找回密码
 加入我们
搜索
      
查看: 32409|回复: 80

[网络] 来问下ROS的OSPF分流如何标记旁路由的流量

[复制链接]
发表于 2022-8-18 00:21 | 显示全部楼层
本帖最后由 Ryo_ 于 2022-8-18 00:26 编辑

博客最近没更新,其实已经换成BGP来做了,不过区别不大,而且ospf收敛速度还更快
我用BGP主要是不用和组播那些麻烦的东西打交道,防火墙规则可以简单一些(ospf的点对点模式应该也差不多)
现在这个配法没有mangle,也就是可以享受完整的硬件加速

bridge lan删掉ether5,这个口单独连跑BGP(或者ospf)的第二个路由,然后给划上网段配上ip,做通/隔离靠路由
QQ截图20220818001431.png
PIZ{FP5DNLK(9]{~Y(QD0]4.png
QQ截图20220817235738.png
QQ截图20220818000013.png
bird的配置和博客里的区别只有换成BGP,原来的ospf去掉,如果嫌BGP收敛慢可以自己调整超时之类的小参

  1. protocol bgp {
  2.         local as 65531;
  3.         neighbor 192.168.255.1 as 65530;
  4.         source address 192.168.255.254;
  5.         ipv4 {
  6.                 import none;
  7.                 export all;
  8.         };
  9. }
复制代码

去掉了smartdns,直接用clash来跑,然后在线检查的脚本稍微调整了一下,带有重试次数和停止icmp响应(用于触发ros在线检查切换dns的那个脚本)

  1. #!/usr/bin/bash
  2. COUNT=0
  3. MAX_COUNT=3
  4. while [ $COUNT -lt $MAX_COUNT ]
  5. do
  6.         SER=0
  7.         NET=0
  8.         if [ $(curl --connect-timeout 5 --interface utun -w "%{http_code}" -s https://www.google.com/generate_204) -eq 204 ];then
  9.                 NET=1
  10.         fi
  11.         if /etc/init.d/bird status|grep Active|grep -q running;then
  12.                 SER=1
  13.         fi
  14.         if [ $NET -eq 1 ] && [ $SER -eq 0 ];then
  15.                 /etc/init.d/bird start
  16.                 echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
  17.                 exit 0
  18.         fi
  19.         if [ $NET -eq 0 ] && [ $SER -eq 1 ];then
  20.                 let COUNT+=1
  21.                 if [ $COUNT -eq $MAX_COUNT ];then
  22.                         /etc/init.d/bird stop
  23.                         echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
  24.                 fi
  25.                 continue
  26.         fi
  27.         exit 0
  28. done
复制代码

clash用这个配置,订阅里的url改成你自己的,利用PROCESS-NAME走直连,需要clash的premium版本
启动之后用yacd之类的接进去确认下global是不是direct,然后在proxy组里选你要的节点

  1. dns:
  2.   enable: true
  3.   ipv6: false
  4.   listen: 0.0.0.0:53
  5.   enhanced-mode: redir-host
  6.   use-hosts: true
  7.   default-nameserver:
  8.     - 119.29.29.29
  9.     - 223.5.5.5
  10.   nameserver:
  11.     - 119.29.29.29
  12.     - 223.5.5.5
  13.   fallback:
  14.     - https://dns.google/dns-query
  15.     - https://cloudflare-dns.com/dns-query
  16.     - https://1.1.1.1/dns-query
  17.     - https://8.8.8.8/dns-query
  18.     - https://8.8.4.4/dns-query
  19.   fallback-filter:
  20.     geoip: true
  21.     ipcidr:
  22.       - 240.0.0.0/4
  23. tun:
  24.     enable: true
  25.     stack: system
  26.     auto-detect-interface: true
  27. port: 7890
  28. socks-port: 7891
  29. redir-port: 7893
  30. allow-lan: true
  31. mode: Rule
  32. log-level: silent
  33. external-controller: '0.0.0.0:8080'

  34. proxy-groups:
  35.   - name: PROXY
  36.     type: select
  37.     proxies:
  38.       - subscribe

  39. proxy-providers:
  40.   subscribe:
  41.     type: http
  42.     url: [clash订阅链接]
  43.     interval: 86400
  44.     path: ./proxy/subscribe.yaml
  45.     health-check:
  46.       enable: false
  47.       interval: 600
  48.       # lazy: true
  49.       url: http://www.gstatic.com/generate_204

  50. rule-providers:
  51.   icloud:
  52.     type: http
  53.     behavior: domain
  54.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
  55.     path: ./ruleset/icloud.yaml
  56.     interval: 86400

  57.   apple:
  58.     type: http
  59.     behavior: domain
  60.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
  61.     path: ./ruleset/apple.yaml
  62.     interval: 86400

  63.   google:
  64.     type: http
  65.     behavior: domain
  66.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
  67.     path: ./ruleset/google.yaml
  68.     interval: 86400

  69.   proxy:
  70.     type: http
  71.     behavior: domain
  72.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
  73.     path: ./ruleset/proxy.yaml
  74.     interval: 86400

  75.   direct:
  76.     type: http
  77.     behavior: domain
  78.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
  79.     path: ./ruleset/direct.yaml
  80.     interval: 86400

  81.   private:
  82.     type: http
  83.     behavior: domain
  84.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
  85.     path: ./ruleset/private.yaml
  86.     interval: 86400

  87.   telegramcidr:
  88.     type: http
  89.     behavior: ipcidr
  90.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
  91.     path: ./ruleset/telegramcidr.yaml
  92.     interval: 86400

  93.   cncidr:
  94.     type: http
  95.     behavior: ipcidr
  96.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
  97.     path: ./ruleset/cncidr.yaml
  98.     interval: 86400

  99.   lancidr:
  100.     type: http
  101.     behavior: ipcidr
  102.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
  103.     path: ./ruleset/lancidr.yaml
  104.     interval: 86400

  105.   applications:
  106.     type: http
  107.     behavior: classical
  108.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
  109.     path: ./ruleset/applications.yaml
  110.     interval: 86400

  111. rules:
  112.   - PROCESS-NAME,clash,DIRECT
  113.   - RULE-SET,applications,DIRECT
  114.   - RULE-SET,private,DIRECT
  115.   - RULE-SET,icloud,DIRECT
  116.   - RULE-SET,apple,DIRECT
  117.   - RULE-SET,google,DIRECT
  118.   - RULE-SET,proxy,PROXY
  119.   - RULE-SET,direct,DIRECT
  120.   - RULE-SET,lancidr,DIRECT
  121.   - RULE-SET,cncidr,DIRECT
  122.   - RULE-SET,telegramcidr,PROXY
  123.   - GEOIP,LAN,DIRECT
  124.   - GEOIP,CN,DIRECT
  125.   - MATCH,PROXY
复制代码
您需要登录后才可以回帖 登录 | 加入我们

本版积分规则

Archiver|手机版|小黑屋|Chiphell ( 沪ICP备12027953号-5 )沪公网备310112100042806 上海市互联网违法与不良信息举报中心

GMT+8, 2025-6-11 17:28 , Processed in 0.009735 second(s), 7 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2007-2024 Chiphell.com All rights reserved.

快速回复 返回顶部 返回列表