电信移动双线接入

13638345

公司已经有了一根100M的电信互联网专线，因线路经常中断，现评估导入一根100M移动互联网专线，我的需求如下：

一、内网1和内网2要访问电信网络时，走电信出口（S1/0口），实现策略路由，提高网速

二、内网1和内网2要访问网通网络时，走网通出口（S1/1口），实现策略路由，提高网速

三、当电信光纤出现问题时，内网1和内网2走网通出口，当电信光纤恢复正常时，走电信出口，以达到备份的目的

四、当网通光纤出现问题时，内网1和内网2走电信出口，当电信光纤恢复正常时，走网通出口，以达到备份的目的














file:///c:/users/administrator/appdata/roaming/360se6/User Data/temp/wKiom1OriXmhaCtQABAPoD0Circ986.bmp

gdie2011

可以实现，首先你得收集电信和网通的所有路由，然后利用PBR来实现这个需求。

13638345

问题：
如何实现，思路不清楚，最好有命令出来

李萌321

试试hsrp吧 vrrp也行

sunnysky

PBR&NAT，注意使用NAT时，要使用route-map来定义想要进行地址转化的内网网段，PBR应用于边界路由器的e2/1和e2/0接口，其下一跳出接口分别为s1/1和s1/0,然后再结合route-map做路由策略即可。

hmm5289

策略路由吗

gdie2011

13638345 发表于 2015-9-10 21:24
问题：
如何实现，思路不清楚，最好有命令出来

这个场景我是做过的，在这跟你说个思路
1.两个ISP之间的路由，我假设你已经搞定了，无论你通过BGP还是IGP亦或是静态路由，得保证主ISP链路出现问题了，可以备ISP到达主ISP的网络。
2.定义两个IP SLA，主要目的是利用icmp消息监测对端设备端口状态，从而判断链路的连通性是否正常；然后再定义两个track，并关联对应的IP SLA。
3.定义两条扩展ACL，两个内网关于两个ISP的网络都要定义。
4.定义两条route-map ，并匹配到相关的ACL，set 相关下一跳
5.定义route-map，做相关的NAT问题

gdie2011

关键配置在R1上，我把R1的配置贴出来给你参考一下
R1#sh run
Building configuration...

Current configuration : 2200 bytes
!
! Last configuration change at 16:57:26 UTC Sat Oct 10 2015
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!         
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface FastEthernet1/0
ip address 211.64.19.1 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 202.1.1.1 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet2/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip policy route-map ruijie
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
ip nat inside source route-map isp1 interface FastEthernet1/0 overload
ip nat inside source route-map isp2 interface FastEthernet1/1 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip sla responder
ip sla 1
icmp-echo 211.64.19.2 source-ip 211.64.19.1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 202.1.1.3 source-ip 202.1.1.1
frequency 10
ip sla schedule 2 life forever start-time now
access-list 101 permit ip any 202.100.99.0 0.0.0.255
access-list 102 permit ip any 59.64.248.0 0.0.0.255
!
route-map ruijie permit 10
match ip address 101
set ip next-hop verify-availability 211.64.19.2 1 track 1
set ip next-hop verify-availability 202.1.1.3 2 track 2
!
route-map ruijie permit 20
match ip address 102
set ip next-hop verify-availability 202.1.1.3 1 track 2
set ip next-hop verify-availability 211.64.19.2 2 track 1
!         
route-map isp2 permit 10
match interface FastEthernet1/1
!
route-map isp1 permit 10
match interface FastEthernet1/0
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login   
!
!
end

gdie2011

R1#sh run
Building configuration...

Current configuration : 2200 bytes
!
! Last configuration change at 16:57:26 UTC Sat Oct 10 2015
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!         
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface FastEthernet1/0
ip address 211.64.19.1 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 202.1.1.1 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet2/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip policy route-map ruijie
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
ip nat inside source route-map isp1 interface FastEthernet1/0 overload
ip nat inside source route-map isp2 interface FastEthernet1/1 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip sla responder
ip sla 1
icmp-echo 211.64.19.2 source-ip 211.64.19.1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 202.1.1.3 source-ip 202.1.1.1
frequency 10
ip sla schedule 2 life forever start-time now
access-list 101 permit ip any 202.100.99.0 0.0.0.255
access-list 102 permit ip any 59.64.248.0 0.0.0.255
!
route-map ruijie permit 10
match ip address 101
set ip next-hop verify-availability 211.64.19.2 1 track 1
set ip next-hop verify-availability 202.1.1.3 2 track 2
!
route-map ruijie permit 20
match ip address 102
set ip next-hop verify-availability 202.1.1.3 1 track 2
set ip next-hop verify-availability 211.64.19.2 2 track 1
!         
route-map isp2 permit 10
match interface FastEthernet1/1
!
route-map isp1 permit 10
match interface FastEthernet1/0
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login   
!
!
end