无法 ping 具有两个接口的主机

我正在尝试弄清楚为什么网络接口无法 ping 通并返回 ICMP 类型 3 代码 1 响应：目标不可达（主机不可达）。

我尝试从 host1 ping 到 host2 上的两个接口之一。奇怪的是，如果我从 host2 ping 到 host1，ping 成功，而原始 ping（host1 到 host2）突然开始工作。一段时间后，原来的问题又出现了，我再次无法从 host1 ping 到 host2。我认为这与路由以及我在 host2 上有两个接口有关。以下是详细信息：

尝试从主机1（172.16.44.18） 到主机2（10.2.80.129). 没有响应返回到主机1（100％数据包丢失）

root@host1:~$ ping 10.2.80.129
PING 10.2.80.129 (10.2.80.129) 56(84) bytes of data.
^C
--- 10.2.80.129 ping statistics ---
1201 packets transmitted, 0 received, 100% packet loss, time 1228803ms

这是 host2 上的接口和路由。

root@host2:~# ip --brief -4 addr
lo               UNKNOWN        127.0.0.1/8
veth-int-core@if183 UP             10.2.80.129/22
veth-mgmt@if185  UP             10.2.28.65/22

root@host2:~# ip route show
default via 10.2.28.1 dev veth-mgmt
10.2.28.0/22 dev veth-mgmt proto kernel scope link src 10.2.28.65
10.2.80.0/22 dev veth-int-core proto kernel scope link src 10.2.80.129

反向路径过滤设置为2：

root@host2:~# cat /proc/sys/net/ipv4/conf/veth-int-core/rp_filter 
2

我可以看到 ICMP 回显请求通过接口 veth-int-core 传入，但我从未看到 ICMP 回显响应。

root@host2:~# tcpdump -nei veth-int-core icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth-int-core, link-type EN10MB (Ethernet), capture size 262144 bytes
12:42:51.117858 e4:aa:5d:99:88:4a > 00:16:3e:f7:fa:c8, ethertype IPv4 (0x0800), length 98: 172.16.44.18 > 10.2.80.129: ICMP echo request, id 177, seq 3, length 64
12:42:52.141535 e4:aa:5d:99:88:4a > 00:16:3e:f7:fa:c8, ethertype IPv4 (0x0800), length 98: 172.16.44.18 > 10.2.80.129: ICMP echo request, id 177, seq 4, length 64
12:42:53.165507 e4:aa:5d:99:88:4a > 00:16:3e:f7:fa:c8, ethertype IPv4 (0x0800), length 98: 172.16.44.18 > 10.2.80.129: ICMP echo request, id 177, seq 5, length 64
12:42:54.189568 e4:aa:5d:99:88:4a > 00:16:3e:f7:fa:c8, ethertype IPv4 (0x0800), length 98: 172.16.44.18 > 10.2.80.129: ICMP echo request, id 177, seq 6, length 64

当我查看环回接口时，我可以看到目标不可达响应

root@host2:~# tcpdump -nei lo icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
12:43:52.903768 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 126: 10.2.80.129 > 10.2.80.129: ICMP host 172.16.44.18 unreachable, length 92
12:43:52.903774 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 126: 10.2.80.129 > 10.2.80.129: ICMP host 172.16.44.18 unreachable, length 92
12:43:52.903779 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 126: 10.2.80.129 > 10.2.80.129: ICMP host 172.16.44.18 unreachable, length 92
12:43:55.975774 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 126: 10.2.80.129 > 10.2.80.129: ICMP host 172.16.44.18 unreachable, length 92

当我查看 Wireshark 中的数据包时，我可以看到类型 3 代码 1 响应：

但是，如果我从 host2 ping host1 (172.16.44.18)，则从 host1 (172.16.44.18) 到 host2 (10.2.80.129) 的原始 ping 开始起作用。请注意，此 ping 发出接口 veth-mgmt (10.2.28.65)，因为这是默认路由。

root@host2:~# ping 172.16.44.18
PING 172.16.44.18 (172.16.44.18) 56(84) bytes of data.
64 bytes from 172.16.44.18: icmp_seq=1 ttl=63 time=4.06 ms
64 bytes from 172.16.44.18: icmp_seq=2 ttl=63 time=4.05 ms
64 bytes from 172.16.44.18: icmp_seq=3 ttl=63 time=4.12 ms
^C
--- 172.16.44.18 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 4.052/4.079/4.122/0.060 ms

root@host1:~$ ping 10.2.80.129
PING 10.2.80.129 (10.2.80.129) 56(84) bytes of data.
64 bytes from 10.2.80.129: icmp_seq=488 ttl=62 time=1021 ms
64 bytes from 10.2.80.129: icmp_seq=489 ttl=62 time=4.09 ms
64 bytes from 10.2.80.129: icmp_seq=490 ttl=62 time=4.05 ms
64 bytes from 10.2.80.129: icmp_seq=491 ttl=62 time=4.07 ms
64 bytes from 10.2.80.129: icmp_seq=492 ttl=62 time=4.09 ms
64 bytes from 10.2.80.129: icmp_seq=493 ttl=62 time=4.20 ms
^C
--- 10.2.80.129 ping statistics ---
493 packets transmitted, 6 received, 98.783% packet loss, time 503706ms
rtt min/avg/max/mdev = 4.054/173.652/1021.412/379.129 ms

如果我等待几分钟，问题又会出现，我无法从 host1 ping 通 host2。

什么原因会导致此类问题？我觉得这一定与路由有关。看起来 host2 不知道如何路由回 host1，但是当您尝试从 host2 ping host1 时，它会学习该路由。

当我从 host2 ping host1 并使一切正常时，ICMP 数据包到达 veth-int-core 并在 veth-mgmt 上发送出去，但使用源地址 10.2.80.129

root@host2:~# tcpdump -nvei any icmp
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
16:35:15.659341  In e4:aa:5d:99:88:4a ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 62, id 59067, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.44.18 > 10.2.80.129: ICMP echo request, id 202, seq 51, length 64
16:35:15.659361 Out 00:16:3e:e4:13:09 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 56778, offset 0, flags [none], proto ICMP (1), length 84)
    10.2.80.129 > 172.16.44.18: ICMP echo reply, id 202, seq 51, length 64
16:35:16.660651  In e4:aa:5d:99:88:4a ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 62, id 59204, offset 0, flags [DF], proto ICMP (1), length 84)
    172.16.44.18 > 10.2.80.129: ICMP echo request, id 202, seq 52, length 64
16:35:16.660670 Out 00:16:3e:e4:13:09 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 56854, offset 0, flags [none], proto ICMP (1), length 84)
    10.2.80.129 > 172.16.44.18: ICMP echo reply, id 202, seq 52, length 64