vxlan+ vrf + evpn + frrouting与外网通信
作者:互联网
在节点2上配置:
ip link add default_g1 type veth peer name default_g ip link set default_g1 up ip link set default_g up #其中default_g1在evpn-vrf,default_g在default ip link set default_g1 master evpn-vrf ip addr add 5.5.5.253/24 dev default_g1 ip addr add 5.5.5.254/24 dev default_g ip route add default via 5.5.5.254 dev default_g1 table 100 nft add table nat nft add chain nat prerouting { type nat hook prerouting priority 0 \; } nft add chain nat postrouting { type nat hook postrouting priority 100 \; } nft add rule nat postrouting oifname default_g1 counter masquerade nft add rule nat postrouting oifname enp1s0 counter masquerade
节点2上bgp配置
evpn2.novalocal# show running-config Building configuration... Current configuration: ! frr version 7.3-MyOwnFRRVersion frr defaults traditional hostname evpn2.novalocal log file /var/log/frr/bgpd.log ! vrf evpn-vrf vni 100 exit-vrf ! router bgp 9999 bgp router-id 10.10.18.212 bgp bestpath as-path multipath-relax neighbor fabric peer-group neighbor fabric remote-as external neighbor 10.10.18.209 peer-group fabric neighbor 10.10.18.209 update-source 10.10.18.212 ! address-family l2vpn evpn neighbor fabric activate advertise-all-vni exit-address-family ! router bgp 9999 vrf evpn-vrf ! address-family ipv4 unicast network 0.0.0.0/0 network 9.9.9.0/24 exit-address-family ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! line vty ! end
[root@evpn2 ~]# ip netns exec host2 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 6e:7f:fc:df:5d:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 9.9.9.1/24 scope global eth0 valid_lft forever preferred_lft forever [root@evpn2 ~]# ip netns exec host2 ping 10.10.18.212 PING 10.10.18.212 (10.10.18.212) 56(84) bytes of data. 64 bytes from 10.10.18.212: icmp_seq=1 ttl=64 time=0.094 ms 64 bytes from 10.10.18.212: icmp_seq=2 ttl=64 time=0.068 ms ^C --- 10.10.18.212 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 9ms rtt min/avg/max/mdev = 0.068/0.081/0.094/0.013 ms [root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=4 ttl=42 time=1920 ms 64 bytes from 8.8.8.8: icmp_seq=6 ttl=42 time=14.1 ms 64 bytes from 8.8.8.8: icmp_seq=7 ttl=42 time=14.1 ms 64 bytes from 8.8.8.8: icmp_seq=9 ttl=42 time=14.2 ms ^C --- 8.8.8.8 ping statistics --- 9 packets transmitted, 4 received, 55.5556% packet loss, time 256ms rtt min/avg/max/mdev = 14.068/490.570/1919.957/825.256 ms, pipe 2
[root@evpn2 ~]# ip route show vrf evpn-vrf default via 5.5.5.254 dev default_g1 2.2.2.0/24 dev br30 proto kernel scope link src 2.2.2.254 3.3.3.2 via 10.10.18.209 dev br100 proto bgp metric 20 onlink 5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 9.9.9.0/24 dev br20 proto kernel scope link src 9.9.9.254
节点1
[root@evpn2 ~]# ip netns exec host2 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether b6:7a:bc:9e:4e:95 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 3.3.3.2/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::b47a:bcff:fe9e:4e95/64 scope link valid_lft forever preferred_lft forever [root@evpn2 ~]# ip netns exec host2 ping 10.10.18.212 PING 10.10.18.212 (10.10.18.212) 56(84) bytes of data. 64 bytes from 10.10.18.212: icmp_seq=2 ttl=63 time=0.393 ms 64 bytes from 10.10.18.212: icmp_seq=3 ttl=63 time=0.370 ms ^C --- 10.10.18.212 ping statistics --- 3 packets transmitted, 2 received, 33.3333% packet loss, time 49ms rtt min/avg/max/mdev = 0.370/0.381/0.393/0.022 ms [root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=41 time=14.8 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=41 time=14.9 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=41 time=14.4 ms ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 52ms rtt min/avg/max/mdev = 14.410/14.701/14.857/0.228 ms [root@evpn2 ~]# ip route show vrf evpn-vrf default via 10.10.18.212 dev br100 proto bgp metric 20 onlink 2.2.2.0/24 dev br10 proto kernel scope link src 2.2.2.254 3.3.3.0/24 dev br20 proto kernel scope link src 3.3.3.254 5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink
取消 network 0.0.0.0/0
no network 0.0.0.0/0
[root@evpn2 ~]# vtysh Hello, this is FRRouting (version 7.3-MyOwnFRRVersion). Copyright 1996-2005 Kunihiro Ishiguro, et al. evpn2.novalocal# conf t evpn2.novalocal(config)# router bgp 9999 vrf evpn-vrf evpn2.novalocal(config-router)# address-family ipv4 unicast evpn2.novalocal(config-router-af)# no network 0.0.0.0/0 evpn2.novalocal(config-router-af)# exit-address-family evpn2.novalocal(config-router)# exit evpn2.novalocal(config)# exit evpn2.novalocal# wr mem Note: this version of vtysh never writes vtysh.conf Building Configuration... Configuration saved to /etc/frr/zebra.conf Configuration saved to /etc/frr/ospfd.conf Configuration saved to /etc/frr/bgpd.conf Configuration saved to /etc/frr/pimd.conf Configuration saved to /etc/frr/fabricd.conf Configuration saved to /etc/frr/staticd.conf
节点2
[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 120ms [root@evpn2 ~]# ip route show vrf evpn-vrf default via 5.5.5.254 dev default_g1 2.2.2.0/24 dev br30 proto kernel scope link src 2.2.2.254 3.3.3.2 via 10.10.18.209 dev br100 proto bgp metric 20 onlink 5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 9.9.9.0/24 dev br20 proto kernel scope link src 9.9.9.254
节点1
[root@evpn2 ~]# ip netns exec host2 ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. ^C --- 8.8.8.8 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 387ms [root@evpn2 ~]# ip route show vrf evpn-vrf 2.2.2.0/24 dev br10 proto kernel scope link src 2.2.2.254 3.3.3.0/24 dev br20 proto kernel scope link src 3.3.3.254 5.5.5.0/24 dev default_g1 proto kernel scope link src 5.5.5.253 9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink
标签:00,default,8.8,evpn2,dev,外网,link,vrf,frrouting 来源: https://www.cnblogs.com/dream397/p/12535599.html