路由路由脚本自动切换网关,通过ping判断网关的是否存活,来决定切换网关.
一、高级路由
路由路由脚本自动切换网关,通过ping判断网关的是否存活,来决定切换网关
路由脚本雏形:
[root@stu86 lianxi]# cat roswap.sh
#!/bin/bash
while :
do
route del default
route add default dev ppp0 gw 1.1.1.1
while ping -c 1 1.1.1 &> /dev/null
do
sleep 1
done
route del default
route add default dev ppp1 gw 2.2.2.2
while ! ping -c 1.1.1.1 &> /dev/null
do
sleep 1
done
done
[root@stu86 lianxi]#
根据上面路由脚本改进:使用变量是路由脚本可用性提高
[root@stu86 lianxi]# cat roswap.sh
#!/bin/bash
ISP1=1.1.1.1
ISP2=2.2.2.2
$DEV1=ppp0
$DEV2=ppp1
$TIME=1
while :
do
route del default
route add default dev $DEV1 gw $ISP1
while ping -c $ISP1 &> /dev/null
do
sleep $TIME
done
route del default
route add default dev $DEV2 gw $ISP2
while ! ping -c 1 $ISP1 &> /dev/null
do
sleep $TIME
done
done
[root@stu86 lianxi]#
二、网络常用命令
[root@stu86 lianxi]# ifconfig
eth0
inet addr:192.168.0.86
inet6 addr: fe80::219:21ff:fe71:1767/64 Scope:Link
UP BROADCAST RUNNING MULTICAST
RX packets:4123 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
[root@stu86 lianxi]# route -n
Kernel IP routing table
Destination
192.168.179.0
192.168.0.0
172.16.122.0
169.254.0.0
[root@stu86 lianxi]# route add -net 172.16.0.0 netmask 255.255.0.0 dev eth0
[root@stu86 lianxi]# route add -host 172.16.1.1 dev eth0
[root@stu86 lianxi]# route del -net 172.16.0.0 netmask 255.255.0.0 dev eth0
[root@stu86 lianxi]# route del -host 172.16.1.1 dev eth0
[root@stu86 lianxi]# netstat -a|less
[root@stu86 lianxi]# netstat -i
Kernel Interface table
Iface
eth0
lo
vmnet1
vmnet8
[root@stu86 lianxi]#
[root@stu86 lianxi]# netstat -r
Kernel IP routing table
Destination
192.168.179.0
192.168.0.0
172.16.122.0
169.254.0.0
三、网络命令2版将替换unix上的命令
[root@stu86 lianxi]# rpm -q iproute
iproute-2.6.18-9.el5
1)ip=ifconfig
[root@stu86 lianxi]# ip link show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth1:
link/ether 00:ee:ee:00:0a:76 brd ff:ff:ff:ff:ff:ff
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
4: sit0:
link/sit 0.0.0.0 brd 0.0.0.0
5: vmnet1:
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
6: vmnet8:
link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
[root@stu86 lianxi]#
[root@stu86 lianxi]# ip ad sh dev eth0
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.86/24 brd 192.168.0.255 scope global eth0
inet6 fe80::219:21ff:fe71:1767/64 scope link
valid_lft forever preferred_lft forever
[root@stu86 lianxi]# ip route show
192.168.179.0/24 dev vmnet1
192.168.0.0/24 dev eth0
172.16.122.0/24 dev vmnet8
169.254.0.0/16 dev eth0
四、更改IP地址
更改:先down在up
[root@stu86 lianxi]# ip link help
Usage: ip link set DEVICE { up | down |
arp { on | off } |
dynamic { on | off } |
multicast { on | off } |
allmulticast { on | off } |
promisc { on | off } |
trailers { on | off } |
txqueuelen PACKETS |
name NEWNAME |
address LLADDR | broadcast LLADDR |
mtu MTU }
ip link show [ DEVICE ]
[root@stu86 lianxi]# ip link show dev eth0
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
[root@stu86 lianxi]# ip link set dev eth0 down
[root@stu86 lianxi]# ip link set dev eth0 address 00:99:88:77:66:55
[root@stu86 lianxi]# ip link set dev eth0 up
改ip地址:
[root@stu86 lianxi]# ip address add dev eth0 172.16.0.222/24
[root@stu86 lianxi]# ip address show dev eth0
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.86/24 brd 192.168.0.255 scope global eth0
inet 172.16.0.222/24 scope global eth0
inet6 fe80::219:21ff:fe71:1767/64 scope link
valid_lft forever preferred_lft forever
[root@stu86 lianxi]# ip address del dev eth0 172.16.0.222/24
注意:如果要换IP地址,那么就要把原来的IP删除,然后添加一个新IP地址
五、IP路由
[root@stu86 lianxi]# ip route add default dev eth0 via 192.168.0.254
[root@stu86 lianxi]# ip route del default dev eth0 via 192.168.0.254
[root@stu86 lianxi]# ip route add dev eth0 10.0.0.1/32
[root@stu86 lianxi]# ip route del dev eth0 10.0.0.1/32
[root@stu86 lianxi]# ip route add dev eth0 192.168.0.0/16
[root@stu86 lianxi]# ip route del dev eth0 192.168.0.0/16
[root@stu86 lianxi]# ip route show dev eth0
192.168.0.0/24
ss命令
[root@stu86 lianxi]# ss -antlp
[root@stu86 lianxi]# ip route help
Usage: ip route { list | flush } SELECTOR
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ]
ip route { add | del | change | append | replace | monitor } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
[ mpath MP_ALGO ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]
[ rtt TIME ] [ rttvar TIME ]
[ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ]
[ rto_min TIME ]
TYPE := [ unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat ]
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
FLAGS := [ equalize ]
MP_ALGO := { rr | drr | random | wrandom }
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
TIME := NUMBER[s|ms|us|ns|j]
六、作ECMP,一个命令添加等值多路路由
[root@stu86 lianxi]# ip route add default mpath rr \
> nexthop dev eth0 via 192.168.0.254 weight 10 \
> nexthop dev eth1 via 10.0.0.10 weight 10
用路由脚本添加等值多路路由:
[root@stu86 lianxi]# vim ecmp.sh
[root@stu86 lianxi]# cat ecmp.sh
#!/bin/bash
ISP1=""
ISP2=""
#ISPN=""....
DEV1=""
DEV2=""
#DEVn="".....
DEL="ip route del default"
ADD="ip route add default"
$DEL
$ADD nexthop dev $DEV1 via $ISP1 weight 10 \
nexthop dev $DEV2 via $ISP2 weight 10
#
[root@stu86 lianxi]#
到控制台中
[root@stu86 lianxi]# cd /usr/src/kernels/2.6.18-128.el5-i686/
[root@stu86 2.6.18-128.el5-i686]# make menuconfig
IP:equal cost multipath 在内核中选上,才支持ecmp。这个就叫做等值多路。
七、ip路由查看命令,分为main、default、local
[root@stu86 lianxi]# ip route show
192.168.179.0/24 dev vmnet1
192.168.0.0/24 dev eth0
172.16.122.0/24 dev vmnet8
[root@stu86 lianxi]# ip route show table all
192.168.179.0/24 dev vmnet1
192.168.0.0/24 dev eth0
172.16.122.0/24 dev vmnet8
broadcast 192.168.0.255 dev eth0
broadcast 127.255.255.255 dev lo
broadcast 172.16.122.255 dev vmnet8
broadcast 192.168.179.255 dev vmnet1
broadcast 192.168.0.0 dev eth0
local 172.16.122.1 dev vmnet8
broadcast 172.16.122.0 dev vmnet8
broadcast 192.168.179.0 dev vmnet1
local 192.168.179.1 dev vmnet1
local 192.168.0.86 dev eth0
broadcast 127.0.0.0 dev lo
local 127.0.0.1 dev lo
local 127.0.0.0/8 dev lo
fe80::/64 dev vmnet1
fe80::/64 dev vmnet8
fe80::/64 dev eth0
unreachable default dev lo
local ::1 via :: dev lo
local fe80::219:21ff:fe71:1767 via :: dev lo
local fe80::250:56ff:fec0:1 via :: dev lo
local fe80::250:56ff:fec0:8 via :: dev lo
ff02::fb via ff02::fb dev eth0
cache
ff00::/8 dev vmnet1
ff00::/8 dev vmnet8
ff00::/8 dev eth0
unreachable default dev lo
[root@stu86 lianxi]# ip route show table main
192.168.179.0/24 dev vmnet1
192.168.0.0/24 dev eth0
172.16.122.0/24 dev vmnet8
[root@stu86 lianxi]# ip route show table local
broadcast 192.168.0.255 dev eth0
broadcast 127.255.255.255 dev lo
broadcast 172.16.122.255 dev vmnet8
broadcast 192.168.179.255 dev vmnet1
broadcast 192.168.0.0 dev eth0
local 172.16.122.1 dev vmnet8
broadcast 172.16.122.0 dev vmnet8
broadcast 192.168.179.0 dev vmnet1
local 192.168.179.1 dev vmnet1
local 192.168.0.86 dev eth0
broadcast 127.0.0.0 dev lo
local 127.0.0.1 dev lo
local 127.0.0.0/8 dev lo
八、实验对标记1走路由表1,标记2走路由表2
定义策略路由表,通过策略属性定义包的流向
1)添加2个表
[root@stu86 lianxi]# vim /etc/iproute2/rt_tables
#
# reserved values
#
255
254
253
10
20
0
#
# local
#
#1
2)添加两个转发表项,必须需要基于那条网段路由,才可以添加这个所在网段的默认网关
[root@stu86 lianxi]# route add default dev eth0 gw 192.168.0.254
[root@stu86 lianxi]# ip route add table table1 192.168.0.0/24 dev eth0
[root@stu86 lianxi]# ip route add table table1 default dev eth0 via 192.168.0.254 #添加默认网关为254
[root@stu86 lianxi]# ip route add table table2 10.0.0.0/8 dev eth1
[root@stu86 lianxi]# ip route add table default dev eth1 via 10.0.0.1
[root@stu86 lianxi]# ip rule show
0:
32766:
32767:
方法1。基于ip
添加ip查看那个路由表
[root@stu86 lianxi]# for count in `seq 1 100` ;do ip rule add from 192.168.0.$count table table1;done #为每个IP添加路由脚本规则
[root@stu86 lianxi]# for count in `seq 101 254` ;do ip rule add from 192.168.0.$count table table2;done #为每个IP添加路由脚本规则
[root@stu86 lianxi]# ip rule show
0:
32512:
方法2。基于hash算法和防火墙标记的
优化问题:通过FBI(x)hash算法查询。
我们可以把防火墙标记效率更高
如下:
[root@stu86 lianxi]# ip rule add fwmark 1 (pref 1000) table table1
[root@stu86 lianxi]# ip rule add fwmark 2 (pref 2000) table table2
打标记 ,需要在路由表前打标记
[root@stu86 lianxi]# iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.0.1-192.168.0.100 -j MARK --set-mark 1 #标记ip范围
[root@stu86 lianxi]# iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.0.101-192.168.0.254 -j MARK --set-mark 2 #打标记
九、通过添加一个网段的指定路由优先级优化路由的策略
目标地址控制,上网
[root@stu86 lianxi]# ip ru sh
0:
32764:
32765:
32766:
32767:
[root@stu86 lianxi]# ip rule del fwmark 1
[root@stu86 lianxi]# ip rule del fwmark 2
添加规则有顺序,现允许部分,我们可以通过添加优先级来改变规则的顺序。
[root@stu86 lianxi]# ip rule add from 192.168.0.0/24 to 1.1.1.1 table table1 prio 1000
[root@stu86 lianxi]# ip rule add table table2 prio 1100
[root@stu86 lianxi]# ip rule show
0:
1000:
1100:
32766:
32767:
十、多线接入
多线解决方案
[root@stu86 lianxi]# echo $[RANDOM%5+1].$[RANDOM%6].$[RANDOM%6].$[RANDOM%4+1] #产生随即IP地址
[root@stu86 lianxi]# for i in `seq 1 1000`;do echo $[RANDOM%5+1].$[RANDOM%6].$[RANDOM%6].$[RANDOM%4+1];done > /tmp/tel.txt
echo $[RANDOM]:取随机值
echo $[RANDOM%5+1]:取随值并且取模余运算,这里是255,也就是余数范围是从0开始到254结束一共255数字,这里加1目的防止ip地址第一位为0
优先级映射问题:人多的地方优化,使用人少的地方就算了
[root@stu86 lianxi]# sed 's/^.*$/cnc &/g' /tmp/cnc.txt >cnc.txt
[root@stu86 lianxi]# sed 's/^.*$/tel &/g' /tmp/tel.txt >tel.txt
[root@stu86 lianxi]# cat cnc.txt >>tel.txt
[root@stu86 lianxi]# sort -t. -k4 -n tel.txt >user.txt
[root@stu86 lianxi]# cat -n user.txt
路由脚本:
[root@stu86 lianxi]# cat cnctel.awk
#!/bin/awk -f
{
if ($2 ~ /cnc/) {
system("ip ru add to "$3" ta table1 prio "$1);
} else {
system("ip ru add to "$3" ta table2 prio "$1);
}
}
[root@stu86 lianxi]#
[root@stu86 lianxi]# ./cnctel.awk user.txt