Calico BGP RR Model

Calico BGP RR Model

calico BGP RR Model

BGP Full Mesh 缺陷

BGP RR

eNSP 模拟 BGP RR 模式

在 Full Mesh 的基础上， AR1 和 AR2 建立 Peer，AR2 和 AR3 建立 Peer，AR1 和 AR3 不建立 Peer 对等体，而是在 AR2 上将 AR1 和 AR3 配置为 RR-client除此以外，其他的和 Full Mesh 配置全部一致。

​​eNSP 模拟 OSPF + IBGP Full Mesh​​

[AR2]bgp 123[AR2-bgp]router-id 2.2.2.2[AR2-bgp]peer 1.1.1.1 as-number 123[AR2-bgp]peer 1.1.1.1 connect-interface l0[AR2-bgp]peer 3.3.3.3 as-number 123[AR2-bgp]peer 3.3.3.3 connect-interface l0[AR2-bgp]peer 1.1.1.1 reflect-client [AR2-bgp]peer 3.3.3.3 reflect-client[AR2-bgp]dis this[V200R003C00]#bgp 123 router-id 2.2.2.2 peer 1.1.1.1 as-number 123 peer 1.1.1.1 connect-interface LoopBack0 peer 3.3.3.3 as-number 123 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 1.1.1.1 reflect-client peer 3.3.3.3 enable peer 3.3.3.3 reflect-client#return

calico BGP RR

安装部署

​​config-bgp-peering​​

1.关闭 BGP Full Mesh

确定当前部署环境为 BGP Full Mesh

​​Calico BGP Full Mesh 跨节点通信​​

[root@master ~]# calicoctl node status Calico process is running.IPv4 BGP status+--------------+-------------------+-------+----------+-------------+| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |+--------------+-------------------+-------+----------+-------------+| 192.168.0.81 | node-to-node mesh | up | 14:40:26 | Established || 192.168.0.82 | node-to-node mesh | up | 14:40:25 | Established |+--------------+-------------------+-------+----------+-------------+IPv6 BGP statusNo IPv6 peers found.

查看本地是否具有 ​​bgpconfiguration​​，如果已存在，则导出 yaml 后，配置​​nodeToNodeMeshEnabled​​ 为 false。

如果没有的话，需要创建一个默认的​​bgpconfiguration​​，注意，需要将​​nodeToNodeMeshEnabled​​ 设置为 false ，关闭 BGP Full Mesh。

​​BGP-Configuration​​

[root@master _{]# calicoctl get bgpconfigurationNAME LOGSEVERITY MESHENABLED ASNUMBER cat << EOF | calicoctl create -f -apiVersion: projectcalico.org/v3kind: BGPConfigurationmetadata: name: defaultspec: logSeverityScreen: Info nodeToNodeMeshEnabled: false asNumber: 64512EOF[root@master} ]# calicoctl get bgpconfiguration default -o yamlapiVersion: projectcalico.org/v3kind: BGPConfigurationmetadata: creationTimestamp: "2022-05-24T14:46:43Z" name: default resourceVersion: "9017" uid: efb6991a-32d5-4e85-9aa2-df5978e7683fspec: asNumber: 64512 logSeverityScreen: Info nodeToNodeMeshEnabled: false[root@master ~]# calicoctl node status Calico process is running.IPv4 BGP statusNo IPv4 peers found.IPv6 BGP statusNo IPv6 peers found.

2. 指定 RR 路由反射器

我们指定 ​​node1.whale.com​​ 为 RR 路由反射器

[root@master ~]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIMEmaster.whale.com Ready control-plane,master 10d v1.23.5 192.168.0.80 CentOS Linux 7 (Core) 5.4.193-1.el7.elrepo.x86_64 docker://20.10.16node1.whale.com Ready 10d v1.23.5 192.168.0.81 CentOS Linux 7 (Core) 5.4.193-1.el7.elrepo.x86_64 docker://20.10.16node2.whale.com Ready 10d v1.23.5 192.168.0.82 CentOS Linux 7 (Core) 5.4.193-1.el7.elrepo.x86_64 docker://20.10.16

使用 ​​calicoctl​​ 命令进行改动

[root@master ~]# calicoctl get node node1.whale.com -o yaml --export > node1.yaml

添加到如图所示指定位置内容，指定 node1 节点为 RR 反射器，以此类推，集群节点多的时候，分别指定 1,3,5 等奇数节点的 RR 数量。

metadata: labels: calico-route-reflector: "calico-route-reflector"spec: bgp: routeReflectorClusterID: 224.0.0.1

[root@master ~]# calicoctl apply -f node1.yaml Successfully applied 1 'Node' resource(s)

3.配置 RR-client

配置 RR-client 连接到 RR 路由反射器peer--RR

calicoctl apply -f - <

配置 RR -- RR 之间进行连接RR--RR

calicoctl apply -f - <

查看bgppeer

[root@master ~]# calicoctl get bgppeerNAME PEERIP NODE ASN peer-to-rrs !has(calico-route-reflector) 0 rrs-to-rrs has(calico-route-reflector) 0

查看 BGP 状态

[root@master ~]# calicoctl node statusCalico process is running.IPv4 BGP status+--------------+---------------+-------+----------+-------------+| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |+--------------+---------------+-------+----------+-------------+| 192.168.0.81 | node specific | up | 15:05:41 | Established |+--------------+---------------+-------+----------+-------------+IPv6 BGP statusNo IPv6 peers found.

通过 RR 节点的配置，来进行二次确认

我们找到 calico-node 在 node1 节点的配置文件，查看是否含有 BGP RR 的配置，从而确认集群是否成为 RR 的模式。

[root@master ~]# kubectl -n kube-system exec -it calico-node-bntq7 -- bash[root@node1 /]# cat /etc/calico/confd/config/bird.cfgfunction apply_communities (){}# Generated by confdinclude "bird_aggr.cfg";include "bird_ipam.cfg";router id 192.168.0.81;# Configure synchronization between routing tables and kernel.protocol kernel { learn; # Learn all alien routes from the kernel persist; # Don't remove routes on bird shutdown scan time 2; # Scan kernel routing table every 2 seconds import all; export filter calico_kernel_programming; # Default is export none graceful restart; # Turn on graceful restart to reduce potential flaps in # routes when reloading BIRD configuration. With a full # automatic mesh, there is no way to prevent BGP from # flapping since multiple nodes update their BGP # configuration at the same time, GR is not guaranteed to # work correctly in this scenario. merge paths on; # Allow export multipath routes (ECMP)}# Watch interface up/down events.protocol device { debug { states }; scan time 2; # Scan interfaces every 2 seconds}protocol direct { debug { states }; interface -"cali*", -"kube-ipvs*", "*"; # Exclude cali* and kube-ipvs* but # include everything else. In # IPVS-mode, kube-proxy creates a # kube-ipvs0 interface. We exclude # kube-ipvs0 because this interface # gets an address for every in use # cluster IP. We use static routes # for when we legitimately want to # export cluster IPs.}# Template for all BGP clientstemplate bgp bgp_template { debug { states }; description "Connection to BGP peer"; local as 64512; multihop; gateway recursive; # This should be the default, but just in case. import all; # Import all routes, since we don't know what the upstream # topology is and therefore have to trust the ToR/RR. export filter calico_export_to_bgp_peers; # Only want to export routes for workloads. add paths on; graceful restart; # See comment in kernel section about graceful restart. connect delay time 2; connect retry time 5; error wait time 5,30;}# ------------- Node-to-node mesh -------------# This node (node1.whale.com) is configured as a route reflector with cluster ID 224.0.0.1;# ignore node-to-node mesh setting.# ------------- Global peers -------------# No global peers configured.# ------------- Node-specific peers -------------# For peer /host/node1.whale.com/peer_v4/192.168.0.80protocol bgp Node_192_168_0_80 from bgp_template { neighbor 192.168.0.80 as 64512; source address 192.168.0.81; # The local address we use for the TCP connection rr client; rr cluster id 224.0.0.1;}# For peer /host/node1.whale.com/peer_v4/192.168.0.81# Skipping ourselves (192.168.0.81)# For peer /host/node1.whale.com/peer_v4/192.168.0.82protocol bgp Node_192_168_0_82 from bgp_template { neighbor 192.168.0.82 as 64512; source address 192.168.0.81; # The local address we use for the TCP connection rr client; rr cluster id 224.0.0.1;}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。