Networking
為什麼流量會在不同的 veth 設備之間路由?
我有一個問題:虛擬網路設備之間存在意外的路由路徑。
讓我們創建兩個獨立的 veth-peer 設備對:
$ sudo ip link add veth0 type veth peer name peer0 $ sudo ip link add veth1 type veth peer name peer1為 peerX 設備分配地址:
$ sudo ip addr add ab:: dev peer0 $ sudo ip addr add cd:: dev peer1設置所有設備:
$ sudo ip link set dev veth0 up $ sudo ip link set dev veth1 up $ sudo ip link set dev peer1 up $ sudo ip link set dev peer0 up檢查設備:
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 02:82:b2:df:b0:58 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3 valid_lft 84429sec preferred_lft 84429sec inet6 fe80::82:b2ff:fedf:b058/64 scope link valid_lft forever preferred_lft forever 3: peer0@veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 6e:8d:c0:7c:02:9c brd ff:ff:ff:ff:ff:ff inet6 ab::/128 scope global valid_lft forever preferred_lft forever inet6 fe80::6c8d:c0ff:fe7c:29c/64 scope link valid_lft forever preferred_lft forever 4: veth0@peer0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 4e:43:26:75:10:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::4c43:26ff:fe75:1011/64 scope link valid_lft forever preferred_lft forever 5: peer1@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether ea:8c:82:e6:2e:a9 brd ff:ff:ff:ff:ff:ff inet6 cd::/128 scope global valid_lft forever preferred_lft forever inet6 fe80::e88c:82ff:fee6:2ea9/64 scope link valid_lft forever preferred_lft forever 6: veth1@peer1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether da:5a:68:b1:e8:43 brd ff:ff:ff:ff:ff:ff inet6 fe80::d85a:68ff:feb1:e843/64 scope link valid_lft forever preferred_lft forever和路線:
$ ip r default via 10.0.2.2 dev enp0s3 proto dhcp src 10.0.2.15 metric 100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 10.0.2.2 dev enp0s3 proto dhcp scope link src 10.0.2.15 metric 100現在在 UDP 埠 2000 上監聽 peer0:
$ nc -u -6 -l ab:: 2000並通過 peer1 發送數據包:
$ echo -n abc nc -u -6 -s cd:: ab:: 2000和聽
nc版畫abc!但是為什麼?peer0並且peer1沒有以任何方式連接。如果我理解正確,收聽nc應該綁定到peer0,發送nc應該綁定到peer1.
peer0 和 peer1 沒有以任何方式連接。
它們都是屬於系統的介面,因此它們連接到系統。路由發生在系統上。系統將直接在屬於自己的地址之間進行通信,無需將數據包路由到外部,即不通過 veth 介面發送數據包,而是使用其環回介面(
dev lo如下):# ip route get from cd:: to ab:: local ab:: from cd:: dev lo table local proto kernel src ab:: metric 0 pref medium此外,這並不是說它在這裡有多大幫助,但是當顯示沒有任何 IPv6 值來提示 IPv6 的路由時,
-6必須給出,或者它預設為 IPv4。# ip -6 route ab:: dev peer0 proto kernel metric 256 pref medium cd:: dev peer1 proto kernel metric 256 pref medium fe80::/64 dev peer1 proto kernel metric 256 pref medium fe80::/64 dev veth1 proto kernel metric 256 pref medium fe80::/64 dev peer0 proto kernel metric 256 pref medium fe80::/64 dev veth0 proto kernel metric 256 pref medium # ip -6 route show table local local ::1 dev lo proto kernel metric 0 pref medium local fe80::4c43:26ff:fe75:1011 dev veth0 proto kernel metric 0 pref medium local fe80::6c8d:c0ff:fe7c:29c dev peer0 proto kernel metric 0 pref medium local fe80::d85a:68ff:feb1:e843 dev veth1 proto kernel metric 0 pref medium local fe80::e88c:82ff:fee6:2ea9 dev peer1 proto kernel metric 0 pref medium multicast ff00::/8 dev veth1 proto kernel metric 256 pref medium multicast ff00::/8 dev peer1 proto kernel metric 256 pref medium multicast ff00::/8 dev veth0 proto kernel metric 256 pref medium multicast ff00::/8 dev peer0 proto kernel metric 256 pref medium