1、服务器配置策略路由【哪个网卡过来的请求,从哪个网口出】:
#定义路由表名称
vi /etc/iproute2/rt_tables
10 TEL
11 CNC
12 NeiWang
#清理路由表
ip route flush table CNC
ip route flush table TEL
ip route flush table NeiWang
#配置路由表走的路由
ip route add 10.0.0.0/8 via 125.39.170.1 table CNC
ip route add default via 172.17.11.10 table CNC
ip route add 10.0.0.0/8 via 44.224.215.217 table TEL
ip route add default via 172.17.11.2 table TEL
ip route add 10.0.0.0/8 via 10.10.10.10 table NeiWang
#配置进入路由表的策略
ip rule add from 125.39.170.0/29 table CNC
ip rule add from 44.224.215.216/29 table TEL
ip rule add from 10.10.10.0/24 table NeiWang
2、锐捷配置策略路由
//定义acl:
ip access-list extended 100
10 permit tcp any any eq www
ip access-list extended For_Pbr_10.10.0.235
10 permit tcp any 172.17.3.0 0.0.0.255
//定义动作
route-map AP-PBR-to-cache permit 11
match ip address 100
set ip next-hop 10.10.0.235
route-map Back-To-AP-PBR-to-Cache permit 12
match ip address For_Pbr_10.10.0.235
set ip next-hop 10.10.0.235
//策略应用:
interface GigabitEthernet 0/7
ip policy route-map AP-PBR-to-cache
interface GigabitEthernet 0/37
ip policy route-map Back-To-AP-PBR-to-Cache
3、juniper EX3300配置策略路由
set routing-instances sinopbr instance-type forwarding routing-options static route 0.0.0.0/0 next-hop 10.10.100.53
set routing-options rib-groups FBF-group import-rib [inet.0 sinopbr.inet.0]
set routing-options interface-routes rib-group FBF-group
set routing-options rib-groups FBF-group import-rib [inet.0 sinopbr.inet.0]
set routing-options interface-routes rib-group FBF-group
set firewall family inet filter FBF term source1 from destination-port http
set firewall family inet filter FBF term source1 then routing-instance sinopbr
set firewall family inet filter FBF term default then accept
set firewall family inet filter FBF term source1 then routing-instance sinopbr
set firewall family inet filter FBF term default then accept
set interfaces ge-0/0/45 unit 0 family inet filter input FBF
指定来源不同的ip地址走不同的下一跳:
set routing-instances DCNC instance-type forwarding routing-options static route 0.0.0.0/0 next-hop 172.17.11.6
set routing-options rib-groups DCNC-group import-rib [inet.0 DCNC.inet.0]
set routing-options interface-routes rib-group DCNC-group
set firewall family inet filter SCNC term SourceLianTong from source-address 118.186.223.216/29
set firewall family inet filter SCNC term SourceLianTong then routing-instance DCNC
set firewall family inet filter SCNC term default then accept
set interfaces ae1 unit 0 family inet filter input SCNC
set interfaces ge-0/0/24 unit 0 family inet filter input SCNC