场景：有一条专线，然后需要在这条专线上打通国内和海外两台VM的网络，对两边VM而言，这条专线是透明的
Client A VM： 114.1.1.1
Client B VM: 16.1.1.1
专线两头的容器
专线容器国内A: 103.1.1.1 业务IP： 104.1.1.2
专线容器海外B: 154.1.1.1

专线A物理机启用
modprobe ip_gre
modprobe ip_conntrack_pptp
modprobe ip_nat_pptp
modprobe nf_conntrack_proto_gre
modprobe nf_nat_proto_gre


专线A物理机上的容器
=================
/etc/sysctl.conf
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1

#!/bin/sh
#Delete all existing rules
iptables -F
iptables -t nat -F

#Set default chain policies
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -p gre -s 114.1.1.1 -d 104.1.1.2 -j DNAT --to-destination 16.1.1.1
iptables -t nat -A POSTROUTING -s 114.1.1.1  -j SNAT --to-source 104.1.1.2

国内侧客户端Clinet A
ip tunnel add node mode gre remote 104.1.1.2 local 192.168.16.26 ttl 255   (104.1.1.2是通过bgp宣告的，配到loopback)
ip addr add 10.10.0.1/24 dev node
ip link set node up

[root@ac70a0c51b2d sh]# more /etc/quagga/bgpd.conf 
hostname bgpd
password zebra
log stdout
!
router bgp 65501
 bgp router-id 103.1.1.1
 no bgp default ipv4-unicast
 network 104.1.1.2/32 route-map backup
 neighbor 103.1.1.254 remote-as 65001
 neighbor 103.1.1.254 activate

ip prefix-list 100 seq 5 permit 104.1.1.2/32

route-map backup permit 10
 match ip address prefix-list 100
 set as-path prepend 8888

#ip addr add 104.1.1.2/32 dev lo



Client B
ip tunnel add node mode gre local 172.31.30.127 remote 154.1.1.1 ttl 255
ip addr add 10.0.0.2/30 dev node
ip link set node up

#隧道建立完，或者重建不通时，刷新下香港Client B的iptables