首页 > 其他分享 >calico ipip模式实验

calico ipip模式实验

时间:2024-03-13 13:44:19浏览次数:25  
标签:ip ipip length 实验 10.96 e5 d2 calico eth0

实验步骤1-创建网络空间,设备,并配置

HOST_IP=$( hostname -I | awk  '{print $1}')
POD1_IP=10.96.30.11
POD2_IP=10.96.30.12
GATEWAY_IP=169.254.1.1
#1. 创建network namespace
    ip netns add pod1
    ip netns add pod2
#2. 创建veth pair 并加入到namespace
    ip link add eth0 type veth peer name eth0-p1
    ip link set eth0 netns pod1
    ip link add eth0 type veth peer name eth0-p2
    ip link set eth0 netns pod2
    #配置设备IP地址
    ip netns exec pod1 ip addr add $POD1_IP/24 dev eth0
    ip netns exec pod2 ip addr add $POD2_IP/24 dev eth0
    #启动设备
    ip netns exec pod1 ip link set eth0 up
    ip netns exec pod2 ip link set eth0 up
    ip link set eth0-p1 up
    ip link set eth0-p2 up
    #启动回环设备
    ip netns exec pod1 ip link set lo up
    ip netns exec pod2 ip link set lo up
    
    #为设备添加路由--必须先添加默认设备端口,否则报网络不可达
    ip netns exec pod1 ip route add $GATEWAY_IP dev eth0 scope link
    ip netns exec pod2 ip route add $GATEWAY_IP dev eth0 scope link
    
    ip netns exec pod1 ip route add default via $GATEWAY_IP dev eth0
    ip netns exec pod2 ip route add default via $GATEWAY_IP dev eth0
#3. 设置veth pair 的proxy arp
    echo 1 > /proc/sys/net/ipv4/conf/eth0-p1/proxy_arp
    echo 1 > /proc/sys/net/ipv4/conf/eth0-p2/proxy_arp
#4. 设置主机路由
    ip route add $POD1_IP dev eth0-p1
    ip route add $POD2_IP dev eth0-p2

实验步骤2-在pod1中ping pod2测试两个ns是否连通,同时在四个设备上抓包:

ip netns  exec pod1 ping -c 1 10.96.30.12

#pod1 eth0设备抓包
ip netns exec pod1 tcpdump -pne -i eth0

#eth0-p1设备抓包
tcpdump -pne -i eth0-p1

#pod2 eth0设备抓包
ip netns exec pod2 tcpdump -pne -i eth0

#eth0-p1设备抓包
tcpdump -pne -i eth0-p2

 

pod1 eth0设备抓包内容:

10:34:36.866502 d2:3a:94:8c:41:e5 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.12 tell 10.96.30.11, length 28
10:34:36.921359 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype ARP (0x0806), length 42: Reply 10.96.30.12 is-at 0e:05:60:f2:ac:47, length 28
10:34:36.921395 d2:3a:94:8c:41:e5 > 0e:05:60:f2:ac:47, ethertype IPv4 (0x0800), length 98: 10.96.30.11 > 10.96.30.12: ICMP echo request, id 19231, seq 1, length 64
10:34:36.921484 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype IPv4 (0x0800), length 98: 10.96.30.12 > 10.96.30.11: ICMP echo reply, id 19231, seq 1, length 64
10:34:42.174413 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.11 tell 192.168.30.211, length 28
10:34:42.174449 d2:3a:94:8c:41:e5 > 0e:05:60:f2:ac:47, ethertype ARP (0x0806), length 42: Reply 10.96.30.11 is-at d2:3a:94:8c:41:e5, length 28

 

eth0-p1抓包内容:

10:34:36.866524 d2:3a:94:8c:41:e5 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.12 tell 10.96.30.11, length 28
10:34:36.921343 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype ARP (0x0806), length 42: Reply 10.96.30.12 is-at 0e:05:60:f2:ac:47, length 28
10:34:36.921397 d2:3a:94:8c:41:e5 > 0e:05:60:f2:ac:47, ethertype IPv4 (0x0800), length 98: 10.96.30.11 > 10.96.30.12: ICMP echo request, id 19231, seq 1, length 64
10:34:36.921483 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype IPv4 (0x0800), length 98: 10.96.30.12 > 10.96.30.11: ICMP echo reply, id 19231, seq 1, length 64
10:34:42.174397 0e:05:60:f2:ac:47 > d2:3a:94:8c:41:e5, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.11 tell 192.168.30.211, length 28
10:34:42.174450 d2:3a:94:8c:41:e5 > 0e:05:60:f2:ac:47, ethertype ARP (0x0806), length 42: Reply 10.96.30.11 is-at d2:3a:94:8c:41:e5, length 28

eth0-p2抓包内容:

10:34:36.921439 d2:e5:fb:a0:e6:c7 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.12 tell 192.168.30.211, length 28
10:34:36.921453 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype ARP (0x0806), length 42: Reply 10.96.30.12 is-at 3e:63:d4:1b:a8:b0, length 28
10:34:36.921455 d2:e5:fb:a0:e6:c7 > 3e:63:d4:1b:a8:b0, ethertype IPv4 (0x0800), length 98: 10.96.30.11 > 10.96.30.12: ICMP echo request, id 19231, seq 1, length 64
10:34:36.921478 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype IPv4 (0x0800), length 98: 10.96.30.12 > 10.96.30.11: ICMP echo reply, id 19231, seq 1, length 64
10:34:42.174426 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.11 tell 10.96.30.12, length 28
10:34:42.174456 d2:e5:fb:a0:e6:c7 > 3e:63:d4:1b:a8:b0, ethertype ARP (0x0806), length 42: Reply 10.96.30.11 is-at d2:e5:fb:a0:e6:c7, length 28

pod2 eth0抓包内容:

10:34:36.921442 d2:e5:fb:a0:e6:c7 > Broadcast, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.12 tell 192.168.30.211, length 28
10:34:36.921451 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype ARP (0x0806), length 42: Reply 10.96.30.12 is-at 3e:63:d4:1b:a8:b0, length 28
10:34:36.921456 d2:e5:fb:a0:e6:c7 > 3e:63:d4:1b:a8:b0, ethertype IPv4 (0x0800), length 98: 10.96.30.11 > 10.96.30.12: ICMP echo request, id 19231, seq 1, length 64
10:34:36.921477 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype IPv4 (0x0800), length 98: 10.96.30.12 > 10.96.30.11: ICMP echo reply, id 19231, seq 1, length 64
10:34:42.174421 3e:63:d4:1b:a8:b0 > d2:e5:fb:a0:e6:c7, ethertype ARP (0x0806), length 42: Request who-has 10.96.30.11 tell 10.96.30.12, length 28
10:34:42.174457 d2:e5:fb:a0:e6:c7 > 3e:63:d4:1b:a8:b0, ethertype ARP (0x0806), length 42: Reply 10.96.30.11 is-at d2:e5:fb:a0:e6:c7, length 28

实验分析: 

1.pod1 发送icmp包

    pod1不知道10.96.30.12这个ip地址对应的mac地址,无法完成以太网帧,因此会先通过arp协议转换

    1.1  pod1中的eth0网卡发出arp请求(为什么从eth0发出?pod1配置了默认路由,从eth0接口发出)

    1.2  eth0-p1所在的宿主机因为收到arp请求, 会自动更新自己的arp表项:(10.96.30.11) at d2:3a:94:8c:41:e5 [ether] on eth0-p1

    1.3  eth0-p1开启了 proxy arp,因此用自己的mac回复该arp请求

    1.4 pod1得到回复后,更新自己的arp表,表项为:(10.96.30.12) at 0e:05:60:f2:ac:47 [ether] on eth0   。其实eth0被eth0-p1骗了

2. pod1的arp完成,紧接着发出icmp包(ping echo),该网络包自然会到达eth0-p1

3. eth0-p1是宿主机网卡,宿主机收到该icmp包,并且由于宿主机开启了ip forward 因此会转发该包。

    宿主机转发icmp包时,宿主机自己也不知道10.96.30.12的mac,因此宿主机发出arp广播请求

    3.1. 该arp广播请求从eth0-p2发出,为什么?因为宿主机配置了路由,所有到10.96.30.12的包从eth0-p2接口出去

    3.2. eth0-p2发出arp广播包(Request who-has 10.96.30.12 tell 192.168.30.211),pod2中的eth0回复该请求(Reply 10.96.30.12 is-at 3e:63:d4:1b:a8:b0)

    3.3. eth0-p2收到回复,亦即宿主机收到回复,宿主机更新自己的arp表,表项为:(10.96.30.12) at 3e:63:d4:1b:a8:b0 [ether] on eth0-p2

    3.4 宿主机将icmp包装入以太网帧并发出

4. pod2中的eth0收到该icmp包,发现是在ping自己,因此回复该icmp包 

    pod2自己也不知道10.96.30.11的mac,因此发出arp广播请求

    4.1. 该arp广播请求从eth0发出

    4.2. eth0-p2收到arp广播包,由于自己开启了proxy arp 因此eth0-p2用自己的mac回复该arp广播

    4.3. pod2中的eth0收到回复,更新自己的arp表,表项为: (10.96.30.11) at d2:e5:fb:a0:e6:c7 [ether] on eth0

    4.4 pod2将icmp回复包装入以太网帧并发出给eth0-p2

8. 宿主机的eth0-p2收到pod2回复的icmp包,由于自己开启了ip forward,因此会转发该包,同时由于宿主机知道10.96.30.11的mac(arp表项已经存在),便直接封装成以太网帧通过eth0-p1发送(路由表知道10.96.30.11需要通过该接口发送,arp表中也有)

9. pod1中eth0收到icmp回复,至此ping完成。

标签:ip,ipip,length,实验,10.96,e5,d2,calico,eth0
From: https://www.cnblogs.com/lucidar/p/18070107

相关文章

  • 实验案例:使用Windows 10桌面系统
    1、实验环境      BDON公司刚刚招聘了一位新入职员工小张。部门经理要求系统管理员带小张快速地熟悉公司环境以尽快上手工作,系统管理员为小张的计算机安装了Windows1o操作系统以后,需要小张进一步熟悉公司的Windows10桌面环境及使用系统的基本操作,以便更好地实......
  • 【Spark编程基础】实验二Spark和Hadoop的安装(附源代码)
    文章目录一、实验目的二、实验平台三、实验内容和要求1.HDFS常用操作2、Spark读取文件系统的数据四、实验过程一、实验目的(1)掌握在Linux虚拟机中安装Hadoop和Spark的方法;(2)熟悉HDFS的基本使用方法;(3)掌握使用Spark访问本地文件和HDFS文件的方法。二、......
  • 实验1 C语言开发环境使用和数据类型、运算符、表达式
    1#include<stdio.h>2intmain()3{4printf("o\n");5printf("<H>\n");6printf("II\n");78return0;9}#include<stdio.h>intmain(){printf("oo\n"......
  • 实验1 C语言开发环境使用和数据类型、运算符、表达式
    task1点击查看代码#include<stdio.h>intmain(){printf("o\n"); printf("<H>\n"); printf("II\n"); printf("o\n"); printf("<H>\n"); printf("II\n"); system("......
  • 来自 AI Secure 实验室的 LLM 安全排行榜简介
    近来,LLM已深入人心,大有燎原之势。但在我们将其应用于千行百业之前,理解其在不同场景下的安全性和潜在风险显得尤为重要。为此,美国白宫发布了关于安全、可靠、可信的人工智能的行政命令;欧盟人工智能法案也对高风险人工智能系统的设立了专门的强制性要求。在这样的大背景下,我们首......
  • 实验1 C语言输入输出和简单程序编写
    实验任务11_11#include<stdio.h>2intmain()3{4printf("O\n");5printf("<H>\n");6printf("II\n");78printf("O\n");9printf("<H>\n");10......
  • 实验1 C语言输入输出和简单程序编写
    1#include<stdio.h>usingnamespacestd;intmain(){ printf("O\n"); printf("<H>\n"); printf("II\n"); return0;}2#include<stdio.h>usingnamespacestd;intmain(){floata,b,c; scanf......
  • 实验1
    task1_1.cinclude<stdio.h>intmain(){printf("O\n");printf("\n");printf("II\n");printf("O\n");printf("<H>\n");printf("II\n");return0;}task1_2.cinclude&l......
  • 操作系统实验——进程通信(共享存储区通信)实验
    一、实验目的:了解和熟悉共享存储机制   实验内容:编制一长度为1k的共享存储区发送和接收的程序。三、实验步骤及结果://把实验运行过程和相关代码,或者实验结果等截图拷贝过来1、了解共享存储区的机制共享存储区(ShareMemory)是UNIX系统中通信速度最高的一种......
  • LACP短超时和长超时对接实验
    实验现象sw1和sw2互联的两条链路加入统一聚合口1,配置为动态聚合具体debug信息见文章最后SW1和SW21、默认情况下lacp为长超时,displink-aggverbri1 本端和对端的flags “B”都没有置位(表示默认为长超时),debugginglacp(debugginglink-aggregationlacpall)报文情况来......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99