来问下ROS的OSPF分流如何标记旁路由的流量

Ryo_

博客最近没更新,其实已经换成BGP来做了,不过区别不大,而且ospf收敛速度还更快
我用BGP主要是不用和组播那些麻烦的东西打交道,防火墙规则可以简单一些(ospf的点对点模式应该也差不多)
现在这个配法没有mangle,也就是可以享受完整的硬件加速

bridge lan删掉ether5,这个口单独连跑BGP(或者ospf)的第二个路由,然后给划上网段配上ip,做通/隔离靠路由




bird的配置和博客里的区别只有换成BGP,原来的ospf去掉,如果嫌BGP收敛慢可以自己调整超时之类的小参

1. 
   
2. protocol bgp {
   
3.         local as 65531;
   
4.         neighbor 192.168.255.1 as 65530;
   
5.         source address 192.168.255.254;
   
6.         ipv4 {
   
7.                 import none;
   
8.                 export all;
   
9.         };
   
10. }
    

复制代码

去掉了smartdns,直接用clash来跑,然后在线检查的脚本稍微调整了一下,带有重试次数和停止icmp响应(用于触发ros在线检查切换dns的那个脚本)

1. 
   
2. #!/usr/bin/bash
   
3. COUNT=0
   
4. MAX_COUNT=3
   
5. while [ $COUNT -lt $MAX_COUNT ]
   
6. do
   
7.         SER=0
   
8.         NET=0
   
9.         if [ $(curl --connect-timeout 5 --interface utun -w "%{http_code}" -s https://www.google.com/generate_204) -eq 204 ];then
   
10.                 NET=1
    
11.         fi
    
12.         if /etc/init.d/bird status|grep Active|grep -q running;then
    
13.                 SER=1
    
14.         fi
    
15.         if [ $NET -eq 1 ] && [ $SER -eq 0 ];then
    
16.                 /etc/init.d/bird start
    
17.                 echo 0 >/proc/sys/net/ipv4/icmp_echo_ignore_all
    
18.                 exit 0
    
19.         fi
    
20.         if [ $NET -eq 0 ] && [ $SER -eq 1 ];then
    
21.                 let COUNT+=1
    
22.                 if [ $COUNT -eq $MAX_COUNT ];then
    
23.                         /etc/init.d/bird stop
    
24.                         echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
    
25.                 fi
    
26.                 continue
    
27.         fi
    
28.         exit 0
    
29. done
    

复制代码

clash用这个配置,订阅里的url改成你自己的,利用PROCESS-NAME走直连,需要clash的premium版本
启动之后用yacd之类的接进去确认下global是不是direct,然后在proxy组里选你要的节点

1. 
   
2. dns:
   
3.   enable: true
   
4.   ipv6: false
   
5.   listen: 0.0.0.0:53
   
6.   enhanced-mode: redir-host
   
7.   use-hosts: true
   
8.   default-nameserver:
   
9.     - 119.29.29.29
   
10.     - 223.5.5.5
    
11.   nameserver:
    
12.     - 119.29.29.29
    
13.     - 223.5.5.5
    
14.   fallback:
    
15.     - https://dns.google/dns-query
    
16.     - https://cloudflare-dns.com/dns-query
    
17.     - https://1.1.1.1/dns-query
    
18.     - https://8.8.8.8/dns-query
    
19.     - https://8.8.4.4/dns-query
    
20.   fallback-filter:
    
21.     geoip: true
    
22.     ipcidr:
    
23.       - 240.0.0.0/4
    
24. tun:
    
25.     enable: true
    
26.     stack: system
    
27.     auto-detect-interface: true
    
28. port: 7890
    
29. socks-port: 7891
    
30. redir-port: 7893
    
31. allow-lan: true
    
32. mode: Rule
    
33. log-level: silent
    
34. external-controller: '0.0.0.0:8080'
    
35. 
    
36. proxy-groups:
    
37.   - name: PROXY
    
38.     type: select
    
39.     proxies:
    
40.       - subscribe
    
41. 
    
42. proxy-providers:
    
43.   subscribe:
    
44.     type: http
    
45.     url: [clash订阅链接]
    
46.     interval: 86400
    
47.     path: ./proxy/subscribe.yaml
    
48.     health-check:
    
49.       enable: false
    
50.       interval: 600
    
51.       # lazy: true
    
52.       url: http://www.gstatic.com/generate_204
    
53. 
    
54. rule-providers:
    
55.   icloud:
    
56.     type: http
    
57.     behavior: domain
    
58.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    
59.     path: ./ruleset/icloud.yaml
    
60.     interval: 86400
    
61. 
    
62.   apple:
    
63.     type: http
    
64.     behavior: domain
    
65.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    
66.     path: ./ruleset/apple.yaml
    
67.     interval: 86400
    
68. 
    
69.   google:
    
70.     type: http
    
71.     behavior: domain
    
72.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
    
73.     path: ./ruleset/google.yaml
    
74.     interval: 86400
    
75. 
    
76.   proxy:
    
77.     type: http
    
78.     behavior: domain
    
79.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    
80.     path: ./ruleset/proxy.yaml
    
81.     interval: 86400
    
82. 
    
83.   direct:
    
84.     type: http
    
85.     behavior: domain
    
86.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    
87.     path: ./ruleset/direct.yaml
    
88.     interval: 86400
    
89. 
    
90.   private:
    
91.     type: http
    
92.     behavior: domain
    
93.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    
94.     path: ./ruleset/private.yaml
    
95.     interval: 86400
    
96. 
    
97.   telegramcidr:
    
98.     type: http
    
99.     behavior: ipcidr
    
100.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
     
101.     path: ./ruleset/telegramcidr.yaml
     
102.     interval: 86400
     
103. 
     
104.   cncidr:
     
105.     type: http
     
106.     behavior: ipcidr
     
107.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
     
108.     path: ./ruleset/cncidr.yaml
     
109.     interval: 86400
     
110. 
     
111.   lancidr:
     
112.     type: http
     
113.     behavior: ipcidr
     
114.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
     
115.     path: ./ruleset/lancidr.yaml
     
116.     interval: 86400
     
117. 
     
118.   applications:
     
119.     type: http
     
120.     behavior: classical
     
121.     url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
     
122.     path: ./ruleset/applications.yaml
     
123.     interval: 86400
     
124. 
     
125. rules:
     
126.   - PROCESS-NAME,clash,DIRECT
     
127.   - RULE-SET,applications,DIRECT
     
128.   - RULE-SET,private,DIRECT
     
129.   - RULE-SET,icloud,DIRECT
     
130.   - RULE-SET,apple,DIRECT
     
131.   - RULE-SET,google,DIRECT
     
132.   - RULE-SET,proxy,PROXY
     
133.   - RULE-SET,direct,DIRECT
     
134.   - RULE-SET,lancidr,DIRECT
     
135.   - RULE-SET,cncidr,DIRECT
     
136.   - RULE-SET,telegramcidr,PROXY
     
137.   - GEOIP,LAN,DIRECT
     
138.   - GEOIP,CN,DIRECT
     
139.   - MATCH,PROXY
     

复制代码