关于ECS 无法使用VIP的问题 - SDN , openflow
给ECS虚拟机配置VIP,无法通讯,原因?
HOST A[root@pg11~]#ipaddrshoweth02:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscmqstateUPqlen1000link/ether00:16:3e:0a:5c:f1brdff:ff:ff:ff:ff:ffinet172.17.20.29/20brd172.17.31.255scopeglobaldynamiceth0valid_lft313883835secpreferred_lft313883835secHOST B
postgres@pg11->ipaddrshoweth02:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscmqstateUPqlen1000link/ether00:16:3e:12:2f:48brdff:ff:ff:ff:ff:ffinet172.17.20.30/20brd172.17.31.255scopeglobaldynamiceth0valid_lft313883847secpreferred_lft313883847sec互相在同一个VPC(vswitch , hub)
相互可以访问
apingbping172.17.20.29PING172.17.20.29(172.17.20.29)56(84)bytesofdata.64bytesfrom172.17.20.29:icmp_seq=1ttl=64time=0.156ms64bytesfrom172.17.20.29:icmp_seq=2ttl=64time=0.102msbpingaping172.17.20.30PING172.17.20.30(172.17.20.30)56(84)bytesofdata.64bytesfrom172.17.20.30:icmp_seq=1ttl=64time=0.166ms64bytesfrom172.17.20.30:icmp_seq=2ttl=64time=0.112ms
配置VIP,无法跨机访问
host a
[root@pg11~]#ipaddradd172.17.20.39/20brd+deveth0labeleth0:1[root@pg11~]#ifconfigeth0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet172.17.20.29netmask255.255.240.0broadcast172.17.31.255ether00:16:3e:0a:5c:f1txqueuelen1000(Ethernet)RXpackets22221492822bytes33552649055304(30.5TiB)RXerrors0dropped0overruns0frame0TXpackets631860042bytes42907936724(39.9GiB)TXerrors0dropped0overruns0carrier0collisions0eth0:1:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet172.17.20.39netmask255.255.240.0broadcast172.17.31.255ether00:16:3e:0a:5c:f1txqueuelen1000(Ethernet)lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0looptxqueuelen1(LocalLoopback)RXpackets959417bytes111291935(106.1MiB)RXerrors0dropped0overruns0frame0TXpackets959417bytes111291935(106.1MiB)TXerrors0dropped0overruns0carrier0collisions0[root@pg11~]#ping172.17.20.39PING172.17.20.39(172.17.20.39)56(84)bytesofdata.64bytesfrom172.17.20.39:icmp_seq=1ttl=64time=0.012ms64bytesfrom172.17.20.39:icmp_seq=2ttl=64time=0.008ms
host b
[root@pg11~]#ping172.17.20.39PING172.17.20.39(172.17.20.39)56(84)bytesofdata.
无防火墙
[root@pg11~]#iptables-L-v-nChainINPUT(policyACCEPT8packets,528bytes)pktsbytestargetprotoptinoutsourcedestinationChainFORWARD(policyACCEPT0packets,0bytes)pktsbytestargetprotoptinoutsourcedestinationChainOUTPUT(policyACCEPT6packets,1000bytes)pktsbytestargetprotoptinoutsourcedestination原因
宿主机通过openflow进行流控,未注册的vm+ip可以被拒绝。具体可参考SDN文档。
删除VIP
[root@pg11~]#ipaddrdel172.17.20.39/20brd+deveth0labeleth0:1[root@pg11~]#ifconfigeth0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet172.17.20.29netmask255.255.240.0broadcast172.17.31.255ether00:16:3e:0a:5c:f1txqueuelen1000(Ethernet)RXpackets22221492889bytes33552649060975(30.5TiB)RXerrors0dropped0overruns0frame0TXpackets631860095bytes42907943783(39.9GiB)TXerrors0dropped0overruns0carrier0collisions0lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0looptxqueuelen1(LocalLoopback)RXpackets959424bytes111292619(106.1MiB)RXerrors0dropped0overruns0frame0TXpackets959424bytes111292619(106.1MiB)TXerrors0dropped0overruns0carrier0collisions0参考
《linux IP 命令使用举例》
A Virtual Switch Platform for Host SDN in the Public Cloud
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/09/login_fall17_02_firestone.pdf
https://www.opennetworking.org/
https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-59/161-sdn.html
https://en.wikipedia.org/wiki/OpenFlow
原文地址:https://github.com/digoal/blog/blob/master/201810/20181005_01.md
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
