root@ubuntu:~# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME bogon Ready worker 4d20h v1.18.1 10.10.16.81 <none> CentOS Linux 7 (AltArch) 4.14.0-115.8.1.el7a.aarch64 docker://20.10.7 centos7 Ready <none> 32m v1.18.1 10.10.16.251 <none> CentOS Linux 7 (AltArch) 4.14.0-115.el7a.0.1.aarch64 docker://1.13.1 cloud Ready worker 4d20h v1.21.1 10.10.16.47 <none> Ubuntu 18.04.3 LTS 5.5.19-050519-generic docker://19.3.13 ubuntu Ready master 4d20h v1.18.1 10.10.16.82 <none> Ubuntu 18.04.3 LTS 5.0.0-23-generic containerd://1.3.7
更改cloud.yaml
./calicoctl get node cloud -o yaml > cloud.yaml
root@ubuntu:~# cat cloud.yaml apiVersion: projectcalico.org/v3 kind: Node metadata: annotations: projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"cloud","kubernetes.io/os":"linux","node-role.kubernetes.io/worker":"worker","route-reflector":"true","rr-group":"rr2"}' creationTimestamp: "2021-06-18T11:15:53Z" labels: beta.kubernetes.io/arch: arm64 beta.kubernetes.io/os: linux kubernetes.io/arch: arm64 kubernetes.io/hostname: cloud kubernetes.io/os: linux node-role.kubernetes.io/worker: worker route-reflector: "true" rr-group: rr2 name: cloud resourceVersion: "1025824" uid: a1e1de87-a2aa-43c1-851b-ce4952074671 spec: addresses: - address: 10.10.16.47/24 type: CalicoNodeIP - address: 10.10.16.47 type: InternalIP bgp: routeReflectorClusterID: 10.10.16.47 ## routeReflectorClusterID一般改成自己节点的IP地址 ipv4Address: 10.10.16.47/24 orchRefs: - nodeName: cloud orchestrator: k8s status: podCIDRs: - 10.244.1.0/24
./calicoctl apply -f cloud.yaml
root@ubuntu:~# kubectl label nodes cloud rr-group=rr2 node/cloud labeled root@ubuntu:~# kubectl label nodes centos7 rr-group=rr2 node/centos7 labeled root@ubuntu:~# ./calicoctl apply -f rr2-to-node-peer.yaml Successfully applied 1 'BGPPeer' resource(s) root@ubuntu:~# ./calicoctl get bgppeer NAME PEERIP NODE ASN rr1-to-node-peer rr-group == 'rr1' 0 rr2-to-node-peer rr-group == 'rr2' 0 root@ubuntu:~#
root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status No IPv4 peers found. IPv6 BGP status No IPv6 peers found. root@cloud:~#
cloud 加上route-reflector=true label
root@ubuntu:~# kubectl label nodes cloud route-reflector=true node/cloud labeled root@ubuntu:~#
还是没用
root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status No IPv4 peers found. IPv6 BGP status No IPv6 peers found.
2021-06-23 08:28:53.976 [WARNING][105] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 2021-06-23 08:29:23.874 [INFO][103] monitor-addresses/reachaddr.go 46: Auto-detected address by connecting to remote Destination="10.10.16.254" IP=10.10.16.47 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="calib81bd12045e" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="cali027a65c4a41" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="tunl0" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="cni0" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 57: Checking CIDR CIDR="10.244.2.1/24" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="antrea-gw0" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="genev_sys_6081" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="ovs-system" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="veth3c8f176" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="dm-493626720dc1" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="docker0" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 57: Checking CIDR CIDR="172.17.0.1/16" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="enahisic2i3" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="enahisic2i2" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="enahisic2i1" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 55: Checking interface CIDRs Name="enahisic2i0" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 57: Checking CIDR CIDR="10.10.16.47/24" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/reachaddr.go 59: Found matching interface CIDR CIDR="10.10.16.47/24" 2021-06-23 08:29:23.877 [INFO][103] monitor-addresses/startup.go 814: Using autodetected IPv4 address 10.10.16.47/24, detected by connecting to 10.10.16.254 2021-06-23 08:29:23.977 [WARNING][105] felix/int_dataplane.go 878: Failed to auto-detect host MTU - no interfaces matched the MTU interface pattern. To use auto-MTU, set mtuIfacePattern to match your host's interfaces bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 2021-06-23 08:29:35.541 [INFO][105] felix/summary.go 100: Summarising 9 dataplane reconciliation loops over 1m4.2s: avg=5ms longest=19ms () bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 bird: KRT: Received route 9.251.0.0/16 with strange next-hop 172.17.0.1 ^C root@ubuntu:~# kubectl get pods -o wide -n kube-system NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES calico-kube-controllers-5978c5f6b5-tk6pg 1/1 Running 0 4d21h 10.244.243.194 ubuntu <none> <none> calico-node-4ht7q 1/1 Running 0 4m28s 10.10.16.251 centos7 <none> <none> calico-node-7sqmx 1/1 Running 0 4m52s 10.10.16.81 bogon <none> <none> calico-node-tzh98 1/1 Running 0 4m52s 10.10.16.82 ubuntu <none> <none> calico-node-vr4sx 1/1 Running 0 4m39s 10.10.16.47 cloud <none> <none>
179端口竟然没有打开
root@cloud:~# netstat -pan | grep 179 tcp 0 0 0.0.0.0:11080 0.0.0.0:* LISTEN 1797/polipo root@cloud:~# netstat -pan | grep 179 tcp 0 0 0.0.0.0:11080 0.0.0.0:* LISTEN 1797/polipo root@cloud:~#
正常的打开了
root@ubuntu:~# netstat -pan | grep 179 tcp 0 0 0.0.0.0:179 0.0.0.0:* LISTEN 1530/bird tcp 0 0 10.10.16.82:47461 10.10.16.81:179 ESTABLISHED 1530/bird unix 3 [ ] STREAM CONNECTED 25433 1790/cron unix 3 [ ] STREAM CONNECTED 30029 1797/accounts-daemo unix 3 [ ] STREAM CONNECTED 24003 1797/accounts-daemo root@ubuntu:~#
root@ubuntu:~# kubectl get pods -o wide -n kube-system NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES calico-kube-controllers-5978c5f6b5-tk6pg 1/1 Running 0 4d22h 10.244.243.194 ubuntu <none> <none> calico-node-4ht7q 1/1 Running 0 57m 10.10.16.251 centos7 <none> <none> calico-node-7sqmx 1/1 Running 0 58m 10.10.16.81 bogon <none> <none> calico-node-tzh98 1/1 Running 0 58m 10.10.16.82 ubuntu <none> <none> calico-node-vr4sx 1/1 Running 0 58m 10.10.16.47 cloud <none> <none> coredns-66bff467f8-hlbzk 1/1 Running 0 2d2h 10.244.29.1 bogon <none> <none> coredns-66bff467f8-zx85v 1/1 Running 0 2d2h 10.244.41.1 cloud <none> <none> etcd-ubuntu 1/1 Running 4 4d22h 10.10.16.82 ubuntu <none> <none> kube-apiserver-ubuntu 1/1 Running 7 4d22h 10.10.16.82 ubuntu <none> <none> kube-controller-manager-ubuntu 1/1 Running 5 4d22h 10.10.16.82 ubuntu <none> <none> kube-proxy-798sq 1/1 Running 0 4d22h 10.10.16.47 cloud <none> <none> kube-proxy-8hh62 1/1 Running 0 4d22h 10.10.16.82 ubuntu <none> <none> kube-proxy-kwcdg 1/1 Running 0 146m 10.10.16.251 centos7 <none> <none> kube-proxy-l268b 1/1 Running 0 4d22h 10.10.16.81 bogon <none> <none> kube-scheduler-ubuntu 1/1 Running 7 4d22h 10.10.16.82 ubuntu <none> <none> root@ubuntu:~# kubectl logs -f calico-node-vr4sx -n kube-system
Warning Unhealthy 2m30s kubelet, cloud Readiness probe failed: calico/node is not ready: BIRD is not ready: Error querying BIRD: unable to connect to BIRDv4 socket: dial unix /var/run/calico/bird.ctl: connect: connection refused root@ubuntu:~# kubectl describe pods -n kube-system calico-node-vvjv4
更改
rr2-to-node-peer.yaml 將
peerSelector: rr-id == 'rr2' ,gan改爲
peerSelector: rr-id == 'rr1'
root@ubuntu:~# ./calicoctl apply -f rr2-to-node-peer.yaml Successfully applied 1 'BGPPeer' resource(s) root@ubuntu:~# cat rr2-to-node-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr2-to-node-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-group == 'rr2' ## 通过节点选择器添加有rr-group == ‘rr2’标签的节点 peerSelector: rr-id == 'rr1' ## 通过peer选择器添加有rr-id == ‘rr2’标签的路由反射器 root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.81 | node specific | up | 09:40:41 | Established | | 10.10.16.251 | node specific | up | 09:43:13 | Established | | 10.10.16.47 | node specific | up | 09:43:13 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
更改 routeReflectorClusterID: 244.0.0.1,和rr1一样
root@ubuntu:~# ./calicoctl get node cloud -o yaml > cloud.yaml root@ubuntu:~# vi cloud.yaml apiVersion: projectcalico.org/v3 kind: Node metadata: annotations: projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"cloud","kubernetes.io/os":"linux","node-role.kubernetes.io/worker":"worker","route-reflector":"true","rr-group":"rr2"}' creationTimestamp: "2021-06-18T11:15:53Z" labels: beta.kubernetes.io/arch: arm64 beta.kubernetes.io/os: linux kubernetes.io/arch: arm64 kubernetes.io/hostname: cloud kubernetes.io/os: linux node-role.kubernetes.io/worker: worker route-reflector: "true" rr-group: rr2 name: cloud resourceVersion: "1037429" uid: a1e1de87-a2aa-43c1-851b-ce4952074671 spec: addresses: - address: 10.10.16.47/24 type: CalicoNodeIP - address: 10.10.16.47 type: InternalIP bgp: ipv4Address: 10.10.16.47/24 routeReflectorClusterID: 244.0.0.1 orchRefs: - nodeName: cloud orchestrator: k8s status: podCIDRs: - 10.244.1.0/24 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "cloud.yaml" 33L, 1023C written root@ubuntu:~# ./calicoctl apply -f cloud.yaml Successfully applied 1 'Node' resource(s) root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.81 | node specific | up | 09:40:41 | Established | | 10.10.16.251 | node specific | up | 09:43:13 | Established | | 10.10.16.47 | node specific | up | 09:55:48 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
删掉 peerSelector: rr-id == 'rr2'
root@ubuntu:~# vi rr2-to-node-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr2-to-node-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-group == 'rr2' ## 通过节点选择器添加有rr-group == ‘rr2’标签的节点 #peerSelector: rr-id == 'rr2' ## 通过peer选择器添加有rr-id == ‘rr2’标签的路由反射器
root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.251 | node specific | up | 12:14:34 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@cloud:~#
root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+--------------------------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+--------------------------------+ | 10.10.16.81 | node specific | up | 09:40:42 | Established | | 10.10.16.251 | node specific | start | 12:14:33 | Active Socket: Connection | | | | | | closed | | 10.10.16.47 | node specific | start | 12:14:33 | Active Socket: Connection | | | | | | closed | +--------------+---------------+-------+----------+--------------------------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
root@ubuntu:~# ./calicoctl patch node cloud --patch '{"spec":{"bgp": {"routeReflectorClusterID": "10.10.16.47"}}}' Successfully patched 1 'Node' resource root@ubuntu:~# ./calicoctl patch node cloud -p '{"spec":{"bgp": {"routeReflectorClusterID": 10.10.16.47}}}' Hit error: permorming strategic merge patch: invalid JSON document root@ubuntu:~# ./calicoctl patch node cloud -p '{"spec":{"bgp": {"routeReflectorClusterID": "10.10.16.47"}}}' Successfully patched 1 'Node' resource root@ubuntu:~#
root@ubuntu:~# ./calicoctl patch node cloud -p '{"spec":{"bgp": {"routeReflectorClusterID": "10.10.16.47"}}}' Successfully patched 1 'Node' resource root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+--------------------------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+--------------------------------+ | 10.10.16.81 | node specific | up | 09:40:41 | Established | | 10.10.16.251 | node specific | start | 12:14:32 | OpenSent Socket: Connection | | | | | | closed | | 10.10.16.47 | node specific | start | 12:14:32 | OpenSent Socket: Connection | | | | | | closed | +--------------+---------------+-------+----------+--------------------------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
删除label
root@ubuntu:~# kubectl label node cloud route-reflector- node/cloud labeled root@ubuntu:~# kubectl label node ubuntu route-reflector- node/ubuntu labeled root@ubuntu:~# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS bogon Ready worker 5d1h v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker,rr-group=rr1 centos7 Ready <none> 5h45m v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=centos7,kubernetes.io/os=linux,rr-group=rr2 cloud Ready worker 5d1h v1.21.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker,rr-group=rr2 ubuntu Ready master 5d1h v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,rr-group=rr1,rr-id=rr1 root@ubuntu:~#
root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+--------------------------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+--------------------------------+ | 10.10.16.251 | node specific | start | 12:46:52 | Active Socket: Connection | | | | | | closed | | 10.10.16.47 | node specific | start | 12:46:52 | Active Socket: Connection | | | | | | closed | | 10.10.16.81 | node specific | wait | 12:46:54 | Established | +--------------+---------------+-------+----------+--------------------------------+ IPv6 BGP status No IPv6 peers found.
root@ubuntu:~# tcpdump -i enahisic2i0 tcp and host 10.10.16.251 and port 179 -nv tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:49:01.142281 IP (tos 0xc0, ttl 64, id 35177, offset 0, flags [DF], proto TCP (6), length 115) 10.10.16.82.48801 > 10.10.16.251.179: Flags [P.], cksum 0x35c6 (incorrect -> 0x69c5), seq 1148179453:1148179516, ack 1342118993, win 502, options [nop,nop,TS val 1679725395 ecr 2818802539], length 63: BGP Open Message (1), length: 63 Version 4, my AS 64512, Holdtime 240s, ID 10.10.16.82 Optional parameters, length: 34 Option Capabilities Advertisement (2), length: 32 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) Route Refresh (2), length: 0 Graceful Restart (64), length: 6 Restart Flags: [R], Restart Time 120s AFI IPv4 (1), SAFI Unicast (1), Forwarding state preserved: yes 32-Bit AS Number (65), length: 4 4 Byte AS 64512 Multiple Paths (69), length: 4 AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Both Enhanced Route Refresh (70), length: 0 no decoder for Capability 70 Unknown (71), length: 0 no decoder for Capability 71
syn 报文 rst报文 F报文
root@ubuntu:~# tcpdump -i enahisic2i0 tcp and host 10.10.16.251 and port 179 -nv tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:50:39.274406 IP (tos 0xc0, ttl 64, id 31937, offset 0, flags [DF], proto TCP (6), length 60) 10.10.16.82.58943 > 10.10.16.251.179: Flags [S], cksum 0x358f (incorrect -> 0x5119), seq 2720646833, win 64240, options [mss 1460,sackOK,TS val 1679823527 ecr 0,nop,wscale 7], length 0 20:50:39.274482 IP (tos 0xc0, ttl 255, id 0, offset 0, flags [DF], proto TCP (6), length 60) 10.10.16.251.179 > 10.10.16.82.58943: Flags [S.], cksum 0x1b27 (correct), seq 2761191512, ack 2720646834, win 28960, options [mss 1460,sackOK,TS val 2818900671 ecr 1679823527,nop,wscale 7], length 0 20:50:39.274496 IP (tos 0xc0, ttl 64, id 31938, offset 0, flags [DF], proto TCP (6), length 52) 10.10.16.82.58943 > 10.10.16.251.179: Flags [.], cksum 0x3587 (incorrect -> 0xb91d), ack 1, win 502, options [nop,nop,TS val 1679823527 ecr 2818900671], length 0 20:50:39.274659 IP (tos 0xc0, ttl 255, id 40746, offset 0, flags [DF], proto TCP (6), length 52) 10.10.16.251.179 > 10.10.16.82.58943: Flags [F.], cksum 0xba2f (correct), seq 1, ack 1, win 227, options [nop,nop,TS val 2818900671 ecr 1679823527], length 0 20:50:39.275017 IP (tos 0xc0, ttl 64, id 31939, offset 0, flags [DF], proto TCP (6), length 115) 10.10.16.82.58943 > 10.10.16.251.179: Flags [P.], cksum 0x35c6 (incorrect -> 0x4a6d), seq 1:64, ack 2, win 502, options [nop,nop,TS val 1679823528 ecr 2818900671], length 63: BGP Open Message (1), length: 63 Version 4, my AS 64512, Holdtime 240s, ID 10.10.16.82 Optional parameters, length: 34 Option Capabilities Advertisement (2), length: 32 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) Route Refresh (2), length: 0 Graceful Restart (64), length: 6 Restart Flags: [R], Restart Time 120s AFI IPv4 (1), SAFI Unicast (1), Forwarding state preserved: yes 32-Bit AS Number (65), length: 4 4 Byte AS 64512 Multiple Paths (69), length: 4 AFI IPv4 (1), SAFI Unicast (1), Send/Receive: Both Enhanced Route Refresh (70), length: 0 no decoder for Capability 70 Unknown (71), length: 0 no decoder for Capability 71
20:50:39.275078 IP (tos 0xc0, ttl 64, id 31940, offset 0, flags [DF], proto TCP (6), length 52) 10.10.16.82.58943 > 10.10.16.251.179: Flags [F.], cksum 0x3587 (incorrect -> 0xb8db), seq 64, ack 2, win 502, options [nop,nop,TS val 1679823528 ecr 2818900671], length 0 20:50:39.275080 IP (tos 0xc0, ttl 64, id 16831, offset 0, flags [DF], proto TCP (6), length 40) 10.10.16.251.179 > 10.10.16.82.58943: Flags [R], cksum 0x7e9e (correct), seq 2761191514, win 0, length 0 20:50:39.275133 IP (tos 0xc0, ttl 64, id 16832, offset 0, flags [DF], proto TCP (6), length 40) 10.10.16.251.179 > 10.10.16.82.58943: Flags [R], cksum 0x7e9e (correct), seq 2761191514, win 0, length 0 20:50:41.277363 IP (tos 0xc0, ttl 64, id 63957, offset 0, flags [DF], proto TCP (6), length 60) 10.10.16.82.59673 > 10.10.16.251.179: Flags [S], cksum 0x358f (incorrect -> 0x566e), seq 321471920, win 64240, options [mss 1460,sackOK,TS val 1679825530 ecr 0,nop,wscale 7], length 0 20:50:41.277421 IP (tos 0xc0, ttl 255, id 0, offset 0, flags [DF], proto TCP (6), length 60) 10.10.16.251.179 > 10.10.16.82.59673: Flags [S.], cksum 0x2d4f (correct), seq 3233628041, ack 321471921, win 28960, options [mss 1460,sackOK,TS val 2818902674 ecr 1679825530,nop,wscale 7], length 0
calico 二、配置BGP对等体
Calico配置双RR架构
OpenShift支持Calico BGP 路由反射(RR)模式
https://toscode.gitee.com/SmallMi/kubeasz/blob/master/docs/setup/network-plugin/calico-bgp-rr.md