1、节点
root@ubuntu:~# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS bogon Ready worker 5d21h v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=bogon,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker,rr-group=rr1 centos7 Ready worker 26h v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=centos7,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker,rr-group=rr2 cloud Ready worker 5d21h v1.21.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker,rr-group=rr2,rr-id=rr2 ubuntu Ready master 5d21h v1.18.1 beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=,rr-group=rr1,rr-id=rr1 root@ubuntu:~#
2、bgpconfig
root@ubuntu:~# ./calicoctl get bgpconfig NAME LOGSEVERITY MESHENABLED ASNUMBER default Info false 64512 root@ubuntu:~#
3、RR1
./calicoctl patch node ubuntu -p '{"spec": {"bgp": {"asNumber": "64514"}}}' root@ubuntu:~# ./calicoctl get node ubuntu --export -o yaml > ubuntu.yaml root@ubuntu:~# cat ubuntu.yaml apiVersion: projectcalico.org/v3 kind: Node metadata: annotations: projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"ubuntu","kubernetes.io/os":"linux","node-role.kubernetes.io/master":"","rr-group":"rr1","rr-id":"rr1"}' creationTimestamp: null labels: beta.kubernetes.io/arch: arm64 beta.kubernetes.io/os: linux kubernetes.io/arch: arm64 kubernetes.io/hostname: ubuntu kubernetes.io/os: linux node-role.kubernetes.io/master: "" rr-group: rr1 rr-id: rr1 name: ubuntu spec: addresses: - address: 10.10.16.82/24 type: CalicoNodeIP - address: 10.10.16.82 type: InternalIP bgp: asNumber: 64514 ipv4Address: 10.10.16.82/24 routeReflectorClusterID: 244.0.0.1 orchRefs: - nodeName: ubuntu orchestrator: k8s status: podCIDRs: - 10.244.0.0/24
root@ubuntu:~# cat rr1-to-leaf1-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr1-to-leaf1-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-id == 'rr1' ## 通过节点选择器添加有rr-id == 'rr1'标签的节点 peerIP: 10.10.18.31 ## leaf01交换机的地址 asNumber: 64514 ## leaf01交换机的AS号 root@ubuntu:~# cat rr1-to-node-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr1-to-node-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-group == 'rr1' ## 通过节点选择器添加有rr-group == ‘rr1’标签的节点 peerSelector: rr-id == 'rr1' ## 通过peer选择器添加有rr-id == ‘rr1’标签的路由反射器 root@ubuntu:~#
leaf1
host-10-10-18-31# sh run Building configuration... Current configuration: ! frr version 7.5 frr defaults traditional hostname host-10-10-18-31 no ip forwarding no ipv6 forwarding hostname bgpd log stdout no service integrated-vtysh-config ! password zebra ! router bgp 64514 bgp router-id 10.10.18.31 no bgp ebgp-requires-policy neighbor 10.10.16.82 remote-as 64514 neighbor 10.10.18.34 remote-as 64513 ! address-family ipv4 unicast network 31.31.31.31/32 exit-address-family ! line vty ! end host-10-10-18-31# sh ip bgp sum IPv4 Unicast Summary: BGP router identifier 10.10.18.31, local AS number 64514 vrf-id 0 BGP table version 5 RIB entries 5, using 960 bytes of memory Peers 2, using 43 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 10.10.16.82 4 64514 22 19 0 0 0 00:15:57 2 1 10.10.18.34 4 64513 85 85 0 0 0 01:19:45 0 1 Total number of neighbors 2 host-10-10-18-31#
host-10-10-18-31# sh ip bgp nei 10.10.16.82 routes BGP table version is 5, local router ID is 10.10.18.31, vrf id 0 Default local pref 100, local AS 64514 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i10.244.29.0/26 10.10.16.81 100 0 64512 i i10.244.243.192/26 10.10.16.82 100 0 i Displayed 2 routes and 3 total paths host-10-10-18-31#
Displayed 2 routes and 3 total paths host-10-10-18-31# sh ip bgp nei 10.10.18.34 routes host-10-10-18-31#
34没有把学习到的路由通告给31
rr2
root@cloud:~# cat cloud.yaml apiVersion: projectcalico.org/v3 kind: Node metadata: annotations: projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"arm64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"arm64","kubernetes.io/hostname":"cloud","kubernetes.io/os":"linux","node-role.kubernetes.io/worker":"worker","rr-group":"rr2","rr-id":"rr2"}' creationTimestamp: null labels: beta.kubernetes.io/arch: arm64 beta.kubernetes.io/os: linux kubernetes.io/arch: arm64 kubernetes.io/hostname: cloud kubernetes.io/os: linux node-role.kubernetes.io/worker: worker rr-group: rr2 rr-id: rr2 name: cloud spec: addresses: - address: 10.10.16.47/24 type: CalicoNodeIP - address: 10.10.16.47 type: InternalIP bgp: asNumber: 64513 ipv4Address: 10.10.16.47/24 routeReflectorClusterID: 10.10.16.47 orchRefs: - nodeName: cloud orchestrator: k8s status: podCIDRs: - 10.244.1.0/24 root@cloud:~#
root@ubuntu:~# cat rr2-to-leaf2-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr2-to-leaf2-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-id == 'rr2' ## 通过节点选择器添加有rr-id == 'rr2'标签的节点 peerIP: 10.10.18.34 ## leaf02交换机的地址 asNumber: 64513 ## leaf02交换机的AS号 root@ubuntu:~# cat rr2-to-node-peer.yaml apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: rr2-to-node-peer ## 给BGPPeer取一个名称,方便识别 spec: nodeSelector: rr-group == 'rr2' ## 通过节点选择器添加有rr-group == ‘rr2’标签的节点 peerSelector: rr-id == 'rr2' ## 通过peer选择器添加有rr-id == ‘rr2’标签的路由反射器 root@ubuntu:~#
leaf2
host-10-10-18-34# sh run Building configuration... Current configuration: ! frr version 7.5 frr defaults traditional hostname host-10-10-18-34 log file /var/log/frr/frr.log no ip forwarding no ipv6 forwarding hostname bgpd log stdout no service integrated-vtysh-config ! debug bgp neighbor-events debug bgp nht debug bgp updates in debug bgp updates out debug bgp zebra ! password zebra ! router bgp 64513 bgp router-id 10.10.18.34 no bgp ebgp-requires-policy neighbor 10.10.16.47 remote-as 64513 neighbor 10.10.18.31 remote-as 64514 ! line vty ! end host-10-10-18-34# sh ip bgp sum IPv4 Unicast Summary: BGP router identifier 10.10.18.34, local AS number 64513 vrf-id 0 BGP table version 3 RIB entries 1, using 192 bytes of memory Peers 2, using 43 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 10.10.16.47 4 64513 0 0 0 0 0 never Active 0 10.10.18.31 4 64514 55 56 0 0 0 00:49:21 1 1 Total number of neighbors 2 host-10-10-18-34# sh ip bgp sum IPv4 Unicast Summary: BGP router identifier 10.10.18.34, local AS number 64513 vrf-id 0 BGP table version 3 RIB entries 5, using 960 bytes of memory Peers 2, using 43 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 10.10.16.47 4 64513 14 13 0 0 0 00:09:14 2 1 10.10.18.31 4 64514 64 65 0 0 0 00:58:56 1 1 Total number of neighbors 2 host-10-10-18-34# sh ip bgp nei 10.10.16.47 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i10.244.2.0/24 10.10.16.47 100 0 i i10.244.41.0/26 10.10.16.47 100 0 i Displayed 2 routes and 3 total paths host-10-10-18-34# ping
host-10-10-18-34# sh ip bgp nei 10.10.18.31 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 31.31.31.31/32 10.10.18.31 0 0 64514 i Displayed 1 routes and 3 total paths host-10-10-18-34#
node bgp 信息
ubuntu
root@ubuntu:~# ./calicoctl get nodes -o wide NAME ASN IPV4 IPV6 bogon (64512) 10.10.16.81/24 centos7 (64512) 10.10.16.251/24 cloud 64513 10.10.16.47/24 ubuntu 64514 10.10.16.82/24 root@ubuntu:~# ./calicoctl get bgppeer NAME PEERIP NODE ASN rr1-to-leaf1-peer 10.10.18.31 rr-id == 'rr1' 64514 rr1-to-node-peer rr-group == 'rr1' 0 rr2-to-leaf2-peer 10.10.18.34 rr-id == 'rr2' 64513 rr2-to-node-peer rr-group == 'rr2' 0 root@ubuntu:~# ./calicoctl get bgppeer NAME PEERIP NODE ASN rr1-to-leaf1-peer 10.10.18.31 rr-id == 'rr1' 64514 rr1-to-node-peer rr-group == 'rr1' 0 rr2-to-leaf2-peer 10.10.18.34 rr-id == 'rr2' 64513 rr2-to-node-peer rr-group == 'rr2' 0 root@ubuntu:~# root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.81 | node specific | up | 08:46:14 | Established | | 10.10.18.31 | node specific | up | 08:53:41 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
cloud
root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.251 | node specific | up | 08:36:20 | Established | | 10.10.18.34 | node specific | up | 08:39:35 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@cloud:~#
bogon
[root@bogon ~]# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.82 | node specific | up | 08:46:16 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. You have mail in /var/spool/mail/root [root@bogon ~]#
centos7
[root@centos7 ~]# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.16.47 | node specific | up | 08:36:20 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. [root@centos7 ~]#
创建pod
root@ubuntu:~# cat web-anti-affinity.yaml apiVersion: apps/v1 kind: Deployment metadata: name: web-nginx spec: selector: matchLabels: app: web-nginx replicas: 4 template: metadata: labels: app: web-nginx spec: affinity: #pod 反亲和性, 打散 web-nginx 各个副本 podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - web-nginx topologyKey: "kubernetes.io/hostname" containers: - image: nginx imagePullPolicy: IfNotPresent name: web2-worker ports: - containerPort: 80 protocol: TCP root@ubuntu:~#
root@ubuntu:~# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES web-nginx-75bff6b7cf-6tcdp 1/1 Running 0 8s 10.244.129.129 centos7 <none> <none> web-nginx-75bff6b7cf-bs4nh 1/1 Running 0 8s 10.244.29.6 bogon <none> <none> web-nginx-75bff6b7cf-dpcvx 1/1 Running 0 8s 10.244.243.199 ubuntu <none> <none> web-nginx-75bff6b7cf-vgztc 1/1 Running 0 8s 10.244.41.5 cloud <none> <none> root@ubuntu:~#
从bogon pod ping 其他三个节点的pod,发现只能访问 cloud的
[root@bogon ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b5ddd41b6dc5 ab2a5aa39300 "/docker-entrypoint.…" 21 minutes ago Up 21 minutes k8s_web2-worker_web-nginx-75bff6b7cf-bs4nh_default_fbad3e07-1679-4841-8134-26805b56a45b_0 4b9ac005d384 k8s.gcr.io/pause:3.2 "/pause" 21 minutes ago Up 21 minutes k8s_POD_web-nginx-75bff6b7cf-bs4nh_default_fbad3e07-1679-4841-8134-26805b56a45b_0 f314fa16ddab dd6d43d932df "start_runit" 24 hours ago Up 24 hours k8s_calico-node_calico-node-knqxw_kube-system_445e0f22-3324-4a4f-b45a-947754026a1d_0 88bea17aadfa k8s.gcr.io/pause:3.2 "/pause" 24 hours ago Up 24 hours k8s_POD_calico-node-knqxw_kube-system_445e0f22-3324-4a4f-b45a-947754026a1d_0 c3f286f69d98 31084f9a8be6 "/coredns -conf /etc…" 3 days ago Up 3 days k8s_coredns_coredns-66bff467f8-hlbzk_kube-system_c2b829bb-17a8-4c90-8485-e81d9dc949f1_0 c0933eac8349 k8s.gcr.io/pause:3.2 "/pause" 3 days ago Up 3 days k8s_POD_coredns-66bff467f8-hlbzk_kube-system_c2b829bb-17a8-4c90-8485-e81d9dc949f1_0 282d756684d8 f782b1121865 "/usr/local/bin/kube…" 5 days ago Up 5 days k8s_kube-proxy_kube-proxy-l268b_kube-system_ce9c084b-8915-419c-af4b-ca2e6789f77d_0 72635b27607b k8s.gcr.io/pause:3.2 "/pause" 5 days ago Up 5 days k8s_POD_kube-proxy-l268b_kube-system_ce9c084b-8915-419c-af4b-ca2e6789f77d_0 You have mail in /var/spool/mail/root [root@bogon ~]# docker inspect b5ddd41b6dc5 | grep -i pid "Pid": 50836, "PidMode": "", "PidsLimit": null, [root@bogon ~]# nsenter -n -t 50836 ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1624506304 [root@bogon ~]# ping 10.244.129.129 PING 10.244.129.129 (10.244.129.129) 56(84) bytes of data. ^C --- 10.244.129.129 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1054ms [root@bogon ~]# ping 10.244.243.199 PING 10.244.243.199 (10.244.243.199) 56(84) bytes of data. 64 bytes from 10.244.243.199: icmp_seq=1 ttl=62 time=0.360 ms 64 bytes from 10.244.243.199: icmp_seq=2 ttl=62 time=0.191 ms ^C --- 10.244.243.199 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1030ms rtt min/avg/max/mdev = 0.191/0.275/0.360/0.086 ms [root@bogon ~]# ping 10.244.41.5 PING 10.244.41.5 (10.244.41.5) 56(84) bytes of data. ^C --- 10.244.41.5 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3107ms [root@bogon ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 4: eth0@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default link/ether c2:85:8b:f1:9c:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.244.29.6/32 brd 10.244.29.6 scope global eth0 valid_lft forever preferred_lft forever [root@bogon ~]#
[root@bogon ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.16.254 0.0.0.0 UG 0 0 0 enahisic2i0 10.2.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 v-cali-peer 10.10.16.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i0 10.10.34.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i2 10.10.102.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i1 10.244.29.0 0.0.0.0 255.255.255.192 U 0 0 0 * 10.244.29.1 0.0.0.0 255.255.255.255 UH 0 0 0 cali2e486421e22 10.244.29.6 0.0.0.0 255.255.255.255 UH 0 0 0 caliab8d49edd00 10.244.243.192 10.10.16.82 255.255.255.192 UG 0 0 0 enahisic2i0 14.14.18.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i3.310 172.16.100.0 0.0.0.0 255.255.255.0 U 0 0 0 brqf1411bad-10 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.168.104.0 0.0.0.0 255.255.255.0 U 0 0 0 enah2i3.1022 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i1 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 You have mail in /var/spool/mail/root [root@bogon ~]#
leaf1路由
host-10-10-18-31# sh ip bgp nei 10.10.16.82 routes BGP table version is 5, local router ID is 10.10.18.31, vrf id 0 Default local pref 100, local AS 64514 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i10.244.29.0/26 10.10.16.81 100 0 64512 i i10.244.243.192/26 10.10.16.82 100 0 i Displayed 2 routes and 3 total paths host-10-10-18-31#
host-10-10-18-31# sh ip bgp nei 10.10.18.34 routes host-10-10-18-31#
leaf2路由
host-10-10-18-34# sh ip bgp nei 10.10.16.47 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i10.244.2.0/24 10.10.16.47 100 0 i i10.244.41.0/26 10.10.16.47 100 0 i i10.244.129.128/26 10.10.16.251 100 0 64512 i Displayed 3 routes and 4 total paths host-10-10-18-34#
host-10-10-18-34# sh ip bgp nei 10.10.18.31 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 31.31.31.31/32 10.10.18.31 0 0 64514 i Displayed 1 routes and 4 total paths host-10-10-18-34#
nei 10.10.18.31 没有把从ubuntu和gogon学习到的路由告诉leaf2
bgp 学习到的路由没有发送给内核
[root@host-10-10-18-34 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.18.254 0.0.0.0 UG 100 0 0 eth0 10.10.18.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 31.31.31.31 10.10.18.31 255.255.255.255 UGH 20 0 0 eth0 169.254.169.254 10.10.18.254 255.255.255.255 UGH 100 0 0 eth0 [root@host-10-10-18-34 ~]# ip r default via 10.10.18.254 dev eth0 proto dhcp metric 100 10.10.18.0/24 dev eth0 proto kernel scope link src 10.10.18.34 metric 100 31.31.31.31 via 10.10.18.31 dev eth0 proto bgp metric 20 169.254.169.254 via 10.10.18.254 dev eth0 proto dhcp metric 100 [root@host-10-10-18-34 ~]#
开启ip forward也没有用
[root@host-10-10-18-34 ~]# sysctl net.ipv4.ip_forward net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1 [root@host-10-10-18-34 ~]# sysctl -p /etc/sysctl.conf [root@host-10-10-18-34 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.18.254 0.0.0.0 UG 100 0 0 eth0 10.10.18.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 31.31.31.31 10.10.18.31 255.255.255.255 UGH 20 0 0 eth0 169.254.169.254 10.10.18.254 255.255.255.255 UGH 100 0 0 eth0 [root@host-10-10-18-34 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.18.254 0.0.0.0 UG 100 0 0 eth0 10.10.18.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 31.31.31.31 10.10.18.31 255.255.255.255 UGH 20 0 0 eth0 169.254.169.254 10.10.18.254 255.255.255.255 UGH 100 0 0 eth0 [root@host-10-10-18-34 ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@host-10-10-18-34 ~]#
更改as
bogon 和ubutnu一致
centos7 和cloud一致
root@cloud:~# ./calicoctl patch node bogon -p '{"spec": {"bgp": {"asNumber": "64514"}}}' Successfully patched 1 'Node' resource root@cloud:~# ./calicoctl patch node centos7 -p '{"spec": {"bgp": {"asNumber": "64513"}}}' Successfully patched 1 'Node' resource root@cloud:~# ./calicoctl get node -o wide NAME ASN IPV4 IPV6 bogon 64514 10.10.16.81/24 centos7 64513 10.10.16.251/24 cloud 64513 10.10.16.47/24 ubuntu 64514 10.10.16.82/24
root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.18.34 | node specific | up | 08:39:35 | Established | | 10.10.16.251 | node specific | up | 09:49:32 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found.
root@ubuntu:~# ./calicoctl node status Calico process is running. IPv4 BGP status +--------------+---------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+---------------+-------+----------+-------------+ | 10.10.18.31 | node specific | up | 08:53:42 | Established | | 10.10.16.81 | node specific | up | 09:49:21 | Established | +--------------+---------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found. root@ubuntu:~#
还是没用
[root@host-10-10-18-34 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.18.254 0.0.0.0 UG 100 0 0 eth0 10.10.18.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 31.31.31.31 10.10.18.31 255.255.255.255 UGH 20 0 0 eth0 169.254.169.254 10.10.18.254 255.255.255.255 UGH 100 0 0 eth0 [root@host-10-10-18-34 ~]# vrysh -bash: vrysh: command not found [root@host-10-10-18-34 ~]# vtysh Hello, this is FRRouting (version 7.5). Copyright 1996-2005 Kunihiro Ishiguro, et al. host-10-10-18-34# sh ip bgp nei 10.10.16.47 routes BGP table version is 3, local router ID is 10.10.18.34, vrf id 0 Default local pref 100, local AS 64513 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path i10.244.2.0/24 10.10.16.47 100 0 i i10.244.41.0/26 10.10.16.47 100 0 i i10.244.129.128/26 10.10.16.251 100 0 i Displayed 3 routes and 4 total paths host-10-10-18-34#
BGP的同步规则分析
这是由于BGP的同步规则,在同步开启的情况下,从IBGP学到的路由是不会传递给他的EBGP邻居的,除非IGP路由信息中有该路由