Search Google

Tuesday, June 30, 2009

山不轉路轉

上一篇寫到要如何用Network Namespaces + Vconfig來做到只用一台電腦與一張PCI網卡就可以監控使用相同IP網段的多個VLAN,結果發現從獨立namespace發出帶有VLAN ID的封包始終無法成功的送到網路上,經過整整一個星期的思考,在iptables & ip route之間穿梭,卻找不到一個可以把封包丟出去的方法。。。
在我勤奮不懈的努力之下,洗澡的時候忽然有個"Multiple routing table"的想法閃過腦中,於是踏出浴室之後馬上google Linux是否有這種東西&要怎麼用,話說天救自救者,就這樣給我試出來了,哇哈哈哈!

有興趣的人可以用下面的script試一下:

+--NS2:------------------------------------------------



./ns_exec -nm -- /bin/bash
echo $$


+------------------------------------------------------

+--NS3:------------------------------------------------


./ns_exec -nm -- /bin/bash
echo $$


+------------------------------------------------------

+--NS1:------------------------------------------------


ip link add type veth
ip link add type veth

ip link set veth1 netns 1691
ip link set veth3 netns 1704

ifconfig veth0 192.168.0.1/24 up
ifconfig veth2 192.168.2.1/24 up

vconfig add eth0 11
vconfig add eth0 33

ifconfig eth0.11 10.0.0.11/24 up
ifconfig eth0.33 10.0.0.33/24 up

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

ip rule add from 192.168.0.2 lookup 102
ip rule add from 192.168.2.2 lookup 122

ip route add default via 10.0.0.11 dev eth0.11 table 102
ip route add default via 10.0.0.33 dev eth0.33 table 122


+------------------------------------------------------

+--NS2:------------------------------------------------


ifconfig veth1 192.168.0.2/24 up
ip route add default via 192.168.0.1 dev veth1


+------------------------------------------------------

+--NS3:------------------------------------------------


ifconfig veth3 192.168.2.2/24 up
ip route add default via 192.168.2.1 dev veth3


+------------------------------------------------------

+--NS1:------------------------------------------------


tcpdump -ne -i eth0 not port 22


+------------------------------------------------------

tcpdump擷取到的封包資訊:


[root@vmf11 ~]# tcpdump -ne -i eth0 not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:51:41.882589 00:0c:29:56:fb:d3 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 11, p 0, ethertype ARP, arp who-has 10.0.0.10 tell 10.0.0.11
10:51:42.326170 00:0c:29:56:fb:d3 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 33, p 0, ethertype ARP, arp who-has 10.0.0.10 tell 10.0.0.33




看到了嗎?
問相同IP地址的封包被加上不同的VLAN ID了!

張貼者: t@c0 位於 10:50 AM
標籤: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)