IPv4+IPv6 通信
方案一:BGP + IPIP(veth 双栈)三台裸机互通
1️⃣ 网络规划
三台机器 IP/双栈 veth 分配示例:
| 节点 | eth0 IPv4 | eth0 IPv6 | veth IPv4 | veth IPv6 | IPIP IPv4 隧道地址 | IPIP IPv6 隧道地址 |
|---|---|---|---|---|---|---|
| A | 192.168.10.1/24 | 2001:db8:10::1/64 | 10.10.1.1/24 | fd10:1::1/64 | 172.20.1.1/30,172.20.1.5/30 | fd20:1::1/126,fd20:1::5/126 |
| B | 192.168.10.2/24 | 2001:db8:10::2/64 | 10.10.2.1/24 | fd10:2::1/64 | 172.20.1.2/30,172.20.1.9/30 | fd20:1::2/126,fd20:1::6/126 |
| C | 192.168.10.3/24 | 2001:db8:10::3/64 | 10.10.3.1/24 | fd10:3::1/64 | 172.20.1.6/30,172.20.1.10/30 | fd20:1::5/126,fd20:1::6/126 |
-
每台机器的 veth 用于承载内部双栈流量
-
IPIP 隧道点对点封装 IPv4/IPv6
2️⃣ 内核配置(每台机器执行)
# IPv4/IPv6 转发
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
# 加载隧道模块
modprobe ipip # IPv4 IPIP
modprobe ip6_tunnel # IPv6 IPIP
3️⃣ veth + IPIP 配置(每台节点独立)
A 节点
# 创建 veth 双栈接口
ip link add vethA type veth peer name vethA-br
ip link set vethA up
ip link set vethA-br up
ip addr add 10.10.1.1/24 dev vethA
ip addr add fd10:1::1/64 dev vethA
# IPv4 IPIP 隧道到 B
ip tunnel add ipip4toB mode ipip remote 192.168.10.2 local 192.168.10.1 ttl 255
ip link set ipip4toB up
ip addr add 172.20.1.1/30 dev ipip4toB
# IPv4 IPIP 隧道到 C
ip tunnel add ipip4toC mode ipip remote 192.168.10.3 local 192.168.10.1 ttl 255
ip link set ipip4toC up
ip addr add 172.20.1.5/30 dev ipip4toC
# IPv6 IPIP 隧道到 B
ip -6 tunnel add ipip6toB mode ip6ip6 remote 2001:db8:10::2 local 2001:db8:10::1
ip link set ipip6toB up
ip addr add fd20:1::1/126 dev ipip6toB
# IPv6 IPIP 隧道到 C
ip -6 tunnel add ipip6toC mode ip6ip6 remote 2001:db8:10::3 local 2001:db8:10::1
ip link set ipip6toC up
ip addr add fd20:1::5/126 dev ipip6toC
B 节点
# veth 双栈接口
ip link add vethB type veth peer name vethB-br
ip link set vethB up
ip link set vethB-br up
ip addr add 10.10.2.1/24 dev vethB
ip addr add fd10:2::1/64 dev vethB
# IPv4 IPIP 隧道到 A
ip tunnel add ipip4toA mode ipip remote 192.168.10.1 local 192.168.10.2 ttl 255
ip link set ipip4toA up
ip addr add 172.20.1.2/30 dev ipip4toA
# IPv4 IPIP 隧道到 C
ip tunnel add ipip4toC mode ipip remote 192.168.10.3 local 192.168.10.2 ttl 255
ip link set ipip4toC up
ip addr add 172.20.1.9/30 dev ipip4toC
# IPv6 IPIP 隧道
ip -6 tunnel add ipip6toA mode ip6ip6 remote 2001:db8:10::1 local 2001:db8:10::2
ip link set ipip6toA up
ip addr add fd20:1::2/126 dev ipip6toA
ip -6 tunnel add ipip6toC mode ip6ip6 remote 2001:db8:10::3 local 2001:db8:10::2
ip link set ipip6toC up
ip addr add fd20:1::6/126 dev ipip6toC
C 节点
# veth 双栈接口
ip link add vethC type veth peer name vethC-br
ip link set vethC up
ip link set vethC-br up
ip addr add 10.10.3.1/24 dev vethC
ip addr add fd10:3::1/64 dev vethC
# IPv4 IPIP 隧道到 A
ip tunnel add ipip4toA mode ipip remote 192.168.10.1 local 192.168.10.3 ttl 255
ip link set ipip4toA up
ip addr add 172.20.1.6/30 dev ipip4toA
# IPv4 IPIP 隧道到 B
ip tunnel add ipip4toB mode ipip remote 192.168.10.2 local 192.168.10.3 ttl 255
ip link set ipip4toB up
ip addr add 172.20.1.10/30 dev ipip4toB
# IPv6 IPIP 隧道
ip -6 tunnel add ipip6toA mode ip6ip6 remote 2001:db8:10::1 local 2001:db8:10::3
ip link set ipip6toA up
ip addr add fd20:1::5/126 dev ipip6toA
ip -6 tunnel add ipip6toB mode ip6ip6 remote 2001:db8:10::2 local 2001:db8:10::3
ip link set ipip6toB up
ip addr add fd20:1::6/126 dev ipip6toB
4️⃣ BIRD 配置(每台机器完整文件)
A 节点 /etc/bird/bird.conf
router id 192.168.10.1;
protocol device { }
protocol kernel {
persist; scan time 20;
export all;
}
protocol direct {
interface "*";
}
# IPv4 BGP 邻居
protocol bgp BGPtoB {
local 192.168.10.1 as 65001;
neighbor 192.168.10.2 as 65002;
import all;
export all;
}
protocol bgp BGPtoC {
local 192.168.10.1 as 65001;
neighbor 192.168.10.3 as 65003;
import all;
export all;
}
# IPv6 BGP 邻居
protocol bgp BGP6toB {
local 2001:db8:10::1 as 65001;
neighbor 2001:db8:10::2 as 65002;
import all;
export all;
}
protocol bgp BGP6toC {
local 2001:db8:10::1 as 65001;
neighbor 2001:db8:10::3 as 65003;
import all;
export all;
}
B 节点 /etc/bird/bird.conf
router id 192.168.10.2;
protocol device { }
protocol kernel { persist; scan time 20; export all; }
protocol direct { interface "*"; }
protocol bgp BGPtoA {
local 192.168.10.2 as 65002;
neighbor 192.168.10.1 as 65001;
import all; export all;
}
protocol bgp BGPtoC {
local 192.168.10.2 as 65002;
neighbor 192.168.10.3 as 65003;
import all; export all;
}
protocol bgp BGP6toA {
local 2001:db8:10::2 as 65002;
neighbor 2001:db8:10::1 as 65001;
import all; export all;
}
protocol bgp BGP6toC {
local 2001:db8:10::2 as 65002;
neighbor 2001:db8:10::3 as 65003;
import all; export all;
}
C 节点 /etc/bird/bird.conf
router id 192.168.10.3;
protocol device { }
protocol kernel { persist; scan time 20; export all; }
protocol direct { interface "*"; }
protocol bgp BGPtoA {
local 192.168.10.3 as 65003;
neighbor 192.168.10.1 as 65001;
import all; export all;
}
protocol bgp BGPtoB {
local 192.168.10.3 as 65003;
neighbor 192.168.10.2 as 65002;
import all; export all;
}
protocol bgp BGP6toA {
local 2001:db8:10::3 as 65003;
neighbor 2001:db8:10::1 as 65001;
import all; export all;
}
protocol bgp BGP6toB {
local 2001:db8:10::3 as 65003;
neighbor 2001:db8:10::2 as 65002;
import all; export all;
}
5️⃣ 启动与验证
# 启动 BIRD
systemctl restart bird
systemctl restart bird6
# 查看 BGP 邻居状态
birdc show protocols
birdc6 show protocols
# 测试 IPIP 隧道互通
ping 172.20.1.2 # A -> B IPv4
ping 172.20.1.10 # A -> C IPv4
ping6 fd20:1::2 # A -> B IPv6
ping6 fd20:1::6 # A -> C IPv6
# 测试 veth 双栈通信
ping 10.10.2.1 # A -> B IPv4 veth
ping6 fd10:2::1 # A -> B IPv6 veth
6️⃣ 网络流量封装流程(文本示意)
IPv4 数据流:
vethA ---> IPIP_tunnel (172.20.1.x) ---> eth0 ---> 目的节点 veth
IPv6 数据流:
vethA ---> IPIP6_tunnel (fd20:1::x) ---> eth0 ---> 目的节点 veth
说明:
- 内核负责 IPIP 封装/解封
- BIRD 负责路由传播,保证双栈互通
- veth 双栈接口承载节点内部通信
7️⃣ 常见坑/注意事项
-
IPv6 IPIP 模块:
ip6_tunnel,内核需支持 -
隧道地址唯一:/30 和 /126 不能冲突
-
防火墙:协议号 4(IPv4 IPIP)和 41(IPv6)需放行
-
BIRD 配置:IPv4/IPv6 邻居必须分别声明,否则双栈无法互通
-
TTL:建议隧道 TTL=255,防止被 NAT 丢包
方案二:BGP +VXLAN + veth + Bridge (IPv4/IPv6 双栈)三台裸机互通
1. 网络配置(内核 + VXLAN + veth + Bridge)
A 节点配置
# 开启 IPv4/IPv6 转发
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# 创建 veth 对(vethA <-> vethA-br)
sudo ip link add vethA type veth peer name vethA-br
sudo ip link set vethA up
sudo ip link set vethA-br up
# 配置 veth IPv4/IPv6
sudo ip addr add 10.10.1.1/24 dev vethA
sudo ip -6 addr add fd10:1::1/64 dev vethA
# 创建 bridge 并加入 veth peer
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethA-br master br0
# 创建 VXLAN 接口(vni=100)
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.1 remote 192.168.10.2 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.1/24 dev vxlan100
sudo ip -6 addr add fd20:1::1/64 dev vxlan100
# 将 VXLAN 接口加入 bridge
sudo ip link set vxlan100 master br0
# 验证接口
ip addr show
bridge link
B 节点配置
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo ip link add vethB type veth peer name vethB-br
sudo ip link set vethB up
sudo ip link set vethB-br up
sudo ip addr add 10.10.2.1/24 dev vethB
sudo ip -6 addr add fd10:2::1/64 dev vethB
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethB-br master br0
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.2 remote 192.168.10.1 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.2/24 dev vxlan100
sudo ip -6 addr add fd20:1::2/64 dev vxlan100
sudo ip link set vxlan100 master br0
ip addr show
bridge link
C 节点配置
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo ip link add vethC type veth peer name vethC-br
sudo ip link set vethC up
sudo ip link set vethC-br up
sudo ip addr add 10.10.3.1/24 dev vethC
sudo ip -6 addr add fd10:3::1/64 dev vethC
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethC-br master br0
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.3 remote 192.168.10.1 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.3/24 dev vxlan100
sudo ip -6 addr add fd20:1::3/64 dev vxlan100
sudo ip link set vxlan100 master br0
ip addr show
bridge link
2. BIRD 配置(IPv4/IPv6 BGP)
A 节点 /etc/bird/bird.conf
router id 192.168.10.1;
protocol kernel {
persist;
scan time 20;
import all;
export all;
}
protocol device {
scan time 10;
}
protocol direct {
interface "*";
}
protocol bgp B_B {
local as 65001;
neighbor 192.168.10.2 as 65002;
import all;
export all;
}
protocol bgp B_C {
local as 65001;
neighbor 192.168.10.3 as 65003;
import all;
export all;
}
# IPv6 BGP
router id 2001:db8:10::1;
protocol bgp6 B_B_v6 {
local as 65001;
neighbor 2001:db8:10::2 as 65002;
import all;
export all;
}
protocol bgp6 B_C_v6 {
local as 65001;
neighbor 2001:db8:10::3 as 65003;
import all;
export all;
}
B 节点 /etc/bird/bird.conf
router id 192.168.10.2;
protocol kernel { persist; scan time 20; import all; export all; }
protocol device { scan time 10; }
protocol direct { interface "*"; }
protocol bgp A_B { local as 65002; neighbor 192.168.10.1 as 65001; import all; export all; }
protocol bgp B_C { local as 65002; neighbor 192.168.10.3 as 65003; import all; export all; }
router id 2001:db8:10::2;
protocol bgp6 A_B_v6 { local as 65002; neighbor 2001:db8:10::1 as 65001; import all; export all; }
protocol bgp6 B_C_v6 { local as 65002; neighbor 2001:db8:10::3 as 65003; import all; export all; }
C 节点 /etc/bird/bird.conf
router id 192.168.10.3;
protocol kernel { persist; scan time 20; import all; export all; }
protocol device { scan time 10; }
protocol direct { interface "*"; }
protocol bgp A_C { local as 65003; neighbor 192.168.10.1 as 65001; import all; export all; }
protocol bgp B_C { local as 65003; neighbor 192.168.10.2 as 65002; import all; export all; }
router id 2001:db8:10::3;
protocol bgp6 A_C_v6 { local as 65003; neighbor 2001:db8:10::1 as 65001; import all; export all; }
protocol bgp6 B_C_v6 { local as 65003; neighbor 2001:db8:10::2 as 65002; import all; export all; }
3. IPv4/IPv6 数据包流向图(TXT)
+---------+ VXLAN/Bridge +---------+
| A |----------------------------->| B |
|vethA(10.10.1.1)| |vethB(10.10.2.1)|
|vxlan100(10.20.1.1)| |vxlan100(10.20.1.2)|
+---------+ +---------+
\ /
\ /
\ /
\ /
\ /
VXLAN/Bridge VXLAN/Bridge
+---------+ +---------+
| C |-----------------> | B |
|vethC(10.10.3.1)| |vethB(10.10.2.1)|
|vxlan100(10.20.1.3)| |vxlan100(10.20.1.2)|
+---------+ +---------+
# IPv6 类似,10.10.x.x -> fd10:x::x, 10.20.x.x -> fd20:x::x
-
veth 层:节点本地 IPv4/IPv6,二层点对点通信
-
VXLAN 层:物理接口封装,跨主机二层扩展
-
Bridge 层:VXLAN + veth peer 二层交换,广播/ARP/FDB
-
BGP 控制平面:通过 BIRD 宣告 VXLAN/Bridge 网络路由
4. 启动与验证
# 启动 BIRD
sudo systemctl restart bird
sudo systemctl restart bird6
# 查看 BGP 会话状态
birdc show protocols
birdc6 show protocols
# 验证 VXLAN 层
ping 10.20.1.2
ping6 fd20:1::2
# 验证 veth 层
ping 10.10.2.1
ping6 fd10:2::1
# 查看 bridge FDB
bridge fdb show
5. 注意事项
-
VXLAN 的
local/remoteIPv4 必须是真实物理接口 IPv4 地址。 -
bridge要先创建,再把 VXLAN 接口加入,否则不生效。 -
IPv6 forwarding 必须开启,否则 IPv6 VXLAN/Bridge 不通。
-
BIRD peer AS 和 neighbor IP 必须匹配,IPv4/IPv6 分开配置。
-
ip link set vxlan100 master br0会把 VXLAN 封装到二层,veth+bridge 做二层扩展。 -
验证时可用
bridge fdb show检查 VXLAN MAC 学习情况。 -
三台机器都需要执行各自对应配置。
明白,我整理一个完整方案三文档,涵盖:
-
内核配置
-
veth + VXLAN + bridge 配置(IPv4/IPv6 双栈)
-
三台裸机详细 IP 配置
-
静态路由
-
验证方法
-
常见坑/注意事项
-
最后附 ASCII 流程图展示数据流向
下面是完整文档:
方案三:VXLAN + 静态路由(IPv4/IPv6 双栈)三台裸机互通
1. 网络设计
-
每台节点有独立 veth 本地网段:
-
A: 10.10.1.0/24, fd10:1::/64
-
B: 10.10.2.0/24, fd10:2::/64
-
C: 10.10.3.0/24, fd10:3::/64
-
-
VXLAN 二层网络(10.20.1.0/24, fd20:1::/64)实现三节点互通
-
数据包流向:
-
IPv4/IPv6 本地 veth <-> bridge <-> VXLAN <-> 对端 VXLAN
-
-
静态路由指向 VXLAN 对端
2. 内核配置(每台节点执行)
# 开启 IPv4/IPv6 转发
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# 确保 bridge vxlan 支持多播
sudo sysctl -w net.ipv6.conf.all.accept_ra=2
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=1
3. 节点详细配置
A 节点
# veth 本地
sudo ip link add vethA type veth peer name vethA-br
sudo ip link set vethA up
sudo ip link set vethA-br up
sudo ip addr add 10.10.1.1/24 dev vethA
sudo ip -6 addr add fd10:1::1/64 dev vethA
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethA-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.1 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.1/24 dev vxlan100
sudo ip -6 addr add fd20:1::1/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由
sudo ip route add 10.20.1.2/32 dev vxlan100
sudo ip route add 10.20.1.3/32 dev vxlan100
sudo ip -6 route add fd20:1::2/128 dev vxlan100
sudo ip -6 route add fd20:1::3/128 dev vxlan100
B 节点
# veth 本地
sudo ip link add vethB type veth peer name vethB-br
sudo ip link set vethB up
sudo ip link set vethB-br up
sudo ip addr add 10.10.2.1/24 dev vethB
sudo ip -6 addr add fd10:2::1/64 dev vethB
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethB-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.2 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.2/24 dev vxlan100
sudo ip -6 addr add fd20:1::2/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由
sudo ip route add 10.20.1.1/32 dev vxlan100
sudo ip route add 10.20.1.3/32 dev vxlan100
sudo ip -6 route add fd20:1::1/128 dev vxlan100
sudo ip -6 route add fd20:1::3/128 dev vxlan100
C 节点
# veth 本地
sudo ip link add vethC type veth peer name vethC-br
sudo ip link set vethC up
sudo ip link set vethC-br up
sudo ip addr add 10.10.3.1/24 dev vethC
sudo ip -6 addr add fd10:3::1/64 dev vethC
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethC-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.3 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.3/24 dev vxlan100
sudo ip -6 addr add fd20:1::3/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由
sudo ip route add 10.20.1.1/32 dev vxlan100
sudo ip route add 10.20.1.2/32 dev vxlan100
sudo ip -6 route add fd20:1::1/128 dev vxlan100
sudo ip -6 route add fd20:1::2/128 dev vxlan100
4. 验证方法
# ping VXLAN IPv4/IPv6
ping 10.20.1.2
ping 10.20.1.3
ping6 fd20:1::2
ping6 fd20:1::3
# 查看路由表
ip route
ip -6 route
# 查看 bridge FDB
bridge fdb show
# tcpdump 验证 VXLAN 封装
sudo tcpdump -i eth0 udp port 4789
5. 常见坑/注意事项
| 项目 | 说明 |
|---|---|
| IPv6 转发 | 必须 sysctl net.ipv6.conf.all.forwarding=1 |
| VXLAN dstport | 默认 4789,三台节点必须一致 |
| Bridge FDB | VXLAN 封装二层流量,需要 bridge fdb show 确认 MAC 学习 |
| 静态路由 | 新增节点需手动添加 VXLAN 对端路由 |
| 多播/ARP | VXLAN 默认单播模式,IPv6 需保证 RA 被接受 |
| veth peer | vethA <-> vethA-br, vethB <-> vethB-br, 必须 bridge master |
| 数据包验证 | tcpdump 可捕获 IPv4/IPv6 VXLAN 封装,确认入站/出站 |
6. 网络流量 ASCII 图
IPv4/IPv6 双栈
+----------------+
| A |
| 10.10.1.1/24 |
| fd10:1::1/64 |
+----+----+------+
|vethA
v
+----+
|br0 |
+----+
|
vxlan100
|
+--------+--------+
| |
+---v---+ +---v---+
| B | | C |
|10.10.2.1/24 10.10.3.1/24
|fd10:2::1/64 fd10:3::1/64
+-------+ +-------+
数据流向说明:
-
A -> B: A.vethA -> br0 -> vxlan100 -> eth0 -> B.vxlan100 -> br0 -> B.vethB
-
A -> C: 同上,dst VXLAN IP 为 C
-
IPv4/IPv6 双栈均通过 vxlan 封装二层通信,桥接本地 veth
-
返回流量: 对端 vxlan 接口解封装 -> bridge -> 本地 veth
方案四:HostGW 模式(IPv4/IPv6 双栈)三台裸机互通
1. 网络设计
-
每台节点都有一个 veth 本地网段:
-
IPv4 Pod 网段:10.10.x.0/24
-
IPv6 Pod 网段:fd10:x::/64
-
-
HostGW 模式:通过节点主机路由直接互通,不依赖 BGP。
-
数据面:veth + bridge + 内核静态路由。
-
每台节点负责把本地 Pod 网段通过 veth + bridge 与其他节点互通。
示意拓扑
三台裸机:A、B、C
eth0 IPv4/IPv6 网段:
A: 192.168.10.1 / 2402:d040:9:57::1
B: 192.168.10.2 / 2402:d040:9:57::2
C: 192.168.10.3 / 2402:d040:9:57::3
veth Pod 网段:
A: vethA 10.10.1.1/24 fd10:1::1/64
B: vethB 10.10.2.1/24 fd10:2::1/64
C: vethC 10.10.3.1/24 fd10:3::1/64
2. 内核配置
每台节点执行:
# 开启 IPv4/IPv6 转发
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
3. 节点 veth + bridge 配置
A 节点
# 创建 veth 对
sudo ip link add vethA type veth peer name vethA-br
sudo ip addr add 10.10.1.1/24 dev vethA
sudo ip -6 addr add fd10:1::1/64 dev vethA
sudo ip link set vethA up
sudo ip link set vethA-br up
# 创建 bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethA-br master br0
B 节点
sudo ip link add vethB type veth peer name vethB-br
sudo ip addr add 10.10.2.1/24 dev vethB
sudo ip -6 addr add fd10:2::1/64 dev vethB
sudo ip link set vethB up
sudo ip link set vethB-br up
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethB-br master br0
C 节点
sudo ip link add vethC type veth peer name vethC-br
sudo ip addr add 10.10.3.1/24 dev vethC
sudo ip -6 addr add fd10:3::1/64 dev vethC
sudo ip link set vethC up
sudo ip link set vethC-br up
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethC-br master br0
4. 节点静态 HostGW 路由配置
A 节点
# IPv4
sudo ip route add 10.10.2.0/24 via 192.168.10.2 dev eth0
sudo ip route add 10.10.3.0/24 via 192.168.10.3 dev eth0
# IPv6
sudo ip -6 route add fd10:2::/64 via 2402:d040:9:57::2 dev eth0
sudo ip -6 route add fd10:3::/64 via 2402:d040:9:57::3 dev eth0
B 节点
sudo ip route add 10.10.1.0/24 via 192.168.10.1 dev eth0
sudo ip route add 10.10.3.0/24 via 192.168.10.3 dev eth0
sudo ip -6 route add fd10:1::/64 via 2402:d040:9:57::1 dev eth0
sudo ip -6 route add fd10:3::/64 via 2402:d040:9:57::3 dev eth0
C 节点
sudo ip route add 10.10.1.0/24 via 192.168.10.1 dev eth0
sudo ip route add 10.10.2.0/24 via 192.168.10.2 dev eth0
sudo ip -6 route add fd10:1::/64 via 2402:d040:9:57::1 dev eth0
sudo ip -6 route add fd10:2::/64 via 2402:d040:9:57::2 dev eth0
5. 启动顺序
-
开启内核转发
-
创建 veth 对
-
配置 IP/IPv6 地址
-
创建 bridge 并将 veth-br 加入
-
配置静态 HostGW 路由
每台机器按此顺序执行,完成后三台节点互通。
6. 验证方法
# IPv4 ping
ping 10.10.2.1
ping 10.10.3.1
# IPv6 ping
ping6 fd10:2::1
ping6 fd10:3::1
# 查看路由表
ip route
ip -6 route
# 查看接口
ip link show
bridge link
7. 数据包流向 ASCII 图
+------------------------+
| A |
| eth0 192.168.10.1 |
| vethA 10.10.1.1 |
| fd10:1::1 |
+-----------+------------+
|
| IPv4/IPv6 HostGW
|
+-------+-------+
| 192.168.10.0/24 |
| 2402:d040:9:57::/64|
+-------+-------+
|
+-----------+------------+
| | |
| | |
+------+-----+ +---+------+ +---+------+
| B | | C | | |
|eth0 192.168.10.2 | 192.168.10.3 ... |
|vethB 10.10.2.1 | vethC 10.10.3.1 |
|fd10:2::1 | fd10:3::1 |
+------------------+--------------------+
# 流量说明:
# A -> B: 10.10.2.0/24 via 192.168.10.2, fd10:2::/64 via 2402:d040:9:57::2
# A -> C: 10.10.3.0/24 via 192.168.10.3, fd10:3::/64 via 2402:d040:9:57::3
# 同理 B <-> C
# 所有 Pod 流量走 veth -> bridge -> HostGW -> 远端节点 eth0
8. 特点与注意事项
| 特性 | HostGW 模式 |
|---|---|
| 控制平面 | 无 BGP |
| 配置复杂度 | 低 |
| 扩展性 | 中等,节点增加需更新静态路由 |
| IPv4/IPv6 支持 | 双栈全支持 |
| VXLAN | 可选,用 veth+bridge代替 |
| 适合场景 | 小规模集群,避免 BGP/隧道 |
注意事项:
-
所有节点必须开启 IPv4/IPv6 转发。
-
静态路由增加新节点需更新所有节点配置。
-
veth 对名和 bridge 名可以按需调整,但必须对应。
-
流量直接走内核路由,不依赖控制平面。
-
可结合 VXLAN 或其他 overlay 做二层隔离,但 HostGW 本身无需 BGP。
方案五:BGP + VXLAN + 静态路由(IPv4/IPv6 双栈)三台裸机互通
1. 网络设计
-
每台节点有独立 veth 本地网段:
-
A: 10.10.1.0/24, fd10:1::/64
-
B: 10.10.2.0/24, fd10:2::/64
-
C: 10.10.3.0/24, fd10:3::/64
-
-
VXLAN 二层网络(10.20.1.0/24, fd20:1::/64)实现三节点互通
-
BGP 用于 VXLAN 网段路由通告
-
数据包流向:
-
IPv4/IPv6 本地 veth <-> bridge <-> VXLAN <-> 对端 VXLAN
-
-
静态路由用于 VXLAN 封装下一跳
-
BIRD 负责动态通告 VXLAN 子网到其它节点
2. 内核配置(每台节点执行)
# 开启 IPv4/IPv6 转发
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# 确保 bridge vxlan 支持多播
sudo sysctl -w net.ipv6.conf.all.accept_ra=2
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=1
3. VXLAN + veth + bridge 配置(每台节点执行)
A 节点
# veth 本地
sudo ip link add vethA type veth peer name vethA-br
sudo ip link set vethA up
sudo ip link set vethA-br up
sudo ip addr add 10.10.1.1/24 dev vethA
sudo ip -6 addr add fd10:1::1/64 dev vethA
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethA-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.1 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.1/24 dev vxlan100
sudo ip -6 addr add fd20:1::1/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由 (VXLAN 封装下一跳)
sudo ip route add 192.168.10.2/32 dev eth0
sudo ip route add 192.168.10.3/32 dev eth0
sudo ip -6 route add <B IPv6>/128 dev eth0
sudo ip -6 route add <C IPv6>/128 dev eth0
B 节点
# veth 本地
sudo ip link add vethB type veth peer name vethB-br
sudo ip link set vethB up
sudo ip link set vethB-br up
sudo ip addr add 10.10.2.1/24 dev vethB
sudo ip -6 addr add fd10:2::1/64 dev vethB
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethB-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.2 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.2/24 dev vxlan100
sudo ip -6 addr add fd20:1::2/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由
sudo ip route add 192.168.10.1/32 dev eth0
sudo ip route add 192.168.10.3/32 dev eth0
sudo ip -6 route add <A IPv6>/128 dev eth0
sudo ip -6 route add <C IPv6>/128 dev eth0
C 节点
# veth 本地
sudo ip link add vethC type veth peer name vethC-br
sudo ip link set vethC up
sudo ip link set vethC-br up
sudo ip addr add 10.10.3.1/24 dev vethC
sudo ip -6 addr add fd10:3::1/64 dev vethC
# bridge
sudo ip link add br0 type bridge
sudo ip link set br0 up
sudo ip link set vethC-br master br0
# VXLAN
sudo ip link add vxlan100 type vxlan id 100 dev eth0 \
local 192.168.10.3 dstport 4789
sudo ip link set vxlan100 up
sudo ip addr add 10.20.1.3/24 dev vxlan100
sudo ip -6 addr add fd20:1::3/64 dev vxlan100
sudo ip link set vxlan100 master br0
# 静态路由
sudo ip route add 192.168.10.1/32 dev eth0
sudo ip route add 192.168.10.2/32 dev eth0
sudo ip -6 route add <A IPv6>/128 dev eth0
sudo ip -6 route add <B IPv6>/128 dev eth0
4. BIRD BGP 配置(每台节点执行)
A 节点 /etc/bird/bird.conf
router id 10.10.1.1;
protocol kernel {
persist;
scan time 20;
import all;
export all;
}
protocol device {
scan time 10;
}
protocol bgp B {
local 10.10.1.1;
neighbor 10.10.2.1 as 65002;
ipv4 {
import all;
export all;
};
ipv6 {
import all;
export all;
};
}
protocol bgp C {
local 10.10.1.1;
neighbor 10.10.3.1 as 65003;
ipv4 { import all; export all; };
ipv6 { import all; export all; };
}
B 节点 /etc/bird/bird.conf
router id 10.10.2.1;
protocol kernel { persist; scan time 20; import all; export all; }
protocol device { scan time 10; }
protocol bgp A { local 10.10.2.1; neighbor 10.10.1.1 as 65001; ipv4 { import all; export all; }; ipv6 { import all; export all; }; }
protocol bgp C { local 10.10.2.1; neighbor 10.10.3.1 as 65003; ipv4 { import all; export all; }; ipv6 { import all; export all; }; }
C 节点 /etc/bird/bird.conf
router id 10.10.3.1;
protocol kernel { persist; scan time 20; import all; export all; }
protocol device { scan time 10; }
protocol bgp A { local 10.10.3.1; neighbor 10.10.1.1 as 65001; ipv4 { import all; export all; }; ipv6 { import all; export all; }; }
protocol bgp B { local 10.10.3.1; neighbor 10.10.2.1 as 65002; ipv4 { import all; export all; }; ipv6 { import all; export all; }; }
5. 验证方法
# ping VXLAN IPv4/IPv6
ping 10.20.1.2
ping 10.20.1.3
ping6 fd20:1::2
ping6 fd20:1::3
# 查看 BGP 状态
birdc show protocols
birdc show route
# 查看 VXLAN 封装
sudo tcpdump -i eth0 udp port 4789
6. 常见坑/注意事项
| 项目 | 说明 |
|---|---|
| IPv6 转发 | 必须 sysctl net.ipv6.conf.all.forwarding=1 |
| VXLAN dstport | 默认 4789,三台节点必须一致 |
| bridge FDB | VXLAN 封装二层流量,需要 bridge fdb show 确认 MAC 学习 |
| 静态路由 | VXLAN 封装下一跳必须存在 |
| BGP ASN | 每台节点 ASN 不同,邻居 IP 必须能互通 |
| RA/IPv6 | VXLAN IPv6 RA 必须被接受 |
| 数据包验证 | tcpdump 可捕获 IPv4/IPv6 VXLAN 封装,确认入站/出站 |
7. 网络流量 ASCII 图
IPv4/IPv6 双栈
+----------------+
| A |
| 10.10.1.1/24 |
| fd10:1::1/64 |
+----+----+------+
|vethA
v
+----+
|br0 |
+----+
|
vxlan100
|
+--------+--------+
| |
+---v---+ +---v---+
| B | | C |
|10.10.2.1/24 10.10.3.1/24
|fd10:2::1/64 fd10:3::1/64
+-------+ +-------+
数据流向说明:
-
A -> B/C: A.vethA -> br0 -> vxlan100 -> eth0 -> B/C.vxlan100 -> br0 -> B/C.veth
-
IPv4/IPv6 双栈通过 VXLAN 封装二层通信,BGP 用于路由通告 VXLAN 子网
-
返回流量: 对端 vxlan 接口解封装 -> bridge -> 本地 veth
浙公网安备 33010602011771号