一、高级路由
路由路由脚本自动切换网关,通过ping判断网关的是否存活,来决定切换网关
路由脚本雏形:
[root@stu86 lianxi]# cat roswap.sh
#!/bin/bash
while : #死循环
do #做下面的事情
route del default #删除以前的默认网关配置
route add default dev ppp0 gw 1.1.1.1 #添加一条网关
while ping -c 1 1.1.1 &> /dev/null #再次进入子循环里面,ping成功也就是为真的话,那么就循环,ping失败跳出循环
do
sleep 1 #ping通后,睡1秒
done
route del default #如果ping不通,来到这个语句。就删除前面ppp0的网关地址
route add default dev ppp1 gw 2.2.2.2 #并且用添加ppp1网关
while ! ping -c 1.1.1.1 &> /dev/null #如果ping不通则为真,ping通跳出循环。继续从上开始了
do
sleep 1
done
done
[root@stu86 lianxi]#
根据上面路由脚本改进:使用变量是路由脚本可用性提高
[root@stu86 lianxi]# cat roswap.sh
#!/bin/bash
ISP1=1.1.1.1 #定义变量IP
ISP2=2.2.2.2 #定义变量IP
$DEV1=ppp0 #定义接口
$DEV2=ppp1 #定义接口
$TIME=1 #定义时间,以后改路由脚本只要改这些参数就可以了,不用改路由脚本内容很方便
while :
do
route del default
route add default dev $DEV1 gw $ISP1
while ping -c $ISP1 &> /dev/null
do
sleep $TIME
done
route del default
route add default dev $DEV2 gw $ISP2
while ! ping -c 1 $ISP1 &> /dev/null
do
sleep $TIME
done
done
[root@stu86 lianxi]#
二、网络常用命令
[root@stu86 lianxi]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:19:21:71:17:67
inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::219:21ff:fe71:1767/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4123 errors:0 dropped:0 overruns:0 frame:0
TX packets:61 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 #tc中limit大于1000值没有意义的,tc的作用也是在这个上。物理的只支持1000
[root@stu86 lianxi]# route -n #按照越精确越靠前。这个是路由的排序规则
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.179.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.122.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
[root@stu86 lianxi]# route add -net 172.16.0.0 netmask 255.255.0.0 dev eth0 #添加网段路由
[root@stu86 lianxi]# route add -host 172.16.1.1 dev eth0 #添加主机路由
[root@stu86 lianxi]# route del -net 172.16.0.0 netmask 255.255.0.0 dev eth0 #删除网段路由
[root@stu86 lianxi]# route del -host 172.16.1.1 dev eth0 #删除主机路由
[root@stu86 lianxi]# netstat -a|less #查看所有并分屏显示
[root@stu86 lianxi]# netstat -i #查看网卡详细信息
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 4652 0 0 0 61 0 0 0 BMRU
lo 16436 0 1679 0 0 0 1679 0 0 0 LRU
vmnet1 1500 0 0 0 0 0 48 0 0 0 BMRU
vmnet8 1500 0 0 0 0 0 50 0 0 0 BMRU
[root@stu86 lianxi]#
[root@stu86 lianxi]# netstat -r #查看路由表 和route -n一样
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.179.0 * 255.255.255.0 U 0 0 0 vmnet1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
172.16.122.0 * 255.255.255.0 U 0 0 0 vmnet8
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
三、网络命令2版将替换unix上的命令
[root@stu86 lianxi]# rpm -q iproute #IProute的第二版,可以用IP命令
iproute-2.6.18-9.el5
1)ip=ifconfig
[root@stu86 lianxi]# ip link show #ip命令显示ip链路层,更加详细
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth1:
link/ether 00:ee:ee:00:0a:76 brd ff:ff:ff:ff:ff:ff
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
4: sit0:
link/sit 0.0.0.0 brd 0.0.0.0
5: vmnet1:
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
6: vmnet8:
link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
[root@stu86 lianxi]#
[root@stu86 lianxi]# ip ad sh dev eth0 #ip命令查看网络层的ip地址
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.86/24 brd 192.168.0.255 scope global eth0
inet6 fe80::219:21ff:fe71:1767/64 scope link
valid_lft forever preferred_lft forever
[root@stu86 lianxi]# ip route show #ip命令查看路由
192.168.179.0/24 dev vmnet1 proto kernel scope link src 192.168.179.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.86
172.16.122.0/24 dev vmnet8 proto kernel scope link src 172.16.122.1
169.254.0.0/16 dev eth0 scope link
四、更改IP地址
更改:先down在up
[root@stu86 lianxi]# ip link help #查ip帮组
Usage: ip link set DEVICE { up | down |
arp { on | off } |
dynamic { on | off } |
multicast { on | off } |
allmulticast { on | off } |
promisc { on | off } |
trailers { on | off } |
txqueuelen PACKETS |
name NEWNAME |
address LLADDR | broadcast LLADDR |
mtu MTU }
ip link show [ DEVICE ]
[root@stu86 lianxi]# ip link show dev eth0 #查看eth0
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
[root@stu86 lianxi]# ip link set dev eth0 down #关闭eth0
[root@stu86 lianxi]# ip link set dev eth0 address 00:99:88:77:66:55 #更改mac地址
[root@stu86 lianxi]# ip link set dev eth0 up #启动eth0
改ip地址:
[root@stu86 lianxi]# ip address add dev eth0 172.16.0.222/24 #添加ip
[root@stu86 lianxi]# ip address show dev eth0 #查看eth0IP
3: eth0:
link/ether 00:19:21:71:17:67 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.86/24 brd 192.168.0.255 scope global eth0
inet 172.16.0.222/24 scope global eth0
inet6 fe80::219:21ff:fe71:1767/64 scope link
valid_lft forever preferred_lft forever
[root@stu86 lianxi]# ip address del dev eth0 172.16.0.222/24 #删除IP
注意:如果要换IP地址,那么就要把原来的IP删除,然后添加一个新IP地址
五、IP路由
[root@stu86 lianxi]# ip route add default dev eth0 via 192.168.0.254 #添加默认路由
[root@stu86 lianxi]# ip route del default dev eth0 via 192.168.0.254 #删除默认路由
[root@stu86 lianxi]# ip route add dev eth0 10.0.0.1/32 #添加主机路由
[root@stu86 lianxi]# ip route del dev eth0 10.0.0.1/32 #删除主机路由
[root@stu86 lianxi]# ip route add dev eth0 192.168.0.0/16 #添加网段路由
[root@stu86 lianxi]# ip route del dev eth0 192.168.0.0/16 #删除网段路由
[root@stu86 lianxi]# ip route show dev eth0 #查看路由信息
192.168.0.0/24 proto kernel scope link src 192.168.0.86
ss命令 #和netstat命令差不多
[root@stu86 lianxi]# ss -antlp
[root@stu86 lianxi]# ip route help
Usage: ip route { list | flush } SELECTOR
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
ip route { add | del | change | append | replace | monitor } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
[ mpath MP_ALGO ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...
NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]
[ rtt TIME ] [ rttvar TIME ]
[ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ]
[ rto_min TIME ]
TYPE := [ unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat ]
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
FLAGS := [ equalize ]
MP_ALGO := { rr | drr | random | wrandom }
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
TIME := NUMBER[s|ms|us|ns|j]
六、作ECMP,一个命令添加等值多路路由
[root@stu86 lianxi]# ip route add default mpath rr \ #添加路由
> nexthop dev eth0 via 192.168.0.254 weight 10 \ #添加eth0的路由c
> nexthop dev eth1 via 10.0.0.10 weight 10
用路由脚本添加等值多路路由:
[root@stu86 lianxi]# vim ecmp.sh
[root@stu86 lianxi]# cat ecmp.sh
#!/bin/bash
ISP1=""
ISP2=""
#ISPN=""....
DEV1=""
DEV2=""
#DEVn="".....
DEL="ip route del default"
ADD="ip route add default"
$DEL
$ADD nexthop dev $DEV1 via $ISP1 weight 10 \
nexthop dev $DEV2 via $ISP2 weight 10
# nexthop dev $DEVn via $ISPn weight n .....
[root@stu86 lianxi]#
到控制台中
[root@stu86 lianxi]# cd /usr/src/kernels/2.6.18-128.el5-i686/
[root@stu86 2.6.18-128.el5-i686]# make menuconfig
IP:equal cost multipath 在内核中选上,才支持ecmp。这个就叫做等值多路。
七、ip路由查看命令,分为main、default、local
[root@stu86 lianxi]# ip route show #只能查看部分路由
192.168.179.0/24 dev vmnet1 proto kernel scope link src 192.168.179.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.86
172.16.122.0/24 dev vmnet8 proto kernel scope link src 172.16.122.1
[root@stu86 lianxi]# ip route show table all #linux有很多路由表
192.168.179.0/24 dev vmnet1 proto kernel scope link src 192.168.179.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.86
172.16.122.0/24 dev vmnet8 proto kernel scope link src 172.16.122.1
broadcast 192.168.0.255 dev eth0 table 255 proto kernel scope link src 192.168.0.86
broadcast 127.255.255.255 dev lo table 255 proto kernel scope link src 127.0.0.1
broadcast 172.16.122.255 dev vmnet8 table 255 proto kernel scope link src 172.16.122.1
broadcast 192.168.179.255 dev vmnet1 table 255 proto kernel scope link src 192.168.179.1
broadcast 192.168.0.0 dev eth0 table 255 proto kernel scope link src 192.168.0.86
local 172.16.122.1 dev vmnet8 table 255 proto kernel scope host src 172.16.122.1
broadcast 172.16.122.0 dev vmnet8 table 255 proto kernel scope link src 172.16.122.1
broadcast 192.168.179.0 dev vmnet1 table 255 proto kernel scope link src 192.168.179.1
local 192.168.179.1 dev vmnet1 table 255 proto kernel scope host src 192.168.179.1
local 192.168.0.86 dev eth0 table 255 proto kernel scope host src 192.168.0.86
broadcast 127.0.0.0 dev lo table 255 proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table 255 proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table 255 proto kernel scope host src 127.0.0.1
fe80::/64 dev vmnet1 metric 256 expires 21323638sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vmnet8 metric 256 expires 21323638sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21330502sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::219:21ff:fe71:1767 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::250:56ff:fec0:1 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::250:56ff:fec0:8 via :: dev lo table 255 proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
ff02::fb via ff02::fb dev eth0 metric 0
cache mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vmnet1 table 255 metric 256 expires 21323638sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vmnet8 table 255 metric 256 expires 21323638sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth0 table 255 metric 256 expires 21330502sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
[root@stu86 lianxi]# ip route show table main #我们通常查看main表
192.168.179.0/24 dev vmnet1 proto kernel scope link src 192.168.179.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.86
172.16.122.0/24 dev vmnet8 proto kernel scope link src 172.16.122.1
[root@stu86 lianxi]# ip route show table local #查看本地的路由表
broadcast 192.168.0.255 dev eth0 proto kernel scope link src 192.168.0.86
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.16.122.255 dev vmnet8 proto kernel scope link src 172.16.122.1
broadcast 192.168.179.255 dev vmnet1 proto kernel scope link src 192.168.179.1
broadcast 192.168.0.0 dev eth0 proto kernel scope link src 192.168.0.86
local 172.16.122.1 dev vmnet8 proto kernel scope host src 172.16.122.1
broadcast 172.16.122.0 dev vmnet8 proto kernel scope link src 172.16.122.1
broadcast 192.168.179.0 dev vmnet1 proto kernel scope link src 192.168.179.1
local 192.168.179.1 dev vmnet1 proto kernel scope host src 192.168.179.1
local 192.168.0.86 dev eth0 proto kernel scope host src 192.168.0.86
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
八、实验对标记1走路由表1,标记2走路由表2
定义策略路由表,通过策略属性定义包的流向
1)添加2个表
[root@stu86 lianxi]# vim /etc/iproute2/rt_tables #定义有多少路由表
#
# reserved values
#
255 local
254 main #默认查看的是main表
253 default
10 table1
20 table2
0 unspec #未定义
#
# local
#
#1 inr.ruhep
2)添加两个转发表项,必须需要基于那条网段路由,才可以添加这个所在网段的默认网关
[root@stu86 lianxi]# route add default dev eth0 gw 192.168.0.254 #需要基于mian表才可以添加下面的内容
[root@stu86 lianxi]# ip route add table table1 192.168.0.0/24 dev eth0 #添加一个网段路由表交给eth0
[root@stu86 lianxi]# ip route add table table1 default dev eth0 via 192.168.0.254 #添加默认网关为254
[root@stu86 lianxi]# ip route add table table2 10.0.0.0/8 dev eth1 #添加一个网段路由表交给eht1
[root@stu86 lianxi]# ip route add table default dev eth1 via 10.0.0.1 #添加默认网关为1
[root@stu86 lianxi]# ip rule show #查看当前默认路由策略
0: from all lookup 255 #数越小优先级越高,0 为最高
32766: from all lookup main
32767: from all lookup default
方法1。基于ip
添加ip查看那个路由表
[root@stu86 lianxi]# for count in `seq 1 100` ;do ip rule add from 192.168.0.$count table table1;done #为每个IP添加路由脚本规则
[root@stu86 lianxi]# for count in `seq 101 254` ;do ip rule add from 192.168.0.$count table table2;done #为每个IP添加路由脚本规则
[root@stu86 lianxi]# ip rule show
0: from all lookup 255
32512: from 192.168.0.254 lookup table2
方法2。基于hash算法和防火墙标记的
优化问题:通过FBI(x)hash算法查询。
我们可以把防火墙标记效率更高
如下:
[root@stu86 lianxi]# ip rule add fwmark 1 (pref 1000) table table1
[root@stu86 lianxi]# ip rule add fwmark 2 (pref 2000) table table2
打标记 ,需要在路由表前打标记
[root@stu86 lianxi]# iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.0.1-192.168.0.100 -j MARK --set-mark 1 #标记ip范围
[root@stu86 lianxi]# iptables -t mangle -A PREROUTING -m iprange --src-range 192.168.0.101-192.168.0.254 -j MARK --set-mark 2 #打标记
九、通过添加一个网段的指定路由优先级优化路由的策略
目标地址控制,上网
[root@stu86 lianxi]# ip ru sh
0: from all lookup 255
32764: from all fwmark 0x2 lookup table2
32765: from all fwmark 0x1 lookup table1
32766: from all lookup main
32767: from all lookup default
[root@stu86 lianxi]# ip rule del fwmark 1
[root@stu86 lianxi]# ip rule del fwmark 2
添加规则有顺序,现允许部分,我们可以通过添加优先级来改变规则的顺序。
[root@stu86 lianxi]# ip rule add from 192.168.0.0/24 to 1.1.1.1 table table1 prio 1000 #添加192的网段走1。1。1。1使用table1表,优先级为1000
[root@stu86 lianxi]# ip rule add table table2 prio 1100 #其他所有的使用table2表,优先级为1100,相隔一定距离有利于以后添加规则
[root@stu86 lianxi]# ip rule show
0: from all lookup 255
1000: from 192.168.0.0/24 to 1.1.1.1 lookup table1
1100: from all lookup table2
32766: from all lookup main
32767: from all lookup default
十、多线接入
多线解决方案
[root@stu86 lianxi]# echo $[RANDOM%255+1].$[RANDOM%256].$[RANDOM%256].$[RANDOM%254+1] #产生随即IP地址
[root@stu86 lianxi]# for i in `seq 1 1000`;do echo $[RANDOM%255+1].$[RANDOM%256].$[RANDOM%256].$[RANDOM%254+1];done > /tmp/tel.txt #产生一千个随机IP地址
echo $[RANDOM]:取随机值
echo $[RANDOM%255+1]:取随值并且取模余运算,这里是255,也就是余数范围是从0开始到254结束一共255数字,这里加1目的防止ip地址第一位为0
优先级映射问题:人多的地方优化,使用人少的地方就算了
[root@stu86 lianxi]# sed 's/^.*$/cnc &/g' /tmp/cnc.txt >cnc.txt #给cnc文件打上标记,是个替换路由脚本
[root@stu86 lianxi]# sed 's/^.*$/tel &/g' /tmp/tel.txt >tel.txt #给tel文件打上标记,是个替换路由脚本
[root@stu86 lianxi]# cat cnc.txt >>tel.txt #文件合并
[root@stu86 lianxi]# sort -t. -k4 -n tel.txt >user.txt #以最后一个字段排序,并且显示行号
[root@stu86 lianxi]# cat -n user.txt
路由脚本:
[root@stu86 lianxi]# cat cnctel.awk
#!/bin/awk -f
{
if ($2 ~ /cnc/) { #如果$2w为/cnc/的话,那么就使用table1表
system("ip ru add to "$3" ta table1 prio "$1);
} else {
system("ip ru add to "$3" ta table2 prio "$1); #如果不是/cnc/的话执行tabla2表,$3为ip地址,$1是cat -n
} 的行号
}
[root@stu86 lianxi]#
[root@stu86 lianxi]# ./cnctel.awk user.txt #为user文本里面的ip集添加一个规则