Cisco
因“輸入 DA 拒絕”而失去單播流量
我對舊的 Cisco 5509 交換機和一些基於 kvm/qemu 的虛擬機有一個相當複雜的問題。首先,系統的設置如下所示:
|-------------------------------------------- -------------| ||----------| VMHOST | |5509 | ||VM1 | | | | || ------| | | 101|-------Juniper || |vmnic|---vnet0<->br0<->eth3.101--eth3|-----|Trunk | ||----------| | | | | | | | |-------------------------------------------- --------------因此,虛擬機不支持 vlan,而是通過一個網橋連接,該網橋使用 vlan 101 標記流量,然後此 vlan 在 5509 上的中繼埠上發送,該埠在埠 (101) 上發送流量刪除標籤傳遞它瞻博網路。
問題是這種設置適用於廣播流量。我可以在 vm1 和 Juniper 之間進行 arping。但是,單播在瞻博網路和 eth3 之間的某處失去,但只有從 vm1 到瞻博網路的流量!
一些日誌:從 vm1 到主機的 Arping 和 ping
sudo arping 192.168.0.2 ARPING 192.168.0.2 60 bytes from 00:05:85:cc:f2:10 (192.168.0.2): index=0 time=3.354 msec 60 bytes from 00:05:85:cc:f2:10 (192.168.0.2): index=1 time=3.739 msec 60 bytes from 00:05:85:cc:f2:10 (192.168.0.2): index=2 time=1.511 msec ^C --- 192.168.0.2 statistics --- 3 packets transmitted, 3 packets received, 0% unanswered (0 extra) PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. ^C --- 192.168.0.2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2004ms以及執行這兩個命令時來自 eth3 的轉儲
sudo tcpdump -ei eth3 tcpdump: WARNING: eth3: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes 19:25:06.871102 00:16:3e:3e:02:11 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 101, p 0, ethertype ARP, Request who-has 192.168.0.2 tell 192.168.0.1, length 28 19:25:06.872563 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 101, p 0, ethertype ARP, Reply 192.168.0.2 is-at 00:05:85:cc:f2:10 (oui Unknown), length 46 19:25:07.871848 00:16:3e:3e:02:11 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 101, p 0, ethertype ARP, Request who-has 192.168.0.2 tell 192.168.0.1, length 28 19:25:07.874369 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 101, p 0, ethertype ARP, Reply 192.168.0.2 is-at 00:05:85:cc:f2:10 (oui Unknown), length 46 19:25:08.872454 00:16:3e:3e:02:11 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 101, p 0, ethertype ARP, Request who-has 192.168.0.2 tell 192.168.0.1, length 28 19:25:09.028734 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 101, p 0, ethertype ARP, Reply 192.168.0.2 is-at 00:05:85:cc:f2:10 (oui Unknown), length 46 19:25:13.686148 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo request, id 1002, seq 1, length 64 19:25:14.690923 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo request, id 1002, seq 2, length 64 19:25:15.690788 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo request, id 1002, seq 3, length 64在另一個方向ping:
run ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1): 56 data bytes ^C --- 192.168.0.1 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss以及來自 eth3 的相關數據包轉儲,顯示數據包從 Juniper 到達 vm1 並在消失之前一直返回到 eth3。
sudo tcpdump -ei eth3 tcpdump: WARNING: eth3: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes 19:27:46.960138 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.2 > 192.168.0.1: ICMP echo request, id 61736, seq 0, length 64 19:27:46.970773 00:16:3e:3e:02:11 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 101, p 0, ethertype ARP, Request who-has 192.168.0.2 tell 192.168.0.1, length 28 19:27:46.972689 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 64: vlan 101, p 0, ethertype ARP, Reply 192.168.0.2 is-at 00:05:85:cc:f2:10 (oui Unknown), length 46 19:27:46.973052 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo reply, id 61736, seq 0, length 64 19:27:47.959952 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.2 > 192.168.0.1: ICMP echo request, id 61736, seq 1, length 64 19:27:47.960300 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo reply, id 61736, seq 1, length 64 19:27:49.048280 00:05:85:cc:f2:10 (oui Unknown) > 00:16:3e:3e:02:11 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.2 > 192.168.0.1: ICMP echo request, id 61736, seq 2, length 64 19:27:49.048618 00:16:3e:3e:02:11 (oui Unknown) > 00:05:85:cc:f2:10 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 101, p 0, ethertype IPv4, 192.168.0.1 > 192.168.0.2: ICMP echo reply, id 61736, seq 2, length 64 8 packets captured 8 packets received by filter 0 packets dropped by kernel一些相關的配置。第一個vm1:
eth1 Link encap:Ethernet HWaddr 00:16:3e:3e:02:11 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe3e:211/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1953 errors:0 dropped:0 overruns:0 frame:0 TX packets:3933 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:153032 (153.0 KB) TX bytes:315162 (315.1 KB) Interrupt:10 Base address:0x6000然後vmhost:
brctl show bridge name bridge id STP enabled interfaces br0 8000.001e68a9b341 no eth3.101 vnet0以及介面和橋樑(不相關的東西被刪除)
eth3 Link encap:Ethernet HWaddr 00:1e:68:a9:b3:41 inet6 addr: fe80::21e:68ff:fea9:b341/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:4306 errors:0 dropped:0 overruns:0 frame:0 TX packets:4870 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:329486 (329.4 KB) TX bytes:419680 (419.6 KB) Interrupt:47 Base address:0xc000 eth3.101 Link encap:Ethernet HWaddr 00:1e:68:a9:b3:41 inet6 addr: fe80::21e:68ff:fea9:b341/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2082 errors:0 dropped:0 overruns:0 frame:0 TX packets:3697 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:159118 (159.1 KB) TX bytes:306482 (306.4 KB) br0 Link encap:Ethernet HWaddr 00:1e:68:a9:b3:41 inet6 addr: fe80::490:41ff:fea8:25bd/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:4006 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:296858 (296.8 KB) TX bytes:468 (468.0 B) vnet0 Link encap:Ethernet HWaddr fe:16:3e:3e:02:11 inet6 addr: fe80::fc16:3eff:fe3e:211/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:3940 errors:0 dropped:0 overruns:0 frame:0 TX packets:2004 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:315680 (315.6 KB) TX bytes:184138 (184.1 KB)5509配置相關部分
set vlan 100-104 set spantree disable all set trunk 3/8 on dot1q 101-104,201-204,301-304,401-404,501-504,1002-1005 set vlan 101 4/1最後是杜松盒
fe-0/0/0 { unit 0 { family inet { address 192.168.0.2/24; } } }在這一點上,我開始強烈懷疑 5509 或網橋設置中的某個配置問題,但我什至無法開始想像可能導致此問題的原因。任何有網路經驗的人都可以提出解決這個問題的方法嗎?如果您需要更多資訊,請詢問。
編輯:
一些進一步的調試提示,這與 Juniper 框中的過濾器有關。我仍然不知道發生了什麼,但是“輸入 DA 拒絕”計數器會隨著每個失去的數據包而增加。
run show interfaces fe-0/0/0 extensive Physical interface: fe-0/0/0, Enabled, Physical link is Up Interface index: 129, SNMP ifIndex: 118, Generation: 130 Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 100mbps, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:05:85:cc:f2:10, Hardware address: 00:05:85:cc:f2:10 Last flapped : 2011-01-24 19:03:05 CET (16:10:25 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 109620 0 bps Output bytes : 331366 0 bps Input packets: 2035 0 pps Output packets: 5611 0 pps Input errors: Errors: 1, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 1, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 7, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort 5611 5611 0 1 expedited-fo 0 0 0 2 assured-forw 0 0 0 3 network-cont 0 0 0 Active alarms : None Active defects : None MAC statistics: Receive Transmit Total octets 0 331926 Total packets 0 5611 Unicast packets 0 3234 Broadcast packets 0 2377 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics: Input packet count 64407 Input packet rejects 62371 Input DA rejects 62371 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 1, CAM source filters: 0 Autonegotiation information: Negotiation status: Complete Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 100 Mbps Packet Forwarding Engine configuration: Destination slot: 0 Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 95000000 95 0 low none 3 network-control 5 5000000 5 0 low none Logical interface fe-0/0/0.0 (Index 68) (SNMP ifIndex 136) (Generation 133) Flags: SNMP-Traps Encapsulation: ENET2 Traffic statistics: Input bytes : 222600 Output bytes : 331366 Input packets: 2035 Output packets: 5611 Local statistics: Input bytes : 112980 Output bytes : 328006 Input packets: 1995 Output packets: 5571 Transit statistics: Input bytes : 109620 0 bps Output bytes : 3360 0 bps Input packets: 40 0 pps Output packets: 40 0 pps Protocol inet, MTU: 1500, Generation: 139, Route table: 0 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 192.168.0/24, Local: 192.168.0.2, Broadcast: 192.168.0.255, Generation: 140
問題出在 Juniper 盒子中的 CompactFlash 卡有問題。儲存系統映像的快閃記憶體卡已損壞,可能是在寫入過多之後。損壞的圖像很可能線上卡上傳入了損壞的程式碼,這反過來又使它們表現得很奇怪。
用新的快閃記憶體替換緊湊型快閃記憶體,在其上傳入新圖像,然後恢復配置,一切正常。