我正在尝试在 VirtualBox 上运行的 3 个 Ubuntu 22.04 虚拟服务器(底层 IP:172.16.30.26/24、27 和 28)之间设置一个基本的单播 VxLAN。没有防火墙处于活动状态。UFW 已删除。设置完成后,当我尝试在 3 个覆盖 IP(192.168.200.1/24、2、3)之间进行 ping 操作时,我看到 ARP 请求到达其他计算机,但目标计算机未生成任何响应,因此源计算机一直显示:目标主机不可达我得到了没有到主机的路由。网络上所有针对 Linux 的单播 VxLAN 配置指南都表明此设置应该有效。查看路由表,路由看起来不错,底层 ping 工作正常。以下是 3 台机器的配置以及 VM1 和 VM3 之间的 ping 和 tcpdump 显示。
VM1
sudo ip link add vxlan0 type vxlan id 42 dev enp0s3 dstport 0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.27 dev vxlan0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.28 dev vxlan0
sudo ip addr add 192.168.200.1/24 dev vxlan0
sudo ip link set up dev vxlan0
ed@ubuntu-06:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:5a:4b:3e brd ff:ff:ff:ff:ff:ff
inet 172.16.30.26/24 brd 172.16.30.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
3: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 92:f9:2d:1a:59:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 scope global vxlan0
valid_lft forever preferred_lft forever
inet6 fe80::90f9:2dff:fe1a:596e/64 scope link
valid_lft forever preferred_lft forever
ed@ubuntu-06:~$ ip route
default via 172.16.30.1 dev enp0s3 proto static metric 100
169.254.0.0/16 dev enp0s3 scope link metric 1000
172.16.30.0/24 dev enp0s3 proto kernel scope link src 172.16.30.26 metric 100
192.168.200.0/24 dev vxlan0 proto kernel scope link src 192.168.200.1
VM2
sudo ip link add vxlan0 type vxlan id 42 dev enp0s3 dstport 0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.26 dev vxlan0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.28 dev vxlan0
sudo ip addr add 192.168.200.2/24 dev vxlan0
sudo ip link set up dev vxlan0
ed@ubuntu-07:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:6c:70:b9 brd ff:ff:ff:ff:ff:ff
inet 172.16.30.27/24 brd 172.16.30.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
3: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 92:f9:2d:1a:59:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.200.2/24 scope global vxlan0
valid_lft forever preferred_lft forever
inet6 fe80::90f9:2dff:fe1a:596e/64 scope link
valid_lft forever preferred_lft forever
ed@ubuntu-07:~$ ip route
default via 172.16.30.1 dev enp0s3 proto static metric 100
169.254.0.0/16 dev enp0s3 scope link metric 1000
172.16.30.0/24 dev enp0s3 proto kernel scope link src 172.16.30.27 metric 100
192.168.200.0/24 dev vxlan0 proto kernel scope link src 192.168.200.2
VM3
sudo ip link add vxlan0 type vxlan id 42 dev enp0s3 dstport 0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.27 dev vxlan0
sudo bridge fdb append to 00:00:00:00:00:00 dst 172.16.30.26 dev vxlan0
sudo ip addr add 192.168.200.3/24 dev vxlan0
sudo ip link set up dev vxlan0
ed@ubuntu-08:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:9e:e4:6c brd ff:ff:ff:ff:ff:ff
inet 172.16.30.28/24 brd 172.16.30.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
3: vxlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 92:f9:2d:1a:59:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.200.3/24 scope global vxlan0
valid_lft forever preferred_lft forever
inet6 fe80::90f9:2dff:fe1a:596e/64 scope link
valid_lft forever preferred_lft forever
ed@ubuntu-08:~$ ip route
default via 172.16.30.1 dev enp0s3 proto static metric 100
169.254.0.0/16 dev enp0s3 scope link metric 1000
172.16.30.0/24 dev enp0s3 proto kernel scope link src 172.16.30.28 metric 100
192.168.200.0/24 dev vxlan0 proto kernel scope link src 192.168.200.3
从 VM1 覆盖层到 VM3 覆盖层进行 PING:
ed@ubuntu-06:~$ ping 192.168.200.3
PING 192.168.200.3 (192.168.200.3) 56(84) bytes of data.
From 192.168.200.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: No route to host
From 192.168.200.1 icmp_seq=2 Destination Host Unreachable
From 192.168.200.1 icmp_seq=3 Destination Host Unreachable
From 192.168.200.1 icmp_seq=5 Destination Host Unreachable
ping: sendmsg: No route to host
From 192.168.200.1 icmp_seq=6 Destination Host Unreachable
From 192.168.200.1 icmp_seq=7 Destination Host Unreachable
^C
--- 192.168.200.3 ping statistics ---
11 packets transmitted, 0 received, +6 errors, 100% packet loss, time 10230ms
pipe 3
VM3 上的 tcpdump 监控端口 8472:
ed@ubuntu-08:~$ sudo tcpdump -ni enp0s3 port 8472
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:12:48.118239 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:49.131784 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:50.155675 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:52.203901 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:53.228516 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:54.251235 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:56.299492 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:57.324093 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
16:12:58.347268 IP 172.16.30.26.45506 > 172.16.30.28.8472: OTV, flags [I] (0x08), overlay 0, instance 42
ARP, Request who-has 192.168.200.3 tell 192.168.200.1, length 28
^C
9 packets captured
9 packets received by filter
0 packets dropped by kernel
仔细研究配置后,我发现所有 vxlan0 接口都被分配了相同的 MAC 地址,这就是导致问题的原因。使用以下命令接口手动更改 vxlan0 的 MAC 地址使 ping 工作正常。
sudo ip link set dev wlan1 address 92:f9:2d:1a:59:6f
sudo ip link set dev wlan1 address 92:f9:2d:1a:59:6d
我的问题是为什么 VxLAN 创建会为所有 3 台机器创建相同的 MAC 地址,以及如何确保每个 vxlan0 接口都有一个唯一的 MAC 地址。