Ubuntu 版本 20.04。
首先,我们在唯一的(主)网络接口上创建了第二个私有 IP。两个私有 IP 地址都可以 ping 通。现在实例有 2 个私有 IP 地址和 1 个公有 IP 地址。
然后,我们附加了一个具有两个私有 IP 地址(没有公共 IP 地址)的辅助网络接口并将其连接到实例,然后添加 .yaml 配置,如下所示本文。现在实例有4个内网IP,1个公网IP。4个内网IP都无法ping通。
First Private IP Second Private IP
Primary Network Interface 172.31.1.101 172.31.1.102
Secondary Netwk Interface 172.31.2.201 172.31.2.202
主网络接口的 /etc/netplan/50-cloud-init.yaml :
network:
ethernets:
ens5:
addresses:
- 172.31.1.102/20
dhcp4: true
dhcp6: false
match:
macaddress: 0e:dc:a1:64:a6:88
set-name: ens5
version: 2
辅助网络接口的 /etc/netplan/51-ens6.yaml :
network:
version: 2
renderer: networkd
ethernets:
ens6:
addresses:
- 172.31.2.201/20
- 172.31.2.202/20
dhcp4: no
routes:
- to: 0.0.0.0/0
via: 172.31.0.1 # Default gateway
table: 1000
- to: 172.31.2.201
via: 0.0.0.0
scope: link
table: 1000
- to: 172.31.2.202
via: 0.0.0.0
scope: link
table: 1000
routing-policy:
- from: 172.31.2.201
table: 1000
- from: 172.31.2.202
table: 1000
ip a
输出:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 0e:54:c0:50:88:04 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.102/20 brd 172.31.15.255 scope global ens5
valid_lft forever preferred_lft forever
inet 172.31.1.101/20 brd 172.31.15.255 scope global secondary dynamic ens5
valid_lft 3574sec preferred_lft 3574sec
inet6 fe80::c54:c0ff:fe50:8804/64 scope link
valid_lft forever preferred_lft forever
3: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0e:ff:4a:aa:cb:66 brd ff:ff:ff:ff:ff:ff
inet 172.31.2.201/20 brd 172.31.15.255 scope global ens6
valid_lft forever preferred_lft forever
inet 172.31.2.202/20 brd 172.31.15.255 scope global secondary ens6
valid_lft forever preferred_lft forever
inet6 fe80::cff:4aff:feaa:cb66/64 scope link
valid_lft forever preferred_lft forever
ip r show table 1000
输出:
default via 172.31.0.1 dev ens5 proto dhcp src 172.31.1.101 metric 100
172.31.0.0/20 dev ens6 proto kernel scope link src 172.31.2.201
172.31.0.0/20 dev ens5 proto kernel scope link src 172.31.1.102
172.31.0.1 dev ens5 proto dhcp scope link src 172.31.1.101 metric 100
ip rule
输出:
0: from all lookup local
0: from 172.31.2.201 lookup 1000
0: from 172.31.2.202 lookup 1000
32766: from all lookup main
32767: from all lookup default
netplan --debug generate
输出:
DEBUG:command generate: running ['/lib/netplan/generate']
** (generate:2245): DEBUG: 00:33:01.254: Processing input file /etc/netplan/50-cloud-init.yaml..
** (generate:2245): DEBUG: 00:33:01.254: starting new processing pass
** (generate:2245): DEBUG: 00:33:01.255: Processing input file /etc/netplan/51-ens6.yaml..
** (generate:2245): DEBUG: 00:33:01.255: starting new processing pass
** (generate:2245): DEBUG: 00:33:01.255: We have some netdefs, pass them through a final round of validation
** (generate:2245): DEBUG: 00:33:01.255: ens5: setting default backend to 1
** (generate:2245): DEBUG: 00:33:01.255: Configuration is valid
** (generate:2245): DEBUG: 00:33:01.255: ens6: setting default backend to 1
** (generate:2245): DEBUG: 00:33:01.255: Configuration is valid
** (generate:2245): DEBUG: 00:33:01.255: Generating output files..
** (generate:2245): DEBUG: 00:33:01.255: NetworkManager: definition ens5 is not for us (backend 1)
** (generate:2245): DEBUG: 00:33:01.255: NetworkManager: definition ens6 is not for us (backend 1)
(generate:2245): GLib-DEBUG: 00:33:01.255: posix_spawn avoided (fd close requested)
答案1
完整的合并 netplan 配置是:
network:
renderer: networkd
version: 2
ethernets:
ens5:
addresses:
- 172.31.1.102/20
dhcp4: true
dhcp6: false
match:
macaddress: 0e:dc:a1:64:a6:88
set-name: ens5
ens6:
addresses:
- 172.31.2.201/20
- 172.31.2.202/20
dhcp4: no
routes:
- to: 0.0.0.0/0
via: 172.31.0.1 # Default gateway
table: 1000
- to: 172.31.2.201
via: 0.0.0.0
scope: link
table: 1000
- to: 172.31.2.202
via: 0.0.0.0
scope: link
table: 1000
routing-policy:
- from: 172.31.2.201
table: 1000
- from: 172.31.2.202
table: 1000
这里需要注意的一点是,您在路由策略中明确定义了到 172.31.2.201 和 172.31.2.202 的路由。这应该是不必要的,因为这些都是本地地址。
最终的路由表显示:
172.31.0.0/20 dev ens5 proto kernel scope link src 172.31.1.102
172.31.0.1 dev ens5 proto dhcp scope link src 172.31.1.101 metric 100
当然,您没有将这些路由配置为路由策略的一部分。我不确定这是否是预期的行为,因为这些是设备上的本地链路路由。然而,这些路由是您无法 ping 172.31.2.x 地址的根本原因,因为 172.31.0.0/20 有两个具有相同路由度量(优先级)的冲突路由,并且有一个主机路由声明您的网关应通过 ens5 路由,这意味着您的其余路由策略无效,因为全部非本地流量正在通过 ens5 发送出去。
您将需要找出这些路由的来源 - 因为它们不是来自您显示的 netplan 配置 - 并将其删除,以解决您的 ping 问题。