双ISP接入负载均衡NAT与IPSLA链路检测实验配置.docx
- 文档编号:7189646
- 上传时间:2023-01-21
- 格式:DOCX
- 页数:17
- 大小:118.95KB
双ISP接入负载均衡NAT与IPSLA链路检测实验配置.docx
《双ISP接入负载均衡NAT与IPSLA链路检测实验配置.docx》由会员分享,可在线阅读,更多相关《双ISP接入负载均衡NAT与IPSLA链路检测实验配置.docx(17页珍藏版)》请在冰豆网上搜索。
双ISP接入负载均衡NAT与IPSLA链路检测实验配置
双ISP接入负载均衡NAT与IPSLA链路检测实验配置
CE路由器为企业边缘路由器,f0/0,f2/0分别为ISP1,ISP2接口做负载均衡,loopback0接口模拟内部主机。
内部流量负载均衡到ISP1与ISP2两条链路上,为模拟出负载均衡流量,CE的loopback0、f0/0、f2/0接口上禁用了快速交换(iproutecache)以及CEF并启用了基于per-packet的负载均衡(ipload-sharingper-packet)。
通过在CE路由器上配置IPSLA来检测ISP链路的可用性。
Internet-server路由器的loopback0接口模拟internet上的某个server,并且此server也是双ISP接入。
CEconfiguration
CE#shrun
Buildingconfiguration...
Currentconfiguration:
2288bytes
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameCE
!
boot-start-marker
boot-end-marker
!
!
noaaanew-model
memory-sizeiomem5
!
!
ipcef
noipdomainlookup
!
!
ipslamonitor1
typeechoprotocolipIcmpEcho172.16.2.1source-interfaceFastEthernet0/0
ipslamonitorschedule1lifeforeverstart-timenow
ipslamonitor2
typeechoprotocolipIcmpEcho172.31.2.1source-interfaceFastEthernet2/0
ipslamonitorschedule2lifeforeverstart-timenow
!
!
!
!
track1rtr1reachability#将track与ipsla关联起来,track根据ipsla的返回代码来断定链路UP/DOWN
!
track2rtr2reachability
!
!
!
!
!
interfaceLoopback0
ipaddress1.1.1.1255.255.255.255
ipload-sharingper-packet
ipnatinside
ipvirtual-reassembly
noiproute-cachecef
noiproute-cache
!
interfaceFastEthernet0/0
descriptionisp1
ipaddress172.16.1.1255.255.255.0
ipload-sharingper-packet
ipnatoutside
ipvirtual-reassembly
noiproute-cachecef
noiproute-cache
duplexauto
speedauto
!
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/1
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
interfaceFastEthernet2/0
descriptionisp2
ipaddress172.31.1.1255.255.255.0
ipload-sharingper-packet
ipnatoutside
ipvirtual-reassembly
noiproute-cachecef
noiproute-cache
duplexauto
speedauto
!
iphttpserver
noiphttpsecure-server
!
iproute0.0.0.00.0.0.0FastEthernet0/0172.16.1.2track1#根据trackreachability状态UP/DOWN默认路由
iproute0.0.0.00.0.0.0FastEthernet2/0172.31.1.2track2
iproute172.16.2.1255.255.255.255FastEthernet0/0#首先解决IPSLA检测目标的路由,而后默认路由才能UP
iproute172.31.2.1255.255.255.255FastEthernet2/0
!
ipnatinsidesourceroute-mapisp1interfaceFastEthernet0/0overload
ipnatinsidesourceroute-mapisp2interfaceFastEthernet2/0overload#通过使用routemap来匹配数据包的路由出接口
!
access-list1permit1.1.1.1
access-list100permitiphost1.1.1.1host3.3.3.3#此ACL仅用于debug调试
!
route-mapisp2permit10
matchipaddress1
matchinterfaceFastEthernet2/0
!
route-mapisp1permit10
matchipaddress1
matchinterfaceFastEthernet0/0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
loggingsynchronous
lineaux0
linevty04
login
!
!
End
ISP1configuration
ISP1#shrun
Buildingconfiguration...
Currentconfiguration:
955bytes
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameISP1
!
boot-start-marker
boot-end-marker
!
!
noaaanew-model
!
resourcepolicy
!
ipcef
!
!
!
!
noipdomainlookup
!
!
!
!
!
!
!
!
!
!
interfaceFastEthernet0/0
ipaddress172.16.1.2255.255.255.0
duplexhalf
!
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/1
ipaddress172.16.2.2255.255.255.0
serialrestart-delay0
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
interfaceFastEthernet2/0
noipaddress
shutdown
duplexhalf
!
iproute3.3.3.3255.255.255.255Serial1/1
noiphttpserver
noiphttpsecure-server
!
!
!
loggingalarminformational
!
!
!
!
!
control-plane
!
!
linecon0
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
login
!
!
End
ISP2configuration
ISP2#shrun
Buildingconfiguration...
Currentconfiguration:
955bytes
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameISP2
!
boot-start-marker
boot-end-marker
!
!
noaaanew-model
!
resourcepolicy
!
ipcef
!
!
!
!
noipdomainlookup
!
!
!
!
!
!
!
!
!
!
interfaceFastEthernet0/0
noipaddress
shutdown
duplexhalf
!
interfaceSerial1/0
ipaddress172.31.2.2255.255.255.0
serialrestart-delay0
!
interfaceSerial1/1
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
interfaceFastEthernet2/0
ipaddress172.31.1.2255.255.255.0
duplexhalf
!
iproute3.3.3.3255.255.255.255Serial1/0
noiphttpserver
noiphttpsecure-server
!
!
!
loggingalarminformational
!
!
!
!
!
control-plane
!
!
linecon0
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
login
!
!
End
Internet-serverconfiguration
Internet-server#shrun
Buildingconfiguration...
Currentconfiguration:
1065bytes
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameInternet-server
!
boot-start-marker
boot-end-marker
!
!
noaaanew-model
!
resourcepolicy
!
ipcef
!
!
!
!
noipdomainlookup
!
!
!
!
!
!
!
!
!
!
interfaceLoopback0
ipaddress3.3.3.3255.255.255.255
!
interfaceFastEthernet0/0
noipaddress
shutdown
duplexhalf
!
interfaceSerial1/0
ipaddress172.16.2.1255.255.255.0
serialrestart-delay0
!
interfaceSerial1/1
ipaddress172.31.2.1255.255.255.0
serialrestart-delay0
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
interfaceFastEthernet2/0
noipaddress
shutdown
duplexhalf
!
iproute172.16.0.0255.255.0.0Serial1/0
iproute172.31.0.0255.255.0.0Serial1/1
noiphttpserver
noiphttpsecure-server
!
!
!
loggingalarminformational
!
!
!
!
!
control-plane
!
!
linecon0
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
login
!
!
End
Show信息
Debug测试
走F2/0的包,源IP被NAT成ISP2接口IP
走F0/0的包,源IP被NAT成ISP1接口IP
Shutdowninternet-server路由器的S1/0接口,测试IPSLA
由于IPSLAmonitor1检测目标ping不同,ISP1的默认路由DOWN掉,只剩下ISP2的默认路由
IPSLAmonitor1returncode为timeout,track1reachability为down,因此ISP1默认路由DOWN掉
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ISP 接入 负载 均衡 NAT IPSLA 检测 实验 配置