我在网络环境中工作,其中有一些运行 CentOS 7.7 的 Cisco 交换机 WS-C3560X-48 和 Linux 服务器。
Linux 服务器在我的交换机上连接了 3 次:一个管理链接、一个生产链接和一个 ILO 链接,因为它们在 HP 硬件上运行。
当我尝试从 Cisco 交换机 ping 管理 LAN 上的服务器时,我得到以下结果:
SWTCisco#ping 10.123.213.152 source 10.123.213.158 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.123.213.152, timeout is 2 seconds:
Packet sent with a source address of 10.123.213.158
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!
Success rate is 86 percent (86/100), round-trip min/avg/max = 1/3/17 ms
如您所见,我有一个模式,我总是在第 7 次 ping 时丢失一个数据包。在服务器端,我可以使用 tcpdump 看到收到了 icmp 请求,但未发送 icmp 回复。在下面的例子中,我对服务器进行了 8 次 ping,我们可以看到 2 个请求接连出现。
root@CentOSserver:/etc/sysconfig/network-scripts# tcpdump -i eno1 host 10.123.213.158 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:37:04.770292 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 0, length 80
11:37:04.770354 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 0, length 80
11:37:04.772624 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 1, length 80
11:37:04.772644 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 1, length 80
11:37:04.774394 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 2, length 80
11:37:04.774411 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 2, length 80
11:37:04.776592 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 3, length 80
11:37:04.776606 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 3, length 80
11:37:04.789083 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 4, length 80
11:37:04.789099 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 4, length 80
11:37:04.791466 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 5, length 80
11:37:04.791483 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 5, length 80
11:37:04.793669 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 6, length 80
11:37:04.822159 ARP, Request who-has 10.123.213.158 tell 10.123.213.144, length 46
11:37:06.793024 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 7, length 80
11:37:06.793068 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 7, length 80
10.123.213.158 是我的 Cisco 交换机上的 vlan 地址
10.123.213.152 是 Linux 服务器上 eno1 的地址
10.123.213.144 是我 tcpdump 运行时执行 arp 请求的另一台服务器的 ILO 地址。
经过新的调查,我发现问题与生成树有关。我对所发现的内容进行了 pcap 测试。 https://filebin.net/9x9ech3uude93sda
在 pcap 中,我们可以看到 2 个 icmp 请求之间有一个 STP 数据包。我尝试了几次,每次我都应该在 STP 数据包中找到我的回复。
对我来说,它只是一个 bpdu 消息,不会对我的接口 GigabitEthernet0/27 产生任何影响。
思科的生成树配置中没有看到任何特别令人担忧的东西(对我来说):
SWTCisco#sh spanning-tree vlan 28
VLAN0028
Spanning tree enabled protocol ieee
Root ID Priority 32796
Address 501c.bf45.1c00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32796 (priority 32768 sys-id-ext 28)
Address 501c.bf45.1c00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/11 Desg FWD 4 128.11 P2p
Gi0/18 Desg FWD 4 128.18 P2p
Gi0/19 Desg FWD 4 128.19 P2p
Gi0/20 Desg FWD 4 128.20 P2p
Gi0/21 Desg FWD 19 128.21 P2p
Gi0/22 Desg FWD 4 128.22 P2p
Gi0/23 Desg FWD 4 128.23 P2p
Gi0/24 Desg FWD 4 128.24 P2p
Gi0/25 Desg FWD 4 128.25 P2p
Gi0/26 Desg FWD 4 128.26 P2p
Gi0/27 Desg FWD 4 128.27 P2p
Gi0/31 Desg FWD 4 128.31 P2p
Gi0/32 Desg FWD 19 128.32 P2p
Gi0/33 Desg FWD 4 128.33 P2p
Gi0/34 Desg FWD 4 128.34 P2p
Gi0/35 Desg FWD 4 128.35 P2p
Gi0/36 Desg FWD 4 128.36 P2p
Gi0/37 Desg FWD 4 128.37 P2p
Gi0/38 Desg FWD 4 128.38 P2p
Gi0/39 Desg FWD 4 128.39 P2p
Gi0/40 Desg FWD 4 128.40 P2p
Gi0/47 Desg FWD 19 128.47 P2p
Gi1/3 Desg FWD 4 128.51 P2p
SWTCisco#sh run int gigabitEthernet 0/27
Building configuration...
Current configuration : 113 bytes
!
interface GigabitEthernet0/27
switchport access vlan 28
switchport mode access
end
SWTCisco#sh spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
Number of blocked ports (segments) in the system : 0
SWTCisco#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0028, VLAN0031, VLAN3715
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0028 0 0 0 23 23
VLAN0031 0 0 0 12 12
VLAN0157 0 0 0 1 1
VLAN3715 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
4 vlans 0 0 0 37 37
SWTCisco#sh version | in RELEASE
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE1, RELEASE SOFTWARE (fc1)
当 ping 处于活动状态时,我观察了我的接口 Gi0/27,并且接口保持在 FWD 状态。
有人知道为什么交换机发送 bdpu 帧时会丢失数据包吗?我在理解某些高级 stp 功能方面有些困难,因此我可能在这里遗漏了一些东西。