为什么linux不响应来自VxLAN的ICMP请求?

tag-icon tag-icon networking network-interface networkmanager ethernet internet
为什么linux不响应来自VxLAN的ICMP请求?

我为两台机器分别运行以下命令。当我在主机 B 上运行 ping 命令并在主机 A 上使用 tcpdump 命令时,我成功捕获了 ICMP 请求。为什么主机不响应请求。我该如何修复它?我已经为这个问题苦苦挣扎了一天。非常感谢您的帮助!

主机B -> 主机A

[hostB]# ping 10.244.1.0
PING 10.244.1.0 (10.244.1.0) 56(84) bytes of data.

[hostA]# tcpdump -nvei vxlan
tcpdump: listening on vxlan, link-type EN10MB (Ethernet), capture size 262144 bytes
00:18:52.610590 c2:86:3c:fc:ed:9e > 16:89:e7:3a:2e:f7, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 13199, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.2.0 > 10.244.1.0: ICMP echo request, id 5181, seq 11, length 64

主机A->主机B

[hostA]# ping 10.244.2.0

[HostB]# tcpdump -nevi vxlan
tcpdump: listening on vxlan, link-type EN10MB (Ethernet), capture size 262144 bytes
00:32:21.828135 16:89:e7:3a:2e:f7 > c2:86:3c:fc:ed:9e, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 57470, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.1.0 > 10.244.2.0: ICMP echo request, id 5300, seq 1, length 64

subnet=$1
ip netns add n1
ip netns add n2
# Init bridge
ip link add br0 type bridge
ip addr add 10.244.$subnet.1/24 dev br0
ip link set br0 up
# Init netns v1
ip link add v1 type veth peer name b1
ip link set v1 netns n1
ip netns exec n1 ip addr add 10.244.$subnet.2/24 dev v1
ip netns exec n1 ip link set lo up
ip netns exec n1 ip link set v1 up
ip link set b1 up
# Init netns v2
ip link add v2 type veth peer name b2
ip link set v2 netns n2
ip netns exec n2 ip addr add 10.244.$subnet.3/24 dev v2
ip netns exec n2 ip link set lo up
ip netns exec n2 ip link set v2 up
ip link set b2 up
# Binding Bridge
ip link set b1 master br0
ip link set b2 master br0
# Add vxlan 
ip link add vxlan type vxlan id 1 dstport 4789 dev eth0 nolearning proxy
ip addr add 10.244.$subnet.0/32 dev vxlan
ip link set vxlan up
ip link set vxlan master br0

# Add the following(route, arp, fdb) for each of the two machines
# ip route add 10.244.2.0/24 via 10.244.2.0 dev vxlan onlink
# ip neigh add 10.244.2.0 lladdr c2:86:3c:fc:ed:9e dev vxlan
# bridge fdb append c2:86:3c:fc:ed:9e dev vxlan dst 11x.40.167.227

# ip route add 10.244.1.0/24 via 10.244.1.0 dev vxlan onlink
# ip neigh add 10.244.1.0 lladdr 16:89:e7:3a:2e:f7 dev vxlan
# bridge fdb append 16:89:e7:3a:2e:f7 dev vxlan dst 15x.75.71.186

[HostA]# sudo iptables -L -nv
Chain INPUT (policy ACCEPT 52 packets, 3764 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 43 packets, 6446 bytes)
 pkts bytes target     prot opt in     out     source               destination

[HostB]# sudo iptables -L -nv
Chain INPUT (policy ACCEPT 119 packets, 8184 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 34 packets, 45258 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 113 packets, 15056 bytes)
 pkts bytes target     prot opt in     out     source               destination

[HostB]# ip -br link; ip -br address; ip route
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
eth0             UP             52:54:00:5c:9f:0d <BROADCAST,MULTICAST,UP,LOWER_UP> 
br0              UP             16:87:ae:7a:4e:ca <BROADCAST,MULTICAST,UP,LOWER_UP> 
b1@if17          UP             22:6d:f3:fd:60:2c <BROADCAST,MULTICAST,UP,LOWER_UP> 
b2@if19          UP             8e:10:94:39:98:b1 <BROADCAST,MULTICAST,UP,LOWER_UP> 
vxlan            UNKNOWN        16:87:ae:7a:4e:ca <BROADCAST,MULTICAST,UP,LOWER_UP> 
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             10.0.4.11/22 fe80::5054:ff:fe5c:9f0d/64 
br0              UP             10.244.2.2/24 fe80::1452:1dff:fe60:d59d/64 
b1@if17          UP             fe80::206d:f3ff:fefd:602c/64 
b2@if19          UP             fe80::8c10:94ff:fe39:98b1/64 
vxlan            UNKNOWN        10.244.2.1/32 fe80::1487:aeff:fe7a:4eca/64 
default via 10.0.4.1 dev eth0 
10.0.4.0/22 dev eth0 proto kernel scope link src 10.0.4.11 
10.244.1.0/24 via 10.244.1.1 dev vxlan onlink 
10.244.2.0/24 dev br0 proto kernel scope link src 10.244.2.2 
169.254.0.0/16 dev eth0 scope link metric 1002 

[HostA]# ip -br link; ip -br address; ip route
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
eth0             UP             52:54:00:b8:dd:65 <BROADCAST,MULTICAST,UP,LOWER_UP> 
br0              UP             1e:6e:4f:d0:f7:fe <BROADCAST,MULTICAST,UP,LOWER_UP> 
b1@if6           UP             1e:6e:4f:d0:f7:fe <BROADCAST,MULTICAST,UP,LOWER_UP> 
b2@if8           UP             fe:9e:59:c5:cf:3a <BROADCAST,MULTICAST,UP,LOWER_UP> 
vxlan            UNKNOWN        9e:ae:72:28:b1:93 <BROADCAST,MULTICAST,UP,LOWER_UP> 
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             UP             10.0.12.6/22 fe80::5054:ff:feb8:dd65/64 
br0              UP             10.244.1.2/24 fe80::78d6:97ff:fe4e:13b9/64 
b1@if6           UP             fe80::1c6e:4fff:fed0:f7fe/64 
b2@if8           UP             fe80::fc9e:59ff:fec5:cf3a/64 
vxlan            UNKNOWN        10.244.1.1/32 fe80::9cae:72ff:fe28:b193/64 
default via 10.0.12.1 dev eth0 
10.0.12.0/22 dev eth0 proto kernel scope link src 10.0.12.6 
10.244.1.0/24 dev br0 proto kernel scope link src 10.244.1.2 
10.244.2.0/24 via 10.244.2.1 dev vxlan onlink 
169.254.0.0/16 dev eth0 scope link metric 1002

相关内容