calico bgp rr

bgp peer

查看状态

calicoctl node status

配置全局 bgp peer(rr)

cat << EOF | calicoctl create -f -
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: bgppeer-global-3040
spec:
  peerIP: 172.26.6.1
  asNumber: 64567
EOF

# 删除
$ calicoctl delete bgpPeer 172.26.6.1

特定 BGP peer

$ cat << EOF | calicoctl create -f -
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: bgppeer-node-aabbff
spec:
  peerIP: aa:bb::ff
  node: node1
  asNumber: 64514
EOF

calicoctl delete bgpPeer aa:bb::ff --scope=node --node=node1
calicoctl get bgpPeer

1、 配置BGP Peer设置RR节点

root@ubuntu:~# ./calicoctl get bgppeer
NAME   PEERIP   NODE   ASN   

root@ubuntu:~# ./calicoctl get bgppeer
NAME   PEERIP   NODE   ASN   

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
No IPv4 peers found.

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

./calicoctl apply -f bgpconfig.yaml

root@ubuntu:~# cat bgpconfig.yaml
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false 
  asNumber: 64512

 64512是全局as nu，node 默认as 是64512

root@ubuntu:~# ./calicoctl get bgppeer
NAME   PEERIP   NODE   ASN   

root@ubuntu:~# 

2、配置指定节点充当路由反射器

从当前节点找两个节点充当路由反射器，作为路由反射器

为方便让BGPPeer轻松选择节点，通过标签选择器匹配。给路由器反射器节点打标签：

给选定的节点指定路由反射器ID

root@ubuntu:~# ./calicoctl get node ubuntu  -o yaml > rr-node.yaml
root@ubuntu:~# cat rr-node.yaml 
apiVersion: projectcalico.org/v3
kind: Node
metadata:
  annotations:
    projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"ubuntu","kubernetes.io/os":"linux","node-role.kubernetes.io/master":""}'
  creationTimestamp: "2021-06-18T11:12:32Z"
  labels:
    beta.kubernetes.io/arch: arm64
    beta.kubernetes.io/os: linux
    kubernetes.io/arch: arm64
    kubernetes.io/hostname: ubuntu
    kubernetes.io/os: linux
    node-role.kubernetes.io/master: ""
  name: ubuntu
  resourceVersion: "797539"
  uid: 369ae2bb-756d-446d-a044-9225d9849a13
spec:
  addresses:
  - address: 10.10.16.82/24
    type: CalicoNodeIP
  - address: 10.10.16.82
    type: InternalIP
  bgp:
    ipv4Address: 10.10.16.82/24
  orchRefs:
  - nodeName: ubuntu
    orchestrator: k8s
status:
  podCIDRs:
  - 10.244.0.0/24
root@ubuntu:~# 

  增加  routeReflectorClusterID: 244.0.0.1

root@ubuntu:~# ./calicoctl apply -f rr-node.yaml
Successfully applied 1 'Node' resource(s)
root@ubuntu:~# cat rr-node.yaml 
apiVersion: projectcalico.org/v3
kind: Node
metadata:
  annotations:
    projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"ubuntu","kubernetes.io/os":"linux","node-role.kubernetes.io/master":""}'
  creationTimestamp: "2021-06-18T11:12:32Z"
  labels:
    beta.kubernetes.io/arch: arm64
    beta.kubernetes.io/os: linux
    kubernetes.io/arch: arm64
    kubernetes.io/hostname: ubuntu
    kubernetes.io/os: linux
    node-role.kubernetes.io/master: ""
  name: ubuntu
  resourceVersion: "797539"
  uid: 369ae2bb-756d-446d-a044-9225d9849a13
spec:
  addresses:
  - address: 10.10.16.82/24
    type: CalicoNodeIP
  - address: 10.10.16.82
    type: InternalIP
  bgp:
    ipv4Address: 10.10.16.82/24
    routeReflectorClusterID: 244.0.0.1
  orchRefs:
  - nodeName: ubuntu
    orchestrator: k8s
status:
  podCIDRs:
  - 10.244.0.0/24

3、 kubectl label node ubuntu route-reflector=true

root@ubuntu:~# kubectl get node --show-labels
NAME     STATUS   ROLES    AGE     VERSION   LABELS
bogon    Ready    worker   3d21h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
cloud    Ready    worker   3d21h   v1.21.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
ubuntu   Ready    master   3d21h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,route-reflector=true
root@ubuntu:~# 

4、集群内RR模式

开启集群内部RR模式

此时已经选择并且配置完成节点信息，我们需要下发规则使BGP RR模式生效。

开启集群内部RR模式

#创建一个rr-rule.yaml文件，文件内容如下：

apiVersion: projectcalico.org/v3

kind: BGPPeer

metadata:

  name: unbuntu #NodeName

spec:

  nodeSelector: "all()"

  peerSelector: "has(route-reflector)"

#应用规则开启集群内部RR模式

calicoctl create -f rr-rule.yaml

root@ubuntu:~# ./calicoctl create -f bgp-rr.yaml 
Successfully created 1 'BGPPeer' resource(s)
root@ubuntu:~# cat bgp-rr.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: unbuntu
spec:
  nodeSelector: all()
  peerSelector: route-reflector == 'true'
root@ubuntu:~# 

root@ubuntu:~# ./calicoctl get bgppeer
NAME      PEERIP   NODE    ASN   
unbuntu            all()   0     

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established |
| 10.10.16.81  | node specific | up    | 08:45:50 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

cloud 也只有一个bpg peer

root@cloud:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 08:45:50 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@cloud:~# 

bogon 只有一个bgp peer

You have mail in /var/spool/mail/root
[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 08:45:50 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

You have mail in /var/spool/mail/root
[root@bogon ~]# 

root@ubuntu:~# kubectl get pods -o wide
NAME                         READY   STATUS    RESTARTS   AGE     IP               NODE     NOMINATED NODE   READINESS GATES
web-nginx-7bdc6b976b-7454h   1/1     Running   0          6h29m   10.244.29.4      bogon    <none>           <none>
web-nginx-7bdc6b976b-cml8v   1/1     Running   0          6h29m   10.244.41.3      cloud    <none>           <none>
web-nginx-7bdc6b976b-p7m2b   1/1     Running   0          6h29m   10.244.243.197   ubuntu   <none>           <none>
root@ubuntu:~# 

cloud pod 

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether f2:a1:42:ff:d4:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.41.3/32 brd 10.244.41.3 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# ping 10.244.29.4
PING 10.244.29.4 (10.244.29.4) 56(84) bytes of data.
64 bytes from 10.244.29.4: icmp_seq=1 ttl=62 time=0.269 ms
64 bytes from 10.244.29.4: icmp_seq=2 ttl=62 time=0.131 ms
^C
--- 10.244.29.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1013ms
rtt min/avg/max/mdev = 0.131/0.200/0.269/0.069 ms
root@cloud:~# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.275 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=62 time=0.173 ms
64 bytes from 10.244.243.197: icmp_seq=3 ttl=62 time=0.128 ms
^C
--- 10.244.243.197 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2035ms
rtt min/avg/max/mdev = 0.128/0.192/0.275/0.061 ms
root@cloud:~# 

　　bogon pod

[root@bogon ~]# ping 10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.296 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=62 time=0.213 ms
^C
--- 10.244.243.197 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1020ms
rtt min/avg/max/mdev = 0.213/0.254/0.296/0.044 ms
You have mail in /var/spool/mail/root
[root@bogon ~]# ping 10.244.29.4
PING 10.244.29.4 (10.244.29.4) 56(84) bytes of data.
64 bytes from 10.244.29.4: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 10.244.29.4: icmp_seq=2 ttl=64 time=0.039 ms
^C
--- 10.244.29.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1061ms
rtt min/avg/max/mdev = 0.033/0.036/0.039/0.003 ms
[root@bogon ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether fa:34:76:a4:9d:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.29.4/32 brd 10.244.29.4 scope global eth0
       valid_lft forever preferred_lft forever
[root@bogon ~]# 

bogon 路由

[root@bogon ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.2.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 v-cali-peer
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.34.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i2
10.10.102.0     0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i1
10.244.2.0      10.10.16.47     255.255.255.0   UG    0      0        0 enahisic2i0
10.244.29.0     0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.29.1     0.0.0.0         255.255.255.255 UH    0      0        0 cali2e486421e22
10.244.29.4     0.0.0.0         255.255.255.255 UH    0      0        0 calibe3388252a1
10.244.41.0     10.10.16.47     255.255.255.192 UG    0      0        0 enahisic2i0
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enahisic2i0
14.14.18.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i3.310
172.16.100.0    0.0.0.0         255.255.255.0   U     0      0        0 brqf1411bad-10
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.168.104.0   0.0.0.0         255.255.255.0   U     0      0        0 enah2i3.1022
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
You have mail in /var/spool/mail/root
[root@bogon ~]# 

cloud 路由

root@cloud:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
9.251.0.0       172.17.0.1      255.255.0.0     UG    0      0        0 docker0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.99.1.231     10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.110.79.116   10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.110.171.213  10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.244.2.0      0.0.0.0         255.255.255.0   U     0      0        0 cni0
10.244.29.0     10.10.16.81     255.255.255.192 UG    0      0        0 enahisic2i0
10.244.41.0     0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.41.1     0.0.0.0         255.255.255.255 UH    0      0        0 cali027a65c4a41
10.244.41.3     0.0.0.0         255.255.255.255 UH    0      0        0 calib81bd12045e
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enahisic2i0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
root@cloud:~# 

 bogon 采用不同的as nu

root@ubuntu:~# cat  bgp-peer-81.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: bogon 
spec:
  peerIP: 10.10.16.81
  asNumber: 64513
root@ubuntu:~#

root@ubuntu:~# ./calicoctl  apply -f bgp-peer-81.yaml 
Successfully applied 1 'BGPPeer' resource(s)
root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+--------------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |              INFO              |
+--------------+---------------+-------+----------+--------------------------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established                    |
| 10.10.16.81  | global        | start | 09:01:58 | Active Socket: Connection      |
|              |               |       |          | closed                         |
+--------------+---------------+-------+----------+--------------------------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+--------------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |              INFO              |
+--------------+---------------+-------+----------+--------------------------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established                    |
| 10.10.16.81  | global        | start | 09:01:58 | OpenSent Socket: Connection    |
|              |               |       |          | closed                         |
+--------------+---------------+-------+----------+--------------------------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+--------------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |              INFO              |
+--------------+---------------+-------+----------+--------------------------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established                    |
| 10.10.16.81  | global        | start | 09:01:58 | OpenSent Socket: Connection    |
|              |               |       |          | closed                         |
+--------------+---------------+-------+----------+--------------------------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-----------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |            INFO             |
+--------------+---------------+-------+----------+-----------------------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established                 |
| 10.10.16.81  | global        | start | 09:03:15 | Idle BGP Error: Bad peer AS |
+--------------+---------------+-------+----------+-----------------------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# cat  bgp-peer-81.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: bogon 
spec:
  peerIP: 10.10.16.81
  asNumber: 64513
root@ubuntu:~# 

root@cloud:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+--------------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |              INFO              |
+--------------+---------------+-------+----------+--------------------------------+
| 10.10.16.82  | node specific | up    | 08:45:50 | Established                    |
| 10.10.16.81  | global        | start | 09:06:03 | Active BGP Error: Hold timer   |
|              |               |       |          | expired                        |
+--------------+---------------+-------+----------+--------------------------------+

IPv6 BGP status
No IPv6 peers found.

root@cloud:~# 

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+----------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |            INFO            |
+--------------+---------------+-------+----------+----------------------------+
| 10.10.16.82  | node specific | start | 09:05:45 | Idle Received: Bad peer AS |
+--------------+---------------+-------+----------+----------------------------+

IPv6 BGP status
No IPv6 peers found.

You have mail in /var/spool/mail/root
[root@bogon ~]# 

bogon pod无法访问其他pod 

[root@bogon ~]#  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether fa:34:76:a4:9d:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.29.4/32 brd 10.244.29.4 scope global eth0
       valid_lft forever preferred_lft forever
[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
^C
--- 10.244.243.197 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
^C
--- 10.244.41.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1020ms

[root@bogon ~]# 

cloud pod 可以访问 ubuntu pod

root@cloud:~# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.271 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=62 time=0.145 ms
^C
--- 10.244.243.197 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1017ms
rtt min/avg/max/mdev = 0.145/0.208/0.271/0.063 ms
root@cloud:~# ping 10.244.29.4
PING 10.244.29.4 (10.244.29.4) 56(84) bytes of data.
^C
--- 10.244.29.4 ping statistics ---
57 packets transmitted, 0 received, 100% packet loss, time 57342ms

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether f2:a1:42:ff:d4:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.41.3/32 brd 10.244.41.3 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# 

恢复bogon的as num

root@ubuntu:~# ./calicoctl  apply -f bgp-peer-81.yaml 
Successfully applied 1 'BGPPeer' resource(s)
root@ubuntu:~# cat bgp-peer-81.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: bogon 
spec:
  peerIP: 10.10.16.81
  asNumber: 64512
root@ubuntu:~# 

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 09:09:09 | Established |
| 10.10.16.47  | node specific | up    | 09:09:06 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

You have mail in /var/spool/mail/root

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established |
| 10.10.16.81  | global        | up    | 09:09:08 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

竟然都有两个peer

root@cloud:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 08:45:50 | Established |
| 10.10.16.81  | global        | up    | 09:09:06 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@cloud:~# 

root@ubuntu:~# ./calicoctl get bgppeer
NAME      PEERIP        NODE       ASN     
bogon     10.10.16.81   (global)   64512   
unbuntu                 all()      0       

root@ubuntu:~# ./calicoctl get bgppeer

 删除 bgpeer

root@ubuntu:~# ./calicoctl delete  bgppeer bogon
Successfully deleted 1 'BGPPeer' resource(s)
root@ubuntu:~# ./calicoctl get bgppeer
NAME      PEERIP   NODE    ASN   
unbuntu            all()   0     

root@ubuntu:~# 
root@ubuntu:~# 

 bogon恢复了

root@ubuntu:~# ./calicoctl get nodes --output=wide
NAME     ASN       IPV4             IPV6   
bogon    (64512)   10.10.16.81/24          
cloud    (64512)   10.10.16.47/24          
ubuntu   (64512)   10.10.16.82/24          

root@ubuntu:~# ./calicoctl get nodes status
resource does not exist: Node(status) with error: nodes "status" not found
root@ubuntu:~# ./calicoctl get  status
Failed to get resources: resource type 'status' is not supported
root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:50 | Established |
| 10.10.16.81  | node specific | up    | 09:35:24 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 09:35:24 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

You have mail in /var/spool/mail/root
[root@bogon ~]# 

bgpeer 恢复正常了

root@cloud:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 08:45:50 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@cloud:~# 

[root@bogon ~]#  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether fa:34:76:a4:9d:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.29.4/32 brd 10.244.29.4 scope global eth0
       valid_lft forever preferred_lft forever
[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
^C
--- 10.244.243.197 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
^C
--- 10.244.41.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1020ms

[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
64 bytes from 10.244.41.3: icmp_seq=1 ttl=62 time=0.241 ms
^C
--- 10.244.41.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.241/0.241/0.241/0.000 ms
You have mail in /var/spool/mail/root
[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.271 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=62 time=0.183 ms
^C
--- 10.244.243.197 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1034ms
rtt min/avg/max/mdev = 0.183/0.227/0.271/0.044 ms
[root@bogon ~]# 

为 node 节点进行分组（添加 label）

root@ubuntu:~# kubectl get node --show-labels
NAME     STATUS   ROLES    AGE     VERSION   LABELS
bogon    Ready    worker   3d22h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
cloud    Ready    worker   3d22h   v1.21.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
ubuntu   Ready    master   3d22h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,route-reflector=true
root@ubuntu:~# 

root@ubuntu:~# kubectl label nodes ubuntu rr-id=rr1
node/ubuntu labeled
root@ubuntu:~# kubectl label nodes ubuntu rr-group=rr1
node/ubuntu labeled
root@ubuntu:~# vi  bgp-rr.yaml
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: unbuntu
spec:
  nodeSelector: rr-group == 'rr1'
  peerSelector: rr-id  == 'rr1'
~

root@ubuntu:~# ./calicoctl apply -f rr1-to-node-peer.yaml
Successfully applied 1 'BGPPeer' resource(s)
root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:51 | Established |
| 10.10.16.81  | node specific | up    | 09:35:25 | Established |
+--------------+---------------+-------+----------+-------------+

root@ubuntu:~# cat  rr1-to-node-peer.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: rr1-to-node-peer              ## 给BGPPeer取一个名称，方便识别

spec:
  nodeSelector: rr-group == 'rr1'     ## 通过节点选择器添加有rr-group == ‘rr1’标签的节点

  peerSelector: rr-id  == 'rr1'       ## 通过peer选择器添加有rr-id == ‘rr1’标签的路由反射器

root@ubuntu:~# kubectl get node --show-labels
NAME     STATUS   ROLES    AGE     VERSION   LABELS
bogon    Ready    worker   3d22h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
cloud    Ready    worker   3d22h   v1.21.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
ubuntu   Ready    master   3d22h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,route-reflector=true,rr-group=rr1,rr-id=rr1
root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:51 | Established |
| 10.10.16.81  | node specific | up    | 09:35:25 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl get bgppeer
NAME      PEERIP   NODE    ASN   
unbuntu            all()   0     

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.47  | node specific | up    | 08:45:51 | Established |
| 10.10.16.81  | node specific | up    | 09:35:25 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

peer仍然存在

[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.287 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=62 time=0.189 ms
^C
--- 10.244.243.197 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1021ms
rtt min/avg/max/mdev = 0.189/0.238/0.287/0.049 ms
You have mail in /var/spool/mail/root
[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
64 bytes from 10.244.41.3: icmp_seq=1 ttl=62 time=0.240 ms
^C
--- 10.244.41.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.240/0.240/0.240/0.000 ms
[root@bogon ~]# 

原来是有两个bgp peer删掉一个就可以了

root@ubuntu:~# ./calicoctl get bgppeer
NAME               PEERIP   NODE                ASN   
rr1-to-node-peer            rr-group == 'rr1'   0     
unbuntu                     all()               0     

root@ubuntu:~# ./calicoctl delete  bgppeer  unbuntu 
Successfully deleted 1 'BGPPeer' resource(s)
root@ubuntu:~# ./calicoctl get bgppeer
NAME               PEERIP   NODE                ASN   
rr1-to-node-peer            rr-group == 'rr1'   0     

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
No IPv4 peers found.

IPv6 BGP status
No IPv6 peers found.

给bogon 添加label

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
No IPv4 peers found.

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl get bgppeer
NAME               PEERIP   NODE                ASN   
rr1-to-node-peer            rr-group == 'rr1'   0     

root@ubuntu:~# kubectl get nodes --show-labels
NAME     STATUS   ROLES    AGE     VERSION   LABELS
bogon    Ready    worker   4d14h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
cloud    Ready    worker   4d14h   v1.21.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
ubuntu   Ready    master   4d14h   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,route-reflector=true,rr-group=rr1,rr-id=rr1
root@ubuntu:~# kubectl label nodes bogon rr-group=rr1
node/bogon labeled
root@ubuntu:~# ./calicoctl get bgppeer
NAME               PEERIP   NODE                ASN   
rr1-to-node-peer            rr-group == 'rr1'   0     

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.81  | node specific | up    | 01:32:08 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

root@ubuntu:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.81  | node specific | up    | 01:32:08 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# ./calicoctl get nodes --output=wide
NAME     ASN       IPV4             IPV6   
bogon    (64512)   10.10.16.81/24          
cloud    (64512)   10.10.16.47/24          
ubuntu   (64512)   10.10.16.82/24          

root@ubuntu:~# 

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 01:32:07 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

You have new mail in /var/spool/mail/root
[root@bogon ~]# 

root@cloud:~# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
No IPv4 peers found.

IPv6 BGP status
No IPv6 peers found.

root@cloud:~# 

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 01:32:07 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

[root@bogon ~]#

bogon pod ping cloud pod 和ubuntu pod

[root@bogon ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether fa:34:76:a4:9d:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.29.4/32 brd 10.244.29.4 scope global eth0
       valid_lft forever preferred_lft forever
[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.286 ms
^C
--- 10.244.243.197 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.286/0.286/0.286/0.000 ms
[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
^C
--- 10.244.41.3 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2073ms

[root@bogon ~]# 

 leaf节点

用一条服务器模拟

[root@localhost ~]# vtysh

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

localhost.localdomain# show running-config
Building configuration...

Current configuration:
!
hostname localhost.localdomain
hostname bgpd
log stdout
!
password zebra
!
interface enp6s0
 ipv6 nd suppress-ra
!
interface enp125s0f0
 ipv6 nd suppress-ra
!
interface enp125s0f1
 ipv6 nd suppress-ra
!
interface enp125s0f2
 ipv6 nd suppress-ra
!
interface enp125s0f3
 ipv6 nd suppress-ra
!
interface lo
!
router bgp 7675
 bgp router-id 10.10.16.251
 neighbor 10.10.16.82 remote-as 64512
!
line vty
!
end
localhost.localdomain# show  ip  bgp  summary
BGP router identifier 10.10.16.251, local AS number 7675
RIB entries 0, using 0 bytes of memory
Peers 1, using 4560 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.10.16.82     4 64512       0       9        0    0    0 never    Active     

Total number of neighbors 1
localhost.localdomain# 

ubuntu配置leaf

root@ubuntu:~# cat rr1-to-leaf1-peer.yaml
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: rr1-to-leaf1-peer        ## 给BGPPeer取一个名称，方便识别

spec:
  nodeSelector: rr-id == 'rr1'   ## 通过节点选择器添加有rr-id == 'rr1'标签的节点

  peerIP: 10.10.16.251           ##  leaf01交换机的地址
  asNumber: 7675                ##  leaf01交换机的AS号

root@ubuntu:~# ./calicoctl apply -f rr1-to-leaf1-peer.yaml
Successfully applied 1 'BGPPeer' resource(s)

root@ubuntu:~# ./calicoctl apply -f rr1-to-leaf1-peer.yaml
Successfully applied 1 'BGPPeer' resource(s)

配置完后，查看leaf

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enp125s0f0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enp125s0f0
10.244.29.0     10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0
[root@localhost ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=63 time=0.188 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=63 time=0.137 ms
64 bytes from 10.244.243.197: icmp_seq=3 ttl=63 time=0.109 ms
^C
--- 10.244.243.197 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2054ms
rtt min/avg/max/mdev = 0.109/0.144/0.188/0.035 ms
[root@localhost ~]# 

leaf节点ping bog   pod

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enp125s0f0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enp125s0f0
10.244.29.0     10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0
[root@localhost ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=63 time=0.188 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=63 time=0.137 ms
64 bytes from 10.244.243.197: icmp_seq=3 ttl=63 time=0.109 ms
^C
--- 10.244.243.197 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2054ms
rtt min/avg/max/mdev = 0.109/0.144/0.188/0.035 ms
[root@localhost ~]# 

leaf节点ping ubuntu  pod

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enp125s0f0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enp125s0f0
10.244.29.0     10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0  ----要经过10.10.16.82
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enp125s0f0
[root@localhost ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=63 time=0.188 ms
64 bytes from 10.244.243.197: icmp_seq=2 ttl=63 time=0.137 ms
64 bytes from 10.244.243.197: icmp_seq=3 ttl=63 time=0.109 ms
^C
--- 10.244.243.197 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2054ms
rtt min/avg/max/mdev = 0.109/0.144/0.188/0.035 ms
[root@localhost ~]# ping  10.244.29.4
PING 10.244.29.4 (10.244.29.4) 56(84) bytes of data.
64 bytes from 10.244.29.4: icmp_seq=1 ttl=63 time=0.277 ms
From 10.10.16.82: icmp_seq=2 Redirect Host(New nexthop: 10.10.16.81)
64 bytes from 10.244.29.4: icmp_seq=2 ttl=63 time=0.226 ms
^C
--- 10.244.29.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1019ms
rtt min/avg/max/mdev = 0.226/0.251/0.277/0.030 ms
[root@localhost ~]# 

对于leaf节点ping bog   pod 进行tcpdump

[root@localhost ~]# ping  10.244.29.4
PING 10.244.29.4 (10.244.29.4) 56(84) bytes of data.
64 bytes from 10.244.29.4: icmp_seq=1 ttl=63 time=0.287 ms
From 10.10.16.82: icmp_seq=2 Redirect Host(New nexthop: 10.10.16.81)
64 bytes from 10.244.29.4: icmp_seq=2 ttl=63 time=0.244 ms
64 bytes from 10.244.29.4: icmp_seq=3 ttl=63 time=0.134 ms
^C
--- 10.244.29.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2075ms
rtt min/avg/max/mdev = 0.134/0.221/0.287/0.066 ms
[root@localhost ~]# 

ubunbtu

root@ubuntu:~# tcpdump -i  enahisic2i0 icmp and host   10.244.29.4 -eenv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes

  从enahisic2i0进，

10:49:30.999566 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 19734, offset 0, flags [DF], proto ICMP (1), length 84) 10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 1, length 64
  从enahisic2i0出，

 10:49:30.999658 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 19734, offset 0, flags [DF], proto ICMP (1), length 84) 
10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 1, length 64


10:49:32.034781 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 19763, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 2, length 64


10:49:32.034863 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 19763, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 2, length 64

251 mac

[root@localhost ~]# ip a sh  enp125s0f0
2: enp125s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b0:08:75:5f:b8:5b brd ff:ff:ff:ff:ff:ff
    inet 10.10.16.251/24 scope global enp125s0f0
       valid_lft forever preferred_lft forever
[root@localhost ~]# 

ubuntu mac 

enahisic2i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 48:57:02:64:e7:ab brd ff:ff:ff:ff:ff:ff
    inet 10.10.16.82/24 brd 10.10.16.255 scope global enahisic2i0
       valid_lft forever preferred_lft forever
    inet 10.10.16.250/32 scope global enahisic2i0
       valid_lft forever preferred_lft forever
    inet6 fe80::4a57:2ff:fe64:e7ab/64 scope link 
       valid_lft forever preferred_lft forever

81 mac

[root@bogon ~]# ip a sh enahisic2i0
2: enahisic2i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 48:57:02:64:ea:1b brd ff:ff:ff:ff:ff:ff
    inet 10.10.16.81/24 scope global enahisic2i0
       valid_lft forever preferred_lft forever
    inet 10.10.16.250/24 scope global secondary enahisic2i0
       valid_lft forever preferred_lft forever
You have mail in /var/spool/mail/root
[root@bogon ~]# 

bogon pod 

[root@bogon ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
4: eth0@if103: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether fa:34:76:a4:9d:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.29.4/32 brd 10.244.29.4 scope global eth0
       valid_lft forever preferred_lft forever
[root@bogon ~]# ping  10.244.243.197
PING 10.244.243.197 (10.244.243.197) 56(84) bytes of data.
64 bytes from 10.244.243.197: icmp_seq=1 ttl=62 time=0.286 ms
^C
--- 10.244.243.197 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.286/0.286/0.286/0.000 ms
[root@bogon ~]# ping 10.244.41.3
PING 10.244.41.3 (10.244.41.3) 56(84) bytes of data.
^C
--- 10.244.41.3 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2073ms

[root@bogon ~]# tcpdump -i  eth0 icmp and host   10.10.16.251  -eenv  --没有snat
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:49:31.006872 ee:ee:ee:ee:ee:ee > fa:34:76:a4:9d:f8, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 19734, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 1, length 64
10:49:31.006906 fa:34:76:a4:9d:f8 > ee:ee:ee:ee:ee:ee, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 13073, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.29.4 > 10.10.16.251: ICMP echo reply, id 4929, seq 1, length 64
10:49:32.042047 ee:ee:ee:ee:ee:ee > fa:34:76:a4:9d:f8, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 19763, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 2, length 64
10:49:32.042073 fa:34:76:a4:9d:f8 > ee:ee:ee:ee:ee:ee, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 13123, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.29.4 > 10.10.16.251: ICMP echo reply, id 4929, seq 2, length 64
10:49:33.081916 ee:ee:ee:ee:ee:ee > fa:34:76:a4:9d:f8, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 19767, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 3, length 64
10:49:33.081945 fa:34:76:a4:9d:f8 > ee:ee:ee:ee:ee:ee, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 13153, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.29.4 > 10.10.16.251: ICMP echo reply, id 4929, seq 3, length 64

251 tcpdump 

[root@localhost ~]# tcpdump -i enp125s0f0 icmp and host 10.244.29.4 -eennvv
tcpdump: listening on enp125s0f0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:57:20.268299 b0:08:75:5f:b8:5b > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 37937, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4954, seq 1, length 64
22:57:20.268462 48:57:02:64:ea:1b > b0:08:75:5f:b8:5b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 31657, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.29.4 > 10.10.16.251: ICMP echo reply, id 4954, seq 1, length 64
22:57:21.322067 b0:08:75:5f:b8:5b > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 37948, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4954, seq 2, length 64
22:57:21.322198 48:57:02:64:ea:1b > b0:08:75:5f:b8:5b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 31669, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.29.4 > 10.10.16.251: ICMP echo reply, id 4954, seq 2, length 64

ubuntu只有 icmp request ,reply 不经过ubuntu

root@ubuntu:~# tcpdump -i  enahisic2i0 icmp and host   10.244.29.4 -eenv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:49:30.999566 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 19734, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 1, length 64
10:49:30.999658 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 19734, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 1, length 64
10:49:32.034781 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 19763, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 2, length 64
10:49:32.034863 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 19763, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4929, seq 2, length 64
10:56:05.307169 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 32478, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4936, seq 1, length 64
10:56:05.307308 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 32478, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4936, seq 1, length 64
10:56:06.354681 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 32536, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4936, seq 2, length 64
10:56:06.354747 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 32536, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.251 > 10.244.29.4: ICMP echo request, id 4936, seq 2, length 64
^C

[root@bogon ~]# ./calicoctl  node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.82  | node specific | up    | 01:32:07 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

给251新增一个网段

[root@localhost ~]# ip a add 172.168.19.251/24 dev  enp125s0f1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp125s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b0:08:75:5f:b8:5b brd ff:ff:ff:ff:ff:ff
    inet 10.10.16.251/24 scope global enp125s0f0
       valid_lft forever preferred_lft forever

ubuntu还无法访问这个网段

root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.244.29.0     10.10.16.81     255.255.255.192 UG    0      0        0 enahisic2i0
10.244.243.192  0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.243.194  0.0.0.0         255.255.255.255 UH    0      0        0 cali0d27bc8b0f7
10.244.243.197  0.0.0.0         255.255.255.255 UH    0      0        0 cali090a0c3c4a2
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
root@ubuntu:~# 

在251节点上把172.168.19.251/24这个网段发送出去

localhost.localdomain# conf t
localhost.localdomain(config)# router bgp  7675
localhost.localdomain(config-router)#  network 172.168.19.251/24
localhost.localdomain(config-router)# exit
localhost.localdomain(config)# wr
% Unknown command.
localhost.localdomain(config)# exit
localhost.localdomain# wr
Building Configuration...
Can't open configuration file /etc/quagga/zebra.conf.SbhiyG.
Can't open configuration file /etc/quagga/bgpd.conf.omycEG.
[OK]
localhost.localdomain# 

ubuntu路由信息

root@ubuntu:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.16.254 0.0.0.0 UG 0 0 0 enahisic2i0
10.10.16.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i0
10.244.29.0 10.10.16.81 255.255.255.192 UG 0 0 0 enahisic2i0
10.244.243.192 0.0.0.0 255.255.255.192 U 0 0 0 *
10.244.243.194 0.0.0.0 255.255.255.255 UH 0 0 0 cali0d27bc8b0f7
10.244.243.197 0.0.0.0 255.255.255.255 UH 0 0 0 cali090a0c3c4a2
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.168.19.0 10.10.16.251 255.255.255.0 UG 0 0 0 enahisic2i0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
root@ubuntu:~#

ubuntu  ping   172.168.19.251

root@ubuntu:~#  ping 172.168.19.251
PING 172.168.19.251 (172.168.19.251) 56(84) bytes of data.
64 bytes from 172.168.19.251: icmp_seq=1 ttl=64 time=0.124 ms
64 bytes from 172.168.19.251: icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from 172.168.19.251: icmp_seq=3 ttl=64 time=0.074 ms
^C
--- 172.168.19.251 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.074/0.093/0.124/0.024 ms
root@ubuntu:~# 

[root@localhost ~]# tcpdump -i enp125s0f0 icmp and host 172.168.19.251 -eennvv
tcpdump: listening on enp125s0f0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:31:13.314954 48:57:02:64:e7:ab > b0:08:75:5f:b8:5b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20566, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.82 > 172.168.19.251: ICMP echo request, id 45785, seq 1, length 64
23:31:13.314964 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 23367, offset 0, flags [none], proto ICMP (1), length 84)
    172.168.19.251 > 10.10.16.82: ICMP echo reply, id 45785, seq 1, length 64
23:31:14.319749 48:57:02:64:e7:ab > b0:08:75:5f:b8:5b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 20813, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.82 > 172.168.19.251: ICMP echo request, id 45785, seq 2, length 64
23:31:14.319756 b0:08:75:5f:b8:5b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 23438, offset 0, flags [none], proto ICMP (1), length 84)
    172.168.19.251 > 10.10.16.82: ICMP echo reply, id 45785, seq 2, length 64

bogon 访问172.168.19.251 仍然不通，因为ubuntu没有把路由同步给bogon

[root@bogon ~]# ping 172.168.19.251
PING 172.168.19.251 (172.168.19.251) 56(84) bytes of data.
^C
--- 172.168.19.251 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1056ms

[root@bogon ~]#

[root@bogon ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.2.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 v-cali-peer
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.34.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i2
10.10.102.0     0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i1
10.244.29.0     0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.29.1     0.0.0.0         255.255.255.255 UH    0      0        0 cali2e486421e22
10.244.29.4     0.0.0.0         255.255.255.255 UH    0      0        0 calibe3388252a1
10.244.243.192  10.10.16.82     255.255.255.192 UG    0      0        0 enahisic2i0
14.14.18.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i3.310
172.16.100.0    0.0.0.0         255.255.255.0   U     0      0        0 brqf1411bad-10
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.168.104.0   0.0.0.0         255.255.255.0   U     0      0        0 enah2i3.1022
192.168.33.0    0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
You have mail in /var/spool/mail/root
[root@bogon ~]# route -n | grep  172.168.19
[root@bogon ~]# tcpdump -i enahisic2i0 icmp and  host 172.168.19.251 -eennvv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:31:08.028856 48:57:02:64:ea:1b > f4:1d:6b:87:53:2a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 44135, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.81 > 172.168.19.251: ICMP echo request, id 0, seq 1, length 64
11:31:09.092515 48:57:02:64:ea:1b > f4:1d:6b:87:53:2a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 44165, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.81 > 172.168.19.251: ICMP echo request, id 0, seq 2, length 64
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
You have mail in /var/spool/mail/root
[root@bogon ~]# tcpdump -i enahisic2i0 icmp and  host 172.168.19.251 -eennvv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:33:01.475621 48:57:02:64:ea:1b > f4:1d:6b:87:53:2a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 15976, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.81 > 172.168.19.251: ICMP echo request, id 45862, seq 1, length 64
11:33:02.532507 48:57:02:64:ea:1b > f4:1d:6b:87:53:2a, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 16021, offset 0, flags [DF], proto ICMP (1), length 84)
    10.10.16.81 > 172.168.19.251: ICMP echo request, id 45862, seq 2, length 64
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[root@bogon ~]# 

将251节点的as number 改成 64512

localhost.localdomain# show running-config
Building configuration...

Current configuration:
!
hostname localhost.localdomain
hostname bgpd
log stdout
!
password zebra
!
interface enp6s0
 ipv6 nd suppress-ra
!
interface enp125s0f0
 ipv6 nd suppress-ra
!
interface enp125s0f1
 ipv6 nd suppress-ra
!
interface enp125s0f2
 ipv6 nd suppress-ra
!
interface enp125s0f3
 ipv6 nd suppress-ra
!
interface lo
!
router bgp 7675
 bgp router-id 10.10.16.251
 network 172.168.19.0/24
 neighbor 10.10.16.82 remote-as 64512
!
line vty
!
end
localhost.localdomain# conf t
localhost.localdomain(config)# no router bgp 7675 
localhost.localdomain(config)# router bgp 64512
localhost.localdomain(config-router)# exit
localhost.localdomain(config)# wr
% Unknown command.
localhost.localdomain(config)# exit
localhost.localdomain# wr
Building Configuration...
Can't open configuration file /etc/quagga/zebra.conf.ofjRYH.
Can't open configuration file /etc/quagga/bgpd.conf.e0jI8H.
[OK]
localhost.localdomain#  show running-config
Building configuration...

Current configuration:
!
hostname localhost.localdomain
hostname bgpd
log stdout
!
password zebra
!
interface enp6s0
 ipv6 nd suppress-ra
!
interface enp125s0f0
 ipv6 nd suppress-ra
!
interface enp125s0f1
 ipv6 nd suppress-ra
!
interface enp125s0f2
 ipv6 nd suppress-ra
!
interface enp125s0f3
 ipv6 nd suppress-ra
!
interface lo
!
router bgp 64512
 bgp router-id 10.10.16.251
!
line vty
!
end
localhost.localdomain#

 改完之后ubuntu没有172.168.19.251/24的路由了

root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.244.29.0     10.10.16.81     255.255.255.192 UG    0      0        0 enahisic2i0
10.244.243.192  0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.243.194  0.0.0.0         255.255.255.255 UH    0      0        0 cali0d27bc8b0f7
10.244.243.197  0.0.0.0         255.255.255.255 UH    0      0        0 cali090a0c3c4a2
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
root@ubuntu:~# ./calicoctl get bgppeer
NAME                PEERIP         NODE                ASN    
rr1-to-leaf1-peer   10.10.16.251   rr-id == 'rr1'      7675   
rr1-to-node-peer                   rr-group == 'rr1'   0      

root@ubuntu:~# ./calicoctl get bgppeer
NAME                PEERIP         NODE                ASN    
rr1-to-leaf1-peer   10.10.16.251   rr-id == 'rr1'      7675   
rr1-to-node-peer                   rr-group == 'rr1'   0      

root@ubuntu:~# 

原因是251没有邻居了

localhost.localdomain# show  ip  bgp  summary
No IPv4 neighbor is configured
localhost.localdomain# 

给251 配置bgp邻居

localhost.localdomain# show  ip  bgp  summary
No IPv4 neighbor is configured
localhost.localdomain# conf t
localhost.localdomain(config)# router bgp 64512
localhost.localdomain(config-router)# neighbor 10.10.16.82 remote-as 64512
localhost.localdomain(config-router)# network 172.168.19.251/24
localhost.localdomain(config-router)# exit
localhost.localdomain(config)# exit
localhost.localdomain# wr
Building Configuration...
Can't open configuration file /etc/quagga/zebra.conf.9iI9n9.
Can't open configuration file /etc/quagga/bgpd.conf.xLFCy9.
[OK]
localhost.localdomain# 

更改交换机as

root@ubuntu:~# cat  rr1-to-leaf1-peer.yaml 
apiVersion: projectcalico.org/v3
kind: BGPPeer
metadata:
  name: rr1-to-leaf1-peer        ## 给BGPPeer取一个名称，方便识别

spec:
  nodeSelector: rr-id == 'rr1'   ## 通过节点选择器添加有rr-id == 'rr1'标签的节点

  peerIP: 10.10.16.251           ##  leaf01交换机的地址
  asNumber:  64512                ##  leaf01交换机的AS号
root@ubuntu:~# 

root@ubuntu:~# ./calicoctl apply -f rr1-to-leaf1-peer.yaml 
Successfully applied 1 'BGPPeer' resource(s)

root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.244.29.0     10.10.16.81     255.255.255.192 UG    0      0        0 enahisic2i0
10.244.243.192  0.0.0.0         255.255.255.192 U     0      0        0 *
10.244.243.194  0.0.0.0         255.255.255.255 UH    0      0        0 cali0d27bc8b0f7
10.244.243.197  0.0.0.0         255.255.255.255 UH    0      0        0 cali090a0c3c4a2
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.168.19.0    10.10.16.251    255.255.255.0   UG    0      0        0 enahisic2i0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
root@ubuntu:~#  ping 172.168.19.251
PING 172.168.19.251 (172.168.19.251) 56(84) bytes of data.
64 bytes from 172.168.19.251: icmp_seq=1 ttl=64 time=0.292 ms
64 bytes from 172.168.19.251: icmp_seq=2 ttl=64 time=0.079 ms
^C
--- 172.168.19.251 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1011ms
rtt min/avg/max/mdev = 0.079/0.185/0.292/0.107 ms
root@ubuntu:~# ./calicoctl get bgppeer
NAME                PEERIP         NODE                ASN     
rr1-to-leaf1-peer   10.10.16.251   rr-id == 'rr1'      64512   
rr1-to-node-peer                   rr-group == 'rr1'   0       

bogon仍然没有172.168.19的路由

[root@bogon ~]# route -n | grep 172.168.19
[root@bogon ~]# route -n | grep 172.168.19
[root@bogon ~]# 

251改造成k8s node

root@ubuntu:~# kubectl get nodes -o wide
NAME      STATUS   ROLES    AGE     VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                   KERNEL-VERSION                CONTAINER-RUNTIME
bogon     Ready    worker   4d19h   v1.18.1   10.10.16.81    <none>        CentOS Linux 7 (AltArch)   4.14.0-115.8.1.el7a.aarch64   docker://20.10.7
centos7   Ready    <none>   20m     v1.18.1   10.10.16.251   <none>        CentOS Linux 7 (AltArch)   4.14.0-115.el7a.0.1.aarch64   docker://1.13.1
cloud     Ready    worker   4d20h   v1.21.1   10.10.16.47    <none>        Ubuntu 18.04.3 LTS         5.5.19-050519-generic         docker://19.3.13
ubuntu    Ready    master   4d20h   v1.18.1   10.10.16.82    <none>        Ubuntu 18.04.3 LTS         5.0.0-23-generic              containerd://1.3.7
root@ubuntu:~# 

root@ubuntu:~# ./calicoctl node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+--------------------------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |              INFO              |
+--------------+---------------+-------+----------+--------------------------------+
| 10.10.16.251 | node specific | start | 07:14:44 | Idle Socket: Connection        |
|              |               |       |          | refused                        |
| 14.14.18.89  | node specific | start | 07:14:44 | Connect                        |
+--------------+---------------+-------+----------+--------------------------------+

root@ubuntu:~# ./calicoctl get  bgppeer
NAME                PEERIP         NODE                ASN     
rr1-to-leaf1-peer   10.10.16.251   rr-id == 'rr1'      64512   
rr1-to-node-peer                   rr-group == 'rr1'   0    

删掉bgp pper

root@ubuntu:~# ./calicoctl delete bgppeer rr1-to-leaf1-peer
Successfully deleted 1 'BGPPeer' resource(s)
root@ubuntu:~# kubectl get nodes -o wide
NAME      STATUS   ROLES    AGE     VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                   KERNEL-VERSION                CONTAINER-RUNTIME
bogon     Ready    worker   4d20h   v1.18.1   10.10.16.81    <none>        CentOS Linux 7 (AltArch)   4.14.0-115.8.1.el7a.aarch64   docker://20.10.7
centos7   Ready    <none>   21m     v1.18.1   10.10.16.251   <none>        CentOS Linux 7 (AltArch)   4.14.0-115.el7a.0.1.aarch64   docker://1.13.1
cloud     Ready    worker   4d20h   v1.21.1   10.10.16.47    <none>        Ubuntu 18.04.3 LTS         5.5.19-050519-generic         docker://19.3.13
ubuntu    Ready    master   4d20h   v1.18.1   10.10.16.82    <none>        Ubuntu 18.04.3 LTS         5.0.0-23-generic              containerd://1.3.7
root@ubuntu:~# ./calicoctl get  bgppeer
NAME               PEERIP   NODE                ASN   
rr1-to-node-peer            rr-group == 'rr1'   0     

root@ubuntu:~# 

root@ubuntu:~# kubectl get pods -o wide   -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE     IP               NODE      NOMINATED NODE   READINESS GATES
calico-kube-controllers-5978c5f6b5-tk6pg   1/1     Running   0          4d20h   10.244.243.194   ubuntu    <none>           <none>
calico-node-gnp9x                          0/1     Running   0          59m     10.10.16.82      ubuntu    <none>           <none>
calico-node-jcvsf                          1/1     Running   0          59m     10.10.16.251     centos7   <none>           <none>
calico-node-pq756                          0/1     Running   0          59m     10.10.16.81      bogon     <none>           <none>
calico-node-pxr58                          1/1     Running   0          52m     10.10.16.47      cloud     <none>           <none>

bird: Reconfiguration requested by SIGHUP
bird: Reconfiguring
bird: device1: Reconfigured
bird: direct1: Reconfigured
bird: Adding protocol Node_14_14_18_89
bird: Node_14_14_18_89: Initializing
bird: Node_14_14_18_89: Starting
bird: Node_14_14_18_89: State changed to start
bird: Reconfigured
2021-06-23 08:03:04.084 [INFO][90] felix/summary.go 100: Summarising 9 dataplane reconciliation loops over 1m2.3s: avg=5ms longest=11ms (resync-nat-v4,resync-raw-v4)
2021-06-23 08:03:12.698 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:03:42.548 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:03:42.699 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:04:07.433 [INFO][90] felix/summary.go 100: Summarising 11 dataplane reconciliation loops over 1m3.3s: avg=5ms longest=16ms ()
2021-06-23 08:04:12.702 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:04:42.549 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:04:42.703 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:05:09.720 [INFO][90] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m2.3s: avg=4ms longest=19ms ()
2021-06-23 08:05:12.705 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:05:42.552 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:05:42.706 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:06:11.983 [INFO][90] felix/summary.go 100: Summarising 9 dataplane reconciliation loops over 1m2.3s: avg=4ms longest=12ms (resync-nat-v4,resync-raw-v4)
2021-06-23 08:06:12.708 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:06:36.324 [INFO][93] confd/watchercache.go 96: Watch channel closed by remote - recreate watcher ListRoot="/calico/ipam/v2/host/ubuntu"
2021-06-23 08:06:42.554 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:06:42.709 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:07:09.406 [INFO][90] felix/watchercache.go 96: Watch channel closed by remote - recreate watcher ListRoot="/calico/resources/v3/projectcalico.org/profiles"
2021-06-23 08:07:12.710 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:07:15.071 [INFO][90] felix/summary.go 100: Summarising 11 dataplane reconciliation loops over 1m3.1s: avg=5ms longest=20ms ()
2021-06-23 08:07:42.557 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:07:42.711 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:08:06.739 [INFO][93] confd/watchercache.go 96: Watch channel closed by remote - recreate watcher ListRoot="/calico/resources/v3/projectcalico.org/bgppeers"
2021-06-23 08:08:12.712 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
2021-06-23 08:08:18.442 [INFO][90] felix/summary.go 100: Summarising 8 dataplane reconciliation loops over 1m3.4s: avg=4ms longest=16ms ()
2021-06-23 08:08:42.558 [INFO][91] monitor-addresses/startup.go 788: Using autodetected IPv4 address 10.10.16.82/24 on matching interface enahisic2i0
2021-06-23 08:08:42.713 [WARNING][90] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces
^C
root@ubuntu:~# kubectl logs  -f  calico-node-gnp9x  -n kube-system

编辑kubectl edit ds calico-node -n kube-system

        - name: IP_AUTODETECTION_METHOD
          value: "can-reach=10.10.16.254"
          #value: interface=en.*

成功了

root@ubuntu:~# ./calicoctl node status
Calico process is running.

IPv4 BGP status
+--------------+---------------+-------+----------+-------------+
| PEER ADDRESS |   PEER TYPE   | STATE |  SINCE   |    INFO     |
+--------------+---------------+-------+----------+-------------+
| 10.10.16.81  | node specific | up    | 08:25:14 | Established |
+--------------+---------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

root@ubuntu:~# 

Calico配置及原理

 

Kubernetes-Calico百度云实践:集群外RR模式(微信)