-
创建一个名为flannel.1的VXLAN网卡
root@ubuntu:~/cmd# ip -d link show flannel.1 198: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default link/ether 3a:2b:ed:85:2f:74 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 1 local 10.10.16.82 dev enahisic2i0 srcport 0 0 dstport 8472 nolearning ttl inherit ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 28672 gso_max_segs 65535 root@ubuntu:~/cmd#
可以看到mtu为1450(IP头、UDP头、MAC头、vxlan协议共占了50)。dstport为8472,local IP为节点IP, ]
root@ubuntu:~# kubectl get pod NAME READY STATUS RESTARTS AGE kata-busybox 1/1 Running 0 207d kata-nginx 1/1 Running 0 205d root@ubuntu:~# kubectl exec -it kata-busybox ip a kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel qlen 1000 link/ether 32:26:5a:e7:0d:83 brd ff:ff:ff:ff:ff:ff inet 10.244.0.5/24 brd 10.244.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::3026:5aff:fee7:d83/64 scope link flags 02 valid_lft forever preferred_lft forever
pod的路由
root@ubuntu:~# kubectl exec -it kata-busybox ip r show kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. default via 10.244.0.1 dev eth0 10.244.0.0/24 dev eth0 scope link src 10.244.0.5 10.244.0.0/16 via 10.244.0.1 dev eth0
10.244.0.1是host上cni0的ip
pod 访问 8.8.8.8
host上TCP dump
host路由
root@ubuntu:~# tcpdump -i flannel.1 icmp and host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on flannel.1, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel root@ubuntu:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.16.254 0.0.0.0 UG 0 0 0 enahisic2i0 10.10.16.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i0 10.10.100.0 0.0.0.0 255.255.255.0 U 0 0 0 peerh 10.10.104.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1 10.10.104.0 0.0.0.0 255.255.255.0 U 0 0 0 enahisic2i2 10.244.0.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
root@ubuntu:~# tcpdump -i enahisic2i0 icmp and host 8.8.8.8 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes 14:21:00.430365 IP ubuntu > dns.google: ICMP echo request, id 0, seq 0, length 64 14:21:00.447569 IP dns.google > ubuntu: ICMP echo reply, id 0, seq 0, length 64 14:21:01.430464 IP ubuntu > dns.google: ICMP echo request, id 0, seq 1, length 64 14:21:01.448616 IP dns.google > ubuntu: ICMP echo reply, id 0, seq 1, length 64
root@ubuntu:~# kubectl exec -it kata-busybox telnet 10.10.16.81 22 kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead. Connected to 10.10.16.81 SSH-2.0-OpenSSH_7.4 ^C Console escape. Commands are: l go to line mode c go to character mode z suspend telnet e exit telnet continuing...
查看contrack表
root@ubuntu:~# conntrack -L | grep 8.8.8.8 conntrack v1.4.4 (conntrack-tools): 152 flow entries have been shown. root@ubuntu:~# conntrack -L | grep 10.10.16.81 tcp 6 109 TIME_WAIT src=10.244.0.5 dst=10.10.16.81 sport=52124 dport=22 src=10.10.16.81 dst=10.10.16.82 sport=22 dport=19607 [ASSURED] mark=0 use=1 conntrack v1.4.4 (conntrack-tools): 159 flow entries have been shown. root@ubuntu:~#
