RouterOS 快速生成PCC策略脚本
PCC概念
PCC 全称 per connection classifier ,是 RouterOS 从 v3.24 版本后提供的功能,允许你将流量按照:源地址,源端口,目的地址,目的端口等规则进行分流,从而实现网络负载均衡功能。大概原理是查看 IP 包头 通过特定 Hash 算法进行比较并根据设置的规则捕获数据包。
通过 PCC负载,可避免出现多个网关的问题,通过 RouterOS 强大的数据包标记功能 (IP/Firewall/Mangle) ,可以将流量自动分流为多组并创建动态路由表。
作为一个懒人重症者,只能写一简单粗暴的生成脚本去应付(水平有限)。
- ros-pcc-rule.sh
#!/usr/bin/env bash
# filename: ros-pcc-rule.sh
lan_network=192.168.200.0/24
wan_int_lists=(
pppoe-out1
pppoe-out2
pppoe-out3
)
num=0
wlan_count=${#wan_int_lists[@]}
echo -en "/ip firewall address-list\n add list=lan-network address=$lan_network\n"
echo -en "/ip firewall mangle\n"
# 标记公网流量
for wan in ${wan_int_lists[@]}
do
echo " add chain=prerouting comment=pcc-rule-$wan connection-mark=no-mark dst-address-type=!local action=mark-connection per-connection-classifier=both-addresses:${wlan_count}/${num} src-address-list=lan-network new-connection-mark=${wan}_conn"
echo " add chain=prerouting connection-mark=no-mark action=mark-connection in-interface=${wan} new-connection-mark=${wan}_conn"
echo " add chain=output action=mark-routing connection-mark=${wan}_conn new-routing-mark=to_${wan}"
echo " add chain=prerouting action=mark-routing src-address-list=lan-network connection-mark=${wan}_conn new-routing-mark=to_${wan}"
((num ++))
done
# 为出口创建规则创建路由表
echo -en '\n/ip route\n'
for wan in ${wan_int_lists[@]}
do
echo " add dst-address=0.0.0.0/0 gateway=${wan} distance=1 routing-mark=to_${wan} check-gateway=ping"
done
# SNAT规则
echo -en '\n/ip firewall nat\n'
for wan in ${wan_int_lists[@]}
do
echo " add chain=srcnat out-interface=$wan action=masquerade"
done
以上范例生成脚本如下:
/ip firewall address-list
add list=lan-network address=192.168.200.0/24
/ip firewall mangle
add chain=prerouting comment=pcc-rule-pppoe-out1 connection-mark=no-mark dst-address-type=!local action=mark-connection per-connection-classifier=both-addresses:3/0 src-address-list=lan-network new-connection-mark=pppoe-out1_conn
add chain=prerouting connection-mark=no-mark action=mark-connection in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn
add chain=output action=mark-routing connection-mark=pppoe-out1_conn new-routing-mark=to_pppoe-out1
add chain=prerouting action=mark-routing src-address-list=lan-network connection-mark=pppoe-out1_conn new-routing-mark=to_pppoe-out1
add chain=prerouting comment=pcc-rule-pppoe-out2 connection-mark=no-mark dst-address-type=!local action=mark-connection per-connection-classifier=both-addresses:3/1 src-address-list=lan-network new-connection-mark=pppoe-out2_conn
add chain=prerouting connection-mark=no-mark action=mark-connection in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn
add chain=output action=mark-routing connection-mark=pppoe-out2_conn new-routing-mark=to_pppoe-out2
add chain=prerouting action=mark-routing src-address-list=lan-network connection-mark=pppoe-out2_conn new-routing-mark=to_pppoe-out2
add chain=prerouting comment=pcc-rule-pppoe-out3 connection-mark=no-mark dst-address-type=!local action=mark-connection per-connection-classifier=both-addresses:3/2 src-address-list=lan-network new-connection-mark=pppoe-out3_conn
add chain=prerouting connection-mark=no-mark action=mark-connection in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn
add chain=output action=mark-routing connection-mark=pppoe-out3_conn new-routing-mark=to_pppoe-out3
add chain=prerouting action=mark-routing src-address-list=lan-network connection-mark=pppoe-out3_conn new-routing-mark=to_pppoe-out3
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-out1 distance=1 routing-mark=to_pppoe-out1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out2 distance=1 routing-mark=to_pppoe-out2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-out3 distance=1 routing-mark=to_pppoe-out3 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=pppoe-out1 action=masquerade
add chain=srcnat out-interface=pppoe-out2 action=masquerade
add chain=srcnat out-interface=pppoe-out3 action=masquerade
适用于v6版本