很高興,很自豪!公司越做越大,由以前的單條專線上打通道互通;到目前多POP點,主備多線路,多客戶組網互通。沒有技術的支撐是不可能長到現在的地步滴^_^. (其實只是網絡小白的一個小小的成長...)
OK! 嘚瑟完畢後開始講故事!
故事背景:
由於公司主要搞雲服務的,起初每個客戶的專線網絡基本都是由虛擬linux雲服務器配置靜態路由搭建起來的。但隨着業務成長,需求越來越複雜,穩定性要求越來越高。不得不開始考慮更加穩定的網絡結構。
首先想到的就是大學玩過的路由協議,選了OSPF路由協議來搭建一個驗證環境(後期還能在這基礎上實現MPLS)。
拓撲圖(拓撲圖僅爲HM-HK兩個POP點之間的專線模擬實驗圖):
驗證環境:雲服務器CentOS6.9 + quagga
其中HK、HM、SH1、BJ是每個POP點的核心骨幹節點。GW-SH1、GW-HM1、GW-HK1、GW-BJ1分別模擬不同POP點中用戶的專線網關。VM-SH1、VM-HM1、VM-BJ1、VM-HK1分別是不同POP點中用戶購買的雲服務器。
HM-HK,SH1-HK,BJ-HK這三對之間都有主備兩條專線。設置不同的ospf cost值。通常情況下數據都走主線路,當主線路有維護或者故障時流量會自動切到備用線路。
開始搭建:
1. 安裝quagga,開啓zebra和ospfd兩個守護進程。
安利一波quagga和FinalShell(linux服務器管理工具);
Quagga是一個開源路由軟件套件,可以將Linux變成支持如RIP、OSPF、BGP和IS-IS等主要路由協議的路由器。它具有對IPv4和IPv6的完整支持,並支持路由/前綴過濾。Quagga可以是你生命中的救星,以防你的生產路由器一旦宕機,而你沒有備用的設備而只能等待更換。通過適當的配置,Quagga甚至可以作爲生產路由器。
FinalShell是國產一體化的的服務器,網絡管理軟件,不僅是ssh客戶端,還是功能強大的開發,運維工具,充分滿足開發,運維需求.
特色功能;免費海外服務器遠程桌面加速,ssh加速,雙邊tcp加速,內網穿透.
以下步驟需在上述所有節點上面運行(如果是虛擬雲環境,可以配置好一臺後建立OSPF模板,從模板直接開出新的雲服務器)。
給linux雲服務器配置好每個網卡的IP,關閉防火牆,開啓ipforward,關閉selinux。
yum install quagga #直接yum安裝quagga
cp /usr/share/doc/quagga-0.99.15/zebra.conf.sample /etc/quagga/zebra.conf
cp /usr/share/doc/quagga-0.99.15/ospfd.conf.sample /etc/quagga/ospfd.conf
service zebra start
service ospfd start
chkconfig zebra on
chkconfig ospfd on
vtysh #進入命令行
GW1-SH1# configure terminal
GW1-SH1(config)# log file /var/log/quagga/quagga.log
GW1-SH1(config)# exit
GW1-SH1# write
2. 在每個節點上面配置OSPF
GW-HK1
!
router ospf
ospf router-id 10.192.33.200
network 10.192.33.0/24 area 0.0.0.0
network 172.16.133.0/24 area 0.0.0.0
!
HK
!
router ospf
ospf router-id 10.192.33.50
network 10.192.33.0/24 area 0.0.0.0
network 10.192.237.0/24 area 0.0.0.3
network 10.192.238.0/24 area 0.0.0.2
network 10.192.239.0/24 area 0.0.0.1
network 10.200.1.0/24 area 0.0.0.1
network 10.200.2.0/24 area 0.0.0.2
!
HM
!
router ospf
ospf router-id 10.192.239.51
network 10.192.239.0/24 area 0.0.0.1
network 172.16.55.0/24 area 0.0.0.1
!
GW-HM1
!
router ospf
ospf router-id 172.16.55.51
network 172.16.55.0/24 area 0.0.0.1
network 172.20.10.0/24 area 0.0.0.1
!
SH
!
router ospf
ospf router-id 10.192.1.50
network 10.192.1.0/24 area 0.0.0.2
network 10.192.238.0/24 area 0.0.0.2
network 10.200.2.0/24 area 0.0.0.2
!
GW-SH1
!
router ospf
ospf router-id 10.192.1.51
network 10.192.1.0/24 area 0.0.0.2
network 192.168.90.0/24 area 0.0.0.2
!
BJ
待更新...
GW-SBJ1
待更新...
再配置好備用專線的cost
3. 檢查路由節點路由和鄰居信息
GW-HK1
GW1-HK# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.192.1.0/24 [110/30] via 10.192.33.50, eth2, 18:59:24
O 10.192.33.0/24 [110/10] is directly connected, eth2, 18:59:36
O>* 10.192.237.0/24 [110/20] via 10.192.33.50, eth2, 18:59:24
O>* 10.192.238.0/24 [110/20] via 10.192.33.50, eth2, 18:59:24
O>* 10.192.239.0/24 [110/20] via 10.192.33.50, eth2, 18:59:24
O>* 172.16.55.0/24 [110/30] via 10.192.33.50, eth2, 05:49:58
O 172.16.133.0/24 [110/10] is directly connected, eth3, 18:59:25
O>* 172.20.10.0/24 [110/40] via 10.192.33.50, eth2, 05:47:13
O>* 192.168.90.0/24 [110/40] via 10.192.33.50, eth2, 18:59:24
GW1-HK#
OSPF-HK1# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.192.1.50 1 Full/DR 39.684s 10.192.238.51 eth0:10.192.238.50 0 0 0
10.192.239.51 1 Full/Backup 36.517s 10.192.239.51 eth2:10.192.239.50 0 0 0
10.192.33.200 1 Full/Backup 34.406s 10.192.33.200 eth4:10.192.33.50 0 0 0
OSPF-HK1#
HK
OSPF-HK1# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.192.1.0/24 [110/20] via 10.192.238.51, eth0, 19:05:07
O 10.192.33.0/24 [110/10] is directly connected, eth4, 19:04:40
O 10.192.237.0/24 [110/10] is directly connected, eth3, 19:04:26
O 10.192.238.0/24 [110/10] is directly connected, eth0, 19:05:26
O 10.192.239.0/24 [110/10] is directly connected, eth2, 19:05:12
O>* 172.16.55.0/24 [110/20] via 10.192.239.51, eth2, 05:51:24
O>* 172.16.133.0/24 [110/20] via 10.192.33.200, eth4, 19:00:51
O>* 172.20.10.0/24 [110/30] via 10.192.239.51, eth2, 05:48:39
O>* 192.168.90.0/24 [110/30] via 10.192.238.51, eth0, 19:05:07
OSPF-HK1#
GW1-HK# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.192.33.50 1 Full/DR 39.299s 10.192.33.50 eth2:10.192.33.200 0 0 0
GW1-HK#
HM
OSPF-HM# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.192.1.0/24 [110/30] via 10.192.239.50, eth0, 05:51:41
O>* 10.192.33.0/24 [110/20] via 10.192.239.50, eth0, 05:51:41
O>* 10.192.237.0/24 [110/20] via 10.192.239.50, eth0, 05:51:41
O>* 10.192.238.0/24 [110/20] via 10.192.239.50, eth0, 05:51:41
O 10.192.239.0/24 [110/10] is directly connected, eth0, 05:51:59
O 172.16.55.0/24 [110/10] is directly connected, eth1, 05:51:46
O>* 172.16.133.0/24 [110/30] via 10.192.239.50, eth0, 05:51:41
O>* 172.20.10.0/24 [110/20] via 172.16.55.51, eth1, 05:49:01
O>* 192.168.90.0/24 [110/40] via 10.192.239.50, eth0, 05:51:41
OSPF-HM#
OSPF-HM# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.192.33.50 1 Full/DR 30.894s 10.192.239.50 eth0:10.192.239.51 0 0 0
172.16.55.51 1 Full/Backup 30.338s 172.16.55.51 eth1:172.16.55.50 0 0 0
OSPF-HM#
GW-HM1
GW1-HM# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.192.1.0/24 [110/40] via 172.16.55.50, eth0, 05:49:24
O>* 10.192.33.0/24 [110/30] via 172.16.55.50, eth0, 05:49:24
O>* 10.192.237.0/24 [110/30] via 172.16.55.50, eth0, 05:49:24
O>* 10.192.238.0/24 [110/30] via 172.16.55.50, eth0, 05:49:24
O>* 10.192.239.0/24 [110/20] via 172.16.55.50, eth0, 05:49:24
O 172.16.55.0/24 [110/10] is directly connected, eth0, 05:49:36
O>* 172.16.133.0/24 [110/40] via 172.16.55.50, eth0, 05:49:24
O 172.20.10.0/24 [110/10] is directly connected, eth1, 05:49:25
O>* 192.168.90.0/24 [110/50] via 172.16.55.50, eth0, 05:49:24
GW1-HM#
SH
OSPF-SH1# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O 10.192.1.0/24 [110/10] is directly connected, eth1, 19:10:18
O>* 10.192.33.0/24 [110/20] via 10.192.238.50, eth0, 19:05:47
O>* 10.192.237.0/24 [110/20] via 10.192.238.50, eth0, 19:05:35
O 10.192.238.0/24 [110/10] is directly connected, eth0, 19:09:56
O>* 10.192.239.0/24 [110/20] via 10.192.238.50, eth0, 19:05:47
O>* 172.16.55.0/24 [110/30] via 10.192.238.50, eth0, 05:52:34
O>* 172.16.133.0/24 [110/30] via 10.192.238.50, eth0, 19:02:00
O>* 172.20.10.0/24 [110/40] via 10.192.238.50, eth0, 05:49:49
O>* 192.168.90.0/24 [110/20] via 10.192.1.51, eth1, 19:10:08
OSPF-SH1#
GW-SH1
GW1-SH1# show ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O 10.192.1.0/24 [110/10] is directly connected, eth0, 19:11:54
O>* 10.192.33.0/24 [110/30] via 10.192.1.50, eth0, 19:06:03
O>* 10.192.237.0/24 [110/30] via 10.192.1.50, eth0, 19:05:51
O>* 10.192.238.0/24 [110/20] via 10.192.1.50, eth0, 19:10:12
O>* 10.192.239.0/24 [110/30] via 10.192.1.50, eth0, 19:06:03
O>* 172.16.55.0/24 [110/40] via 10.192.1.50, eth0, 05:52:50
O>* 172.16.133.0/24 [110/40] via 10.192.1.50, eth0, 19:02:16
O>* 172.20.10.0/24 [110/50] via 10.192.1.50, eth0, 05:50:05
O 192.168.90.0/24 [110/10] is directly connected, eth1, 19:11:46
GW1-SH1#
BJ
待更新...
GW-SBJ1
待更新...
4.驗證路由
VM-SH1 tracert VM-HK1
VM-HK1 tracert VM-HM1
VM-SH1 tracert VM-HM1
完美收工!監控搞起,測試客戶切進來,長時間觀察下狀況!期待好的結果...