我正在尝试在 mininet 上实现 MPLS,并且成功了。我能够正确地推送、交换和弹出标签。
当我尝试从一台主机 ping 到另一台主机时遇到困难。这是我正在使用的网络:
h1--s1--r1--r5--r8--r4--s4--h4
我注意到,当 r4 将数据包传送到 s4 时,s4 不会对数据包执行任何操作,数据包也永远不会到达主机 (h4),因此我决定完全移除交换机,只使用主机和路由器
h1--r1--r5--r8--r4--h4
我开始捕获 h4 正在接收的内容,我注意到他正在接收来自 h1 (10.0.1.10) 的 ping,但是 h4 (10.0.4.10) 从未回复。
这是 h4 上的输出:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on h4-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:11:31.984633 IP 10.0.1.10 > 10.0.4.10: ICMP echo request, id 5767, seq 1, length 64
18:11:31.984961 ARP, Request who-has 10.0.4.1 tell 10.0.4.10, length 28
18:11:31.984970 ARP, Reply 10.0.4.1 is-at fe:65:4f:0c:2f:17 (oui Unknown), length 28
18:11:31.984972 IP 10.0.4.10.49609 > 172.16.219.2.domain: 52855+ PTR? 10.4.0.10.in-addr.arpa. (40)
18:11:31.984983 IP 10.0.4.1 > 10.0.4.10: ICMP net 172.16.219.2 unreachable, length 76
18:11:36.990650 IP 10.0.4.10.49609 > 172.16.219.2.domain: 52855+ PTR? 10.4.0.10.in-addr.arpa. (40)
18:11:36.990609 ARP, Request who-has 10.0.4.10 tell 10.0.4.1, length 28
18:11:52.006132 IP 10.0.4.10.38978 > 172.16.219.2.domain: 7045+ PTR? 1.4.0.10.in-addr.arpa. (39)
18:12:02.018454 IP 10.0.4.10.45969 > 172.16.219.2.domain: 62742+ PTR? 2.219.16.172.in-addr.arpa. (43)
18:12:02.018478 IP 10.0.4.1 > 10.0.4.10: ICMP net 172.16.219.2 unreachable, length 79
这是 h4 路由表,它有一个网关:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.4.1 0.0.0.0 UG 0 0 0 h4-eth0
10.0.4.0 * 255.255.255.0 U 0 0 0 h4-eth0
任何帮助是极大的赞赏。
更新
测试之前h4的netstat -s
Ip:
1329 total packets received
0 forwarded
0 incoming packets discarded
1329 incoming packets delivered
1329 requests sent out
Icmp:
24 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 8
echo requests: 8
echo replies: 8
16 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
echo request: 8
echo replies: 8
IcmpMsg:
InType0: 8
InType3: 8
InType8: 8
OutType0: 8
OutType8: 8
Tcp:
1 active connections openings
1 passive connection openings
0 failed connection attempts
0 connection resets received
2 connections established
1305 segments received
1305 segments send out
0 segments retransmited
0 bad segments received.
0 resets sent
Udp:
0 packets received
0 packets to unknown port received.
0 packet receive errors
8 packets sent
UdpLite:
TcpExt:
65 delayed acks sent
856 packet headers predicted
28 acknowledgments not containing data payload received
805 predicted acknowledgments
TCPRcvCoalesce: 14
TCPOrigDataSent: 974
TCPKeepAlive: 1
IpExt:
InOctets: 3413476
OutOctets: 3413252
InNoECTPkts: 1329
经过测试后h4的netstat -s
Ip:
1384 total packets received
0 forwarded
0 incoming packets discarded
1384 incoming packets delivered
1384 requests sent out
Icmp:
32 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 16
echo requests: 8
echo replies: 8
16 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
echo request: 8
echo replies: 8
IcmpMsg:
InType0: 8
InType3: 16
InType8: 8
OutType0: 8
OutType8: 8
Tcp:
1 active connections openings
1 passive connection openings
0 failed connection attempts
0 connection resets received
2 connections established
1352 segments received
1352 segments send out
0 segments retransmited
0 bad segments received.
0 resets sent
Udp:
0 packets received
0 packets to unknown port received.
0 packet receive errors
16 packets sent
UdpLite:
TcpExt:
72 delayed acks sent
872 packet headers predicted
28 acknowledgments not containing data payload received
828 predicted acknowledgments
TCPRcvCoalesce: 16
TCPOrigDataSent: 1000
TCPKeepAlive: 1
IpExt:
InOctets: 3421472
OutOctets: 3421024
InNoECTPkts: 1384
首先我使用静态路由,这些是路由:
r1 ip route add 10.0.4.0/24 via 172.16.1.2
r4 ip route add 10.0.1.0/24 via 172.16.4.2
r5 ip route add 10.0.1.0/24 via 172.16.1.1
r5 ip route add 10.0.4.0/24 via 172.16.8.2
r8 ip route add 10.0.1.0/24 via 172.16.8.1
r8 ip route add 10.0.4.0/24 via 172.16.4.1
然后我用 MPLS 代替它:
r1 ip route add 10.0.4.0/24 encap mpls 400 via inet 172.16.1.2
r5 ip -f mpls route add 400 as 400 via inet 172.16.8.2
r8 ip -f mpls route add 400 as 400 via inet 172.16.4.1
r4 ip -f mpls route add 400 dev r4-eth0
r4 ip route add 10.0.1.0/24 encap mpls 100 via inet 172.16.4.2
r8 ip -f mpls route add 100 as 100 via inet 172.16.8.1
r5 ip -f mpls route add 100 as 100 via inet 172.16.1.1
r1 ip -f mpls route add 100 dev r1-eth0
任何帮助是极大的赞赏。
更新
附件的 wireshark 捕获确认 h4 没有回复
答案1
目前,在 /etc/resolv.conf 中列出 172.16.219.2 似乎没有帮助。
测试 h4 是否可以 ping 通自己的环回地址,然后测试 ping 其 10.0.4.10 地址。查看 dmesg 或 syslog 是否提供任何提示。
验证 iptables 或其他数据包过滤器没有制定阻止传送入站数据包(tcpdump 看到它,但内核端点可能没有看到)或阻止传送出站答复的策略决策。
查看 h4 输出的前几个部分netstat -s,并注意在实验探测开始和结束之间哪些计数器会增加。
您向我们展示了 18:11:31.984633 处的单个入站数据包,随后是默认路由器的 ARP 缓存未命中。如果 h1 持续发送 ping,而 h4 没有缓存未命中,我们会看到不同的结果吗?
H1 正在用 ICMP 数据包刺激被测系统。在使用 tcpdump 监听三次握手时,尝试从 h1 进行另一种刺激,可能是端口 22 或端口 80:telnet 10.0.4.10 80
编辑:您观察到“[在删除] 使用 MPLS 的路由后,问题就开始了。”这表明数据包没有通过默认路由离开。尝试出站刺激(可能是 ping)以帮助确定 r4 是否看到您希望从 h4 传出的数据包。
在 netstat -s 上,+8 ICMP dest unreach 似乎有问题,再次指向静态路由与默认路由。它与发送的 +0 ICMP 匹配,这是您已使用 tcpdump 确认的内容。