为什么我创建的 veth-pair 无法互相 ping 通

2024-10-6 • tag-icon

我创建了 veth 对

ip link add veth0 type veth peer name veth1
ip addr add 1.2.3.101/24 dev veth0
ip addr add 1.2.3.102/24 dev veth1
ip link set veth0 up
ip link set veth1 up

485: veth1@veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:71:2e:e1:d6:15 brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.102/24 scope global veth1
       valid_lft forever preferred_lft forever
    inet6 fe80::dc71:2eff:fee1:d615/64 scope link
       valid_lft forever preferred_lft forever
486: veth0@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 36:c9:8a:3d:46:95 brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.101/24 scope global veth0
       valid_lft forever preferred_lft forever
    inet6 fe80::34c9:8aff:fe3d:4695/64 scope link
       valid_lft forever preferred_lft forever

修改内核中的ARP配置

echo 1 > /proc/sys/net/ipv4/conf/veth0/accept_local
echo 1 > /proc/sys/net/ipv4/conf/veth1/accept_local
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/veth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/veth1/rp_filter

但它们无法互相 ping 通

[root@master ~]# ping -c 3 -I veth0 1.2.3.102
PING 1.2.3.102 (1.2.3.102) from 1.2.3.101 veth0: 56(84) bytes of data.

--- 1.2.3.102 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

[root@master ~]# tcpdump -n -i veth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:10:22.337042 IP 1.2.3.101 > 1.2.3.102: ICMP echo request, id 31174, seq 1, length 64
14:10:23.337065 IP 1.2.3.101 > 1.2.3.102: ICMP echo request, id 31174, seq 2, length 64
14:10:24.336994 IP 1.2.3.101 > 1.2.3.102: ICMP echo request, id 31174, seq 3, length 64
14:10:27.353981 ARP, Request who-has 1.2.3.102 tell 1.2.3.101, length 28
14:10:27.354023 ARP, Reply 1.2.3.102 is-at de:71:2e:e1:d6:15, length 28

尝试在 ping 过程中明确指定 IP 地址

[root@master ~]# ping -c 3 -I 1.2.3.101 1.2.3.102
PING 1.2.3.102 (1.2.3.102) from 1.2.3.101 : 56(84) bytes of data.
64 bytes from 1.2.3.102: icmp_seq=1 ttl=64 time=0.101 ms
64 bytes from 1.2.3.102: icmp_seq=2 ttl=64 time=0.076 ms
64 bytes from 1.2.3.102: icmp_seq=3 ttl=64 time=0.068 ms

--- 1.2.3.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.068/0.081/0.101/0.017 ms

它起作用了，但是 veth1 没有收到任何数据包！

[root@master ~]# tcpdump -n -i veth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes

查看路由表

[root@master ~]# ip route show table 0 | grep veth0
1.2.3.0/24 dev veth0 proto kernel scope link src 1.2.3.101
broadcast 1.2.3.0 dev veth0 table local proto kernel scope link src 1.2.3.101
local 1.2.3.101 dev veth0 table local proto kernel scope host src 1.2.3.101
broadcast 1.2.3.255 dev veth0 table local proto kernel scope link src 1.2.3.101
fe80::/64 dev veth06793ca proto kernel metric 256 pref medium
fe80::/64 dev veth0 proto kernel metric 256 pref medium
ff00::/8 dev veth06793ca table local metric 256 pref medium
ff00::/8 dev veth0 table local metric 256 pref medium


[root@master ~]# ip route show table 0 | grep veth1
1.2.3.0/24 dev veth1 proto kernel scope link src 1.2.3.102
broadcast 1.2.3.0 dev veth1 table local proto kernel scope link src 1.2.3.102
local 1.2.3.102 dev veth1 table local proto kernel scope host src 1.2.3.102
broadcast 1.2.3.255 dev veth1 table local proto kernel scope link src 1.2.3.102
fe80::/64 dev veth1baf97c proto kernel metric 256 pref medium
fe80::/64 dev veth14569bb proto kernel metric 256 pref medium
fe80::/64 dev veth1 proto kernel metric 256 pref medium
ff00::/8 dev veth1baf97c table local metric 256 pref medium
ff00::/8 dev veth14569bb table local metric 256 pref medium
ff00::/8 dev veth1 table local metric 256 pref medium


[root@master ~]# ip route show table local | grep veth0
broadcast 1.2.3.0 dev veth0 proto kernel scope link src 1.2.3.101
local 1.2.3.101 dev veth0 proto kernel scope host src 1.2.3.101
broadcast 1.2.3.255 dev veth0 proto kernel scope link src 1.2.3.101


[root@master ~]# ip route show table local | grep veth1
broadcast 1.2.3.0 dev veth1 proto kernel scope link src 1.2.3.102
local 1.2.3.102 dev veth1 proto kernel scope host src 1.2.3.102
broadcast 1.2.3.255 dev veth1 proto kernel scope link src 1.2.3.102

我很困惑。我不明白发生了什么

我的设备信息

[root@master ~]# uname -a
Linux master 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

相关内容