首先解释一下什么是对称路由和不对称路由。
对称路由:symmetric route,指从A到B所走的路由和从B到A所走的路由是相同的
不对称路由:asymmetric route,指从A到B所走的路由和从B到A所走的路由是不同的
测试过程如下
说明:
1 以下这三种情况中,iptables和selinux都已关闭
2 所有测试均基于RHEL6.8
*********************************
【情况1】这是测试中遇到的问题。这个问题不是非对称路由问题,而是普通的路由问题
*********************************
我这里只是单纯的ping不通。在主机B上执行ping -I 172.16.1.254 10.0.208.181(ping的-I是指定源地址),在主机B上进行ping的时候,指定了原IP为eth1接口的地址,目的地址是主机A的eth0 IP
主机A和主机B的默认网关都指向了10.0.208.254
step1:查看两台主机上的路由表
主机B上有2个网段:172和10,主机B的路由表如下
[root@storage ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.208.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 10.0.208.254 0.0.0.0 UG 0 0 0 eth0
主机A上有3个网段:10.0.0.0/24,10.0.1.0/24和10.0.208.0/24,这里只是用10.0.208.0/24网络。主机A的路由表如下
[root@compute ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.208.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth2
0.0.0.0 10.0.208.254 0.0.0.0 UG 0 0 0 eth0
默认情况下是ping不通的:
[root@storage ~]# ping -I 172.16.1.254 10.0.208.181
PING 10.0.208.181 (10.0.208.181) from 172.16.1.254 : 56(84) bytes of data.
^C
--- 10.0.208.181 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1774ms
step2:设置主机A的非对称路由参数
主机A的路由参数
[root@compute ~]# sysctl -a|grep rp_filter
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth1.rp_filter = 1
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth2.rp_filter = 1
net.ipv4.conf.eth2.arp_filter = 0
设置主机A的default.rp_filter
[root@compute ~]# sysctl -w net.ipv4.conf.default.rp_filter=0
[root@compute ~]# sysctl -a|grep rp_filter
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth1.rp_filter = 1
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth2.rp_filter = 1
net.ipv4.conf.eth2.arp_filter = 0
在主机B上继续ping
[root@storage ~]# ping -I 172.16.1.254 10.0.208.181
PING 10.0.208.181 (10.0.208.181) from 172.16.1.254 : 56(84) bytes of data.
^C
--- 10.0.208.181 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4662ms
发现还是不通
step3:在主机A上添加到172网段的路由
在主机A上添加路由172.16.1.0/24,下一跳指向主机B的eth0端口
[root@compute ~]# ip route add 172.16.1.0/24 via 10.0.208.194
最低0.47元/天 解锁文章
156
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
