1. BGP协议简单先容
BGP是什么?BGP是怎样工作的? - 华为
Configure BGP peering | Calico Documentation
1.1 什么是BGP
边界网关协议(BGP)是一种用于在网络中的路由器之间互换路由信息的尺度协议。每台运行 BGP 的路由器都有一个或多个 BGP 对等体 —— 也就是与之通过 BGP 举行通讯的其他路由器。
你可以将 Calico 网络视为在你的每个节点上都提供了一个捏造路由器。你可以对 Calico 节点举行设置,使其相互之间、与路由反射器大概与架顶(ToR)路由器创建对等毗连。
1.2 Calico中常用的BGP拓扑
1.2.1 Full-mesh(全网状)
当启用边界网关协议(BGP)时,Calico 的默认活动是创建一个内部边界网关协议(iBGP)毗连的全网状布局,即每个节点之间都相互创建对等毗连。每个Calico节点之间利用179端口举行通讯,并通过 BGP 协议与其他节点或外部路由器互换路由信息。
这使得 Calico 可以或许在任何二层网络(无论是公有云照旧私有云网络)上运行,大概假如设置了 IPIP,它可以或许作为覆盖网络在任何不阻断 IPIP 流量的网络上运行。
Calico 在 VXLAN 覆盖网络中并不利用 BGP 协议。
Full-mesh对于约莫 100 个节点或更少节点的中小型摆设来说效果很好,但在规模明显扩大时,全网状布局的服从就会变低,发起利用route reflectors。
该拓扑摆设后的默认模式为:node-to-node mesh(节点到节点全网状)。
1.2.2 Route reflectors
为构建大型内部边界网关协议(iBGP)集群,可以利用 BGP Route reflectors(路由反射)来镌汰每个节点上所利用的 BGP 对等毗连数目。
在这种模式下,部分节点充当 Route reflectors,并被设置为在它们之间创建全网状毗连。然后,其他节点被设置为与这些 Route reflectors中的一部分(通常为两个以实现冗余)创建对等毗连,与全网状毗连(Full-mesh)相比,如答应镌汰 BGP 对等毗连的总数。
1.2.3 Top of Rack
在当地摆设环境中,你可以将Calico设置为直接与物理网络底子办法创建对等毗连。通常,这须要禁用Calico默认的全网状毗连模式,转而让Calico与三层架顶(ToR)路由器创建对等毗连。
构建当地BGP网络有多种方式。怎样设置BGP取决于你本身——Calico在内部BGP(iBGP)和外部BGP(eBGP)设置下都能良好运行,而且在网络计划中,你可以像对待其他路由器一样有用地利用Calico。
2. kind摆设Full-mesh环境
2.1 清算环境
2.1.1 移除containerlab天生的网卡
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/04-calico-vxlan-crosssubnet# ls
- 1 1-setup-env.sh 2-setup-clab.sh 3-datapath calico.yaml clab-calico-vxlan-crosssubnet clab.yaml cni.yaml startup-conf
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/04-calico-vxlan-crosssubnet# containerlab destroy --topo clab.yaml
- INFO[0000] Parsing & checking topology file: clab.yaml
- INFO[0000] Parsing & checking topology file: clab.yaml
- INFO[0000] Destroying lab: calico-vxlan-crosssubnet
- INFO[0000] Removed container: clab-calico-vxlan-crosssubnet-server2
- INFO[0000] Removed container: clab-calico-vxlan-crosssubnet-server4
- INFO[0000] Removed container: clab-calico-vxlan-crosssubnet-server3
- INFO[0000] Removed container: clab-calico-vxlan-crosssubnet-server1
- INFO[0000] Removed container: clab-calico-vxlan-crosssubnet-gw0
- INFO[0000] Removing containerlab host entries from /etc/hosts file
- INFO[0000] Removing ssh config for containerlab nodes
- root@superadmin-virtual-machine:~# kind get clusters
- calico-vxlan-crosssubnet
- root@superadmin-virtual-machine:~# kind delete clusters calico-vxlan-crosssubnet
- Deleted nodes: ["calico-vxlan-crosssubnet-worker3" "calico-vxlan-crosssubnet-worker" "calico-vxlan-crosssubnet-control-plane" "calico-vxlan-crosssubnet-worker2"]
- Deleted clusters: ["calico-vxlan-crosssubnet"]
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# grep image 1-setup-env.sh
- #cat <<EOF | kind create cluster --name=calico-bgp-fullmesh --image=kindest/node:v1.27.3 --config=-
- cat <<EOF | kind create cluster --name=calico-bgp-fullmesh --image=registry.cn-beijing.aliyuncs.com/sanhua-k8s/kindest_node:v1.27.3 --config=-
- oot@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# grep 'image:' calico.yaml
- #image: 192.168.2.100:5000/calico/cni:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_cni:v3.23.2
- #image: 192.168.2.100:5000/calico/cni:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_cni:v3.23.2
- #image: 192.168.2.100:5000/calico/node:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_node:v3.23.2
- #image: 192.168.2.100:5000/calico/kube-controllers:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_kube-controllers:v3.23.2
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# grep 'image:' cni.yaml
- #- image: 192.168.2.100:5000/nettool
- - image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
把ipip和vxlan关了,就只能通过bgp路由了。
2.4 摆设k8s集群
2.4.1 摆设集群
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# ./1-setup-env.sh
2.4.2 摆设测试pod
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# cat cni.yaml
- apiVersion: apps/v1
- kind: DaemonSet
- #kind: Deployment
- metadata:
- labels:
- app: wluo
- name: wluo
- spec:
- #replicas: 2
- selector:
- matchLabels:
- app: wluo
- template:
- metadata:
- labels:
- app: wluo
- spec:
- containers:
- #- image: 192.168.2.100:5000/nettool
- - image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- name: nettoolbox
- env:
- - name: NETTOOL_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- securityContext:
- privileged: true
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: wluo
- spec:
- type: NodePort
- selector:
- app: wluo
- ports:
- - name: wluo
- port: 80
- targetPort: 80
- nodePort: 32000
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/05-calico-fullmesh# kubectl apply -f cni.yaml
- daemonset.apps/wluo created
- service/wluo created
2.4.3 查抄当前是否为Full-mesh
须要安装calicoctl下令
内容寄义:
- Calico process is running.:阐明calico历程当前是运行的。
- PEER ADDRESS:对等体所在。
○ 表现当前 Calico 节点与之创建 BGP 毗连的对等节点的 IP 所在。表格内里是 172.18.0.3、172.18.0.2.意味着当前节点和 IP 为 172.18.0.3、172.18.0.2 的节点创建了 BGP 毗连。
- PEER TYPE:对等体范例。
○ node-to-node mesh(默认模式),表现这是节点到节点的全网状毗连模式,在这种模式下,每个 Calico 节点都会与其他全部节点创建 BGP 毗连,以互换路由信息。
○
- STATE:毗连状态。
○ UP表现毗连正常。即当前节点和对等节点之间已经乐成创建了 BGP 会话,可以正常互换路由信息。
- SINCE:创建毗连的时间。
- INFO:毗连具体信息。
○ Establelished表现BGP毗连创建乐成并处于稳固状态。
然后这种相干的信息,还可以去calico-node中查询bgp相干的路由信息:
2.5 抓包(同子网)
这里用上图的两个pod举行测试,主节点pod向worker节点pod发起icmp哀求。
抓包我是在主节点pod中、主节点宿主机pod对应的cali网卡、主节点eth0等抓的icmp包。
2.5.1 终端一:主节点pod报文
2.5.2 终端二:主节点cali接口报文
2.5.3 终端三:主节点eth0接口报文
2.6 node-to-node mesh总结
总的来说,node to node mesh通讯过程,报文没有什么太特别的地方。
工作模式就是同子网的节点与节点之间,通过179端口来相互互换路由信息。
长处:
缺点:
- 过多的节点会增长cpu和内存的斲丧,同时也会增长网络流量,低沉网络服从。
实用场景:
- Full-mesh对于约莫 100 个节点或更少节点的中小型摆设来说效果很好,但在规模明显扩大时,全网状布局的服从就会变低,发起利用route reflectors。
3. kind摆设RR(路由反射器)环境
这个实行在实际工作中,还涉及到路由互换的BGP设置,我选择放弃。
本次实行拓扑
左下角10.1.5.0/24子网,出口网关为10.1.10.1/24。而且AS65005这个装备和AS500、AS800构成了一个EBGP的网络拓扑。
右下角10.1.8.0/24子网,出口网关为10.1.8.1/24。而且AS65008这个装备和AS500、AS800构成了一个EBGP的网络拓扑。
当同子网的节点间通讯时,直接走网关就已往了。
假如是跨子网通讯,那就要先到网关,然后有两条路可选,AS500和AS800,然后通过目标网关到达目标节点。
3.1 清算环境
3.1.1 删除k8s集群
- root@superadmin-virtual-machine:~# kind get clusters
- calico-bgp-fullmesh
- root@superadmin-virtual-machine:~# kind delete clusters calico-bgp-fullmesh
- Deleted nodes: ["calico-bgp-fullmesh-control-plane" "calico-bgp-fullmesh-worker2" "calico-bgp-fullmesh-worker"]
- Deleted clusters: ["calico-bgp-fullmesh"]
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ip link show
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- 2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
- link/ether fe:fc:fe:f5:dd:98 brd ff:ff:ff:ff:ff:ff
- altname enp0s18
- 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
- link/ether 02:42:61:d8:64:66 brd ff:ff:ff:ff:ff:ff
- 4: br-003fe9e9a06f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
- link/ether 02:42:94:02:02:02 brd ff:ff:ff:ff:ff:ff
- 11: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
- link/ipip 0.0.0.0 brd 0.0.0.0
- 94: br-pool0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
- link/ether aa:82:88:95:5c:cd brd ff:ff:ff:ff:ff:ff
- 95: br-pool1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
- link/ether 26:48:c3:7e:20:78 brd ff:ff:ff:ff:ff:ff
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ip link show br-pool0 && ip link delete br-pool0
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ip link show br-pool1 && ip link delete br-pool1
3.2 怎样启动RR模式
3.2.1 设置文件层面
上图,假如还没安装calico,可以通过添加参数(变量)的方式,来关闭ipip模式和vxlan模式,假如已经安装了,可以编辑ippool资源的yaml。
3.2.2 node节点层面
启动rr模式,除了调解yaml,还须要设置node节点,才华利用BGP RR模式。
3.3 调解设置文件
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# grep image 1-setup-env.sh
- #cat <<EOF | kind create cluster --name=calico-bgp-rr --image=kindest/node:v1.27.3 --config=-
- cat <<EOF | kind create cluster --name=calico-bgp-rr --image=registry.cn-beijing.aliyuncs.com/sanhua-k8s/kindest_node:v1.27.3 --config=-
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# grep image 2-setup-clab.sh
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# grep image calico.yaml
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_cni:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_cni:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_node:v3.23.2
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/calico_kube-controllers:v3.23.2
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# grep image clab.yaml
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/vyos:1.4.9
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# grep image cni.yaml
- - image: registry.cn-beijing.aliyuncs.com/sanhua-k8s/nettool
3.4.1 底子环境摆设
root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ./1-setup-env.sh
root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ./2-setup-clab.sh
3.4.2 设置rr模式
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# cat 3-prep-calico-bgp.sh
- #!/bin/bash
- set -v
- # 1. Install CNI[Calico v3.23.2]
- kubectl apply -f ./calico.yaml
- kubectl wait --timeout=100s --for=condition=Ready=true pods --all -A
- # 1.2. disable bgp fullmesh
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- items:
- - apiVersion: projectcalico.org/v3
- kind: BGPConfiguration
- metadata:
- name: default
- spec:
- logSeverityScreen: Info
- nodeToNodeMeshEnabled: false
- kind: BGPConfigurationList
- metadata:
- EOF
- # 1.3. add() bgp configuration for the nodes
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: Node
- metadata:
- annotations:
- projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"calico-bgp-rr-control-plane","kubernetes.io/os":"linux","node-role.kubernetes.io/control-plane":"","node-role.kubernetes.io/master":"","node.kubernetes.io/exclude-from-external-load-balancers":"","rack":"rack0"}'
- labels:
- beta.kubernetes.io/arch: amd64
- beta.kubernetes.io/os: linux
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: calico-bgp-rr-control-plane
- kubernetes.io/os: linux
- node-role.kubernetes.io/control-plane: ""
- node-role.kubernetes.io/master: ""
- node.kubernetes.io/exclude-from-external-load-balancers: ""
- rack: rack0
- name: calico-bgp-rr-control-plane
- spec:
- addresses:
- - address: 10.1.5.10
- type: InternalIP
- bgp:
- asNumber: 65005
- ipv4Address: 10.1.5.10/24
- orchRefs:
- - nodeName: calico-bgp-rr-control-plane
- orchestrator: k8s
- status:
- podCIDRs:
- - 10.244.0.0/24
- EOF
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: Node
- metadata:
- annotations:
- projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"calico-bgp-rr-worker","kubernetes.io/os":"linux","rack":"rack0"}'
- creationTimestamp: "2022-12-05T08:40:29Z"
- labels:
- beta.kubernetes.io/arch: amd64
- beta.kubernetes.io/os: linux
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: calico-bgp-rr-worker
- kubernetes.io/os: linux
- rack: rack0
- name: calico-bgp-rr-worker
- spec:
- addresses:
- - address: 10.1.5.11
- type: InternalIP
- bgp:
- asNumber: 65005
- ipv4Address: 10.1.5.11/24
- orchRefs:
- - nodeName: calico-bgp-rr-worker
- orchestrator: k8s
- status:
- podCIDRs:
- - 10.244.1.0/24
- EOF
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: Node
- metadata:
- annotations:
- projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"calico-bgp-rr-worker2","kubernetes.io/os":"linux","rack":"rack1"}'
- creationTimestamp: "2022-12-05T08:40:29Z"
- labels:
- beta.kubernetes.io/arch: amd64
- beta.kubernetes.io/os: linux
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: calico-bgp-rr-worker2
- kubernetes.io/os: linux
- rack: rack1
- name: calico-bgp-rr-worker2
- spec:
- addresses:
- - address: 10.1.8.10
- type: InternalIP
- bgp:
- asNumber: 65008
- ipv4Address: 10.1.8.10/24
- orchRefs:
- - nodeName: calico-bgp-rr-worker2
- orchestrator: k8s
- status:
- podCIDRs:
- - 10.244.2.0/24
- EOF
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: Node
- metadata:
- annotations:
- projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"calico-bgp-rr-worker3","kubernetes.io/os":"linux","rack":"rack1"}'
- creationTimestamp: "2022-12-05T08:40:29Z"
- labels:
- beta.kubernetes.io/arch: amd64
- beta.kubernetes.io/os: linux
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: calico-bgp-rr-worker3
- kubernetes.io/os: linux
- rack: rack1
- name: calico-bgp-rr-worker3
- spec:
- addresses:
- - address: 10.1.8.11
- type: InternalIP
- bgp:
- asNumber: 65008
- ipv4Address: 10.1.8.11/24
- orchRefs:
- - nodeName: calico-bgp-rr-worker3
- orchestrator: k8s
- status:
- podCIDRs:
- - 10.244.3.0/24
- EOF
- # 1.4. peer to leaf0 switch
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: BGPPeer
- metadata:
- name: rack0-to-leaf0
- spec:
- peerIP: 10.1.5.1
- asNumber: 65005
- nodeSelector: rack == 'rack0'
- EOF
- # 1.5. peer to leaf1 switch
- cat <<EOF | calicoctl --allow-version-mismatch apply -f -
- apiVersion: projectcalico.org/v3
- kind: BGPPeer
- metadata:
- name: rack1-to-leaf1
- spec:
- peerIP: 10.1.8.1
- asNumber: 65008
- nodeSelector: rack == 'rack1'
- EOF
- root@superadmin-virtual-machine:~/wcni-kind/LabasCode/calico/06-calico-bgp-rr# ./3-prep-calico-bgp.sh
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
|
发表于 2025-10-20 20:44:30
