我家里有一个小型网络,其中包含 1 个路由器、2 个交换机、1 个 AP、一些计算机和电话。此外,我还在集群中拥有两个服务器 (Proxmox) 和一个 QNAP NAS 存储,我用它来存储我的文件。
几个月前我开始使用 IPTV,我有 Amiko 公司的机顶盒,并用它通过 Kodi 观看 IPTV 电视。此机顶盒放置在 vlan6 (192.168.40.0/24) 上(位于图片中的 LAN 段中),因为我知道 IPTV 流量应该位于单独的 vlan 中。
下面您可以看到整个网络的逻辑视图:
如您所见,我使用 Mikrotik hEX 作为主路由器,终止 ISP 公共 IP 地址,执行一些防火墙、NAT 和路由操作。就互联网在这里终止而言,我预计会看到一些由于 IPTV 而产生的多播流量,而且 Mikrotik 已启用 vlan6,但让我们看看端口的配置:
[[email protected]] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R ;;; Link to ISP
ether1 ether 1500 1596 2026 B8:69:F4:DB:DA:1A
1 RS ;;; Link to Cisco switch
ether2 ether 1500 1596 2026 6C:3B:6B:59:94:1D
2 RS ;;; Link to Mikrotik access point
ether3 ether 1500 1596 2026 6C:3B:6B:59:94:1E
3 X ;;; Unused
ether4 ether 1500 1596 2026 6C:3B:6B:59:94:1F
4 X ;;; Unused
ether5 ether 1500 1596 2026 6C:3B:6B:59:94:20
5 R bridge bridge 1500 1596 6C:3B:6B:59:94:1D
7 R ;;; Vlan2 (192.168.0.0/24)
vlan2-tag vlan 1500 1592 6C:3B:6B:59:94:1D
8 R ;;; Vlan3 (192.168.10.0/24)
vlan3-tag vlan 1500 1592 6C:3B:6B:59:94:1D
9 R ;;; Vlan4 (192.168.20.0/24)
vlan4-tag vlan 1500 1592 6C:3B:6B:59:94:1D
10 R ;;; Vlan5 (192.168.30.0/24)
vlan5-tag vlan 1500 1592 6C:3B:6B:59:94:1D
11 R ;;; Vlan6 (192.168.40.0/24)
vlan6-tag vlan 1500 1592 6C:3B:6B:59:94:1D
[[email protected]] >
下面您可以看到有关接口的详细信息:
[[email protected]] >
1 RS ;;; Link to Cisco switch
name="ether2" driver-rx-byte=8 086 346 162 985 driver-rx-packet=8 497 403 137 driver-tx-byte=9 773 452 609 711 driver-tx-packet=9 060 307 937 rx-bytes=8 136 450 389 192
rx-packet=8 500 830 242 rx-too-short=0 rx-64=300 056 rx-65-127=3 184 053 446 rx-128-255=32 101 321 rx-256-511=108 841 856 rx-512-1023=15 702 206 rx-1024-1518=5 167 902 503
rx-too-long=0 rx-broadcast=635 679 rx-pause=0 rx-multicast=7 435 462 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=9 809 890 367 273
tx-packet=9 058 500 770 tx-64=84 233 804 tx-65-127=2 421 432 836 tx-128-255=42 937 817 tx-256-511=137 437 551 tx-512-1023=47 563 760 tx-1024-1518=6 326 702 104 tx-broadcast=230 527
tx-pause=0 tx-multicast=1 576 570 tx-collision=0 tx-excessive-collision=0 tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0
2 RS ;;; Link to Mikrotik access point
name="ether3" driver-rx-byte=24 904 213 698 driver-rx-packet=31 434 954 driver-tx-byte=117 049 286 733 driver-tx-packet=86 389 672 rx-bytes=25 030 676 572 rx-packet=31 351 349
rx-too-short=0 rx-64=9 944 483 rx-65-127=1 899 968 rx-128-255=3 695 745 rx-256-511=328 864 rx-512-1023=130 332 rx-1024-1518=15 440 208 rx-too-long=0 rx-broadcast=11 047 rx-pause=0
rx-multicast=77 204 rx-fcs-error=0 rx-align-error=0 rx-fragment=0 rx-jabber=0 rx-drop=0 tx-bytes=117 408 472 688 tx-packet=84 677 640 tx-64=5 586 151 tx-65-127=2 562 504
tx-128-255=807 744 tx-256-511=482 810 tx-512-1023=335 192 tx-1024-1518=76 615 271 tx-broadcast=121 167 tx-pause=0 tx-multicast=1 590 865 tx-collision=0 tx-excessive-collision=0
tx-multiple-collision=0 tx-single-collision=0 tx-deferred=0 tx-late-collision=0 tx-drop=0 tx-fcs-error=0
好的,有一座桥,我用它来做 VLAN 标记:
如您所见,我将所有 VLAN 发送到 Cisco 交换机。而我只将 VLAN2 和 VLAN4 标记到 AP。因此,我不希望在 AP 接口上看到任何多播流量,但实际上我看到了。我不知道为什么……
看看我在连接到 AP 上的 ether1 的 ether3 上有多少多播流量。我可以用同一种信息显示不同的图片:
好的,我们没有说任何有关思科设备的事情,这里是配置:
interface GigabitEthernet0/1
description Cisco-SG200-08
switchport trunk allowed vlan 2-6
switchport mode trunk
!
interface GigabitEthernet0/2
description Do-Not-Work
shutdown
!
interface GigabitEthernet0/3
description QNAP-TS-431P
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/4
description MikroTik-hEX
switchport mode trunk
!
interface GigabitEthernet0/5
description proxmox-node-1
switchport trunk native vlan 7
switchport mode trunk
!
interface GigabitEthernet0/6
description proxmox-node-2
switchport trunk native vlan 7
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan2
no ip address
!
interface Vlan3
no ip address
!
interface Vlan4
no ip address
!
interface Vlan5
ip address 192.168.30.6 255.255.255.0
!
interface Vlan6
no ip address
!
以下是思科交换机的详细采访内容:
2960g#show interfaces GigabitEthernet 0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0022.bd38.b481 (bia 0022.bd38.b481)
Description: Cisco-SG200-08
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 367
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
71462641 packets input, 34064842246 bytes, 0 no buffer
Received 1185327 broadcasts (1173073 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1173073 multicast, 0 pause input
0 input packets with dribble condition detected
179474379 packets output, 252015506771 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2960g#
2960g#show interfaces GigabitEthernet0/3
GigabitEthernet0/3 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0022.bd38.b483 (bia 0022.bd38.b483)
Description: QNAP-TS-431P
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 435
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 62000 bits/sec, 7 packets/sec
5 minute output rate 55000 bits/sec, 13 packets/sec
1870379854 packets input, 2240692066739 bytes, 0 no buffer
Received 141380 broadcasts (101038 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 101038 multicast, 119 pause input
0 input packets with dribble condition detected
1923167326 packets output, 1771972517143 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2960g#
GigabitEthernet0/4 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0022.bd38.b484 (bia 0022.bd38.b484)
Description: MikroTik-hEX
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 6/255, rxload 6/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1134
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 26340000 bits/sec, 3254 packets/sec
5 minute output rate 26607000 bits/sec, 3289 packets/sec
8974430609 packets input, 9809117899373 bytes, 0 no buffer
Received 1803510 broadcasts (1601913 multicasts)
0 runts, 1809976 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1601913 multicast, 0 pause input
0 input packets with dribble condition detected
8508259561 packets output, 8135592732093 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2960g#
2960g#show interfaces GigabitEthernet0/5
GigabitEthernet0/5 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0022.bd38.b485 (bia 0022.bd38.b485)
Description: proxmox-node-1
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 6/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 249
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 897000 bits/sec, 1193 packets/sec
5 minute output rate 25555000 bits/sec, 2168 packets/sec
4569823856 packets input, 2655578181223 bytes, 0 no buffer
Received 1005668 broadcasts (604305 multicasts)
17 runts, 0 giants, 0 throttles
17 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 604305 multicast, 4171 pause input
0 input packets with dribble condition detected
6100296857 packets output, 7939546009895 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2960g#
您可以看到计数器、广播和多播。下面附上的图片完全一样:
我们没有谈论思科交换机上的 IGMP,但是没有任何与此相关的配置,我的意思是配置在其默认设置下运行。
2960g#show ip igmp snooping
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
Vlan 1:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
Vlan 2:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000
对所有 vlan 和接口都如此。没有配置 IGMP 查询器,没有过滤器,什么都没有。
关于我在互联网上读到的文章,由于启用了 vlan 监听,vlan 流必须仅限于其 vlan(广播域),但为什么我在 AP 的接口上看到所有这些广播、多播?没有配置要通过的 vlan。QNAP 端口也是如此,即使 QNAP 端口处于访问模式,它也根本不关心 vlan。所以也许我错过了一些基本的东西,但我不是网络专家,我只是喜欢玩网络和服务器。