arp代理

一、作用
开启了proxy_arp功能之后,主机就会看起来像一个网关,会响应所有的ARP请求,并将自己的MAC地址告诉客户端
 
二、测试
1、服务器信息

服务器1:10.30.20.56
服务器2:10.30.20.104
2、节点10.30.20.56
# ip link add veth0 type veth peer name veth0_p
# ip netns add ns0
# ip link set veth0_p netns ns0
# ip netns exec ns0 ip link set veth0_p name eth0
# ip netns exec ns0 ip a add 10.10.10.10/24 dev eth0
# ip netns exec ns0 ip link set eth0 up
# ip netns exec ns0 ip link set lo up
# ip netns exec ns0 ip route add 169.254.1.1 dev eth0
# ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0
# ip netns exec ns0 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
# ip link set veth0 up
# ip route add 10.10.10.10 dev veth0
# ip route add 10.10.10.20 via 10.30.20.104 dev eth0
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.30.20.1      0.0.0.0         UG    0      0        0 eth0
10.10.10.10     0.0.0.0         255.255.255.255 UH    0      0        0 veth0
10.10.10.20     10.30.20.104    255.255.255.255 UGH   0      0        0 eth0
10.30.20.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
3、节点10.30.20.104
# ip link add veth0 type veth peer name veth0_p
# ip netns add ns0
# ip link set veth0_p netns ns0
# ip netns exec ns0 ip link set veth0_p name eth0
# ip netns exec ns0 ip a add 10.10.10.20/24 dev eth0
# ip netns exec ns0 ip link set eth0 up
# ip netns exec ns0 ip link set lo up
# ip netns exec ns0 ip route add 169.254.1.1 dev eth0
# ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0
# ip netns exec ns0 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
# ip link set veth0 up
# ip route add 10.10.10.20 dev veth0
# ip route add 10.10.10.10 via 10.30.20.56 dev eth0
4、调整内核参数

net.ipv4.ip_forward = 1
echo 1 > /proc/sys/net/ipv4/conf/veth0/proxy_arp
5、测试联通性,在10.20.30.56

# ip netns exec ns0 ping 10.10.10.20
PING 10.10.10.20 (10.10.10.20) 56(84) bytes of data.
64 bytes from 10.10.10.20: icmp_seq=1 ttl=62 time=0.541 ms
64 bytes from 10.10.10.20: icmp_seq=2 ttl=62 time=0.509 ms
64 bytes from 10.10.10.20: icmp_seq=3 ttl=62 time=0.430 ms
抓包

# tcpdump -nni veth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:05:55.830678 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 6137, seq 1, length 64
18:05:55.831288 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 6137, seq 1, length 64
18:06:00.839706 ARP, Request who-has 10.10.10.20 tell 10.10.10.10, length 28
18:06:00.839736 ARP, Reply 10.10.10.20 is-at ea:ba:99:f6:2f:f0, length 28
6、删除主机路由

# ip netns exec ns0 ip route
default via 169.254.1.1 dev eth0 
10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.10 
169.254.1.1 dev eth0 scope link 
# ip netns exec ns0 ip route delete 10.10.10.0/24 dev eth0
# ip netns exec ns0 ip route
default via 169.254.1.1 dev eth0 
169.254.1.1 dev eth0 scope link
重新抓包

# tcpdump -nni veth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:10:59.141794 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 7048, seq 1, length 64
18:10:59.142307 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 7048, seq 1, length 64
18:11:04.151665 ARP, Request who-has 169.254.1.1 tell 10.10.10.10, length 28
18:11:04.151706 ARP, Reply 169.254.1.1 is-at ea:ba:99:f6:2f:f0, length 28

 

参考文档:

  

  

  

  

  

  

arp代理

上一篇:glance 迁移


下一篇:用Vue-li3跑项目的时候报错:3 errors and 0 warnings potentially fixable with the `--fix` option.