在家也要玩BGP(1.5):我的双线分流规则

本系列文章的第一篇只讲了配置的技术要点,没有讲规则具体怎么写。本文大概讲一下我现在所使用的规则。

规则:

  • 电信自己的ASN走电信
  • 移动自己的ASN走移动
  • 其它国内流量走电信
  • 出国(默认)流量走移动

目前这样的规则会带来一万五千条左右路由。IOS XE的资源占用情况:

Router#show ip route summary
Route Source    Networks    Subnets     Replicates  Overhead    Memory (bytes)
connected       0           14          0           1424        4256
static          1           4           0           480         1520
bgp 65534       5179        15044       0           1941408     6147792
  External: 0 Internal: 20223 Local: 0
Router#show ip bgp summ
BGP router identifier 192.168.1.1, local AS number 65001
BGP table version is 10538219, main routing table version 10538219
13183 network entries using 3269384 bytes of memory
18727 path entries using 2546872 bytes of memory
525/281 BGP path/bestpath attribute entries using 147000 bytes of memory
2 BGP rrinfo entries using 80 bytes of memory
375 BGP AS-PATH entries using 25840 bytes of memory
2 BGP community entries using 48 bytes of memory
1 BGP extended community entries using 24 bytes of memory
517 BGP route-map cache entries using 33088 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 6022336 total bytes of memory
BGP activity 804938/764611 prefixes, 13180009/13137706 paths, scan interval 60 secs

Router#show platform resources
**State Acronym: H - Healthy, W - Warning, C - Critical
Resource                 Usage                 Max             Warning         Critical        State
----------------------------------------------------------------------------------------------------
RP0 (ok, active)                                                                               H
 Control Processor       28.74%                100%            80%             90%             H
  DRAM                   2687MB(78%)           3421MB          88%             93%             H
ESP0(ok, active)                                                                               H
 QFP                                                                                           H
  DRAM                   101005KB(51%)         196608KB        80%             90%             H
  IRAM                   414KB(20%)            2048KB          80%             90%             H
  CPU Utilization        12.00%                100%            90%             95%             H


BGP Controller的资源占用情况:

[email protected]:~# free -wh
              total        used        free      shared     buffers       cache   available
Mem:          878Mi       682Mi        61Mi       1.0Mi        10Mi       123Mi        60Mi
Swap:         1.0Gi       3.0Mi       1.0Gi

路由器

默认路由配置移动优先,电信作为fallback

Router#show run | i ip route
ip route 0.0.0.0 0.0.0.0 Dialer1 5
ip route 0.0.0.0 0.0.0.0 Dialer0 10

Controller

一个用来更新国家ASN配置的脚本:

### update_asn_table.conf 

#!/bin/bash
set -Eeuo pipefail

BASE_DIR="/etc/bird"

country_asn() {
        curl "https://www.cc2asn.com/data/$1_asn" | sed 's/AS//g' | sed '$!s/$/,/'
}

echo -e "define china_asn = [" > ${BASE_DIR}/asn_cn.conf
country_asn cn >> ${BASE_DIR}/asn_cn.conf
echo -e "];\n" >> ${BASE_DIR}/asn_cn.conf

Bird 2的配置文件(仅策略部分,其余的上一篇文章有讲):

define cmcc_asn = [
        9231,
        58807,
        58453,
        56048,
        56047, 
        56046, 
        56045, 
        56044,
        56042, 
        56041,
        56040,
        45120, 
        268862,
        24311,
        24059, 
        209141, 
        137872,
        134810,
        132510,
        132501, 
        132389,
        9808
];

define chinanet_asn = [
        63825,
        63824,
        63823,
        63822,
        63821,
        63820,
        63819,
        63818,
        63817,
        63816,
        63815,
        63814,
        63813,
        63812,
        63811,
        63810,
        59391,
        59390,
        59389,
        59388,
        59387,
        59386,
        59385,
        59384,
        59314,
        59313,
        59312,
        59311,
        59310,
        59309,
        59308,
        59307,
        59306,
        59305,
        59304,
        59303,
        59302,
        59301,
        59300,
        59299,
        59298,
        59297,
        59296,
        59294,
        59293,
        59233,
        59232,
        59231,
        59230,
        59229,
        59228,
        59227,
        59226,
        59225,
        59224,
        59223,
        58777,
        58776,
        58775,
        58774,
        58773,
        58772,
        58771,
        58770,
        58769,
        58574,
        58573,
        58572,
        58571,
        58570,
        58569,
        58568,
        58567,
        58565,
        58564,
        58563,
        58466,
        4810,
        38283,
        23662,
        23650,
        23611,
        18387,
        18344,
        136200,
        136199,
        136198,
        135306,
        134775,
        134774,
        134773,
        134772,
        134771,
        134770,
        134769,
        134768,
        134767,
        134766,
        134765,
        134764,
        134763,
        134762,
        134761,
        134760,
        134759,
        134758,
        134757,
        134756,
        134755,
        134238,
        64079,
        63838,
        63835,
        63690,
        63527,
        59265,
        58543,
        58542,
        58541,
        58540,
        58539,
        58518,
        58517,
        58461,
        55996,
        49209,
        4835,
        4816,
        4815,
        4813,
        4812,
        4811,
        4809,
        44218,
        4134,
        36678,
        25726,
        18428,
        17998,
        139209,
        136195,
        136190,
        136188,
        134419,
        134418,
        134172,
        133776,
        133775,
        133774,
        131327,
        131325
];
define aliyun_asn = [
        59055,
        59054,
        59053,
        59052,
        59051,
        59028,
        45104,
        45103,
        45102,
        45096,
        37963,
        34947,
        134963
];

include "asn_cn.conf";

filter policy_routing {
        if source != RTS_BGP then reject;

        # CMCC
        if bgp_path.last ~ cmcc_asn then {
                bgp_community = -empty-;
                bgp_community.add((100,100));
                accept;
        }

        # ChinaNet
        if bgp_path.last ~ chinanet_asn || bgp_path.last ~ aliyun_asn  then {
                bgp_community = -empty-;
                bgp_community.add((200,200));
                accept;
        }

        # China -> ChinaNet
        if bgp_path.last ~ china_asn then {
                bgp_community = -empty-;
                bgp_community.add((200,200));
                accept;
        }

        reject;
}

 

在家也要玩BGP(1.5):我的双线分流规则》有1个想法

  1. Pingback引用通告: 在家也要玩BGP(1):简单的多运营商接入策略路由配置 | Drown in Codes

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据