Home > Others

Comprehensive Description of three two-line policy route access methods

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

It is very useful to know about two-line policy routing. Here we mainly explain three implementation methods of Two-line policy routing, I have referred to the post on Dual-line policy routing of China Telecom + China Netcom in the next Forum, and summarized several ways to achieve dual-Line Policy Routing Based on the actual environment as follows, hoping to help anyone who needs it, the dual-line routing is much more complicated than the single-line routing, but it is not difficult to understand the principle of the dual-line routing.

Implementation of a two-line routing policy

1. Static Routing is the easiest way)

1) set the default route, such as China Telecom

Iproutereplacedefaultvia Telecom gateway deveth1

2) configure a two-line route for another line

Iprouteadd Netcom route table 1via Netcom gateway deveth2metric1
Iprouteadd Netcom route table 2via Netcom gateway deveth2metric1
....

3) Add the original return route

After the routing rules of the Two-line rule are set, you must add the corresponding "original route return route" data for each line to the data from which the line comes, and finally exit from this line ), otherwise, the problem will occur: the telecom user cannot access the server through the IP address of China Netcom, And the Netcom user cannot access the server through the Telecom IP address.

Iprouteflushtable100
Iprouteadddefaultvia Telecom gateway deveth1src Telecom IPtable100prio50
Ipruleaddfrom Telecom IPtable100
Iprouteflushtable200
Iprouteadddefaultvia Netcom gateway deveth2src Netcom IPtable200prio50
Ipruleaddfrom Netcom IPtable200
Iprouteadd192.168.0.0/24deveth0scopelinksrc192. 168.0.1table100
Iprouteadd192.168.0.0/24deveth0scopelinksrc192. 168.0.1table200

2. Two-Line Policy Routing

For convenience, we have added two route tables, China Telecom => 100, China Netcom => 200. In this way, when adding rules, we can directly replace numbers with custom names.

Echo "100ctc">/etc/iproute2/rt_tables
Echo "200cnc">/etc/iproute2/rt_tables

1) set the default route for China Telecom)
Iproutereplacedefaultvia Telecom gateway deveth1

2) Implement two-line Policy Routing Based on the target address for China Netcom
Ipruleaddto Netcom route table 1tablecncprio100
Ipruleaddto Netcom route table 2tablecncprio100
....

3) Add the original return route
Prouteflushtablectc
Iprouteadddefaultvia Telecom gateway deveth1src Telecom IPtablectc
Iprouteadd192.168.0.0/24deveth0scopelinksrc192. 168.0.1tablectc
Ipruleaddfrom Telecom IPtablectc
Iprouteflushtablecnc
Iprouteadddefaultvia Netcom gateway deveth2src Netcom IPtablecnc
Iprouteadd192.168.0.0/24deveth0scopelinksrc192. 168.0.1tablectc
Ipruleaddfrom Netcom IPtablecnc

3. Mark iptables + iproute2fwmark

1) mark the connection with CONNMARK

Incoming Internet Data
Iptables-tmangle-APREROUTING-ieth1-mconntrack -- ctstateNEW-jCONNMARK -- set-mark0x100
Iptables-tmangle-APREROUTING-ieth2-mconntrack -- ctstateNEW-jCONNMARK -- set-mark0x200

Forwarded data
Iptables-tmangle-APOSTROUTING-oeth1-mconntrack -- ctstateNEW-jCONNMARK -- set-mark0x100
Iptables-tmangle-APOSTROUTING-oeth2-mconntrack -- ctstateNEW-jCONNMARK -- set-mark0x200

Incoming LAN data
Iptables-tmangle-APREROUTING-ieth0-mconntrack -- ctstateESTABLISHED, RELATED-jCONNMARK -- restore-mark

Local outgoing data
Iptables-tmangle-AOUTPUT-mconntrack -- ctstateESTABLISHED, RELATED-jCONNMARK -- restore-mark

2) Implement fwmark-based dual-line routing in IPROUTE2

Ipruleaddfwmark0x100tablectcprio40
Ipruleaddfwmark0x200tablecncprio40

3) Add the original return route

Iprouteaddtablectcto $ CTC_NETdeveth1scopelink
Iprouteaddtablectcto $ CNC_NETdeveth2scopelink
Iprouteaddtablectcto192.168.0.0/24deveth0scopelink
Iprouteadddefaultvia Telecom gateway deveth1tablectc
Iprouteaddtablecncto $ CTC_NETdeveth1scopelink
Iprouteaddtablecncto $ CNC_NETdeveth2scopelink
Iprouteaddtablecncto192.168.0.0/24deveth0scopelink
Iprouteadddefaultvia Netcom gateway deveth2tablecnc

Iptables/NAT rules

Sbin/iptables-tnat-APOSTROUTING-oeth1-s lan cidr Block-jSNAT -- to-source telecom internet IP
Sbin/iptables-tnat-APOSTROUTING-oeth2-s lan cidr Block-jSNAT -- to-source Netcom Internet IP

If the Internet IP address is dynamic, you can use MASQUERADE

Sbin/iptables-tnat-APOSTROUTING-oeth1-s lan cidr Block-jMASQUERADE
Sbin/iptables-tnat-APOSTROUTING-oeth2-s lan cidr Block-jMASQUERADE
 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
rising three methods methods can access to private attributes of class access control policy apigee power of three math three pacemakers of heart one two three break three line equal sign

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More