在多线路接入的情况下,在CentOS7以前的版本中,如CentOS6/5等,可采用rule-IFDEV、route-IFDEV、static-routes等文件写入配置。但在CentOS7.x中,这些办法不好使了,主要原因是CentOS7.x中全面采用NetworkManager来管理网络。
因此,若需要实现在CentOS6/5中的相应功能,需要另寻办法。如下面的办法是在/etc/NetworkManager/dispatcher.d/添加一个脚本来实现。
例如:
# echo "100 isp1" >> /etc/iproute2/rt_tables
# echo "101 isp2" >> /etc/iproute2/rt_tables
# echo "102 isp3" >> /etc/iproute2/rt_tables
# touch /etc/NetworkManager/dispatcher.d/99-pbr.sh
# chmod 755 /etc/NetworkManager/dispatcher.d/99-pbr.sh
# vi /etc/NetworkManager/dispatcher.d/99-pbr.sh
----------------------------------------------------
#!/bin/sh
export LC_ALL=C
#policy rule and route on ens32(LAN) interface
unset iproute_method
if [ "$1" = "ens32" ] ; then
if [ "$2" = "up" ] ; then
iproute_method="add"
fi
if [ "$2" = "down" ] ; then
iproute_method="del"
fi
#add ip rule and ip route
# add route to main table, use "ip route show table main" to view route
/sbin/ip route $iproute_method 10.0.0.0/8 via 10.1.64.17 2>/dev/null
/sbin/ip route $iproute_method 172.16.0.0/12 via 10.1.64.17 2>/dev/null
/sbin/ip route $iproute_method 192.168.0.0/16 via 10.1.64.17 2>/dev/null
# add route to isp1 table, use "ip route show table isp1" to view route
/sbin/ip route $iproute_method 10.0.0.0/8 via 10.1.64.17 table isp1 2>/dev/null
/sbin/ip route $iproute_method 172.16.0.0/12 via 10.1.64.17 table isp1 2>/dev/null
/sbin/ip route $iproute_method 192.168.0.0/16 via 10.1.64.17 table isp1 2>/dev/null
# add route to isp2 table, use "ip route show table isp3" to view route
/sbin/ip route $iproute_method 10.0.0.0/8 via 10.1.64.17 table isp2 2>/dev/null
/sbin/ip route $iproute_method 172.16.0.0/12 via 10.1.64.17 table isp2 2>/dev/null
/sbin/ip route $iproute_method 192.168.0.0/16 via 10.1.64.17 table isp2 2>/dev/null
# add route to isp3 table, use "ip route show table isp3" to view route
/sbin/ip route $iproute_method 10.0.0.0/8 via 10.1.64.17 table isp3 2>/dev/null
/sbin/ip route $iproute_method 172.16.0.0/12 via 10.1.64.17 table isp3 2>/dev/null
/sbin/ip route $iproute_method 192.168.0.0/16 via 10.1.64.17 table isp3 2>/dev/null
fi
#policy rule and route on ens34(WAN-isp1) interface
unset iproute_method
if [ "$1" = "ens34" ] ; then
if [ "$2" = "up" ] ; then
iproute_method="add"
fi
if [ "$2" = "down" ] ; then
iproute_method="del"
fi
#add ip rule adn ip route
/sbin/ip rule $iproute_method from 6.6.6.0/27 table isp1 2>/dev/null
/sbin/ip route $iproute_method default via 6.6.6.1 table isp1 2>/dev/null
/sbin/ip rule $iproute_method fwmark 11 table isp1 2>/dev/null
/sbin/ip rule $iproute_method fwmark 12 table isp1 2>/dev/null
/sbin/ip rule $iproute_method fwmark 13 table isp1 2>/dev/null
fi
#policy rule and route on ens35(WAN-isp2) interface
unset iproute_method
if [ "$1" = "ens35" ] ; then
if [ "$2" = "up" ] ; then
iproute_method="add"
fi
if [ "$2" = "down" ] ; then
iproute_method="del"
fi
#add ip rule adn ip route
/sbin/ip rule $iproute_method from 7.7.7.0/27 table isp2 2>/dev/null
/sbin/ip route $iproute_method default via 7.7.7.1 table isp2 2>/dev/null
/sbin/ip rule $iproute_method fwmark 21 table isp2 2>/dev/null
/sbin/ip rule $iproute_method fwmark 22 table isp2 2>/dev/null
/sbin/ip rule $iproute_method fwmark 23 table isp2 2>/dev/null
fi
#policy rule and route on ens36(WAN-isp3) interface
unset iproute_method
if [ "$1" = "ens36" ] ; then
if [ "$2" = "up" ] ; then
iproute_method="add"
fi
if [ "$2" = "down" ] ; then
iproute_method="del"
fi
#add ip rule adn ip route
/sbin/ip rule $iproute_method from 8.8.8.0/27 table isp3 2>/dev/null
/sbin/ip route $iproute_method default via 8.8.8.1 table isp3 2>/dev/null
/sbin/ip rule $iproute_method fwmark 31 table isp3 2>/dev/null
/sbin/ip rule $iproute_method fwmark 32 table isp3 2>/dev/null
/sbin/ip rule $iproute_method fwmark 33 table isp3 2>/dev/null
# folllow host traffic through ens36 interface only.
#/sbin/ip rule $iproute_method from 10.1.59.133 table isp3 2>/dev/null
fi
#add default route
if [ "$2" = "up" ] ; then
/sbin/ip route add default nexthop via 6.6.6.1 nexthop via 7.7.7.1 nexthop via 8.8.8.1 2>/dev/null
fi
exit 0