping 192.168.100.2 PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data. 64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=25.0 ms 64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=25.1 ms 64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=25.1 ms 64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=25.1 ms 64 bytes from 192.168.100.2: icmp_seq=5 ttl=64 time=25.1 ms ^C --- 192.168.100.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4004ms rtt min/avg/max/mdev = 25.059/25.121/25.196/0.109 ms
设置路由表
希望CentOS7能访问RouterOS下所有子网,所以添加路由记录:
ip route add 10.0.0.0/8 dev tun0 via 192.168.100.2
Please quote the original link:https://www.liujason.com/article/1134.html
