网关有多出口,且欲实现负载(或者区分数据类型指定出口)并互为备份,这种流量分担的思想就是将不同地址或不同数据扔到不同出口,再以满足出口为先决条件,为所有内部地址提供NAT IP地址段如图
Part1:基于源地址的route-map NAT
R1ISP1: enable conf t
interface Loopback0 description DianxinNet
ip address 1.1.1.1 255.255.255.0 interface Serial2/0
description ToHangZhouQianJiangKeJiDaSha ip address 13.13.13.1 255.255.255.0 no shutdown
interface Serial2/3
description ToWangTongNet
ip address 100.1.1.1 255.255.255.252 no shutdown
ip route 2.2.2.0 255.255.255.0 100.1.1.2 ip route 23.23.23.0 255.255.255.0 100.1.1.2
R2ISP2: enable conf t
interface Loopback0
description WangTongNet
ip address 2.2.2.2 255.255.255.0 interface Serial2/1
description ToHangZhouQianJiangKeJiDaSha ip address 23.23.23.2 255.255.255.0 no shutdown
interface Serial2/3
description ToDianXinNet
ip address 100.1.1.2 255.255.255.252 no shutdown
ip route 1.1.1.0 255.255.255.0 100.1.1.1 ip route 13.13.13.0 255.255.255.0 100.1.1.1
R4HOST: enable conf t
no ip routing
ip default-gateway 192.168.1.1 interface f0/0
ip address 192.168.1.4 255.255.255.0 no shutdown
R5HOST: enable conf t
no ip routing
ip default-gateway 172.16.1.1 interface f1/0
ip address 172.16.1.5 255.255.255.0 no shutdown
R3GW: enable conf t
interface Serial2/0
description ToDianXinISP
ip address 13.13.13.3 255.255.255.0 ip nat outside no shutdown interface Serial2/1
description ToWangTongISP
ip address 23.23.23.3 255.255.255.0 ip nat outside no shutdown
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0 ip nat inside no shutdown
ip policy route-map cisco interface FastEthernet1/0
ip address 172.16.1.1 255.255.255.0 ip nat inside no shutdown
ip policy route-map cisco ip sla monitor 13
type echo protocol ipIcmpEcho 13.13.13.1 source-ipaddr 13.13.13.3 timeout 3000 frequency 5 ip sla monitor 23
type echo protocol ipIcmpEcho 23.23.23.2 source-ipaddr 23.23.23.3 timeout 3000 frequency 5
#定义下一跳监控,目的、源、监控超时时长、探测包发送周期、
ip sla monitor schedule 13 life forever start-time now ip sla monitor schedule 23 life forever start-time now #启动监控计划,永远存活、启动时间从现在开始
track 1 rtr 13 reachability track 2 rtr 23 reachability
#定义跟踪,跟踪下一跳可达时,下面的某些设置可以有效(UP)存在,否则无效(Down)或者功能暂时消失
ip route 0.0.0.0 0.0.0.0 13.13.13.1 track 1 ip route 0.0.0.0 0.0.0.0 23.23.23.2 track 2
#两条默认路由,下一跳可达时路由加表,不可达时删除该条目。
access-list 100 permit ip any any
access-list 192 permit ip 192.168.1.0 0.0.0.255 any
access-list 172 permit ip 172.16.1.0 0.0.0.255 any
route-map cisco permit 10 match ip address 192
set ip next-hop verify-availability 13.13.13.1 10 track 1 set ip next-hop verify-availability 23.23.23.2 20 track 2 route-map cisco permit 20 match ip address 172
set ip next-hop verify-availability 23.23.23.2 30 track 2 set ip next-hop verify-availability 13.13.13.1 40 track 1
#定义策略路由,满足地址列表192或者172时,为满足的地址设置下一跳,并跟踪下一跳可达,不可达时启用下一条目。10、20与30、40的意思是,数值小的优先成为下一跳,数值大的为备份,也可以使用set ip default next-hop x.x.x.x
route-map nat192 permit 10 match ip address 100 match interface Serial2/0 route-map nat172 permit 10 match ip address 100 match interface Serial2/1
ip nat inside source route-map nat192 interface Serial2/0 overload ip nat inside source route-map nat172 interface Serial2/1 overload
#定义route-map,满足地址段以及出口的为其转换成相应的出口地址#定义PAT
(当接口网络类型不同时,match的方式也不同,串行链路中PPP以及HDLC只能match interface,FR与以太网可以match interface 和match ip next-hop,当然只是测试的情况下。所以match interface屡试不爽,而且接口down状态下route-map可以自行侦测,即match失效)
测试环节: (如果选择长ping的话,注意缓存神马的) R4HOST#traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1
1 192.168.1.1 100 msec 24 msec 28 msec 2 13.13.13.1 60 msec * 64 msec R4HOST#traceroute 2.2.2.2 Type escape sequence to abort. Tracing the route to 2.2.2.2
1 192.168.1.1 52 msec 20 msec 20 msec 2 13.13.13.1 56 msec 60 msec 20 msec 3 100.1.1.2 112 msec * 72 msec
R5HOST#traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1
1 172.16.1.1 1072 msec 32 msec 24 msec 2 23.23.23.2 104 msec 84 msec 64 msec 3 100.1.1.1 64 msec * 168 msec R5HOST#traceroute 2.2.2.2 Type escape sequence to abort. Tracing the route to 2.2.2.2
1 172.16.1.1 40 msec 44 msec 40 msec 2 23.23.23.2 76 msec * 92 msec
链路联通性佳时,走定义的默认路径。然后我们把ISP1端的链路更改一下封装类型,这样