Linux高级（策略）路由使用方法

1、Linux 高级路由功能需要如下支持：

a) Kernel space：配置CONFIG_IP_ADVANCED_ROUTER

配置路径：在linux内核中运行make menuconfig，按照路径Networking support  ---> Networking options  --->TCP/IP networking-->IP: advanced router，

选中IP: advanced router，并使用配置“Choose IP: FIB lookup algorithm (choose FIB_HASH if unsure) (FIB_HASH)”。

b) User space：使用iproute2package

该包提供如下shell配置命令：ip rule, ip route, ip addr等，使用方法如下：

Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
       ip [ -force ] -batch filename
where  OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |
                   tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |
                   netns | l2tp }
       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
                    -f[amily] { inet | inet6 | ipx | dnet | link } |
                    -l[oops] { maximum-addr-flush-attempts } |
                    -o[neline] | -t[imestamp] | -b[atch] [filename] |
                    -rc[vbuf] [size]}

2、配置策略路由

a)  在配置文件：/etc/iproute2/rt_tables中添加编号为102和103的路由表，分别命名为ippool1和ippool2。（名字可自定义）

## reserved values#255     local254     main253     default102     ippool1103     ippool20       unspec## local##1      inr.ruhep

b) 向自定义路由表中添加规则（使用ip route）

Usage: ip route { list | flush } SELECTOR       ip route save SELECTOR       ip route restore       ip route get ADDRESS [ from ADDRESS iif STRING ]                            [ oif STRING ]  [ tos TOS ]                            [ mark NUMBER ]       ip route { add | del | change | append | replace } ROUTESELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]            [ table TABLE_ID ] [ proto RTPROTO ]            [ type TYPE ] [ scope SCOPE ]ROUTE := NODE_SPEC [ INFO_SPEC ]NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]             [ table TABLE_ID ] [ proto RTPROTO ]             [ scope SCOPE ] [ metric METRIC ]INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGSOPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ]           [ rtt TIME ] [ rttvar TIME ] [reordering NUMBER ]           [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]           [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]           [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]TYPE := [ unicast | local | broadcast | multicast | throw |          unreachable | prohibit | blackhole | nat ]TABLE_ID := [ local | main | default | all | NUMBER ]SCOPE := [ host | link | global | NUMBER ]MP_ALGO := { rr | drr | random | wrandom }NHFLAGS := [ onlink | pervasive ]RTPROTO := [ kernel | boot | static | NUMBER ]TIME := NUMBER[s|ms]

ip route add 192.168.1.111/32 dev eth12 table ippool1添加到指定接口的主机路由

ip route add 192.168.2.0/24 dev eth12 table ippool1添加到指定接口的网络路由

ip route add 192.168.3.6/32 via 192.168.3.100 dev ath3.0 table ippool1添加到指定网关和接口的主机路由

ip route add 0.0.0.0 dev ath3.0 table ippool1 添加该路由表的默认路由

c) 添加路由表的使用策略（使用ip rule）

Usage: ip rule [ list | add | del | flush ] SELECTOR ACTIONSELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]            [ iif STRING ] [ oif STRING ] [ pref NUMBER ]ACTION := [ table TABLE_ID ]          [ prohibit | reject | unreachable ]          [ realms [SRCREALM/]DSTREALM ]          [ goto NUMBER ]TABLE_ID := [ local | main | default | NUMBER ]

ip rule add from 192.168.1.0/24 table ippool1

ip rule add from 192.168.3.110/32 table ippool1

ip rule add to192.168.3.200/32 table ippool1

ip rule add fwmark 0x10 table ippool1

ip rule add iif eth1 table ippool1

完成配置工作。