路由策略(使用ip rule命令操作路由策略数据库)
传统路由:基于数据包目的地址的路由算法。
基于策略的路由比传统路由在功能上更强大,使用更灵活,它使网络管理员不仅能够根据目的地址而且能够根据报文大小,应用或IP源地址等属性来选择转发路径。
ip rule命令:
策略路由组成:
1)优先级:值越低优先级越高;
2)策略路由规则:从高优先级匹配数据包,若高优先级的路由规则不适用数据包,则向低优先级的路由规则匹配适用性,直至找到匹配适用的路由规则或匹配全部的路由规则。
3)路由表:路由表序号和表名的对应关系在 /etc/iproute2/rt_tables文件
1)显示策略路由规则
# ip rule / ip rule list
ip rule
0: from all lookup local
1000: from all lookup rt-static
10101: from all to 223.5.5.5 lookup rt-eth2.1
#
#
ip rule list
0: from all lookup local
1000: from all lookup rt-static
10101: from all to 223.5.5.5 lookup rt-eth2.1
#
#
2)添加策略路由
# ip rule add
ip rule
0: from all lookup local
1000: from all lookup rt-static
#
# from 网络地址或主机地址 to 网络地址或主机地址:数据包的来自和去往
# dev 网卡 : 来的数据包且是通过br0来的数据包
# table table_name 或 table_num
# pref 优先级
ip rule add from 192.168.0.0/20 to 8.8.8.8 dev br0 table rt-eth2.1 pref 50
#
ip rule
0: from all lookup local
50: from 192.168.0.0/20 to 8.8.8.8 iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
#
# 没有指明数据包的来自地址,默认全部from all
ip rule add dev br0 table rt-eth2.1 pref 100
#
ip rule
0: from all lookup local
50: from 192.168.0.0/20 to 8.8.8.8 iif br0 lookup rt-eth2.1
100: from all iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
3)删除符合条件的策略路由
# ip rule del
ip rule
0: from all lookup local
50: from 192.168.0.0/20 to 8.8.8.8 iif br0 lookup rt-eth2.1
100: from all iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
#
# 根据优先级pref删除策略路由
ip rule del pref 50
#
ip rule
0: from all lookup local
100: from all iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
#
# 根据规则删除策略路由
ip rule del dev br0 table rt-eth2.1
#
# ip rule
0: from all lookup local
1000: from all lookup rt-static
#
#
ip rule
0: from all lookup local
50: from all iif br0 lookup main
100: from all iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
#
# 注意:根据不完整规则删除策略路由,只能删除优先级最高的那一条
# 一般不建议使用不完整规则删除
# ip rule del dev br0
#
ip rule
0: from all lookup local
100: from all iif br0 lookup rt-eth2.1
1000: from all lookup rt-static
#
4)清空全部的策略路由
# ip rule flush
ip rule
0: from all lookup local
1000: from all lookup rt-static
10101: from all to 223.5.5.5 lookup rt-eth2.1
10201: from all to 114.114.114.114 lookup rt-eth2.1
#
# 注意:本地local路由表建立的策略路由会被保留
ip rule flush
#
#
ip rule
0: from all lookup local
#