手动模拟 calico 网络

最新推荐文章于 2023-12-28 21:06:32 发布

原创

最新推荐文章于 2023-12-28 21:06:32 发布 · 1.3k 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#网络 #开发语言 #calico

博客给出两台机器的网络配置信息。机器1的ip为192.168.1.11，网段是10.42.11.0/24，可选择使用ipip，不使用BGP并手动添加网关；机器2的ip为192.168.1.10，网段是10.42.1.0/24，同样有使用ipip及不使用BGP手动加网关的选项。

机器1：
ip 192.168.1.11
网段 10.42.11.0/24

docker create --name calico-node calico/node:v3.26.1

docker cp calico-node:/usr/bin/bird ./
docker cp calico-node:/usr/bin/bird6 ./
docker cp calico-node:/usr/bin/birdcl ./

docker rm calico-node
chmod +x /usr/local/sbin/bird*


mkdir -p /etc/bird-cfg/


cat > /etc/bird-cfg/bird.cfg << EOL
protocol static {
   # IP blocks for this host.
   route 10.42.11.0/24 blackhole;
}

# Aggregation of routes on this host; export the block, nothing beneath it.
function calico_aggr ()
{
      # Block 10.42.11.0/24 is confirmed
      if ( net = 10.42.11.0/24 ) then { accept; }
      if ( net ~ 10.42.11.0/24 ) then { reject; }
}


filter calico_export_to_bgp_peers {
  calico_aggr();
  if ( net ~ 10.42.0.0/16 ) then {
    accept;
  }
  reject;
}

filter calico_kernel_programming {
  if ( net ~ 10.42.0.0/16 ) then {
    krt_tunnel = "tunl0";
    accept;
  }
  accept;
}

router id 192.168.1.11;

# Configure synchronization between routing tables and kernel.
protocol kernel {
  learn;             # Learn all alien routes from the kernel
  persist;           # Don't remove routes on bird shutdown
  scan time 2;       # Scan kernel routing table every 2 seconds
  import all;
  export filter calico_kernel_programming; # Default is export none
  graceful restart;  # Turn on graceful restart to reduce potential flaps in
                     # routes when reloading BIRD configuration.  With a full
                     # automatic mesh, there is no way to prevent BGP from
                     # flapping since multiple nodes update their BGP
                     # configuration at the same time, GR is not guaranteed to
                     # work correctly in this scenario.
}

# Watch interface up/down events.
protocol device {
  debug all;
  scan time 2;    # Scan interfaces every 2 seconds
}

protocol direct {
  debug all;
  interface -"tap*", "*"; # Exclude tap* but include everything else.
}

# Template for all BGP clients
template bgp bgp_template {
  debug all;
  description "Connection to BGP peer";
  local as 64512;
  multihop;
  gateway recursive; # This should be the default, but just in case.
  import all;        # Import all routes, since we don't know what the upstream
                     # topology is and therefore have to trust the ToR/RR.
  export filter calico_export_to_bgp_peers;  # Only want to export routes for workloads.
  source address 192.168.1.11;  # The local address we use for the TCP connection
  add paths on;
  graceful restart;  # See comment in kernel section about graceful restart.
  connect delay time 2;
  connect retry time 5;
  error wait time 5,30;
}

protocol bgp Mesh_192_168_1_10 from bgp_template {
  neighbor 192.168.1.10 as 64512;
  #passive on; # Mesh is unidirectional, peer will connect to us. 
}
EOL




cp bird* /usr/local/bin/
bird -R -s /var/run/bird.ctl -d -c /etc/bird-cfg/bird.cfg

birdcl -s /var/run/bird.ctl

cat > /etc/sysctl.d/30-ipforward.conf<<EOL
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
EOL
sysctl -p /etc/sysctl.d/30-ipforward.conf

ip netns add ns1
ip netns add ns2
ip netns add ns3

ip