vxlan+ vrf + evpn + frrouting与外网通信

其他 2020-03-20 23:17:31 阅读次数: 0

在节点2上配置:

ip link add default_g1 type veth peer name default_g 
ip link set default_g1 up
ip link set default_g up
#其中default_g1在evpn-vrf,default_g在default
ip link set default_g1 master evpn-vrf

ip addr add 5.5.5.253/24 dev default_g1
ip addr add 5.5.5.254/24 dev default_g
ip route add default via 5.5.5.254 dev default_g1 table 100
 nft add table nat
 nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
 nft add chain nat postrouting { type nat hook postrouting priority 100 \; }
 nft add rule nat postrouting oifname default_g1  counter masquerade
 nft add rule nat postrouting oifname enp1s0 counter masquerade

节点2上bgp配置

evpn2.novalocal# show running-config
Building configuration...

Current configuration:
!
frr version 7.3-MyOwnFRRVersion
frr defaults traditional
hostname evpn2.novalocal
log file /var/log/frr/bgpd.log
!
vrf evpn-vrf
 vni 100
 exit-vrf
!
router bgp 9999
 bgp router-id 10.10.18.212
 bgp bestpath as-path multipath-relax
 neighbor fabric peer-group
 neighbor fabric remote-as external
 neighbor 10.10.18.209 peer-group fabric
 neighbor 10.10.18.209 update-source 10.10.18.212
 !
 address-family l2vpn evpn
  neighbor fabric activate
  advertise-all-vni
 exit-address-family
!
router bgp 9999 vrf evpn-vrf
 !
 address-family ipv4 unicast
  network 0.0.0.0/0
  network 9.9.9.0/24
 exit-address-family
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
!
line vty
!
end
[root@evpn2 ~]# ip netns exec host2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6e:7f:fc:df:5d:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 9.9.9.1/24 scope global eth0
       valid_lft forever preferred_lft forever
[root@evpn2 ~]# ip netns exec host2 ping 10.10.18.212
PING 10.10.18.212 (10.10.18.212) 56(84) bytes of data.
64 bytes from 10.10.18.212: icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from 10.10.18.212: icmp_seq=2 ttl=64 time=0.068 ms
^C
--- 10.10.18.212 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 9ms
rtt min/avg/max/mdev = 0.068/0.081/0.094/0.013 ms
[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=4 ttl=42 time=1920 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=42 time=14.1 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=42 time=14.1 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=42 time=14.2 ms
^C
--- 8.8.8.8 ping statistics ---
9 packets transmitted, 4 received, 55.5556% packet loss, time 256ms
rtt min/avg/max/mdev = 14.068/490.570/1919.957/825.256 ms, pipe 2
[root@evpn2 ~]# ip route show vrf evpn-vrf
default via 5.5.5.254 dev default_g1 
2.2.2.0/24 dev br30 proto kernel scope link src 2.2.2.254 
3.3.3.2 via 10.10.18.209 dev br100 proto bgp metric 20 onlink 
5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 
9.9.9.0/24 dev br20 proto kernel scope link src 9.9.9.254

节点1

[root@evpn2 ~]# ip netns exec host2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b6:7a:bc:9e:4e:95 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 3.3.3.2/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::b47a:bcff:fe9e:4e95/64 scope link 
       valid_lft forever preferred_lft forever


[root@evpn2 ~]# ip netns exec host2 ping 10.10.18.212
PING 10.10.18.212 (10.10.18.212) 56(84) bytes of data.
64 bytes from 10.10.18.212: icmp_seq=2 ttl=63 time=0.393 ms
64 bytes from 10.10.18.212: icmp_seq=3 ttl=63 time=0.370 ms
^C
--- 10.10.18.212 ping statistics ---
3 packets transmitted, 2 received, 33.3333% packet loss, time 49ms
rtt min/avg/max/mdev = 0.370/0.381/0.393/0.022 ms
[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=41 time=14.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=41 time=14.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=41 time=14.4 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 52ms
rtt min/avg/max/mdev = 14.410/14.701/14.857/0.228 ms
[root@evpn2 ~]# ip route show vrf evpn-vrf
default via 10.10.18.212 dev br100 proto bgp metric 20 onlink 
2.2.2.0/24 dev br10 proto kernel scope link src 2.2.2.254 
3.3.3.0/24 dev br20 proto kernel scope link src 3.3.3.254 
5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 
9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink

取消 network 0.0.0.0/0

no network 0.0.0.0/0
[root@evpn2 ~]# vtysh

Hello, this is FRRouting (version 7.3-MyOwnFRRVersion).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

evpn2.novalocal# conf t
evpn2.novalocal(config)# router bgp 9999 vrf evpn-vrf
evpn2.novalocal(config-router)# address-family ipv4 unicast
evpn2.novalocal(config-router-af)# no network 0.0.0.0/0
evpn2.novalocal(config-router-af)# exit-address-family
evpn2.novalocal(config-router)# exit
evpn2.novalocal(config)# exit
evpn2.novalocal# wr mem
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Configuration saved to /etc/frr/zebra.conf
Configuration saved to /etc/frr/ospfd.conf
Configuration saved to /etc/frr/bgpd.conf
Configuration saved to /etc/frr/pimd.conf
Configuration saved to /etc/frr/fabricd.conf
Configuration saved to /etc/frr/staticd.conf

节点2

[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 120ms

[root@evpn2 ~]# ip route show vrf evpn-vrf
default via 5.5.5.254 dev default_g1 
2.2.2.0/24 dev br30 proto kernel scope link src 2.2.2.254 
3.3.3.2 via 10.10.18.209 dev br100 proto bgp metric 20 onlink 
5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 
9.9.9.0/24 dev br20 proto kernel scope link src 9.9.9.254

节点1

[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 387ms

[root@evpn2 ~]# ip route show vrf evpn-vrf
2.2.2.0/24 dev br10 proto kernel scope link src 2.2.2.254 
3.3.3.0/24 dev br20 proto kernel scope link src 3.3.3.254 
5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 
9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink

猜你喜欢

转载自www.cnblogs.com/dream397/p/12535599.html
vrf
今日推荐
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
周排行
curl的POST请求,封装方法
8.1.1. Integer Types
Java基础 Day05(个人复习整理)
Python - Django - 中间件 process_exception
小L的试卷
【Shell编程】 (函数)判断用户是否存在
python(css样式)
spring ant path 匹配原则 - 【笔记】
《JavaScript与JScript从入门到精通》(美)James.Jaworski.中译本.扫描版.pdf
Eclipse运行带参数的java程序
每日归档
更多
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022