基本设置:LAN、时区和 DNS 服务器。

set system time-zone Asia/Shanghai
set system name-server 180.76.76.76
set system name-server 114.114.114.114

set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.101 stop 192.168.1.200
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 180.76.76.76
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 114.114.114.114

创建 2 个 PPPoE 拨号接口,不要启用自动默认路由和不要自动获取 DNS 服务器。

set interfaces pseudo-ethernet peth0 link eth1
set interfaces pseudo-ethernet peth0 pppoe 0 user-id user1
set interfaces pseudo-ethernet peth0 pppoe 0 password pass1
set interfaces pseudo-ethernet peth0 pppoe 0 default-route none
set interfaces pseudo-ethernet peth0 pppoe 0 name-server none
set interfaces pseudo-ethernet peth1 link eth1
set interfaces pseudo-ethernet peth1 pppoe 1 user-id user2
set interfaces pseudo-ethernet peth1 pppoe 1 password pass2
set interfaces pseudo-ethernet peth1 pppoe 1 default-route none
set interfaces pseudo-ethernet peth1 pppoe 1 name-server none

在 PPPoE 接口调整 TCP MSS 为 1452

set firewall options mss-clamp interface-type pppoe
set firewall options mss-clamp mss 1452

在主路由表中添加 2 条默认接口路由,注意管理距离不一样。

set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe0 distance 1
set protocols static interface-route 0.0.0.0/0 next-hop-interface pppoe1 distance 2

设置 2 个 PPPoE 接口的源地址 NAT 策略。

set service nat rule 5000 outbound-interface pppoe0
set service nat rule 5000 type masquerade
set service nat rule 5001 outbound-interface pppoe1
set service nat rule 5001 type masquerade

创建负载均衡 load-balance 组,添加 2 个 PPPoE 接口。

set load-balance group G interface pppoe0
set load-balance group G interface pppoe1

调整负载均衡 load-balance 组,一个源地址使用相同的 WAN 接口。

set load-balance group G sticky source-addr enable

套用负载均衡 load-balance 组,让 LAN 到 LAN 套用在主路由表。

set firewall group network-group LAN network 192.168.1.0/24
set firewall modify M rule 10 destination group network-group LAN
set firewall modify M rule 10 action modify
set firewall modify M rule 10 modify table main
set firewall modify M rule 20 modify lb-group G
set firewall modify M rule 20 action modify
set interfaces ethernet eth0 firewall in modify M

显示负载均衡 load-balance 组的状态。

ubnt@ubnt:~$ show load-balance status
Group G
  interface   : pppoe0
  carrier     : up
  status      : active
  gateway     : pppoe0
  route table : 201
  weight      : 14%
  flows
   WAN Out : 420
   WAN In  : 0
   Local Out : 61

  interface   : pppoe1
  carrier     : up
  status      : active
  gateway     : pppoe1
  route table : 202
  weight      : 14%
  flows
   WAN Out : 81
   WAN In  : 0
   Local Out : 9

显示负载均衡 load-balance 组接口健康状况。

ubnt@ubnt:~$ show load-balance watchdog
Group G
  pppoe0
  status: Running
  pings: 91
  fails: 1
  run fails: 0/3
  route drops: 0
  ping gateway: ping.ubnt.com - REACHABLE

  pppoe1
  status: Running
  pings: 91
  fails: 0
  run fails: 0/3
  route drops: 0
  ping gateway: ping.ubnt.com - REACHABLE

下图共 2 个 4 Mbps PPPoE 接口。