Solution to dual-line IP Address Configuration for China Telecom Netcom

Source: Internet
Author: User
Tags website server

Source: http://blogread.cn/it/article/393? F = WB

One of the biggest headaches for Internet websites is that China Telecom and China Netcom cannot communicate with each other. In order to allow users of both Beijing and China Telecom to access the website quickly, the solution is to host a dual-line data center. There are two types of Dual-line data centers. One is to achieve interconnection through BGP technology. The server only needs one IP address of the Network Adapter. The data center performs Intelligent Routing judgment and selects an appropriate route for access, this is very convenient for websites. For example, the Nujiang Data Center of Shanghai Mobile, the self-built Data Center of Shanghai terrestrial communication, and the data center of science and technology networks, but the bandwidth of BGP data centers is usually relatively small, if the traffic is higher, there may be no way. The other is dual-line dual-IP data center. The bandwidth may be higher, but the routing configuration is extremely complex. For example, the Shanghai Telecom data center is located in the north of the city.

 

For the sake of harmony, the javaeye website server was recently forced to move out of the original mobile Nujiang dual-line data center, which was recommended by the manufacturer to the north dual-line data center in Shanghai. The North dual-line data center in Shanghai is actually a telecom data center, however, a 2G leased line is pulled from Tianjin Netcom. Therefore, the server must have at least two NICs. One Nic is connected to the telecom gateway and the other Nic is connected to the Netcom gateway for interconnection. If you have multiple servers, you need to set up 3rd NICs for Intranet Communication.

For dual-line dual-IP servers, two problems must be solved:

1. The IP address used by your Website user to access your server

2. The IP address used to return your website content to the user

Intelligent DNS resolution can be used to resolve the 1st problems, that is, the DNS server determines the IP address of the user. If the user is connected by Telecom, it will resolve the Telecom IP address of the server to him; if the user is connected by China Netcom, resolve the IP address of the server to it.

Intelligent DNS can be customized based on open-source DNS software. However, there is a free smart DNS server provider in China: dnspod. We recommend using the dnspod service. It can achieve the above intelligent DNS resolution.

For 2nd problems, you need to configure routing rules on the server to determine how to handle the data return path.

1. Enter the static route table

Because the server has two IP addresses in different CIDR blocks and you use the gateway of the Telecom IP address for routing, the IP address users of the China Netcom cannot access the server, and vice versa. Currently, the popular solution is to use the telecom gateway for default routing, and then manually enter the routing rules for all the IP address segments of the network. This method can be searched by Google, but cannot be expanded.

The disadvantage of this method is that adding rules too much is too troublesome, and it is inevitable to miss a thousand. If you miss some CIDR blocks, users of these CIDR blocks will not be able to access your website. Besides, the distribution of CIDR blocks is constantly changing. You must update the route table periodically.

2. Set a dynamic route based on the path accessed by the user

That is to say, if a user accesses the service through a Telecom IP address, the user uses the telecom gateway for routing and the returned content goes through the telecom gateway. If the user accesses the service through the IP address of the China Netcom, the user uses the China Netcom gateway for routing, the returned content goes through the Network Gateway, so that you do not have to worry about maintaining the route table. Take the javaeye website server as an example. The configuration method is as follows:

Javaeye website server telecommunications IP: 114.80.66.199, telecom Gateway: 114.80.66.1

Javaeye website server Netcom IP: 60.29.231.190, Netcom Gateway: 60.29.231.1

1) The default gateway uses the telecom gateway as the route

Configure the default gateway in Linux. For RedHat, add a line in the/etc/sysconfig/network file: Gateway = 114.80.66.1. For SuSE, add a row in/etc/sysconfig/Network/routes: Default 114.80.66.1-or use yast2 directly.

2) Add a route table

Modify/etc/iproute2/rt_tables and add the following content:

 

Below isCodeFragment:
252 Tel China Telecom route table
251 CNC Netcom route table
 
 

 

Then manually add routing rules and execute the following command in the console:

 

The following is a code snippet:
# Add the original return route
IP Route flush table Tel
IP Route add default via 114.80.66.1 Dev eth0 SRC 114.80.66.199 table Tel
IP rule add from 114.80.66.199 table Tel

IP Route flush table CNC
IP Route add default via 60.29.231.1 Dev eth1 SRC 60.29.231.190 table CNC
IP rule add from 60.29.231.190 table CNC

 

That is, requests sent from the Telecom IP address are returned by the telecom route, and requests sent from the IP address are returned by the Netcom route. This is done, isn't it easy? This solution was provided by Bobo and thanked him.

3) write the routing rule into the Startup Script

If the server is restarted or the network service is restarted, the preceding routing rule becomes invalid. Therefore, you need to write the preceding command into the system startup script and network STARTUP script.

For RedHat, the system startup script is/etc/rc. d/rc. Local.

For SuSE, you can write a STARTUP script and link it to S99, for example,/etc/init. d/rc. Local.

For RedHat, the network STARTUP script is/etc/rc. d/init. d/network.

For SuSE, the network STARTUP script is/etc/init. d/network.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.