内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍Linux静态路由和策略路由的配置方法,实现灵活的网络路由控制。
风哥提示:
Part01-路由基础概念
1.1 路由表概述
# 1. 本地路由表(local):本地地址路由
# 2. 主路由表(main):默认路由表
# 3. 默认路由表(default):默认路由
# 路由类型
# 1. unicast:单播路由
# 2. broadcast:广播路由
# 3. local:本地路由
# 4. nat:网络地址转换路由
# 5. unreachable:不可达路由
# 6. prohibit:禁止路由
# 路由优先级(metric)
# 值越小优先级越高
# 查看路由表
$ ip route show table all | head -20
default via 192.168.1.1 dev eth0 table main
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 table main
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
Part02-静态路由配置
2.1 添加静态路由
$ ip route show
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100
# 添加静态路由
$ sudo ip route add 10.0.0.0/24 via 192.168.1.254 dev eth0
# 验证路由添加
$ ip route show
default via 192.168.1.1 dev eth0 proto static metric 100
10.0.0.0/24 via 192.168.1.254 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100
# 添加带metric的路由
$ sudo ip route add 172.16.0.0/24 via 192.168.1.253 dev eth0 metric 50
# 添加默认路由
$ sudo ip route add default via 192.168.1.1 dev eth0
# 删除路由
$ sudo ip route del 10.0.0.0/24
# 修改路由
$ sudo ip route replace 10.0.0.0/24 via 192.168.1.250 dev eth0
# 使用nmcli添加持久化路由
$ sudo nmcli connection modify eth0 +ipv4.routes “10.0.0.0/24 192.168.1.254”
# 重新激活连接
$ sudo nmcli connection up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/40)
# 验证持久化路由
$ ip route show
default via 192.168.1.1 dev eth0 proto static metric 100
10.0.0.0/24 via 192.168.1.254 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100
Part03-策略路由配置
3.1 创建策略路由
$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
# 创建新路由表
$ echo “200 custom” | sudo tee -a /etc/iproute2/rt_tables
200 custom
# 添加路由到自定义路由表
$ sudo ip route add default via 192.168.2.1 dev eth1 table custom
# 查看自定义路由表
$ ip route show table custom
default via 192.168.2.1 dev eth1
# 添加策略规则
$ sudo ip rule add from 192.168.1.100 table custom
# 查看策略规则
$ ip rule show
0: from all lookup local
32765: from 192.168.1.100 lookup custom
32766: from all lookup main
32767: from all lookup default
# 添加基于源地址的策略
$ sudo ip rule add from 192.168.1.0/24 table custom priority 100
# 添加基于目标地址的策略
$ sudo ip rule add to 10.0.0.0/8 table custom priority 110
# 添加基于标记的策略
$ sudo ip rule add fwmark 100 table custom priority 120
# 删除策略规则
$ sudo ip rufrom PG视频:www.itpux.comle del from 192.168.1.100 table custom
Part04-多路径路由
4.1 配置负载均衡路由
$ sudo ip route add default \
nexthop via 192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.2.1 dev eth1 weight 1
# 查看多路径路由
$ ip route show
default
nexthop via 192.168.1.1 dev eth0 weight 1
nexthop via 192.168.2.1 dev eth1 weight 1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.100
# 配置不同权重的多路径
$ sudo ip route add default \
nexthop via 192.168.1.1 dev eth0 weight 2 \
nexthop via 192.168.2.1 dev eth1 weight 1
# 测试路由
$ ip route get 8.8.8.8
8.8.8.8 via 192.168.1.1 dev eth0 src 192.168.1.100 uid 0
cache
# 查看路由缓存
$ ip route show cache
8.8.8.8 via 192.168.1.1 dev eth0
cache used 2 age 10sec
# 清除路由缓存
$ sudo ip route flush cache
Part05-路由实战案例
5.1 双网卡路由配置
# eth0: 192.168.1.100/24 (内网)
# eth1: 192.168.2.100/24 (外网)
# 配置eth0
$ sudo nmcli connection modify eth0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.method manual
# 配置eth1
$ sudo nmcli connection modify eth1 \
ipv4.addresses 192.168.2.100/24 \
ipv4.gateway 192.168.2.1 \
ipv4.dns “8.8.8.学习交流加群风哥QQ1132571748” \
ipv4.method manual
# 创建路由表
$ echo “100 internal” | sudo tee -a /etc/iproute2/rt_tables
100 internal
# 添加路由到路由表
$ sudo ip route add 192.168.1.0/24 dev eth0 table internal
$ sudo ip route add default via 192.168.1.1 dev eth0 table internal
# 添加策略规则
$ sudo ip rule add from 192.168.1.100 table internal
$ sudo ip rule add to 192.168.1.100 table internal
# 查看路由配置
$ ip rule show
0: from all lookup local
32764: from 192.更多视频教程www.fgedu.net.cn168.1.100 lookup internal
32765: to 192.168.1.100 lookup internal
32766: from all lookup main
32767: from all lookup default
$ ip route show table internal
192.168.1.0/24 dev eth0 scope link
default via 192.168.1.1 dev eth0
# 测试路由
$ ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64学习交流加群风哥微信: itpux-com bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.521 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.489 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.512 ms
— 192.168.1.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.489/0.507/0.521/0.013 ms
$ ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=10.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=10.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=10.3 ms
— 8.8.8.8 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.196/10.342/10.531/0.138 ms
1. 使用nmcli配置持久化路由
2. 合理规划路由表和策略
3. 测试路由配置确保正确性
4. 监控路由状态和性能
5. 文档化路由配置
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
