《双ISP接入负载均衡NAT与IPSLA链路检测实验配置》由会员分享,可在线阅读,更多相关《双ISP接入负载均衡NAT与IPSLA链路检测实验配置(12页珍藏版)》请在装配图网上搜索。
1、word双ISP接入负载均衡NAT与IP SLA链路检测实验配置CE路由器为企业边缘路由器,f0/0,f2/0分别为ISP1,ISP2接口做负载均衡,loopback0接口模拟内部主机。内部流量负载均衡到ISP1与ISP2两条链路上,为模拟出负载均衡流量,CE的loopback0、f0/0、f2/0接口上禁用了快速交换ip route cache以与CEF并启用了基于per-packet的负载均衡ip load-sharing per-packet。通过在CE路由器上配置IP SLA来检测ISP链路的可用性。Internet-server路由器的loopback0接口模拟internet上的某
2、个server,并且此server也是双ISP接入。CE configurationCE#sh runBuilding configuration.Current configuration : 2288 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname CE!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip ce
3、fno ip domain lookup!ip sla monitor 1 type echo protocol ipIcmpEcho 172.16.2.1 source-interface FastEthernet0/0ip sla monitor schedule 1 life forever start-time nowip sla monitor 2 type echo protocol ipIcmpEcho 172.31.2.1 source-interface FastEthernet2/0ip sla monitor schedule 2 life forever start-t
4、ime now!track 1 rtr 1 reachability #将track与ip sla 关联起来,track根据ip sla的返回代码来断定链路UP/DOWN!track 2 rtr 2 reachability!interface Loopback0 ip load-sharing per-packet ip nat inside ip virtual-reassembly no ip route-cache cef no ip route-cache!interface FastEthernet0/0 description isp1 ip load-sharing per-p
5、acket ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-dela
6、y 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 description isp2 ip load-sharing per-packet ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto!ip serverno ip secure-server!ip route 0.0.0.0 0.0.0.0 FastEt
7、hernet0/0 172.16.1.2 track 1 #根据track reachability状态UP/DOWN默认路由ip route 0.0.0.0 0.0.0.0 FastEthernet2/0 172.31.1.2 track 2ip route 172.16.2.1 255.255.255.255 FastEthernet0/0 #首先解决IP SLA 检测目标的路由,而后默认路由才能UPip route 172.31.2.1 255.255.255.255 FastEthernet2/0!ip nat inside source route-map isp1 interfac
8、e FastEthernet0/0 overloadip nat inside source route-map isp2 interface FastEthernet2/0 overload #通过使用route map来匹配数据包的路由出接口!# 此ACL仅用于debug调试!route-map isp2 permit 10 match ip address 1 match interface FastEthernet2/0!route-map isp1 permit 10 match ip address 1 match interface FastEthernet0/0!control
9、-plane!line con 0 logging synchronousline aux 0line vty 0 4 login!EndISP1 configurationISP1#sh runBuilding configuration.Current configuration : 955 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ISP1!boot-start-markerboot-end-
10、marker!no aaa new-model!resource policy!ip cef!no ip domain lookup!interface FastEthernet0/0 duplex half!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3
11、no ip address shutdown serial restart-delay 0!interface FastEthernet2/0 no ip address shutdown duplex half!ip route 3.3.3.3 255.255.255.255 Serial1/1no ip serverno ip secure-server!logging alarm informational!control-plane!line con 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 lo
12、gin!EndISP2 configurationISP2#sh runBuilding configuration.Current configuration : 955 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname ISP2!boot-start-markerboot-end-marker!no aaa new-model!resource policy!ip cef!no ip domain lo
13、okup!interface FastEthernet0/0 no ip address shutdown duplex half!interface Serial1/0 serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-d
14、elay 0!interface FastEthernet2/0 duplex half!ip route 3.3.3.3 255.255.255.255 Serial1/0no ip serverno ip secure-server!logging alarm informational!control-plane!line con 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!EndInternet-server configurationInternet-server#sh runBuil
15、ding configuration.Current configuration : 1065 bytes!service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Internet-server!boot-start-markerboot-end-marker!no aaa new-model!resource policy!ip cef!no ip domain lookup!interface Loopback0!int
16、erface FastEthernet0/0 no ip address shutdown duplex half!interface Serial1/0 serial restart-delay 0!interface Serial1/1 serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!interface FastEthernet2/
17、0 no ip address shutdown duplex half!ip route 172.16.0.0 255.255.0.0 Serial1/0ip route 172.31.0.0 255.255.0.0 Serial1/1no ip serverno ip secure-server!logging alarm informational!control-plane!line con 0 logging synchronous stopbits 1line aux 0 stopbits 1line vty 0 4 login!EndShow信息Debug测试走F2/0的包,源IP被NAT成ISP2接口IP走F0/0的包,源IP被NAT成ISP1接口IPShutdown internet-server路由器的S1/0接口,测试IP SLA由于IP SLA monitor 1 检测目标ping不同,ISP1的默认路由DOWN掉,只剩下ISP2的默认路由IP SLA monitor 1 return code为timeout,track 1 reachability为down,因此ISP1默认路由DOWN掉12 / 12
双ISP接入负载均衡NAT与IPSLA链路检测实验配置
