官方视频RouterOS PCC负载均衡配置
官方介绍RouterOS v7 PCC负载均衡配置,此视频配置基于RouterOS v7版本,不适用于v7之前版本
关于PCC工作原理可以参见探讨下RouterOS PCC的工作原理与应用延伸
根据视频整理了基本的配置脚本(规则命名有所区别),按照3线pppoe拨号设置(国内建议使用相同运营商的线路做负载均衡)
创建3条pppoe拨号,并设置默认路由的优先级,分别基于ether1,ether2和ether3建立pppoe拨号
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 user=yusong password=yusong
add add-default-route=yes default-route-distance=2 disabled=no interface=ether2 name=pppoe-out2 user=yusong password=yusong
add add-default-route=yes default-route-distance=3 disabled=no interface=ether3 name=pppoe-out3 user=yusong password=yusong
创建路由表,取名route1,route2和route3
/routing table
add disabled=no fib name=route1
add disabled=no fib name=route2
add disabled=no fib name=route3
创建返程的路由标记
/ip firewall mangle
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new in-interface=pppoe-out1 new-connection-mark=pcc1 \
passthrough=yes
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new in-interface=pppoe-out2 new-connection-mark=pcc2 \
passthrough=yes
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new in-interface=pppoe-out3 new-connection-mark=pcc3 \
passthrough=yes
add chain=output action=mark-routing connection-mark=pcc1 new-routing-mark=route1 passthrough=yes
add chain=output action=mark-routing connection-mark=pcc3 new-routing-mark=route3 passthrough=yes
add chain=output action=mark-routing connection-mark=pcc2 new-routing-mark=route2 passthrough=yes
创建lan地址列表,个人喜欢用地址列表创建内网IP地址列表方式标记
/ip firewall address-list
add address=192.168.88.0/24 list=lan
创建PCC连接标记和路由标记,both-addresses感觉更好点,能保障相同的源和目标IP走相同的线路,个人更倾向both-address,有助于目标站点对源IP的校验。
/ip firewall mangle
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local new-connection-mark=pcc1 passthrough=yes per-connection-classifier=both-addresses:3/0 src-address-list=lan
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local new-connection-mark=pcc2 passthrough=yes per-connection-classifier=both-addresses:3/1 src-address-list=lan
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local new-connection-mark=pcc3 passthrough=yes per-connection-classifier=both-addresses:3/2 src-address-list=lan
add chain=prerouting action=mark-routing connection-mark=pcc1 new-routing-mark=route1 passthrough=yes src-address-list=\
lan
add chain=prerouting action=mark-routing connection-mark=pcc3 new-routing-mark=route3 passthrough=yes src-address-list=\
lan
add chain=prerouting action=mark-routing connection-mark=pcc2 new-routing-mark=route2 passthrough=yes src-address-list=\
lan
在返程接入接口的连接标记和PCC连接标记都使用connection-state=new,目的是仅对新建立的连接进行PCC负载均衡,由于新建立标记是new,被PCC负载均衡后,后续相关连接会一直保持和原理的出口建立连接,又能减少标记连接数量和系统开销,
在ip route下完成路由标记和对应路由表的设置
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-table=route1 suppress-hw-offload=no
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 pref-src=”” routing-table=route2 scope=30 \
suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 pref-src=”” routing-table=route3 scope=30 \
suppress-hw-offload=no target-scope=10
最后完成nat配置
/ip firewall nat
add chain=srcnat src-address-list=lan action=masquerade