XenServer 來賓中的 IPv6 隨機停止工作
我的 XenServer 7.0 VM 執行 Ubuntu 16.04 和核心 4.4.0 決定在重新啟動整個機器或重置網路介面後不久停止接收 IPv6 數據包。
tcpdump
雖然一切正常,但在 XenServer 主機上執行會在 ping facebook.com 時顯示以下內容:[root@localhost ~]# tcpdump -i xenbr0 -vv ip6 tcpdump: listening on xenbr0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C [root@localhost ~]# tcpdump -i eth0 -vv ip6 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 09:25:26.063597 IP6 (flowlabel 0xa64ab, hlim 64, next-header ICMPv6 (58) payload length: 64) 2a01:4f8:xxxx:yyyy::3 > edge-star-mini6-shv-01-amt2.facebook.com: [icmp6 sum ok] ICMP6, echo request, seq 1 09:25:26.074727 IP6 (class 0x40, hlim 56, next-header ICMPv6 (58) payload length: 64) edge-star-mini6-shv-01-amt2.facebook.com > 2a01:4f8:xxxx:yyyy::3: [icmp6 sum ok] ICMP6, echo reply, seq 1 09:25:27.070651 IP6 (flowlabel 0xa64ab, hlim 64, next-header ICMPv6 (58) payload length: 64) 2a01:4f8:xxxx:yyyy::3 > edge-star-mini6-shv-01-amt2.facebook.com: [icmp6 sum ok] ICMP6, echo request, seq 2 09:25:27.081839 IP6 (class 0x40, hlim 56, next-header ICMPv6 (58) payload length: 64) edge-star-mini6-shv-01-amt2.facebook.com > 2a01:4f8:xxxx:yyyy::3: [icmp6 sum ok] ICMP6, echo reply, seq 2 ^C
一切如預期。大約 15-30 分鐘後,虛擬機停止看到回顯回复,我從以下渠道得到
tcpdump
:[root@localhost ~]# tcpdump -i xenbr0 -vv ip6 tcpdump: listening on xenbr0, link-type EN10MB (Ethernet), capture size 65535 bytes 09:28:23.106447 IP6 (class 0x40, hlim 56, next-header ICMPv6 (58) payload length: 64) edge-star-mini6-shv-01-amt2.facebook.com > 2a01:4f8:xxxx:yyyy::3: [icmp6 sum ok] ICMP6, echo reply, seq 1 09:28:24.113032 IP6 (class 0x40, hlim 56, next-header ICMPv6 (58) payload length: 64) edge-star-mini6-shv-01-amt2.facebook.com > 2a01:4f8:xxxx:yyyy::3: [icmp6 sum ok] ICMP6, echo reply, seq 2 ^C [root@localhost ~]# tcpdump -i eth0 -vv ip6 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 09:31:37.437793 IP6 (flowlabel 0x37012, hlim 64, next-header ICMPv6 (58) payload length: 64) 2a01:4f8:xxxx:yyyy::3 > edge-star-mini6-shv-01-fra3.facebook.com: [icmp6 sum ok] ICMP6, echo request, seq 19 09:31:37.442832 IP6 (class 0x40, hlim 57, next-header ICMPv6 (58) payload length: 64) edge-star-mini6-shv-01-fra3.facebook.com > 2a01:4f8:xxxx:yyyy::3: [icmp6 sum ok] ICMP6, echo reply, seq 19 ^C
出於某種原因,當事情停止工作時,回顯回復也會通過 xenbr0 介面,而不僅僅是 eth0。
在客人身上執行
service networking stop && service networking start
會使一切重新工作。在 XenServer 上禁用和重新啟用 VM 網路連結沒有幫助。我已經嘗試在虛擬機上禁用路由器廣告,但這也無濟於事。我不知道這是從哪裡來的,不知道是 XenServer 問題還是 Ubuntu/Linux 問題。在 xenbr0 上看到的任性數據包似乎指向 XenServer,重置 VM 網路堆棧有助於這一事實似乎指向 Linux…
更新
在閱讀了一些關於 XenServer 網路的資訊後,問題似乎是 XenServer 虛擬交換機將數據包路由到了錯誤的介面。預期的流量是
eth0 -> vif2.0
,但是數據包會eth0 -> xenbr0
在 Dom0 機器上結束,而不是在正確的 DomU 上結束。在 DomU 上重新啟動網路後,一些隨後發送的鄰居請求或鄰居廣告似乎暫時解決了該問題:13:50:23.178132 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28 13:50:23.378089 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 13:50:23.442094 IP6 :: > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has example.org, length 24 13:50:23.698108 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 13:50:24.050127 IP6 :: > ff02::1:ff00:36ab: ICMP6, neighbor solicitation, who has fe80::250:xxxx:yyyy:36ab, length 24 13:50:25.050149 IP6 fe80::250:xxxx:yyyy:36ab > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 13:50:25.174116 IP6 fe80::250:xxxx:yyyy:36ab > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48 13:50:27.605989 IP6 fe80::250:xxxx:yyyy:36ab > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32 13:50:27.606801 IP6 fe80::1 > fe80::250:xxxx:yyyy:36ab: ICMP6, neighbor advertisement, tgt is fe80::1, length 32 13:50:27.609480 IP6 fe80::250:xxxx:yyyy:36ab > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32 13:50:27.609488 IP6 example.org > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has fe80::1, length 32 13:50:27.609943 IP6 fe80::1 > fe80::250:xxxx:yyyy:36ab: ICMP6, neighbor advertisement, tgt is fe80::1, length 32
我對 IPv6 的了解還不是很深,尚無法說出究竟是什麼導致它再次工作。
問題通常是我的託管服務提供商 Hetzner 的非標準 IPv6 設置。據我了解,不可能進行“真正的”橋接 IPv6 設置,因為我的專用 /64 子網固定為僅路由到一個特定的 MAC 地址。NA 或 NS 數據包顯然可以在短時間內覆蓋它,但不久之後它會恢復到主機 MAC 地址。我現在通過在主機上啟用 IPv6 數據包轉發並將其設置為 DomU 上的 IPv6 網關來解決該問題。