1、PCC的負載均衡<互聯網共享 人人為我 我為人人>這是ros最基本最重要的應用，網絡上很多教程都比較籠統,新手基本看不懂!此教程,詳細圖文+腳本, 新手老手都可以借鑒.通分組源地址和源端口實現負載平衡，這里我們建立2個WAN出口分別是wan1和wan2，內網接口是lan1 網絡環境如下：  · ISP1地址10.200.15.99/24，網關：10.200.15.1； · ISP2地址10.200.100.99/24，網關：10.200.100.2； · 內網IP地址192.168.100.1/24； · 啟用DNS緩存功

2、能，用192.168.100.1作內網DNS解析； 基本配置首先進入ip address配置IP地址：    Mangle標記配置接下來我們進入ip firewall mangle標記連接和路由，我們使用per-connection-classifier雙向地址進行分類做連接分類標記。首先我們需要將進入路由的的鏈接進行標記如下圖，我們進入一條mangle規則，中的advanced標簽內容可以看到per-connection-classifier分類器，選擇both-addresses的分類：  然后選擇dst-address-type

3、=!local，即除了目標地址是本地以前的地址：  注：2條線的分類代碼定義是第一條線為2/0，第二條為2/1  同樣選擇一下地址類型：  下面命令是提取走第一條線路的連接標記取名位1st_conn，并從連接里提取路由標記名位1st_route，設置：per-connection-classifier=both-addresses:2/0, 設置in-interface=lan/ip firewall mangleadd action=mark-connection chain=prerouting comment="&qu

4、ot; disabled=no     in-interface=lan new-connection-mark=1st_conn passthrough=yes     per-connection-classifier=both-addresses:2/0add action=mark-routing chain=prerouting comment="" connection-mark=1st_conn     disabled=no in-interface=lan new-r

5、outing-mark=1st_route passthrough=yes提取走第二條線路的連接標記取名位2nd_conn，并從連接里提取路由標記名位2nd_route，設置：per-connection-classifier=both-addresses:2/1，設置in-interface=lan: /ip firewall mangleadd action=mark-connection chain=prerouting comment="" disabled=no     in-interface=lan new-connection-

6、mark=2nd_conn passthrough=yes     per-connection-classifier=both-addresses:2/1add action=mark-routing chain=prerouting comment="" connection-mark=2nd_conn     disabled=no in-interface=lan new-routing-mark=2nd_route passthrough=yes在winbox在mangle中設置完成后如下： &

7、#160;回程路由設置我們需要將從那個口進入就從相應的口回去，即保證每個外網口的數據能得到正確的路由/ip firewall mangleadd chain=input in-interface=wan1 action=mark-connection new-connection-mark=1st_connadd chain=input in-interface=wan2 action=mark-connection new-connection-mark=2nd_connwinbox設置  標記完進入接口的鏈接后，將這些鏈接指定到相應的路由標記上： add chain=o

8、utput connection-mark=1st_conn action=mark-routing new-routing-mark=1st_routeadd chain=output connection-mark=2nd_conn action=mark-routing new-routing-mark=2nd_routewinbox設置  路由配置配置完標記后路由后，我們進入ip route配置路由，首先設置負載均衡的標記路由，首先設置第一條線路的路由標記，設置routing-mark=1st_route：  設置第二條線路的路由標記，設置rou

9、ting-mark=2nd_route：  配置默認網關和備份網關，默認網關的distance設置為1，并設置check-gateway=ping，通過ping監測網關狀態:  備份網關的distance設置為2，并設置check-gateway=ping，通過ping監測網關狀態:   配置完成后的路由標如下圖：  配置nat最后配置nat轉換規則，進入ip firewall nat中配置action=masquerade，分別對2條線路做偽裝：/ip firewall natadd action=masquer

10、ade chain=srcnat out-interface=wan1add action=masquerade chain=srcnat out-interface=wan2 命令代碼如下：# 添加ADSL1的pppoe-out帳戶密碼并取取消自動添加網關及DNS/interface pppoe-client add name="pppoe-out1" interface="wan1" user="adsl1name" password="adsl1pass" add-default-route=no

11、disabled=no/interface pppoe-client add name="pppoe-out2" interface="wan2" user="adsl2name" password="adsl2pass" add-default-route=no disabled=no# 激活pppoe-out撥號/interface pppoe-client enable pppoe-out1/interface pppoe-client enable pppoe-out2# 添加本地連接配置/ip addre

12、ss add address=192.168.1.254/255.255.255.0 interface=lan1 comment="LAN1"# 設置DNS緩存/ip dns set primary-dns="202.103.224.68" secondary-dns="202.103.225.68" allow-remote-requests=yes# 設置MSS值為1440/ip firewall mangle add action="change-mss" chain="forward"

13、 comment="change-mss" disabled=no new-mss="1440" protocol="tcp" tcp-flags="syn"# 設置input/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out1" new-connection-mark=

14、"pppoe-out1_conn" passthrough=yes/ip firewall mangle add action="mark-connection" chain="input" comment="" disabled=no in-interface="pppoe-out2" new-connection-mark="pppoe-out2_conn" passthrough=yes# 設置output/ip firewall mangle add action=&

15、quot;mark-routing" chain="output" comment="" connection-mark="pppoe-out1_conn" disabled=no new-routing-mark="to_pppoe-out1" passthrough=yes/ip firewall mangle add action="mark-routing" chain="output" comment="" connection-mar

16、k="pppoe-out2_conn" disabled=no new-routing-mark="to_pppoe-out2" passthrough=yes# PCC設置/ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!local" in-interface="lan1" new-co

17、nnection-mark="pppoe-out1_conn" passthrough=yes per-connection-classifier="both-addresses:2/0" src-address="192.168.1.0/24" /ip firewall mangle add action="mark-connection" chain="prerouting" comment="" disabled=no dst-address-type="!l

18、ocal" in-interface="lan1" new-connection-mark="pppoe-out2_conn" passthrough=yes per-connection-classifier="both-addresses:2/1" src-address="192.168.1.0/24"/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connec

19、tion-mark="pppoe-out1_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out1" passthrough=yes src-address="192.168.1.0/24"/ip firewall mangle add action="mark-routing" chain=prerouting comment="" connection-mark="pppoe-o

20、ut2_conn" disabled=no in-interface="lan1" new-routing-mark="to_pppoe-out2" passthrough=yes src-address="192.168.1.0/24"/ip route add comment=1 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out1" routing-mark="to_pppoe-out1" check-gateway="ping" /ip route add comment=2 disabled=no distance=1 dst-address="0.0.0.0/0" gateway="pppoe-out2" routing-mark="to_pppoe-out2" check-gat