不同带宽负载,Passthrough应该是yes还是no啊
四条线路:10M 10M 10M 5M用nth负载,前面三条nth设置为七分之三(every=7,packet=2),最后一条设置七分之一(every=7,packet=1)
那么mark-connection里的Passthrough是yes还是no啊,mark-routing里的Passthrough是yes还是no啊
我现在是这么设的,对吗
chain=prerouting action=mark-connection new-connection-mark=line1 passthrough=yesconnection-state=new src-address-list=balancing dst-address-list=!inside nth=7,2
chain=prerouting action=mark-routing new-routing-mark=gw1 passthrough=nosrc-address-list=balancing dst-address-list=!inside connection-mark=line1
.......
chain=prerouting action=mark-connection new-connection-mark=line4 passthrough=yesconnection-state=new src-address-list=balancing dst-address-list=!inside nth=7,1
chain=prerouting action=mark-routing new-routing-mark=gw4 passthrough=nosrc-address-list=balancing dst-address-list=!inside connection-mark=line4 Passthrough=yes这种是不是先对比所有的包,然后按百分比跳出?
Passthrough=no这种是不是先跳出一个百分比,剩下的当做1传给下一条,下一条挑出剩下的百分比? ...
据我所知,Passthrough是 “匹配当前规则后是否继续匹配下一条规则” 的意思。。 那下面的这两种配发怎么理解啊
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=AAA nth=3,1 passthrough=no;
add action=mark-connection chain=prerouting new-connection-mark=BBB nth=2,1 passthrough=no;
add action=mark-connection chain=prerouting new-connection-mark=CCC ;
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=AAA nth=3,1 passthrough=yes;
add action=mark-connection chain=prerouting new-connection-mark=BBB nth=3,2 passthrough=yes;
add action=mark-connection chain=prerouting new-connection-mark=CCC nth=3,3 passthrough=yes; 一个是先分,一个是集体分 前面的是一次性分,后面的应该是123123123这样分,理解能力有限 那四条线路 10M 10M 10M 5M该怎么设呢
ros的客服说是nth不能按不等带宽来均衡,是这样吗 本帖最后由 小狼 于 2009-12-1 19:09 编辑
这是官方给的2种标记连接的方法,其实你应该仔细看这段:If passthrough is not set then packets will be marked as follows:
first rule nth=2,1 rule will match every first packet of 2, hence, 50% of all the traffic that is matched by the rules
second rule if passthrough=no will match ONLY 25% of traffic because in 3.0 you need only one rule to catch traffic not like 2.9
首先,mangle链表为空,passthrough不设置,即为passthrough=yes,数据将按如下规则匹配:
第一条规则,nth=2,1,也就是说匹配50%的经过数据,
第二条规则,如果上一条的passthrough=no,哪么这条规则将只匹配25%的数据包,这是3.0和2.9的不同之处。
为什么呢,举个例子。
现有如下数据流:ABCDEFGHIJKLMNOPQRSTUVWXYZ,序号1~26。
那么根据第一个规则(nth=2,1),数据流将分段进入规则一(或说被规则一看到),AB,CD,EF,GH……,规则一会匹配这段数据流的50%,就是A,C,E,G……;然后检查passthrough=yes/no,当yes时,向下匹配的数据依然是完整的队列ABCDEFGH……;当no时,数据则变成了BDFH……
现在回头看看你的例子,还以“A~Z”这个数据流为例:
first rule sees all packets and matches 1/3 of all, second rule sees 2/3 of packets and matches 1/2, third rule sees and matches all packets that passed through first two rules ( 1/3 of all packets ).
第一条规则将看到所有数据包并匹配1/3,看到的数据流应该是这种分段:ABC,DEF,GHI,JKL……,这条规则负责匹配A,D,G,J;passthrough=no,剩下的部分不予匹配,哪么剩下的部分应该是BCEFHIKL……
第二条,注意every改变了,every=2,就时说每间隔2个检查一次(即剩下2/3中的1/2,也就是整个数据流的1/3),分段变成BC,EF,HI,KL……,passthrough依然=no,剩下的数据为CFIL……
第三条,没什么说的了,无条件匹配……
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=2,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=CCC ;
all rules can see all packets and each rule matches every 3-rd packet.
下面看这种情况passthrough=yes:
依然是数据流“A~Z”
第一句将看见如下分段的数据ABC,DEF,GHI,JKL……,并匹配(nth=3,1),A,D,G,J……,因为passthrough=yes,数据将继续向下匹配,数据仍然为完整的ABCDEFGHIJKL……
第二条规则,将看到同上一条的数据ABC,DEF,GHI,JKL……,并匹配其中的(nth=3,2)B,E,H,K……,结果同上
第三条规则,依然看到ABC,DEF,GHI,JKL……,并匹配(nth=3,3)C,F,I,L……
/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=yes;
====================================================================
下面把上面的例子反过来看看,即把passthrough=yes/no对换,看看结果如何。/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=2,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=CCC ;第一条规则依然可以看到全部数据流,根据every=3,分成如下段:ABC,DEF,GHI,JKL……
那么第一条规则将匹配出A,D,G,J……然后passthrough=yes,全部数据继续向下匹配;
第二条规则还是看到如规则一的全部数据,根据every=2,分成如下段:AB,CD,EF,GH,JK,LM……,根据规则将匹配,A,C,E,G,J,L……,根据passthrough=yes,全部数据继续向下匹配;
第三条,无条件匹配全部数据……
可见,完全背离本意。
=========================================================/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=no;
add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=no;
第一条,会看见全部数据,根据every=3进行分段,ABC,DEF,GHI,JKL……然后匹配(nth=3,1)A,D,G,J……根据passthrough=no,已经匹配的数据不再向下匹配;
第二条,会看见除第一条匹配以外的数据,根据every=3再分段,BCE,FHI,KLN……然后匹配(nth=3,2)C,H,L……,结果同上;
第三条,会看见除已经匹配上一条的数据,根据every=3再分段,结果同上。
这样会丢失很多数据……
====================================================
至于你说的问题,我能想到的就是用random做,让带宽大的获得更高的random,passthrough=no,然后一定要在最后放上一条random=100%的兜底,呵呵。
如果执意要用nth,也不是不可能,例如线路A带宽=100M,线路Bdaikuan=50M/ip firewall mangle
add action=mark-packet chain=prerouting new-packet-mark=线路A nth=3,1 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=线路A nth=3,2 passthrough=yes;
add action=mark-packet chain=prerouting new-packet-mark=线路B nth=3,3 passthrough=yes;
这样就会有2/3的数据走线路A,1/3的数据走线路B。 本帖最后由 WGHBOY 于 2009-12-1 19:25 编辑
你可以5m放第一,设置7,13,12,1 后面一条走剩余数据:lol,同等倍数的好搞些 感谢各位,好好学习下 这样做,基于连接的和基于数据包的一样效果吗?基于数据包感觉很多东西会掉线吧,基于连接感觉又不能很好的均衡吧 各有所爱 本帖最后由 ogion 于 2009-12-2 14:05 编辑
我按照下面的做了一下,感觉不成功,只有一条线有流量,大侠们在帮我看看啊
6 ;;; line1
chain=prerouting action=mark-connection new-connection-mark=line1 passthrough=yes connection-state=new src-address-list=balancing dst-address-list=!inside nth=7,1
7 ;;; line1
chain=prerouting action=mark-routing new-routing-mark=gw4 passthrough=no src-address-list=balancing dst-address-list=!inside connection-mark=line1
8 ;;; line2
chain=prerouting action=mark-connection new-connection-mark=line2 passthrough=yes connection-state=new src-address-list=balancing dst-address-list=!inside nth=3,1
9 ;;; line2
chain=prerouting action=mark-routing new-routing-mark=gw3 passthrough=no src-address-list=balancing dst-address-list=!inside connection-mark=line2
10 ;;; line3
chain=prerouting action=mark-connection new-connection-mark=line3 passthrough=yes connection-state=new src-address-list=balancing dst-address-list=!inside nth=2,1
11 ;;; line3
chain=prerouting action=mark-routing new-routing-mark=gw1 passthrough=no src-address-list=balancing dst-address-list=!inside connection-mark=line3
12 ;;; line4
chain=prerouting action=mark-connection new-connection-mark=line4 passthrough=yes connection-state=new src-address-list=balancing dst-address-list=!inside
13 ;;; line4
chain=prerouting action=mark-routing new-routing-mark=gw2 passthrough=no src-address-list=balancing dst-address-list=!inside connection-mark=line4 这样应该对的吧mark-connection传给mark-routing时为yes,下往下一条mark-connection传递时就需要no了,这样实现七分之一,再三分之一,再二分之一 看了下mark-routing的统计,都有数据,但是line2和line3差不多数值,但是line1比2和3要大将近一倍多