# docker exec -it l3h1 ip -br addr show lo UNKNOWN 127.0.0.1/8 el3h1llb1@if6 UP 10.10.10.1/24 eth0@if66 UP 172.17.0.6/16
1 2 3 4 5 6 7 8
# docker exec -it llb1 ip -br addr show lo UNKNOWN 127.0.0.1/8 10.10.10.3/32 llb0 UNKNOWN ellb1l3ep1@if2 UP 31.31.31.254/24 ellb1l3ep2@if2 UP 32.32.32.254/24 ellb1l3ep3@if2 UP 33.33.33.254/24 ellb1l3h1@if2 UP 10.10.10.254/24 eth0@if58 UP 172.17.0.2/16
1 2 3 4 5 6 7 8 9 10 11 12 13 14
# docker exec -it l3ep1 ip -br addr show lo UNKNOWN 127.0.0.1/8 el3ep1llb1@if3 UP 31.31.31.1/24 eth0@if60 UP 172.17.0.3/16
# docker exec -it l3ep2 ip -br addr show lo UNKNOWN 127.0.0.1/8 el3ep2llb1@if4 UP 32.32.32.1/24 eth0@if62 UP 172.17.0.4/16
# docker exec -it l3ep3 ip -br addr show lo UNKNOWN 127.0.0.1/8 el3ep3llb1@if5 UP 33.33.33.1/24 eth0@if64 UP 172.17.0.5/16
在 loxilb 容器中执行 loxicmd 命令,可以查看 LB 相关配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# docker exec -it loxilb /bin/bash
# loxicmd get loadbalancer | EXT IP | PORT | PROTO | NAME | MARK | SEL | MODE | # OF ENDPOINTS | MONITOR | |--------------|------|-------|------|------|-----|---------|----------------|---------| | 10.10.10.254 | 2020 | tcp | | 0 | rr | default | 3 | Off | | 10.10.10.3 | 2020 | tcp | | 0 | rr | default | 3 | Off | | 20.20.20.1 | 2020 | tcp | | 0 | rr | default | 3 | Off |
# $hexec l3h1 ip route default via 10.10.10.254 dev el3h1llb1 10.10.10.0/24 dev el3h1llb1 proto kernel scope link src 10.10.10.1 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.6
# $hexec l3h1 ip route default via 10.10.10.254 dev el3h1llb1 10.10.10.0/24 dev el3h1llb1 proto kernel scope link src 10.10.10.1 11.11.11.0/24 dev vlan11 proto kernel scope link src 11.11.11.254 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3
# $hexec l3ep1 ip route default via 31.31.31.254 dev el3ep1llb1 10.10.10.0/24 via 11.11.11.254 dev vlan11 11.11.11.0/24 dev vlan11 proto kernel scope link src 11.11.11.1 31.31.31.0/24 dev el3ep1llb1 proto kernel scope link src 31.31.31.1 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4
在看下整个拓扑的 vlan 配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
# $hexec l3h1 ip -br addr show vlan11 vlan11 UP 11.11.11.254/24 # $hexec l3h1 brctl show vlan11 bridge name bridge id STP enabled interfaces vlan11 8000.c2decb6b4135 no el3h1sw1
# $hexec sw1 brctl show vlan11 bridge name bridge id STP enabled interfaces vlan11 8000.46f2213b1deb no esw1l3ep1 esw1l3ep2 esw1l3ep3 esw1l3h1 # $hexec l3ep1 ip -br addr show vlan11 vlan11 UP 11.11.11.1/24 # $hexec l3ep1 brctl show vlan11 bridge name bridge id STP enabled interfaces vlan11 8000.0a96b4aa4683 no el3ep1sw1 ......
# $dexec llb1 ip -br link show lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> llb0 UNKNOWN 52:68:57:6d:45:ba <BROADCAST,MULTICAST,UP,LOWER_UP> ellb1l3h1@if2 UP 12:b9:f5:99:4e:3c <BROADCAST,MULTICAST,UP,LOWER_UP> ellb1l3ep1@if2 UP 9e:8d:30:a8:be:82 <BROADCAST,MULTICAST,UP,LOWER_UP> ellb1l3ep2@if2 UP be:24:7e:c4:38:51 <BROADCAST,MULTICAST,UP,LOWER_UP> ellb1l3ep3@if2 UP 96:13:7e:39:d2:c2 <BROADCAST,MULTICAST,UP,LOWER_UP> tunl0@NONE DOWN 0.0.0.0 <NOARP> ipip0@NONE UNKNOWN 31.31.31.254 <POINTOPOINT,NOARP,UP,LOWER_UP> ipip1@NONE UNKNOWN 32.32.32.254 <POINTOPOINT,NOARP,UP,LOWER_UP> ipip2@NONE UNKNOWN 33.33.33.254 <POINTOPOINT,NOARP,UP,LOWER_UP> eth0@if112 UP 02:42:ac:11:00:02 <BROADCAST,MULTICAST,UP,LOWER_UP>
# $dexec llb1 ip -br addr show lo UNKNOWN 127.0.0.1/8 llb0 UNKNOWN ellb1l3h1@if2 UP 10.10.10.254/24 ellb1l3ep1@if2 UP 31.31.31.254/24 ellb1l3ep2@if2 UP 32.32.32.254/24 ellb1l3ep3@if2 UP 33.33.33.254/24 tunl0@NONE DOWN ipip0@NONE UNKNOWN 45.45.45.254/24 ipip1@NONE UNKNOWN 46.46.46.254/24 ipip2@NONE UNKNOWN 47.47.47.254/24 eth0@if112 UP 172.17.0.2/16
# $dexec llb1 ip route default via 172.17.0.1 dev eth0 10.10.10.0/24 dev ellb1l3h1 proto kernel scope link src 10.10.10.254 31.31.31.0/24 dev ellb1l3ep1 proto kernel scope link src 31.31.31.254 32.32.32.0/24 dev ellb1l3ep2 proto kernel scope link src 32.32.32.254 33.33.33.0/24 dev ellb1l3ep3 proto kernel scope link src 33.33.33.254 45.45.45.0/24 dev ipip0 proto kernel scope link src 45.45.45.254 46.46.46.0/24 dev ipip1 proto kernel scope link src 46.46.46.254 47.47.47.0/24 dev ipip2 proto kernel scope link src 47.47.47.254 56.56.56.0/24 via 45.45.45.1 dev ipip0 57.57.57.0/24 via 46.46.46.1 dev ipip1 58.58.58.0/24 via 47.47.47.1 dev ipip2 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
# $hexec llb1 ip tunnel show tunl0: any/ip remote any local any ttl inherit nopmtudisc ipip0: any/ip remote 31.31.31.1 local 31.31.31.254 ttl inherit ipip1: any/ip remote 32.32.32.1 local 32.32.32.254 ttl inherit ipip2: any/ip remote 33.33.33.1 local 33.33.33.254 ttl inherit
查看某个 endpoint 上的配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
# $dexec l3ep1 ip -br link show lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> el3ep1llb1@if4 UP 32:b6:d7:fd:50:de <BROADCAST,MULTICAST,UP,LOWER_UP> tunl0@NONE DOWN 0.0.0.0 <NOARP> ipip0@NONE UNKNOWN 31.31.31.1 <POINTOPOINT,NOARP,UP,LOWER_UP> eth0@if116 UP 02:42:ac:11:00:04 <BROADCAST,MULTICAST,UP,LOWER_UP>
# $dexec l3ep1 ip -br addr show lo UNKNOWN 127.0.0.1/8 56.56.56.1/32 20.20.20.1/32 el3ep1llb1@if4 UP 31.31.31.1/24 tunl0@NONE DOWN ipip0@NONE UNKNOWN 45.45.45.1/24 eth0@if116 UP 172.17.0.4/16
# $dexec l3ep1 ip route default via 31.31.31.254 dev el3ep1llb1 31.31.31.0/24 dev el3ep1llb1 proto kernel scope link src 31.31.31.1 45.45.45.0/24 dev ipip0 proto kernel scope link src 45.45.45.1 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4
看下抓的报文:
1 2 3 4 5
# $hexec llb1 tcpdump -i ellb1l3h1 -n -l tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on ellb1l3h1, link-type EN10MB (Ethernet), snapshot length 262144 bytes # llb1 上的 ellb1l3h1 收到 SYN 包 19:05:10.487705 IP 10.10.10.1.55001 > 20.20.20.1.8080: Flags [S], seq 3053784621, win 63680, options [mss 7960,sackOK,TS val 3433925339 ecr 0,nop,wscale 7], length 0
而从 LB ellb1l3ep3 接口上的抓包可以看到,该 SYN 包通过 IPIP 隧道协议发送: