关于ECS无法使用VIP的问题-SDN,openflow
背景
给ECS虚拟机配置VIP,无法通讯,原因?
站在用户的角度思考问题,与客户深入沟通,找到杜集网站设计与杜集网站推广的解决方案,凭借多年的经验,让设计与互联网技术结合,创造个性化、用户体验好的作品,建站类型包括:网站建设、成都网站设计、企业官网、英文网站、手机端网站、网站推广、国际域名空间、网络空间、企业邮箱。业务覆盖杜集地区。
HOST A
[root@pg11 ~]# ip addr show eth0 2: eth0:mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:16:3e:0a:5c:f1 brd ff:ff:ff:ff:ff:ff inet 172.17.20.29/20 brd 172.17.31.255 scope global dynamic eth0 valid_lft 313883835sec preferred_lft 313883835sec
HOST B
postgres@pg11-> ip addr show eth0 2: eth0:mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:16:3e:12:2f:48 brd ff:ff:ff:ff:ff:ff inet 172.17.20.30/20 brd 172.17.31.255 scope global dynamic eth0 valid_lft 313883847sec preferred_lft 313883847sec
互相在同一个VPC(vswitch , hub)
相互可以访问
a ping b ping 172.17.20.29 PING 172.17.20.29 (172.17.20.29) 56(84) bytes of data. 64 bytes from 172.17.20.29: icmp_seq=1 ttl=64 time=0.156 ms 64 bytes from 172.17.20.29: icmp_seq=2 ttl=64 time=0.102 ms b ping a ping 172.17.20.30 PING 172.17.20.30 (172.17.20.30) 56(84) bytes of data. 64 bytes from 172.17.20.30: icmp_seq=1 ttl=64 time=0.166 ms 64 bytes from 172.17.20.30: icmp_seq=2 ttl=64 time=0.112 ms
配置VIP,无法跨机访问
host a
[root@pg11 ~]# ip addr add 172.17.20.39/20 brd + dev eth0 label eth0:1 [root@pg11 ~]# ifconfig eth0: flags=4163mtu 1500 inet 172.17.20.29 netmask 255.255.240.0 broadcast 172.17.31.255 ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) RX packets 22221492822 bytes 33552649055304 (30.5 TiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 631860042 bytes 42907936724 (39.9 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:1: flags=4163 mtu 1500 inet 172.17.20.39 netmask 255.255.240.0 broadcast 172.17.31.255 ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 959417 bytes 111291935 (106.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 959417 bytes 111291935 (106.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@pg11 ~]# ping 172.17.20.39 PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data. 64 bytes from 172.17.20.39: icmp_seq=1 ttl=64 time=0.012 ms 64 bytes from 172.17.20.39: icmp_seq=2 ttl=64 time=0.008 ms
host b
[root@pg11 ~]# ping 172.17.20.39 PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data.
无防火墙
[root@pg11 ~]# iptables -L -v -n Chain INPUT (policy ACCEPT 8 packets, 528 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6 packets, 1000 bytes) pkts bytes target prot opt in out source destination
原因
宿主机通过openflow进行流控,未注册的vm+ip可以被拒绝。具体可参考SDN文档。
删除VIP
[root@pg11 ~]# ip addr del 172.17.20.39/20 brd + dev eth0 label eth0:1 [root@pg11 ~]# ifconfig eth0: flags=4163mtu 1500 inet 172.17.20.29 netmask 255.255.240.0 broadcast 172.17.31.255 ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) RX packets 22221492889 bytes 33552649060975 (30.5 TiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 631860095 bytes 42907943783 (39.9 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 959424 bytes 111292619 (106.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 959424 bytes 111292619 (106.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
参考
《linux IP 命令使用举例》
A Virtual Switch Platform for Host SDN in the Public Cloud
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/09/login_fall17_02_firestone.pdf
https://www.opennetworking.org/
https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-59/161-sdn.html
https://en.wikipedia.org/wiki/OpenFlow
原文地址:https://github.com/digoal/blog/blob/master/201810/20181005_01.md
新闻名称:关于ECS无法使用VIP的问题-SDN,openflow
文章网址:http://pwwzsj.com/article/pdiehc.html