我正在尝试使用我的公司云站点来设置带有 GNS3 的设备,但是被 tftp 服务阻止了。
首先,这是我在这个云站点上生成的 2 个云实例。如本图表所示,“Basement”和“US-237”。两个实例都有一个内部 IP,10.31.1.97或者10.31.1.116分别都有一个“浮动 IP”,10.96.131.107或者10.96.128.81分别。此云站点建立在加拿大某处,如果我要从美国(我所在的位置) ssh 到这些实例,我必须使用浮动 IP 地址进行连接。
在这个“地下室”主机上,我启动了一个 tftp 服务,该服务尝试向任何来电提供设备许可证文件。并且我已检查此 tftp 服务已启动并正常运行。
在这个“US-237”主机端,我创建了一个基本的 gns3 项目,如下所示:
其中有以下图表:云<-->思科路由器<-->交换机<-->X-1,这是我的设备。
从设备控制台,我能够使用常规 IP 或浮动 IP 地址 ping 此“地下室”。但如果我尝试将文件从“地下室”传输到我的设备,则完全超时。这是我的设备端的日志消息:
# execute ping 10.31.1.97
PING 10.31.1.97 (10.31.1.97): 56 data bytes
64 bytes from 10.31.1.97: seq=0 ttl=62 time=13.664 ms
64 bytes from 10.31.1.97: seq=1 ttl=62 time=20.204 ms
64 bytes from 10.31.1.97: seq=2 ttl=62 time=16.804 ms
--- 10.31.1.97 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 13.664/16.890/20.204 ms
# execute ping 10.96.131.107
PING 10.96.131.107 (10.96.131.107): 56 data bytes
64 bytes from 10.96.131.107: seq=0 ttl=61 time=16.563 ms
64 bytes from 10.96.131.107: seq=1 ttl=61 time=13.185 ms
64 bytes from 10.96.131.107: seq=2 ttl=61 time=19.592 ms
--- 10.96.131.107 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 12.893/16.421/19.937 ms
#
#
# execute bios get 10.96.131.107 FX200FTQ2109C2EL.rom
tftp: timeout
Get BIOS file failed...
#
# execute bios get 10.31.1.97 FX200FTQ2109C2EL.rom
tftp: timeout
Get BIOS file failed...
同时,如果我在地下室运行 tcpdump,我会在 10.96.131.107 tftp 会话期间看到这样的消息:
18:06:12.999230 IP basement.43620 > oak.fortinet.com.domain: 50389+ [1au] PTR? 6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (101)
18:06:13.008726 IP oak.fortinet.com.domain > basement.43620: 50389 NXDomain 0/1/1 (165)
18:06:13.008814 IP basement.43620 > oak.fortinet.com.domain: 50389+ PTR? 6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
18:06:13.017780 IP oak.fortinet.com.domain > basement.43620: 50389 NXDomain 0/1/0 (154)
18:06:24.459591 IP 10.96.128.81.15987 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.460896 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:24.461240 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:24.560211 IP 10.96.128.81.58208 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.561319 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:24.561699 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 58208 unreachable, length 552
18:06:24.711391 IP 10.96.128.81.35729 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.712479 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:24.712903 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 35729 unreachable, length 552
18:06:24.933100 IP 10.96.128.81.39247 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:24.934302 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:24.934705 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 39247 unreachable, length 552
18:06:25.275542 IP 10.96.128.81.9773 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:25.276742 IP basement.45751 > 10.96.128.81.9773: UDP, length 516
18:06:25.277079 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 9773 unreachable, length 552
18:06:25.290772 IP basement.39876 > oak.fortinet.com.domain: 17298+ [1au] PTR? 81.128.96.10.in-addr.arpa. (54)
18:06:25.300206 IP oak.fortinet.com.domain > basement.39876: 17298 NXDomain* 0/1/1 (112)
18:06:25.300270 IP basement.39876 > oak.fortinet.com.domain: 17298+ PTR? 81.128.96.10.in-addr.arpa. (43)
18:06:25.309278 IP oak.fortinet.com.domain > basement.39876: 17298 NXDomain* 0/1/0 (101)
18:06:25.779433 IP 10.96.128.81.14638 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:25.780690 IP basement.35264 > 10.96.128.81.14638: UDP, length 516
18:06:25.781101 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 14638 unreachable, length 552
18:06:26.535198 IP 10.96.128.81.45243 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:26.536514 IP basement.53291 > 10.96.128.81.45243: UDP, length 516
18:06:26.536920 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 45243 unreachable, length 552
18:06:27.674862 IP 10.96.128.81.36671 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:27.676230 IP basement.60873 > 10.96.128.81.36671: UDP, length 516
18:06:27.676614 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 36671 unreachable, length 552
18:06:29.377169 IP 10.96.128.81.29045 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:29.378533 IP basement.57606 > 10.96.128.81.29045: UDP, length 516
18:06:29.378909 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 29045 unreachable, length 552
18:06:29.460970 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:29.461330 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:29.561398 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:29.561777 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 58208 unreachable, length 552
18:06:29.712576 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:29.934407 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:30.276835 IP basement.45751 > 10.96.128.81.9773: UDP, length 516
18:06:30.780787 IP basement.35264 > 10.96.128.81.14638: UDP, length 516
18:06:30.781347 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 14638 unreachable, length 552
18:06:31.372015 IP 10.96.128.81.50479 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:31.373353 IP basement.44438 > 10.96.128.81.50479: UDP, length 516
18:06:31.536607 IP basement.53291 > 10.96.128.81.45243: UDP, length 516
18:06:31.537004 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 45243 unreachable, length 552
18:06:32.676350 IP basement.60873 > 10.96.128.81.36671: UDP, length 516
18:06:32.676923 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 36671 unreachable, length 552
18:06:33.376599 IP 10.96.128.81.37969 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:06:33.377870 IP basement.34325 > 10.96.128.81.37969: UDP, length 516
18:06:34.378646 IP basement.57606 > 10.96.128.81.29045: UDP, length 516
18:06:34.379157 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 29045 unreachable, length 552
18:06:34.461033 IP basement.47531 > 10.96.128.81.15987: UDP, length 516
18:06:34.461406 IP 10.96.128.81 > basement: ICMP 10.96.128.81 udp port 15987 unreachable, length 552
18:06:34.561478 IP basement.51987 > 10.96.128.81.58208: UDP, length 516
18:06:34.712653 IP basement.55350 > 10.96.128.81.35729: UDP, length 516
18:06:34.934504 IP basement.37528 > 10.96.128.81.39247: UDP, length 516
18:06:35.014468 ARP, Request who-has _gateway tell basement, length 28
18:06:35.014529 ARP, Reply _gateway is-at 02:50:56:56:44:52 (oui Unknown), length 46
18:06:35.276916 IP basement.45751 > 10.96.128.81.9773: UDP, length 516
这将修复 10.31.1.97 tftp 会话:
18:04:50.619282 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.620570 IP basement.35535 > 10.31.1.116.4507: UDP, length 516
18:04:50.620751 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:50.770201 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.771532 IP basement.35629 > 10.31.1.116.4507: UDP, length 516
18:04:50.771722 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:50.991547 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:50.992812 IP basement.59490 > 10.31.1.116.4507: UDP, length 516
18:04:50.993016 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:51.333577 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:51.334874 IP basement.34005 > 10.31.1.116.4507: UDP, length 516
18:04:51.335059 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:51.836528 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:51.837824 IP basement.39109 > 10.31.1.116.4507: UDP, length 516
18:04:51.837979 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:52.590960 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:52.592228 IP basement.46158 > 10.31.1.116.4507: UDP, length 516
18:04:52.592441 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:53.727449 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:53.728740 IP basement.56210 > 10.31.1.116.4507: UDP, length 516
18:04:53.728924 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.437455 IP 10.31.1.116.4507 > basement.tftp: 37 RRQ "FX200FTQ2109C2EL.rom" octet tsize 0
18:04:55.438751 IP basement.33467 > 10.31.1.116.4507: UDP, length 516
18:04:55.438980 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.520253 IP basement.55033 > 10.31.1.116.4507: UDP, length 516
18:04:55.520420 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.620629 IP basement.35535 > 10.31.1.116.4507: UDP, length 516
18:04:55.620843 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
18:04:55.686462 ARP, Request who-has 10.31.1.116 tell basement, length 28
18:04:55.686681 ARP, Reply 10.31.1.116 is-at fa:16:53:2d:76:99 (oui Unknown), length 46
18:04:55.695870 ARP, Request who-has basement tell 10.31.1.116, length 46
18:04:55.695875 ARP, Reply basement is-at fa:16:53:6e:cf:9d (oui Unknown), length 28
18:04:55.771612 IP basement.35629 > 10.31.1.116.4507: UDP, length 516
18:04:55.992903 IP basement.59490 > 10.31.1.116.4507: UDP, length 516
18:04:56.334979 IP basement.34005 > 10.31.1.116.4507: UDP, length 516
18:04:56.837928 IP basement.39109 > 10.31.1.116.4507: UDP, length 516
18:04:56.838158 IP 10.31.1.116 > basement: ICMP 10.31.1.116 udp port 4507 unreachable, length 552
有人知道发生了什么事吗?
提前感谢任何提示!
杰克