Different operators have different access speeds to the same target website. If the website only has a mobile exit, the access speed through the telecommunications network is relatively slow. The international backbone network lines of different operators are also different, and the speed of accessing international websites is also very different. Therefore, if the broadband of multiple operators can be accessed, it is necessary to divide traffic according to the requested target IP usage strategy.
Table of contents
2. MWAN3 installation and configuration
3. Obtain the IP segment and import it into ipset
1. Acquisition of IP segment files in various countries
3. Add startup items and scheduled tasks
4. Further configuration of MWAN3 rules
1. Experiment description
OpenWrt interface situation:
① WAN -> Telecom network (IP: 171.218.97.213)
② WAN2 -> China Unicom (IP: 175.152.10.101)
2. MWAN3 installation and configuration
1. Installation
Note: To use MWAN3, you must first set different gateway hops for each interface in "Network->Interface".
2. Configuration
Under the menu of "Network->Load Balancing" or "Network->MultiWAN Manager", configure the interfaces, members and policies according to the tutorial in 2.1.
1) Member configuration
In this experiment, the WAN interface corresponds to the wan_m1_w3 member, and the WAN2 interface corresponds to the wan2_m1_w3 member.
2) Policy configuration
The strategy configuration of this experiment is shown in Figure 1. The planned strategy is:
① The international website adopts the wan2_only strategy, and only uses the China Unicom network.
② The domestic website adopts the wan_only strategy and only uses the telecom network.
3) Rule configuration
Create a new rule named "internet", change the "Assigned Policy" to "wan2_only", save and apply it, as shown in Figure 2.
【Description】
MWAN3 rules are matched from top to bottom. Since the list of domestic IP segments is less than that of international IP segments, a list of domestic IP segments will be formulated later, and filter conditions will be configured for domestic IP rules (the first three rules in Figure 2). If the conditions of the domestic IP rule are not met, the next "internet" rule will be executed. Therefore, the "internet" rule does not need to configure conditions, and only needs to specify the policy as "wan2_only".
3. Obtain the IP segment and import it into ipset
1. Acquisition of IP segment files in various countries
APNIC is responsible for IP allocation in the Asia-Pacific region, and domestic IP segments can be obtained through script acquisition and analysis.
Open the OpenWrt terminal, create a new directory named "ipset-rules" in the "/etc" directory , and related files will be stored in this directory. Change to this directory, and get the IP segment division file from APNIC.
mkdir /etc/ipset-rules
cd /etc/ipset-rules
wget -c http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest2. Parse and import ipset
Create a new file named " genrules.sh " under the "/etc/ipset-rules" directory , write the following content and save and exit.
After the script is executed, the domestic IPv4 address segment will be parsed from the "delegated-apnic-latest" file, and a script file for importing ipset will be constructed and saved to the "ipv4_CN.sh" script file. After executing this file, the IP address segment Rules import ipset. (The comments on lines 6-8 can be canceled if the IPv6 address segment is required).
#!/bin/bash
cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv4/ {print "ipset add ipv4_CN " $4 "/" 32-log($5)/log(2)}' | cat > ipv4_CN.sh
sed -i '1s/^/#!\/bin\/bash\nipset create ipv4_CN hash:net hashsize 16384\n/' ipv4_CN.sh
chmod +x ipv4_CN.sh
#cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv6/ {print "ipset add ipv6_CN " $4 "/" $5}' | cat > ipv6_CN.sh
#sed -i '1s/^/#!\/bin\/bash\nipset create ipv6_CN hash:net family inet6 hashsize 4096\n/' ipv6_CN.sh
#chmod +x ipv6_CN.shExecute the following command in the terminal to grant execution permission to the "genrules.sh" script and execute the script once.
chmod +x genrules.sh
sh genrules.sh3. Add startup items and scheduled tasks
Since ipset is stored in memory, the rules need to be re-imported into ipset every time it is started. Adding a startup item automates the import process.
APNIC's address segment is updated daily, adding scheduled tasks to automatically obtain address segment files from APNIC can keep the rules up-to-date.
1) Add startup items
In OpenWrt, switch to the "System -> Startup Items -> Local Startup Script" page. Paste the following code before "exit 0" and save.
# 载入中国大陆IP范围 至 ipset
sh /etc/ipset-rules/ipv4_CN.sh
/etc/init.d/mwan3 restart2) Scheduled tasks added
In OpenWrt, switch to the "System -> Scheduled Tasks" page, paste the following code into the text box and save it.
The following code indicates that the latest IP address segment is automatically obtained from APNIC at 0:00 every day and an ipset import script is generated.
0 0 */1 * * cd /etc/ipset-rules;rm -rf delegated-apnic-latest;wget -c http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest;sh genrules.shFor the timing of scheduled tasks, see the following article 5. Solve the problem of Frpc disconnection in OpenWrt .
Frp intranet penetration implementation takes server CentOS+ client OpenWrt as an example 
https://blog.csdn.net/Cx2008Lxl/article/details/123262830 3) Restart OpenWrt to take effect
4. Further configuration of MWAN3 rules
Go to the MWAN3 rule configuration page. Edit the domestic IP rules (this experiment is the first three rules in Figure 2), select the rule "ipv4_CN" imported from ipset in Chapter 3 in "IP Configuration" and save it, as shown in Figure 3. Then save and apply.
Open the website: http://www.ip111.cn, you can test the source IP of domestic and foreign website visits. You can also use tracert to determine the route selection in CMD.
5. Carrier distribution
The principle of carrier distribution is the same as that of domestic and foreign distribution. It is only necessary to replace the IP segment of 4.1 with the carrier IP segment, and then modify the MWAN3 rules. This experiment will not be further demonstrated.