systemd-network 上的 bond + vlan + bridge 问题

tag-icon tag-icon linux vlan bonding debian-stretch systemd-networkd
systemd-network 上的 bond + vlan + bridge 问题

我们使用两台交换机(我们称之为 A 和 B),每台主机(运行 debian 9)都有 2 个网卡(eno1 和 eno2),连接到 A 和 B。这些接口在主动备份模式下绑定在一起(bond0):

# ip link show dev eno1 
2: eno1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 7a:6a:2c:d8:83:82 brd ff:ff:ff:ff:ff:ff
# ip link show dev eno2
3: eno2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP mode DEFAULT group default qlen 1000
    link/ether 7a:6a:2c:d8:83:82 brd ff:ff:ff:ff:ff:ff

# ethtool -P eno1
Permanent address: ac:16:2d:72:75:14
# ethtool -P eno2
Permanent address: ac:16:2d:72:75:15

# cat /etc/modprobe.d/bonding.conf 
options bonding max_bonds=0 miimon=100 mode=active-backup

# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eno2
MII Status: up
MII Polling Interval (ms): 1000
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eno2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: ac:16:2d:72:75:15
Slave queue ID: 0

Slave Interface: eno1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: ac:16:2d:72:75:14
Slave queue ID: 0

在这个堆栈上,我们使用 VLAN:72 是“生产”VLAN(私有 IP),73 是“公共”VLAN。这些 VLAN 在两个桥接器内桥接:brprod 和 brpub。这样,我们只需在适当的桥接器中设置 tap 即可在适当的 VLAN 上获取虚拟机的流量。

所有这些都是使用 Systemd-network 配置的:

# cat 10-all-nic-to-bond0.network
[Match]
Name=eno[1-2]
[Network]
Bond=bond0

# cat 20-bond0.netdev
[NetDev]
Description=Underlying bonding
Name=bond0
Kind=bond

[Bond]
Mode=active-backup
MIIMonitorSec=1s

# cat 20-bond0.network
[Match]
Name=bond0
[Network]
VLAN=prod
VLAN=public
LinkLocalAddressing=no
BindCarrier=eno1 eno2

# cat 30-vlan-prod.netdev
[NetDev]
Name=prod
Kind=vlan

[VLAN]
Id=72

# cat 30-vlan-prod.network
[Match]
Name=prod

[Network]
Bridge=brprod

# cat 30-vlan-pub.netdev
[NetDev]
Name=public
Kind=vlan

[VLAN]
Id=73

# cat 30-vlan-pub.network
[Match]
Name=public

[Network]
Bridge=brpub

# cat 40-brprod.netdev
[NetDev]
Name=brprod
Kind=bridge

# cat 40-brprod.network
[Match]
Name=brprod

[Network]
DHCP=no
Address=10.0.0.143/24

# cat 40-brpub.netdev
[NetDev]
Name=brpub
Kind=bridge

# cat 40-brpub.network
[Match]
Name=brpud

[Network]
DHCP=no

在将公共 IP 添加到 pub vlan 接口后(为了避免启动虚拟机),我无法访问该地址。让我烦恼的是生产网络确实有效;这就是我连接到主机的方式。

# networkctl 
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 eno1             ether              carrier     configuring
  3 eno2             ether              carrier     configuring
  4 eno3             ether              off         unmanaged 
  5 eno4             ether              off         unmanaged 
  6 brprod           ether              routable    configured
 21 tap0             ether              degraded    unmanaged 
 22 brpub            ether              degraded    unmanaged 
 25 veth1            ether              degraded    unmanaged 
 26 bond0            ether              carrier     configuring
 27 public           ether              routable    configuring
 28 prod             ether              carrier     configuring

12 links listed.

经过一番挖掘,看起来有些流量来自一个网卡,另一些来自另一个网卡。但绑定并没有得到它们的总和!

# tcpdump -eni eno1 arp and host 80.67.160.69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
22:10:09.976118 aa:00:00:11:01:f8 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 73, p 0, ethertype ARP, Request who-has 80.67.160.69 tell 80.67.160.65, length 46
22:10:10.434247 aa:00:00:b6:73:8e > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 73, p 0, ethertype ARP, Request who-has 80.67.160.69 tell 80.67.160.77, length 46
22:10:10.972490 aa:00:00:11:01:f8 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 73, p 0, ethertype ARP, Request who-has 80.67.160.69 tell 80.67.160.65, length 46
^C
3 packets captured
4 packets received by filter
0 packets dropped by kernel
# tcpdump -eni eno2 arp and host 80.67.160.69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno2, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
# tcpdump -eni bond0 arp and host 80.67.160.69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

无序问题:

  • 为什么会ip link返回ethtool -P一个不同的 mac 地址?
  • 您对 systemd-networkd 配置文件有什么看法?我遇到了“编号”文件名,因为我找不到文件读取的方式。
  • 为什么绑定无法实现两个接口的聚合?

感谢您阅读至今!

相关内容