我正在 Cisco Catalyst 交换机的中继端口中设置一台装有 Ubuntu 22.04 的 Dell R440。问题是系统中仅捕获本机 VLAN 流量。
端口配置如下:
interface GigabitEthernet1/0/44
switchport access vlan 201
switchport trunk native vlan 201
switchport trunk allowed vlan 10,201
switchport mode trunk
!
show interfaces GigabitEthernet 1/0/44 trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/44 on 802.1q trunking 201
Port Vlans allowed on trunk
Gi1/0/44 10,201
Port Vlans allowed and active in management domain
Gi1/0/44 10,201
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/44 10,201
这个确切的配置在其他端口发送标记的 vlan 流量,可以在 Debian 和 BSD 系统中捕获,就像它应该的那样。
服务器中的接口配置是这样的:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff
altname enp4s0f0
inet 192.168.201.20/24 brd 192.168.201.255 scope global eno1
valid_lft forever preferred_lft forever
inet6 fe80::d294:66ff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether bb:bb:bb:bb:bb:bb brd ff:ff:ff:ff:ff:ff
altname enp4s0f1
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:d1:36:8a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: eno1.10@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff
inet 192.168.10.199/24 scope global eno1.10
valid_lft forever preferred_lft forever
inet6 fe80::d294:66ff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
6: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500
link/ether 50:50:50:50:50:50 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fe6e:5932/64 scope link
valid_lft forever preferred_lft forever
可以看到,上面有一个 vlan 接口和一个 macvtap。有一个虚拟机将未标记的流量发送到 vlan 接口(来自 192.168.10.172)。从eno1接口嗅探到的流量在系统中被正确标记:
# tcpdump -nvei eno1 vlan 10
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:38:26.204155 50:50:50:50:50:50 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.172, length 28
13:38:27.204132 50:50:50:50:50:50 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.172, length 28
13:38:28.222031 50:50:50:50:50:50 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.172, length 28
13:38:29.220143 50:50:50:50:50:50 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.172, length 28
来自主机本身的流量也被标记:
# tcpdump -nvei eno1 vlan 10
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:21:21.254534 aa:aa:aa:aa:aa:aa > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.199, length 28
14:21:22.278725 aa:aa:aa:aa:aa:aa > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.199, length 28
14:21:23.302507 aa:aa:aa:aa:aa:aa > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP (0x0806), Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.199, length 28
可以在主界面中观察到来自本机 VLAN(未标记)和其他主机的流量(并且通信工作正常):
# tcpdump -nvei eno1 not vlan 10
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
14:21:12.669286 aa:aa:aa:aa:aa:aa > 00:00:5e:00:01:c9, ethertype IPv4 (0x0800), length 190: (tos 0x10, ttl 64, id 61852, offset 0, flags [DF], proto TCP (6), length 176)
192.168.201.20.22 > 172.16.20.10.51758: Flags [P.], cksum 0x4a7a (incorrect -> 0x92f4), seq 967793068:967793192, ack 3024530972, win 501, options [nop,nop,TS val 3219014539 ecr 3285414951], length 124
14:21:12.682517 ab:ab:ab:ab:ab:ab > aa:aa:aa:aa:aa:aa, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 31043, offset 0, flags [none], proto TCP (6), length 52)
172.16.20.10.51758 > 192.168.201.20.22: Flags [.], cksum 0x2ef4 (correct), ack 124, win 501, options [nop,nop,TS val 3285414975 ecr 3219014539], length 0
14:21:12.720108 22:22:22:22:22:22 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.201.134 tell 192.168.201.102, length 46
此配置已通过以下方式手动应用:
sudo ip link add link eno1 name eno1.10 type vlan id 10
sudo ip link set dev eno1.10 up
sudo ip addr add 192.168.10.199/24 dev eno1.10
还通过 netplan,在其他测试中,通过:
network:
ethernets:
eno1:
addresses:
- 192.168.201.20/24
gateway4: 192.168.201.1
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8
dhcp4: false
dhcp6: false
vlans:
eno1.10:
id: 10
link: eno1
dhcp4: false
dhcp6: false
version: 2
从该主机生成的已标记流量不会到达任何其他主机。此外,来自其他已标记主机的流量也不会到达该主机。实际上有第二个服务器和第二个交换机(两者相同),它们的行为方式完全相同(错误),这使得几乎不可能将任何单个硬件部件归咎于有缺陷。
这将是用于迁移的 KVM 主机,但虚拟机必须能够在此中继提供的 VLAN 中进行通信(还有许多其他主机,现在已简化此设置以进行故障排除)。关于这里缺少什么有什么想法吗?
答案1
事实证明没有任何问题,除了为了将电缆连接到我们的机架,数据中心使用了一个未启用 q in q 的附加交换机。这导致标记的数据包在传输中丢失。