🌐
IX2215とMetalLBでBGPを導入してみる
環境
- 東京拠点
- IX2215: 192.168.0.1/16
- k8sノード: 192.168.10.101-103
- 大阪拠点
- IX2215 10.0.0.254/16
- k8sノード: 10.0.11.1-5
2拠点間は拠点間VPNで接続されています
BGPの構成
- すべてAS 65000
- 各IX2215は広報無し
- MetalLBからの広報をIX2215で受け取ってルーティングを行う
MetalLBのセットアップ
Operatorのインストール
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.9/config/manifests/metallb-native.yaml
IPPoolの設定
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 10.154.0.0/16
BGPの設定
BGPPeerの設定
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
name: ix2215-osk-peer
namespace: metallb-system
spec:
myASN: 65000
peerASN: 65000
peerAddress: 10.0.0.254
---
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
name: ix2215-tky-peer
namespace: metallb-system
spec:
myASN: 65000
peerASN: 65000
peerAddress: 192.168.0.1
BGP Advertisementの設定
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
name: bgp-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- default-pool
IX2215の設定
TKY-MAIN# enable-config
TKY-MAIN(config)# router bgp 65000
TKY-MAIN(config-bgp)# neighbor 192.168.10.101 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 192.168.10.102 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 192.168.10.103 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 10.0.11.1 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 10.0.11.2 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 10.0.11.3 remote-as 65000
TKY-MAIN(config-bgp)# neighbor 10.0.11.4 remote-as 65000
各ノードをbgpのneighborとして設定します
少し待ってからshow ip routeを実行すると
TKY-MAIN(config-bgp)# show ip route
IP Routing Table - 16 entries, 3 hidden, 2029 frees
Entries: 2 Connected, 3 Static, 0 RIP, 0 OSPF, 11 BGP
Codes: C - Connected, S - Static, R - RIP, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, B - BGP
* - Candidate default, s - Summary
Timers: Age
S* 0.0.0.0/0 [1/1] is directly connected, Tunnel0.0, 73d5h9m16s
10.0.0.0/8 is subnetted, 12 subnets
S 10.0.0.0/16 [1/1] is directly connected, Tunnel1.0, 52d2h36m7s
B 10.154.0.0/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.1/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.2/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.3/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.4/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.5/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.6/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.7/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.8/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.0.9/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
B 10.154.254.1/32 [200/0] via 192.168.10.101, GigaEthernet2.0, 0:00:19
yyy.yyy.yyy.yyy/8 is subnetted, 1 subnets
S yyy.yyy.yyy.yyy/32 [1/1] is directly connected, Tunnel0.0, 73d5h9m16s
xxx.xxx.xxx.xxx/16 is subnetted, 1 subnets
C xxx.xxx.xxx.xxx/32 [0/0] is directly connected, GigaEthernet0.1, 69d16h4m31s
C 192.168.0.0/16 [0/0] is directly connected, GigaEthernet2.0, 75d1h18m24s
Bで始まるルートが認識されていることが確認できます
もう一台も同様に設定すれば完了です
参考文献
Discussion