Linux IP 别名不起作用 - Amazon EC2

Linux IP 别名不起作用 - Amazon EC2

我似乎无法弄清楚 Amazon EC2 上的这个 IP 别名。但我知道它应该是直接转发的。

总的来说,我有两个问题(我的场景细节在问题之后),按优先顺序排列:

  1. 如何通过 CLI 命令使路由正常工作?
  2. 那么 [1] 起作用后,如何通过配置文件使配置保留下来,以便即使在重新启动后也能保留下来?

配置文件是我的第二个问题,因为我甚至无法通过 CLI 进行路由。

以下是我的默认设置:

eth0      Link encap:Ethernet  HWaddr 0a:64:bd:67:d6:4a  
          inet addr:172.31.16.15  Bcast:172.31.31.255  Mask:255.255.240.0
          inet6 addr: fe80::864:bdff:fe67:d64a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:266 errors:0 dropped:0 overruns:0 frame:0
          TX packets:257 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:29714 (29.7 KB)  TX bytes:29843 (29.8 KB)

具有以下路由表:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.16.1     0.0.0.0         UG    0      0        0 eth0
172.31.16.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0

我想要的是:

eth0 -> 172.31.16.15
eth0:0 -> 172.31.16.100
eth0:1 -> 172.31.16.101

当然是通过正确的路由(我认为这就是我出错的地方)这样我才能成功完成此操作:

1.  telnet -b 172.31.16.15 172.31.16.20 5222
2.  telnet -b 172.31.16.100 172.31.16.20 5222
3.  telnet -b 172.31.16.101 172.31.16.20 5222

甚至只能从 172.31.16.15 ip 进行 ping 操作:

1.  ping -I 172.31.16.15 172.31.16.20
2.  ping -I 172.31.16.100 172.31.16.20
3.  ping -I 172.31.16.101 172.31.16.20

对于上面的 telnet 和 ping 命令,只有 [1] 有效。

当我执行 telnet 命令并对流量进行 tcpdump 时,结果如下:

For 172.31.16.15 when it works:

12:58:14.082176 IP (tos 0x10, ttl 64, id 59547, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.15.26798 > 172.31.16.20.5222: Flags [S], cksum 0x7890 (incorrect -> 0x455e), seq 2790518412, win 29200, options [mss 1460,sackOK,TS val 2360855 ecr 0,nop,wscale 7], length 0
12:58:14.082848 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.20.5222 > 172.31.16.15.26798: Flags [S.], cksum 0xfb9b (correct), seq 1051320718, ack 2790518413, win 28960, options [mss 1460,sackOK,TS val 2304582 ecr 2360855,nop,wscale 7], length 0
12:58:14.082877 IP (tos 0x10, ttl 64, id 59548, offset 0, flags [DF], proto TCP (6), length 52)
    172.31.16.15.26798 > 172.31.16.20.5222: Flags [.], cksum 0x7888 (incorrect -> 0x9aa3), ack 1, win 229, options [nop,nop,TS val 2360855 ecr 2304582], length 0

For 172.31.16.100 when it doesn't work (also, nothing arrives at receiving end):

12:59:01.001723 IP (tos 0x10, ttl 64, id 45034, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf906), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2372585 ecr 0,nop,wscale 7], length 0
12:59:02.000831 IP (tos 0x10, ttl 64, id 45035, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf80c), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2372835 ecr 0,nop,wscale 7], length 0
12:59:04.004827 IP (tos 0x10, ttl 64, id 45036, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf617), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2373336 ecr 0,nop,wscale 7], length 0
12:59:08.012822 IP (tos 0x10, ttl 64, id 45037, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf22d), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2374338 ecr 0,nop,wscale 7], length 0
12:59:16.036831 IP (tos 0x10, ttl 64, id 45038, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xea57), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2376344 ecr 0,nop,wscale 7], length 0
12:59:32.068840 IP (tos 0x10, ttl 64, id 45039, offset 0, flags [DF], proto TCP (6), length 60)
    172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xdaaf), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2380352 ecr 0,nop,wscale 7], length 0

我已经在 /etc/network/interfaces 中尝试过这个:

auto eth0:0
iface eth0:0 inet static
address 172.31.16.100
netmask 255.255.240.0
broadcast 172.31.31.255
network 172.31.16.0
gateway 172.31.16.1

auto eth0:1
iface eth0:1 inet static
address 172.31.16.101
netmask 255.255.240.0
broadcast 172.31.31.255
network 172.31.16.0
gateway 172.31.16.1

当我重新启动网络时,它没有生效。此外,当我重新启动机器时,我也无法再次通过 ssh 进入它。似乎有些东西生效了,但显然是错误的。

我也完成了 CLI sudo ifconfig 方式:

$ sudo ifconfig eth0:0 172.31.16.100 netmask 255.255.240.0 broadcast 172.31.31.255 up
$ sudo ifconfig eth0:1 172.31.16.101 netmask 255.255.240.0 broadcast 172.31.31.255 up

我的 IP 别名立即生效:

$ ifconfig 
eth0      Link encap:Ethernet  HWaddr 0a:64:bd:67:d6:4a  
          inet addr:172.31.16.15  Bcast:172.31.31.255  Mask:255.255.240.0
          inet6 addr: fe80::864:bdff:fe67:d64a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1224 errors:0 dropped:0 overruns:0 frame:0
          TX packets:943 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:93498 (93.4 KB)  TX bytes:118463 (118.4 KB)

eth0:0    Link encap:Ethernet  HWaddr 0a:64:bd:67:d6:4a  
          inet addr:172.31.16.100  Bcast:172.31.31.255  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0:1    Link encap:Ethernet  HWaddr 0a:64:bd:67:d6:4a  
          inet addr:172.31.16.101  Bcast:172.31.31.255  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

路由表看起来仍然相同:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.16.1     0.0.0.0         UG    0      0        0 eth0
172.31.16.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0

但同样,我无法对 [2] 和 [3] 执行如上所述的 telnet 操作。

另外,输入以下命令(并刷新路由表)后:

echo 200 EJ0 >> /etc/iproute2/rt_tables
echo 201 EJ1 >> /etc/iproute2/rt_tables
ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100 table EJ0
ip route add default via 172.31.16.1 table EJ0
ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101 table EJ1
ip route add default via 172.31.16.1 table EJ1
ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100
ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101
ip rule add from 172.31.16.100 table EJ0
ip rule add from 172.31.16.101 table EJ1

ping命令telnet仍然不起作用。

更多信息:

$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0a:64:bd:67:d6:4a brd ff:ff:ff:ff:ff:ff
    inet 172.31.16.15/20 brd 172.31.31.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.31.16.100/20 brd 172.31.31.255 scope global secondary eth0:0
       valid_lft forever preferred_lft forever
    inet 172.31.16.101/20 brd 172.31.31.255 scope global secondary eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::864:bdff:fe67:d64a/64 scope link 
       valid_lft forever preferred_lft forever

$ ip route show
default via 172.31.16.1 dev eth0 
172.31.16.0 dev eth0  scope link  src 172.31.16.100 
172.31.16.0/20 dev eth0  proto kernel  scope link  src 172.31.16.15 

这一切都是为了让 HAProxy 能够成功连接到 ejabberd 实例,但从两个不同的 src IP(eth0:0 和 eth0:1)进行连接。

欢迎任何建议,不胜感激。

答案1

使用 Amazon EC2 VPC 确实可以实现 IP 别名!!

如果你正在使用 Ubuntu Linux(就像我现在一样),你仍然需要像往常一样在 Linux 上添加你的 IP 别名关键部分也是额外的配置它Amazon EC2 控制台本身如图所示多个私有 IP 地址

感谢大家的评论和贡献。

答案2

与路由类似,当 Linux 在同一个网络中发现多个实体时,它将使用第一个匹配的路由/接口到达那里。在这种情况下,它是eth0172.31.16.15

为了使 Linux 使用这些别名作为源地址和完全可运行的接口,您需要创建多个路由表,每个虚拟接口一个。

echo 200 EJ0 >> /etc/iproute2/rt_tables

echo 201 EJ1 >> /etc/iproute2/rt_tables

添加路线

ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100 table EJ0

ip route add default via 172.31.16.1 table EJ0

ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101 table EJ1

ip route add default via 172.31.16.1 table EJ1

然后告诉主表。

ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100

ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101

然后添加规则

ip rule add from 172.31.16.100 table EJ0

ip rule add from 172.31.16.101 table EJ1

很多内容取自非常有用的Linux 策略路由

相关内容