基本设置:LAN、时区和 DNS 服务器。
set system time-zone Asia/Shanghai
set system name-server 180.76.76.76
set system name-server 114.114.114.114
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.101 stop 192.168.1.200
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 180.76.76.76
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 114.114.114.114创建 2 个 PPPoE 拨号接口,不要启用自动默认路由和不要自动获取 DNS 服务器。
set interfaces pseudo-ethernet peth0 link eth1
set interfaces pseudo-ethernet peth0 pppoe 0 user-id user1
set interfaces pseudo-ethernet peth0 pppoe 0 password pass1
set interfaces pseudo-ethernet peth0 pppoe 0 default-route none
set interfaces pseudo-ethernet peth0 pppoe 0 name-server none
set interfaces pseudo-ethernet peth1 link eth1
set interfaces pseudo-ethernet peth1 pppoe 1 user-id user2
set interfaces pseudo-ethernet peth1 pppoe 1 password pass2
set interfaces pseudo-ethernet peth1 pppoe 1 default-route none
set interfaces pseudo-ethernet peth1 pppoe 1 name-server none在 PPPoE 接口调整 TCP MSS 为 1452
set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1452在主路由表中添加 2 条默认接口路由,注意管理距离不一样。
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe0 distance 1
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe1 distance 2设置 2 个 PPPoE 接口的源地址 NAT 策略。
set service nat rule 5000 outbound-interface pppoe0
set service nat rule 5000 type masquerade
set service nat rule 5001 outbound-interface pppoe1
set service nat rule 5001 type masquerade创建负载均衡 load-balance 组,添加 2 个 PPPoE 接口。
set load-balance group G interface pppoe0
set load-balance group G interface pppoe1调整负载均衡 load-balance 组,一个源地址使用相同的 WAN 接口。
set load-balance group G sticky source-addr enable套用负载均衡 load-balance 组,让 LAN 到 LAN 套用在主路由表。
set firewall group network-group LAN network 192.168.1.0/24
set firewall modify M rule 10 destination group network-group LAN
set firewall modify M rule 10 action modify
set firewall modify M rule 10 modify table main
set firewall modify M rule 20 modify lb-group G
set firewall modify M rule 20 action modify
set interfaces ethernet eth0 firewall in modify M显示负载均衡 load-balance 组的状态。
ubnt@ubnt:~$ show load-balance status
Group G
interface : pppoe0
carrier : up
status : active
gateway : pppoe0
route table : 201
weight : 14%
flows
WAN Out : 420
WAN In : 0
Local Out : 61
interface : pppoe1
carrier : up
status : active
gateway : pppoe1
route table : 202
weight : 14%
flows
WAN Out : 81
WAN In : 0
Local Out : 9显示负载均衡 load-balance 组接口健康状况。
ubnt@ubnt:~$ show load-balance watchdog
Group G
pppoe0
status: Running
pings: 91
fails: 1
run fails: 0/3
route drops: 0
ping gateway: ping.ubnt.com - REACHABLE
pppoe1
status: Running
pings: 91
fails: 0
run fails: 0/3
route drops: 0
ping gateway: ping.ubnt.com - REACHABLE下图共 2 个 4 Mbps PPPoE 接口。
