一、前言

搭建起来了ZeroTier网络之后,需要把流量明细分开,让流量走到对应的地区上。

二、搭建BGPServer获取CN路由表

2.1安装Docker

注意我的环境是在阿里云服务器上进行操作的

非阿里云服务器,需将http://mirrors.cloud.aliyuncs.com 替换为 https://mirrors.aliyun.com

1
2
3
4
5
6
7
8
9
10
11
12
#更新包管理工具
sudo apt-get update
#添加Docker软件包源
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
sudo curl -fsSL http://mirrors.cloud.aliyuncs.com/docker-ce/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository -y "deb [arch=$(dpkg --print-architecture)] http://mirrors.cloud.aliyuncs.com/docker-ce/linux/debian $(lsb_release -cs) stable"
#安装Docker社区版本,容器运行时containerd.io,以及Docker构建和Compose插件
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
#启动Docker
sudo systemctl start docker
#设置Docker守护进程在系统启动时自动启动
sudo systemctl enable docker

2.2创建BGP服务器

考虑到中国网络特殊性,可自行使用Docker镜像代理

1
2
3
4
5
6
7
8
9
10
11
apt update && apt install frr

echo net.ipv4.ip_forward=1 > /etc/sysctl.conf

sysctl -p

vim /etc/frr/daemons
#将bgpd=no改为bgpd=yes

service frr restart

创建Docker镜像拉取BGPServer获取中国路由

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
docker network create --subnet=100.66.66.0/30 bgp_session_network

#docker pull docker.0n.ink/yangpin/bgpserver:cn

mkdir /etc/bgp_config

echo "[server]
RouterId = 100.66.66.2
ASN = 64551
NextHop = 172.22.63.253
UpdateSource = 100.66.66.2

[peer]
IP = 100.66.66.1
ASN = 64550
" | tee /etc/bgp_config/config.ini

docker run -d \
  --name bgpserver \
  --restart=unless-stopped \
  --network bgp_session_network \
  --ip 100.66.66.2 \
  -v /etc/bgp_config/config.ini:/opt/config.ini \
  docker.0n.ink/yangpin/bgpserver:cn
  docker.io/yangpin/bgpserver:cn

这里的NextHop是下一跳的网关(即CN流量出口网关)

创建BGP会话获取路由表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
configure terminal
ip prefix-list ALLOW_ALL seq 5 permit 0.0.0.0/0 le 32
route-map PERMIT_ALL permit 10
 match ip address prefix-list ALLOW_ALL
router bgp 64550 
 bgp router-id 100.64.3.1
 neighbor 100.66.66.2 remote-as 64551
 neighbor 100.66.66.2 update-source 100.66.66.1
 network 100.64.3.0/24

 address-family ipv4 unicast
  neighbor 100.66.66.2 route-map PERMIT_ALL in
  neighbor 100.66.66.2 route-map PERMIT_ALL out
  neighbor 100.66.66.2 soft-reconfiguration inbound
  write memory