最近公司專案使用FRRouting套件,發現網路上只有少量的中文資料。於是想寫一篇文章貢獻給網路工程師們並總結一下自己實作的過程,並為後續NETOPS系列文章做暖身。
如果你也是位網路工程師,一定對OSPF及BGP這些路由協定相當熟悉。以前要把資料中心或辨公室透過路由協定相連,需要買貴鬆鬆的網路設備。有了FRRouting,現在你可以在Linux Server上執行路由協定。我們來看看官方的介紹:
FRRouting (FRR) is a free and open source Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for EIGRP and NHRP.>
1.編寫網路拓樸yml檔
2.編寫frr daemones設定檔
3.使用containerlab啟動拓撲
4.設定路由器介面IP及PC的網卡
5.設定路由器OSPF
6.永久保存FRR設定及啟用PC網卡
7.自動化Shell Script
8.結論
首先建立一個資料夾
pentium2000
$ mkdir frr
$ cd frr
編輯lab.yml。
name: lab
topology:
nodes:
router1:
kind: linux
image: frrouting/frr:v7.5.1
binds:
- router1/daemons:/etc/frr/daemons
router2:
kind: linux
image: frrouting/frr:v7.5.1
binds:
- router2/daemons:/etc/frr/daemons
PC1:
kind: linux
image: praqma/network-multitool:latest
PC2:
kind: linux
image: praqma/network-multitool:latest
links:
- endpoints: ["router1:eth1", "router2:eth1"]
- endpoints: ["PC1:eth1", "router1:eth2"]
- endpoints: ["PC2:eth1", "router2:eth2"]
FRRouting在linux container中使用daemon的形式執行。所以我們建立frr daemons設定檔並透過上述binds掛載。
建立子資料夾方便管理
$ mkdir router1
$ mkdir router2
$ vi router1/daemons
從這裡複制標準的樣板,並啟用zebra ospfd ldpd
zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=yes
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
staticd=no
pbrd=no
bfdd=no
fabricd=no
vtysh_enable=yes
zebra_options=" -s 90000000 --daemon -A 127.0.0.1"
bgpd_options=" --daemon -A 127.0.0.1"
ospfd_options=" --daemon -A 127.0.0.1"
ospf6d_options=" --daemon -A ::1"
ripd_options=" --daemon -A 127.0.0.1"
ripngd_options=" --daemon -A ::1"
isisd_options=" --daemon -A 127.0.0.1"
pimd_options=" --daemon -A 127.0.0.1"
ldpd_options=" --daemon -A 127.0.0.1"
nhrpd_options=" --daemon -A 127.0.0.1"
eigrpd_options=" --daemon -A 127.0.0.1"
babeld_options=" --daemon -A 127.0.0.1"
sharpd_options=" --daemon -A 127.0.0.1"
staticd_options=" --daemon -A 127.0.0.1"
pbrd_options=" --daemon -A 127.0.0.1"
bfdd_options=" --daemon -A 127.0.0.1"
fabricd_options=" --daemon -A 127.0.0.1"
copy router1/daemons router2/dammons
$ sudo clab deploy -t lab.yml
chan@LAPTOP-UP9VD31I:~/tmp/frr$ sudo clab deploy -t lab.yml
[sudo] password for pchan:
INFO[0000] Containerlab v0.42.0 started
INFO[0000] Parsing & checking topology file: lab.yml
INFO[0000] Creating lab directory: /home/pchan/tmp/frr/clab-lab
INFO[0000] Creating container: "router2"
INFO[0000] Creating container: "router1"
INFO[0000] Creating container: "PC1"
INFO[0000] Creating container: "PC2"
INFO[0000] Creating virtual wire: router1:eth1 <--> router2:eth1
INFO[0001] Creating virtual wire: PC1:eth1 <--> router1:eth2
INFO[0001] Creating virtual wire: PC2:eth1 <--> router2:eth2
INFO[0001] Adding containerlab host entries to /etc/hosts file
+---+------------------+--------------+---------------------------------+-------+---------+-----------------+----------------------+
| # | Name | Container ID | Image | Kind | State | IPv4 Address | IPv6 Address |
+---+------------------+--------------+---------------------------------+-------+---------+-----------------+----------------------+
| 1 | clab-lab-PC1 | d07377432fb6 | praqma/network-multitool:latest | linux | running | 172.20.20.14/24 | 2001:172:20:20::e/64 |
| 2 | clab-lab-PC2 | 61fab0bbfa7e | praqma/network-multitool:latest | linux | running | 172.20.20.13/24 | 2001:172:20:20::d/64 |
| 3 | clab-lab-router1 | f935bc12f4ff | frrouting/frr:v7.5.1 | linux | running | 172.20.20.11/24 | 2001:172:20:20::b/64 |
| 4 | clab-lab-router2 | b9d4372ae8e0 | frrouting/frr:v7.5.1 | linux | running | 172.20.20.12/24 | 2001:172:20:20::c/64 |
+---+------------------+--------------+---------------------------------+-------+---------+-----------------+----------------------+
設定PC1
$ sudo docker exec -it clab-lab-PC1 /bin/ash
ip addr add 192.168.1.1/24 dev eth1
ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1
ip route add 10.10.10.0/24 via 192.168.1.254 dev eth1
exit
設定PC2
$ sudo docker exec -it clab-lab-PC2 /bin/ash
ip addr add 192.168.2.1/24 dev eth1
ip route add 192.168.0.0/16 via 192.168.2.254 dev eth1
ip route add 10.10.10.0/24 via 192.168.2.254 dev eth1
exit
設定router1
$ sudo docker exec -it clab-lab-router1 vtysh
Hello, this is FRRouting (version 7.5.1_git).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
router1#
configure terminal
service integrated-vtysh-config
interface eth1
ip address 192.168.12.1/24
exit
interface eth2
ip address 192.168.1.254/24
exit
interface lo
ip address 10.10.10.1/32
exit
exit
write
exit
設定router2
$ sudo docker exec -it clab-lab-router2 vtysh
configure terminal
service integrated-vtysh-config
interface eth1
ip address 192.168.12.2/24
exit
interface eth2
ip address 192.168.2.254/24
exit
interface lo
ip address 10.10.10.2/32
exit
exit
write
exit
PING gateway and loopback interface
$ sudo docker exec -it clab-lab-PC1 ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.036 ms
$ sudo docker exec -it clab-lab-PC1 ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.128 ms
$ sudo docker exec -it clab-lab-PC2 ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254) 56(84) bytes of data.
64 bytes from 192.168.2.254: icmp_seq=1 ttl=64 time=0.054 ms
$ sudo docker exec -it clab-lab-PC2 ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=0.109 ms
$ sudo docker exec -it clab-lab-router1 vtysh
configure terminal
router ospf
passive-interface eth2
passive-interface lo
network 192.168.12.0/24 area 0.0.0.0
redistribute connected
exit
exit
write
exit
$ sudo docker exec -it clab-lab-router2 vtysh
configure terminal
router ospf
passive-interface eth2
passive-interface lo
network 192.168.12.0/24 area 0.0.0.0
redistribute connected
exit
exit
write
exit
OSPF設定結束開始進行測試,Test PC1 <-> Gateway
$ sudo docker exec clab-lab-PC1 ping -c1 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.031 ms
1 packets transmitted, 1 received, 0% packet loss, time 0ms
Test PC1 <-> router2 eth1
$ sudo docker exec clab-lab-PC1 ping -c1 192.168.12.2
PING 192.168.12.2 (192.168.12.2) 56(84) bytes of data.
64 bytes from 192.168.12.2: icmp_seq=1 ttl=63 time=0.041 ms
1 packets transmitted, 1 received, 0% packet loss, time 0ms
Test PC1 <-> Router1 loopback
$ sudo docker exec clab-lab-PC1 ping -c1 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=63 time=0.093 ms
1 packets transmitted, 1 received, 0% packet loss, time 0ms
Test PC1 <-> PC2
pchan@pchan:~/github/frr$ sudo docker exec clab-lab-PC1 ping -c1 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=62 time=0.051 ms
1 packets transmitted, 1 received, 0% packet loss, time 0ms
接下來我們如何把配置儲存下來,下次執行直接載入。有二個重要的設定檔
binds:
- router1/daemons:/etc/frr/daemons 設定實體路徑:Container frr deamons設定
- router1/frr.conf:/etc/frr/frr.conf 設定實體路徑:Router OSPF及介面設定
所以新的lab.yaml會長這個樣子
name: lab
topology:
nodes:
router1:
kind: linux
image: frrouting/frr:v7.5.1
binds:
- router1/daemons:/etc/frr/daemons
- router1/frr.conf:/etc/frr/frr.conf
router2:
kind: linux
image: frrouting/frr:v7.5.1
binds:
- router2/daemons:/etc/frr/daemons
- router2/frr.conf:/etc/frr/frr.conf
PC1:
kind: linux
image: praqma/network-multitool:latest
PC2:
kind: linux
image: praqma/network-multitool:latest
links:
- endpoints: ["router1:eth1", "router2:eth1"]
- endpoints: ["PC1:eth1", "router1:eth2"]
- endpoints: ["PC2:eth1", "router2:eth2"]
router1/frr.conf
frr version 7.5.1_git
frr defaults traditional
hostname router1
no ipv6 forwarding
!
interface eth1
ip address 192.168.12.1/24
!
interface eth2
ip address 192.168.1.254/24
!
interface lo
ip address 10.10.10.1/32
!
router ospf
passive-interface eth2
network 192.168.12.0/24 area 0.0.0.0
redistribute connected
!
line vty
router2/frr.conf
frr version 7.5.1_git
frr defaults traditional
hostname router2
no ipv6 forwarding
!
interface eth1
ip address 192.168.12.2/24
!
interface eth2
ip address 192.168.2.254/24
!
interface lo
ip address 10.10.10.2/32
!
router ospf
passive-interface eth2
network 192.168.12.0/24 area 0.0.0.0
redistribute connected
!
line vty
接下來我們要寫一個Shell Script把PC1及PC2的網路卡帶起來
$ vim NIC-UP.sh
#!/bin/sh
sudo docker exec clab-lab-PC1 ip link set eth1 up
sudo docker exec clab-lab-PC1 ip addr add 192.168.1.1/24 dev eth1
sudo docker exec clab-lab-PC1 ip route add 192.168.0.0/16 via 192.168.1.254 dev eth1
sudo docker exec clab-lab-PC1 ip route add 10.10.10.0/24 via 192.168.1.254 dev eth1
sudo docker exec clab-lab-PC2 ip link set eth1 up
sudo docker exec clab-lab-PC2 ip addr add 192.168.2.1/24 dev eth1
sudo docker exec clab-lab-PC2 ip route add 192.168.0.0/16 via 192.168.2.254 dev eth1
sudo docker exec clab-lab-PC2 ip route add 10.10.10.0/24 via 192.168.2.254 dev eth1
$ chmod u+x NIC-UP.sh
最後寫一個Shell Script整合執行撲拓和帶起網卡
$ vim run.sh
#!/bin/bash
sudo clab deploy --topo lab.yml
./NIC-UP.sh
$ chmod u+x run.sh
最後的檔案結構會長這個樣子
$ tree
.
├── lab.yml
├── NIC-UP.sh
├── router1
│ ├── daemons
│ └── frr.conf
├── router2
│ ├── daemons
│ └── frr.conf
└── run.sh
這篇實作文章參考了這裡,歡迎可以跟大家多多交流Network automation及Netops的技術。
iThome鐵人賽
看影片追技術