51工具盒子文章介绍:上一篇讲解使用FRRouting搭建BGPServer服务器,本篇将讲解VyOS如何配置BGP对接FRR,实现国内外ipv4路由分流功能。
一、网络架构 {#一-网络架构}
架构说明
- VyOS Router :作为公司出口主路由,ipv4路由分流从这里来实现。
- MS-PE :MPLS VPN骨干网的主接入POP。
- BS-PE :MPLS VPN骨干网的备份接入POP。
- MBS :MPLS VPN骨干网上的主BGPServer服务器,用于给VyOS Router学习国内ipv4路由的服务器。
- BBS :MPLS VPN骨干网上的备份BGPServer服务器,用于给VyOS Router学习国内ipv4路由的服务器。
- HK-OS-PE :香港机房出口。
- USA-OS-PE :美国机房出口。
二、VyOS Router配置 {#二-VyOS-Router配置}
set interfaces ethernet eth0 address '10.225.97.9/24'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 offload gso
set interfaces ethernet eth0 offload sg
set interfaces ethernet eth0 offload tso
set policy community-list china-route rule 1000 action 'permit'
set policy community-list china-route rule 1000 regex '65000:999'
set policy community-list default-route rule 1000 action 'permit'
set policy community-list default-route rule 1000 regex '65000:777'
set policy route-map BBS rule 100 action 'permit'
set policy route-map BBS rule 100 description 'to-main-out'
set policy route-map BBS rule 100 match community community-list 'default-route'
set policy route-map BBS rule 100 set ip-next-hop '10.225.97.6'
set policy route-map BBS rule 100 set local-preference '50'
set policy route-map BBS rule 200 action 'permit'
set policy route-map BBS rule 200 match community community-list 'china-route'
set policy route-map BBS rule 200 set ip-next-hop '10.225.97.1'
set policy route-map BBS rule 200 set local-preference '50'
set policy route-map BBS rule 1000 action 'deny'
set policy route-map BBS rule 1000 description 'block_route'
set policy route-map MBS rule 100 action 'permit'
set policy route-map MBS rule 100 description 'to-backup-out'
set policy route-map MBS rule 100 match community community-list 'default-route'
set policy route-map MBS rule 100 set ip-next-hop '10.225.97.6'
set policy route-map MBS rule 200 action 'permit'
set policy route-map MBS rule 200 match community community-list 'china-route'
set policy route-map MBS rule 200 set ip-next-hop '10.225.97.1'
set policy route-map MBS rule 1000 action 'deny'
set policy route-map MBS rule 1000 description 'block_route'
set protocols bgp neighbor 192.168.6.200 peer-group 'BBS'
set protocols bgp neighbor 192.168.65.65 peer-group 'MBS'
set protocols bgp parameters router-id '10.225.97.9'
set protocols bgp peer-group BBS address-family ipv4-unicast route-map import 'BBS'
set protocols bgp peer-group BBS address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group BBS remote-as '65000'
set protocols bgp peer-group BBS update-source '10.225.97.9'
set protocols bgp peer-group MBS address-family ipv4-unicast route-map import 'MBS'
set protocols bgp peer-group MBS address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group MBS remote-as '65000'
set protocols bgp peer-group MBS update-source '10.225.97.9'
set protocols bgp system-as '65000'
set protocols bgp timers holdtime '15'
set protocols bgp timers keepalive '3'
set protocols static route 0.0.0.0/0 next-hop 10.225.97.1 distance '230'
set protocols static route 192.168.6.200/32 next-hop 10.225.97.6
set protocols static route 192.168.65.65/32 next-hop 10.225.97.6
set service ntp server time1.vyos.net
set service ntp server time2.vyos.net
set service ntp server time3.vyos.net
set service ssh port '22'
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vyos'
set system login banner post-login 'vyos'
set system login user vyos authentication encrypted-password '$6$rounds=656000$z9DDX9RZQiQgus/X$ov27PBJ4PAX0rmZC2v4j.lIVBva6bCBVcQJtJc77RQYViEEe5aUY3Pcref3v29SJiQ1iwHbuAEBlUP9eb6Vdq/'
set system login user vyos authentication plaintext-password ''
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
三、BGPServer配置 {#三-BGPServer配置}
3.1、MBS {#3-1-MBS}
frr version 10.1.1
frr defaults traditional
hostname master-bgpserver
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65000
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
timers bgp 3 15
neighbor 10.225.97.9 remote-as 65000
neighbor 10.225.97.9 update-source 192.168.65.65
!
address-family ipv4 unicast
network 0.0.0.0/0 route-map default-route
network 1.0.1.0/24 route-map china-route
.....
network 223.255.252.0/23 route-map china-route
neighbor 10.225.97.9 activate
exit-address-family
exit
!
access-list 10 seq 10 permit any
!
bgp community-list expanded china-route seq 999 permit 65000:999
bgp community-list expanded default-route seq 777 permit 65000:777
!
route-map china-route permit 999
set community 65000:999 additive
exit
!
route-map default-route permit 777
set community 65000:777 additive
exit
!
3.2、BBS {#3-2-BBS}
frr version 10.1.1
frr defaults traditional
hostname master-bgpserver
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65000
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
timers bgp 3 15
neighbor 10.225.97.9 remote-as 65000
neighbor 10.225.97.9 update-source 192.168.6.200
!
address-family ipv4 unicast
network 0.0.0.0/0 route-map default-route
network 1.0.1.0/24 route-map china-route
.....
network 223.255.252.0/23 route-map china-route
neighbor 10.225.97.9 activate
exit-address-family
exit
!
access-list 10 seq 10 permit any
!
bgp community-list expanded china-route seq 999 permit 65000:999
bgp community-list expanded default-route seq 777 permit 65000:777
!
route-map china-route permit 999
set community 65000:999 additive
exit
!
route-map default-route permit 777
set community 65000:777 additive
exit
!
四、BGP建立状态 {#四-BGP建立状态}
4.1、BGP建立状态 {#4-1-BGP建立状态}
vyos@vyos:~$ show bgp summary
4.2、路由条目 {#4-2-路由条目}
vyos@vyos:~$ show ip route
4.3、查看分流情况 {#4-3-查看分流情况}
show ip route 223.5.5.5
show ip route 8.8.8.8
