Linux高级（策略）路由使用方法

1、Linux 高级路由功能需要如下支持：

a) Kernel space：配置CONFIG_IP_ADVANCED_ROUTER

配置路径：在linux内核中运行make menuconfig，按照路径Networking support  ---> Networking options  --->TCP/IP networking-->IP: advanced router，

选中IP: advanced router，并使用配置“Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH)”。

b) User space：使用iproute2package

该包提供如下shell配置命令：ip rule, ip route, ip addr等，使用方法如下：

Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |
netns | l2tp }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-l[oops] { maximum-addr-flush-attempts } |
-o[neline] | -t[imestamp] | -b[atch] [filename] |
-rc[vbuf] [size]}

2、配置策略路由

a) 在配置文件：/etc/iproute2/rt_tables中添加编号为102和103的路由表，分别命名为ippool1和ippool2。（名字可自定义）

# 
# reserved values 
# 
255 local 
254 main 
253 default 
102 ippool1 
103 ippool2 
0   unspec 
# 
# local 
# 
#1  inr.ruhep 

b) 向自定义路由表中添加规则（使用ip route）

Usage: ip route { list | flush } SELECTOR 
ip route save SELECTOR 
ip route restore 
ip route get ADDRESS [ from ADDRESS iif STRING ] 
[ oif STRING ]  [ tos TOS ] 
[ mark NUMBER ] 
ip route { add | del | change | append | replace } ROUTE 
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] 
[ table TABLE_ID ] [ proto RTPROTO ] 
[ type TYPE ] [ scope SCOPE ] 
ROUTE := NODE_SPEC [ INFO_SPEC ] 
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] 
[ table TABLE_ID ] [ proto RTPROTO ] 
[ scope SCOPE ] [ metric METRIC ] 
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]... 
NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS 
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] 
[ rtt TIME ] [ rttvar TIME ] [reordering NUMBER ] 
[ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ] 
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ] 
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ] 
TYPE := [ unicast | local | broadcast | multicast | throw | 
unreachable | prohibit | blackhole | nat ] 
TABLE_ID := [ local | main | default | all | NUMBER ] 
SCOPE := [ host | link | global | NUMBER ] 
MP_ALGO := { rr | drr | random | wrandom } 
NHFLAGS := [ onlink | pervasive ] 
RTPROTO := [ kernel | boot | static | NUMBER ] 
TIME := NUMBER[s|ms] 

ip route add 192.168.1.111/32 dev eth12 table ippool1添加到指定接口的主机路由

ip route add 192.168.2.0/24 dev eth12 table ippool1添加到指定接口的网络路由

ip route add 192.168.3.6/32 via 192.168.3.100 dev ath3.0 table ippool1添加到指定网关和接口的主机路由

ip route add 0.0.0.0 dev ath3.0 table ippool1 添加该路由表的默认路由

c) 添加路由表的使用策略（使用ip rule）

Usage: ip rule [ list | add | del | flush ] SELECTOR ACTION 
SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ] 
[ iif STRING ] [ oif STRING ] [ pref NUMBER ] 
ACTION := [ table TABLE_ID ] 
[ prohibit | reject | unreachable ] 
[ realms [SRCREALM/]DSTREALM ] 
[ goto NUMBER ] 
TABLE_ID := [ local | main | default | NUMBER ] 

ip rule add from 192.168.1.0/24 table ippool1

ip rule add from 192.168.3.110/32 table ippool1

ip rule add to192.168.3.200/32 table ippool1

ip rule add fwmark 0x10 table ippool1

ip rule add iif eth1 table ippool1

完成配置工作。

linux网络路由配置：http://www.linuxdiyf.com/linux/14205.html

RHEL5.7下的静态路由配置：http://www.linuxdiyf.com/linux/5469.html

CentOS下双网卡单网关路由配置：http://www.linuxdiyf.com/linux/12001.html

在Linux操作系统下修改IP、DNS和路由配置：http://www.linuxdiyf.com/linux/242.html