|
| 1 | +## 关于ECS 无法使用VIP的问题 - SDN , openflow |
| 2 | + |
| 3 | +### 作者 |
| 4 | +digoal |
| 5 | + |
| 6 | +### 日期 |
| 7 | +2018-10-04 |
| 8 | + |
| 9 | +### 标签 |
| 10 | +PostgreSQL , ECS , vip , openflow , sdn |
| 11 | + |
| 12 | +---- |
| 13 | + |
| 14 | +## 背景 |
| 15 | +给ECS虚拟机配置VIP,无法通讯,原因? |
| 16 | + |
| 17 | +### HOST A |
| 18 | +``` |
| 19 | +[root@pg11 ~]# ip addr show eth0 |
| 20 | +2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 |
| 21 | + link/ether 00:16:3e:0a:5c:f1 brd ff:ff:ff:ff:ff:ff |
| 22 | + inet 172.17.20.29/20 brd 172.17.31.255 scope global dynamic eth0 |
| 23 | + valid_lft 313883835sec preferred_lft 313883835sec |
| 24 | +``` |
| 25 | + |
| 26 | +### HOST B |
| 27 | +``` |
| 28 | +postgres@pg11-> ip addr show eth0 |
| 29 | +2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 |
| 30 | + link/ether 00:16:3e:12:2f:48 brd ff:ff:ff:ff:ff:ff |
| 31 | + inet 172.17.20.30/20 brd 172.17.31.255 scope global dynamic eth0 |
| 32 | + valid_lft 313883847sec preferred_lft 313883847sec |
| 33 | +``` |
| 34 | + |
| 35 | +### 互相在同一个VPC(vswitch , hub) |
| 36 | +相互可以访问 |
| 37 | + |
| 38 | +``` |
| 39 | +a ping b |
| 40 | +ping 172.17.20.29 |
| 41 | +PING 172.17.20.29 (172.17.20.29) 56(84) bytes of data. |
| 42 | +64 bytes from 172.17.20.29: icmp_seq=1 ttl=64 time=0.156 ms |
| 43 | +64 bytes from 172.17.20.29: icmp_seq=2 ttl=64 time=0.102 ms |
| 44 | + |
| 45 | +b ping a |
| 46 | +ping 172.17.20.30 |
| 47 | +PING 172.17.20.30 (172.17.20.30) 56(84) bytes of data. |
| 48 | +64 bytes from 172.17.20.30: icmp_seq=1 ttl=64 time=0.166 ms |
| 49 | +64 bytes from 172.17.20.30: icmp_seq=2 ttl=64 time=0.112 ms |
| 50 | +``` |
| 51 | + |
| 52 | +配置VIP,无法跨机访问 |
| 53 | + |
| 54 | +host a |
| 55 | + |
| 56 | +``` |
| 57 | +[root@pg11 ~]# ip addr add 172.17.20.39/20 brd + dev eth0 label eth0:1 |
| 58 | +[root@pg11 ~]# ifconfig |
| 59 | +eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 |
| 60 | + inet 172.17.20.29 netmask 255.255.240.0 broadcast 172.17.31.255 |
| 61 | + ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) |
| 62 | + RX packets 22221492822 bytes 33552649055304 (30.5 TiB) |
| 63 | + RX errors 0 dropped 0 overruns 0 frame 0 |
| 64 | + TX packets 631860042 bytes 42907936724 (39.9 GiB) |
| 65 | + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| 66 | + |
| 67 | +eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 |
| 68 | + inet 172.17.20.39 netmask 255.255.240.0 broadcast 172.17.31.255 |
| 69 | + ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) |
| 70 | + |
| 71 | +lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 |
| 72 | + inet 127.0.0.1 netmask 255.0.0.0 |
| 73 | + loop txqueuelen 1 (Local Loopback) |
| 74 | + RX packets 959417 bytes 111291935 (106.1 MiB) |
| 75 | + RX errors 0 dropped 0 overruns 0 frame 0 |
| 76 | + TX packets 959417 bytes 111291935 (106.1 MiB) |
| 77 | + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| 78 | + |
| 79 | + |
| 80 | +[root@pg11 ~]# ping 172.17.20.39 |
| 81 | +PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data. |
| 82 | +64 bytes from 172.17.20.39: icmp_seq=1 ttl=64 time=0.012 ms |
| 83 | +64 bytes from 172.17.20.39: icmp_seq=2 ttl=64 time=0.008 ms |
| 84 | +``` |
| 85 | + |
| 86 | +host b |
| 87 | + |
| 88 | +``` |
| 89 | +[root@pg11 ~]# ping 172.17.20.39 |
| 90 | +PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data. |
| 91 | +``` |
| 92 | + |
| 93 | +无防火墙 |
| 94 | + |
| 95 | +``` |
| 96 | +[root@pg11 ~]# iptables -L -v -n |
| 97 | +Chain INPUT (policy ACCEPT 8 packets, 528 bytes) |
| 98 | + pkts bytes target prot opt in out source destination |
| 99 | + |
| 100 | +Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) |
| 101 | + pkts bytes target prot opt in out source destination |
| 102 | + |
| 103 | +Chain OUTPUT (policy ACCEPT 6 packets, 1000 bytes) |
| 104 | + pkts bytes target prot opt in out source destination |
| 105 | +``` |
| 106 | + |
| 107 | +### 原因 |
| 108 | +宿主机通过openflow进行流控,未注册的vm+ip可以被拒绝。具体可参考SDN文档。 |
| 109 | + |
| 110 | +删除VIP |
| 111 | + |
| 112 | +``` |
| 113 | +[root@pg11 ~]# ip addr del 172.17.20.39/20 brd + dev eth0 label eth0:1 |
| 114 | +[root@pg11 ~]# ifconfig |
| 115 | +eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 |
| 116 | + inet 172.17.20.29 netmask 255.255.240.0 broadcast 172.17.31.255 |
| 117 | + ether 00:16:3e:0a:5c:f1 txqueuelen 1000 (Ethernet) |
| 118 | + RX packets 22221492889 bytes 33552649060975 (30.5 TiB) |
| 119 | + RX errors 0 dropped 0 overruns 0 frame 0 |
| 120 | + TX packets 631860095 bytes 42907943783 (39.9 GiB) |
| 121 | + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| 122 | + |
| 123 | +lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 |
| 124 | + inet 127.0.0.1 netmask 255.0.0.0 |
| 125 | + loop txqueuelen 1 (Local Loopback) |
| 126 | + RX packets 959424 bytes 111292619 (106.1 MiB) |
| 127 | + RX errors 0 dropped 0 overruns 0 frame 0 |
| 128 | + TX packets 959424 bytes 111292619 (106.1 MiB) |
| 129 | + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| 130 | +``` |
| 131 | + |
| 132 | +## 参考 |
| 133 | +[《linux IP 命令使用举例》](../201611/20161112_01.md) |
| 134 | + |
| 135 | +[A Virtual Switch Platform for Host SDN in the Public Cloud](20181005_01_doc_001.pdf) |
| 136 | + |
| 137 | +https://www.microsoft.com/en-us/research/wp-content/uploads/2017/09/login_fall17_02_firestone.pdf |
| 138 | + |
| 139 | +https://www.opennetworking.org/ |
| 140 | + |
| 141 | +https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-59/161-sdn.html |
| 142 | + |
| 143 | +https://en.wikipedia.org/wiki/OpenFlow |
| 144 | + |
| 145 | + |
| 146 | +<a rel="nofollow" href="http://info.flagcounter.com/h9V1" ><img src="http://s03.flagcounter.com/count/h9V1/bg_FFFFFF/txt_000000/border_CCCCCC/columns_2/maxflags_12/viewers_0/labels_0/pageviews_0/flags_0/" alt="Flag Counter" border="0" ></a> |
| 147 | + |
| 148 | + |
| 149 | +## [digoal's 大量PostgreSQL文章入口](https://github.com/digoal/blog/blob/master/README.md "22709685feb7cab07d30f30387f0a9ae") |
| 150 | + |
0 commit comments