文章介绍:开源篇25是介绍独立部署BGPServer服务器的方式实现VyOS+Frrouting路由分流,本篇讲解使用VyOS自身的容器功能,利用Container在VyOS本地部署Frrouting容器,容器使用network模式,与VyOS本身的veth接口建立iBGP邻居,实现国内外ipv4路由分流功能。
一、逻辑拓扑
拓扑分析
- 实线方框是VyOS,ETH0接光猫,ETH1接海外出口,ETH2接内网电脑。
- 虚线方框是Container启动的FRR,FRR的eth0@if13连接到VyOS的veth0虚拟接口上。
- FRR运行BGPServer的配置,宣告国内网段和默认路由给VyOS。
- VyOS运行BGP与FRR建立iBGP邻居,学习FRR宣告的路由,通过community-list设置next-hop,实现国内外ipv4路由分流。
二、FRR配置
2.1、创建FRR外部配置文件夹
sudo mkdir -p /config/podman/frrouting
2.2、下载daemons文件
sudo wget -P /config/podman/frrouting https://pan.yydy.link:2023/d/share/frr/vyosfrr/daemons
2.3、下载frr.conf文件
sudo wget -P /config/podman/frrouting https://pan.yydy.link:2023/d/share/frr/vyosfrr/frr.conf
2.3、下载vtysh.conf文件
sudo wget -P /config/podman/frrouting https://pan.yydy.link:2023/d/share/frr/vyosfrr/vtysh.conf
三、VyOS配置
3.1、拉取镜像
sudo podman pull docker.io/frrouting/frr:latest
3.2、FRR容器配置
configure
set container name bgpserver capability 'net-admin'
set container name bgpserver capability 'sys-admin'
set container name bgpserver capability 'net-raw'
set container name bgpserver host-name 'bgpserver'
set container name bgpserver image 'frrouting/frr:latest'
set container name bgpserver network bgpnet address '192.168.255.2'
set container name bgpserver restart 'always'
set container name bgpserver volume daemons destination '/etc/frr/daemons'
set container name bgpserver volume daemons source '/config/podman/frrouting/daemons'
set container name bgpserver volume frrconf destination '/etc/frr/frr.conf'
set container name bgpserver volume frrconf source '/config/podman/frrouting/frr.conf'
set container name bgpserver volume vtyshconf destination '/etc/frr/vtysh.conf'
set container name bgpserver volume vtyshconf source '/config/podman/frrouting/vtysh.conf'
set container network bgpnet no-name-server
set container network bgpnet prefix '192.168.255.0/24'
commit
save
3.3、BGP配置
configure
set policy community-list china-route rule 1000 action 'permit'
set policy community-list china-route rule 1000 regex '65000:999'
set policy community-list default-route rule 1000 action 'permit'
set policy community-list default-route rule 1000 regex '65000:777'
set policy route-map smart-route rule 100 action 'permit'
set policy route-map smart-route rule 100 match community community-list 'default-route'
set policy route-map smart-route rule 100 set ip-next-hop '10.225.97.6'
set policy route-map smart-route rule 200 action 'permit'
set policy route-map smart-route rule 200 match community community-list 'china-route'
set policy route-map smart-route rule 200 set ip-next-hop '10.225.97.1'
set policy route-map smart-route rule 1000 action 'deny'
set policy route-map smart-route rule 1000 description 'block_route'
set protocols bgp neighbor 192.168.255.2 address-family ipv4-unicast route-map import 'smart-route'
set protocols bgp neighbor 192.168.255.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.168.255.2 remote-as '65000'
set protocols bgp neighbor 192.168.255.2 update-source '192.168.255.1'
set protocols bgp system-as '65000'
set protocols bgp timers holdtime '15'
set protocols bgp timers keepalive '3'
commit
save
3.4、其他配置
configure
set interfaces ethernet eth0 address '10.225.97.10/24'
set protocols static route 0.0.0.0/0 next-hop 10.225.97.1 distance '230'
set service ssh port '22'
set system host-name 'vyos'
set system login banner post-login 'vyos'
set system login user vyos authentication plaintext-password 'vyos'
set system name-server '10.225.97.6'
commit
save
四、查看相关信息
4.1、查看FRR日志
monitor log container bgpserver
4.2、查看bgp建立状态
show ip bgp summary
4.3、查看接收的路由信息
show ip bgp neighbors 192.168.255.2 received-routes
4.4、查看中国路由表
show ip bgp community-list china-route
4.5、查看路由表
show ip route
