Tungsten Fabric(3):与vMX建立基本的iBGP

前期准备

• ESXi主机上创建虚拟机安装EVE-NG
• EVE-NG上的虚机和连线描述如下：
  • mgmt-net可以让虚机之间互通，并可以访问外网
  • 创建多台CentOS7.7的虚机，基于TF&k8s集成部署(deployer/master/node)
  • master(contrail)的eth0的IP为192.168.122.177/24
  • 创建vMX虚拟交换机(vmx14.1)，ge-0/0/2的IP为192.168.122.102/24
• 从master可以ssh登录虚拟交换机
• 到deployer上查看ansible部署contrail的配置文档，查看BGP AS号(64512)

[root@deployer contrail-ansible-deployer]# cat contrail_configuration.md | grep BGP
BGP_PORT=${BGP_PORT:-179}
BGP_AUTO_MESH=${BGP_AUTO_MESH:-'true'}
BGP_ASN=${BGP_ASN:-64512}
[root@deployer contrail-ansible-deployer]# 

• 确认master的BGP端口在监听

[root@master01 ~]# ss -apn | grep 179 | grep tcp
tcp    LISTEN     0      128    192.168.122.177:179                   *:*                   users:(("contrail-contro",pid=3192,fd=33))
[root@master01 ~]# 

• 为了简化配置，BGP就不设置认证了

验证过程

vMX初始配置

• 因为要通过vMX的环回端口lo0和TF建立iBGP邻居，所以基础配置如下

set interfaces ge-0/0/2 unit 0 family inet address 192.168.122.102/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options router-id 1.1.1.1
set routing-options  autonomous-system 64512
set protocols bgp  group tf-peer type internal
set protocols bgp  group tf-peer local-address 1.1.1.1
set protocols bgp  group tf-peer  neighbor 192.168.122.177

master添加路由

• 为了从master可以到达1.1.1.1，需要添加一条静态路由

[root@master01 ~]# ip route add 1.1.1.1/32 via 192.168.122.102
[root@master01 ~]# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=2.63 ms
^C
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.637/2.637/2.637/0.000 ms
[root@master01 ~]# 

TF添加BGP Router

• 起始TF&k8s部署完毕后，默认就会将TF本身添加为BGP Router

• 下面需要手动将vMX添加为新的BGP router

• 同页面上，指定master作为peer

  
  

• 在TF的WebUI上，可以看到master下新出现了新添加的vMX的信息

  
  

• 如果需要对新加的BGP Router表项进行修改，为了防止没有更新成功，建议采用“先删后加”的方式，更加稳妥

vMX的BGP配置

• 此时BGP邻居并未建立

netops@vMX-1> show bgp neighbor    
Peer: 192.168.122.177 AS 64512 Local: 1.1.1.1 AS 64512
  Type: Internal    State: Active         Flags: <>
  Last State: Idle          Last Event: Start
  Last Error: Open Message Error
  Options: <Preference LocalAddress AddressFamily Rib-group Refresh>
  Address families configured: inet-vpn-unicast route-target inet-mvpn evpn
  Local Address: 1.1.1.1 Holdtime: 90 Preference: 170
  Number of flaps: 3
  Last flap event: RecvNotify
  Error: 'Open Message Error' Sent: 1 Recv: 0
  Error: 'Cease' Sent: 0 Recv: 12

netops@vMX-1> 

• 抓取BGP的协议报文，发现是因为BGP notification报文中携带的capability不匹配导致无法建立

  
  

• 需要将vMX相关的address-family激活，新加配置

set protocols bgp group tf-peer family inet-vpn unicast
set protocols bgp group tf-peer family evpn signaling
set protocols bgp group tf-peer family inet-mvpn signaling
set protocols bgp group tf-peer family route-target

查看结果

• 在vMX上,BGP邻居状态已经是Established，验证成功

netops@vMX-1> show bgp neighbor      
Peer: 192.168.122.177+32878 AS 64512 Local: 1.1.1.1+179 AS 64512
  Type: Internal    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: Open Message Error
  Options: <Preference LocalAddress AddressFamily Rib-group Refresh>
  Address families configured: inet-vpn-unicast route-target inet-mvpn evpn
  Local Address: 1.1.1.1 Holdtime: 90 Preference: 170
  Number of flaps: 2
  Last flap event: RecvNotify
  Error: 'Open Message Error' Sent: 1 Recv: 0
  Error: 'Cease' Sent: 0 Recv: 10
  Peer ID: 192.168.122.177 Local ID: 1.1.1.1           Active Holdtime: 90
  Keepalive Interval: 30         Group index: 0    Peer index: 0   
  BFD: disabled, down
  NLRI for restart configured on peer: inet-vpn-unicast route-target inet-mvpn evpn
  NLRI advertised by peer: inet-vpn-unicast inet6-vpn-unicast route-target evpn
  NLRI for this session: inet-vpn-unicast route-target evpn
  Peer does not support Refresh capability
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  NLRI that restart is negotiated for: inet-vpn-unicast route-target evpn
  NLRI of received end-of-rib markers: inet-vpn-unicast route-target evpn
  NLRI of all end-of-rib markers sent: inet-vpn-unicast route-target evpn
  Peer does not support 4 byte AS extension
  Peer does not support Addpath
  Table bgp.rtarget.0 Bit: 20000
    RIB State: BGP restart is complete
    RIB State: VPN restart is complete
    Send state: in sync
    Active prefixes:              0
    Received prefixes:            7
    Accepted prefixes:            7
    Suppressed due to damping:    0
    Advertised prefixes:          0
  Table bgp.evpn.0
    RIB State: BGP restart is complete
    RIB State: VPN restart is complete
    Send state: not advertising
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
  Table bgp.l3vpn.0
    RIB State: BGP restart is complete
    RIB State: VPN restart is complete  
    Send state: not advertising
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
  Last traffic (seconds): Received 22   Sent 23   Checked 23  
  Input messages:  Total 5      Updates 4       Refreshes 0     Octets 290
  Output messages: Total 3      Updates 0       Refreshes 0     Octets 211
  Output Queue[1]: 0
  Output Queue[2]: 0
  Output Queue[3]: 0

netops@vMX-1>