• arp代理


    一、作用
    开启了proxy_arp功能之后,主机就会看起来像一个网关,会响应所有的ARP请求,并将自己的MAC地址告诉客户端
     
    二、测试
    1、服务器信息

    服务器1:10.30.20.56
    服务器2:10.30.20.104
    2、节点10.30.20.56
    # ip link add veth0 type veth peer name veth0_p
    # ip netns add ns0
    # ip link set veth0_p netns ns0
    # ip netns exec ns0 ip link set veth0_p name eth0
    # ip netns exec ns0 ip a add 10.10.10.10/24 dev eth0
    # ip netns exec ns0 ip link set eth0 up
    # ip netns exec ns0 ip link set lo up
    # ip netns exec ns0 ip route add 169.254.1.1 dev eth0
    # ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0
    # ip netns exec ns0 route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
    10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
    169.254.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
    # ip link set veth0 up
    # ip route add 10.10.10.10 dev veth0
    # ip route add 10.10.10.20 via 10.30.20.104 dev eth0
    # route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.30.20.1      0.0.0.0         UG    0      0        0 eth0
    10.10.10.10     0.0.0.0         255.255.255.255 UH    0      0        0 veth0
    10.10.10.20     10.30.20.104    255.255.255.255 UGH   0      0        0 eth0
    10.30.20.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
    3、节点10.30.20.104
    # ip link add veth0 type veth peer name veth0_p
    # ip netns add ns0
    # ip link set veth0_p netns ns0
    # ip netns exec ns0 ip link set veth0_p name eth0
    # ip netns exec ns0 ip a add 10.10.10.20/24 dev eth0
    # ip netns exec ns0 ip link set eth0 up
    # ip netns exec ns0 ip link set lo up
    # ip netns exec ns0 ip route add 169.254.1.1 dev eth0
    # ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0
    # ip netns exec ns0 route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
    10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
    169.254.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
    # ip link set veth0 up
    # ip route add 10.10.10.20 dev veth0
    # ip route add 10.10.10.10 via 10.30.20.56 dev eth0
    
    4、调整内核参数

    net.ipv4.ip_forward = 1
    echo 1 > /proc/sys/net/ipv4/conf/veth0/proxy_arp
    
    5、测试联通性,在10.20.30.56

    # ip netns exec ns0 ping 10.10.10.20
    PING 10.10.10.20 (10.10.10.20) 56(84) bytes of data.
    64 bytes from 10.10.10.20: icmp_seq=1 ttl=62 time=0.541 ms
    64 bytes from 10.10.10.20: icmp_seq=2 ttl=62 time=0.509 ms
    64 bytes from 10.10.10.20: icmp_seq=3 ttl=62 time=0.430 ms
    
    抓包

    # tcpdump -nni veth0
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    18:05:55.830678 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 6137, seq 1, length 64
    18:05:55.831288 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 6137, seq 1, length 64
    18:06:00.839706 ARP, Request who-has 10.10.10.20 tell 10.10.10.10, length 28
    18:06:00.839736 ARP, Reply 10.10.10.20 is-at ea:ba:99:f6:2f:f0, length 28
    
    6、删除主机路由

    # ip netns exec ns0 ip route
    default via 169.254.1.1 dev eth0 
    10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.10 
    169.254.1.1 dev eth0 scope link 
    # ip netns exec ns0 ip route delete 10.10.10.0/24 dev eth0
    # ip netns exec ns0 ip route
    default via 169.254.1.1 dev eth0 
    169.254.1.1 dev eth0 scope link
    
    重新抓包

    # tcpdump -nni veth0
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    18:10:59.141794 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 7048, seq 1, length 64
    18:10:59.142307 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 7048, seq 1, length 64
    18:11:04.151665 ARP, Request who-has 169.254.1.1 tell 10.10.10.10, length 28
    18:11:04.151706 ARP, Reply 169.254.1.1 is-at ea:ba:99:f6:2f:f0, length 28
    

    参考文档:

      

      

      

      

      

      

  • 相关阅读:
    python excel 像 Excel 一样使用 python 进行数据分析
    ubuntu 系统分区
    ubuntu 配置和修改ip地址
    yum centos 修改镜像源
    centos6 安装 docker 问题
    Feign 的简单使用(2)
    feign client 的简单使用(1)
    xsync
    canal 配置
    javascript之DOM编程正则表达式引入
  • 原文地址:https://www.cnblogs.com/guoxianqi2020/p/14987573.html
Copyright © 2020-2023  润新知