首页 注册 登录
 ukec 最近的时间轴更新
ukec

ukec

V2EX 第 680302 号会员,加入于 2024-03-14 15:02:15 +08:00
metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
Kubernetes  •  ukec  •  2 天前  •  最后回复来自 wencaiwulue 		13
» ukec 创建的更多主题
ukec 最近回复了
6 天前
回复了 ukec 创建的主题 Kubernetes metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
提了个 github 问题单,这老外说的什么意思,https://github.com/cilium/cilium/issues/32411
@guanzhangzhang
10 天前
回复了 gkair 创建的主题 程序员 咨询一个 CentOS 系统网络请求延迟异常变大的问题
@gkair #UseDNS yes 要取消注释并改成 no ,重启 sshd 服务
10 天前
回复了 gkair 创建的主题 程序员 咨询一个 CentOS 系统网络请求延迟异常变大的问题
@gkair ssh 连接等待时间非常长,1.2 分钟,这个我遇到过,/etc/ssh/sshd_config 改成 UseDNS no GSSAPIAuthentication yes ,然后 systemctl restart sshd.service 重启。
10 天前
回复了 jqknono 创建的主题 OpenAI ChatGPT VPN 识别绕过方法
手机 app 添加了白名单规则也不行,电脑可以正常访问。
10 天前
回复了 ukec 创建的主题 Kubernetes metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
@ZeroAsh
```
# MetalLB deployment
metallb_enabled: true
metallb_speaker_enabled: "{{ metallb_enabled }}"
metallb_namespace: metallb-system
metallb_protocol: "layer2"
metallb_config:
address_pools:
primary:
ip_range:
- 172.27.0.7-172.27.0.9
auto_assign: true
layer2:
- primary
```
10 天前
回复了 ukec 创建的主题 Kubernetes metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
@guanzhangzhang 我这是 ping 不通,但不影响访问,所以想看看为什么 ping 不通 Load Balancer
10 天前
回复了 ukec 创建的主题 Kubernetes metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
@ZeroAsh
```
[root@node1 ~]# kubectl get svc -n nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service LoadBalancer 10.233.49.91 172.27.0.7 80:32109/TCP 20h
[root@node1 ~]# nft list ruleset | grep 172.27.0.7
[root@node1 ~]#
[root@node1 ~]# nft list ruleset | grep 10.233.49.91
[root@node1 ~]#
[root@node1 ~]#
[root@node1 ~]# nft list ruleset | grep 80
counter packets 73636 bytes 25380793 jump CILIUM_OUTPUT
meta mark & 0x00000e00 == 0x00000800 counter packets 0 bytes 0 accept
meta mark & 0x00000f00 != 0x00000e00 meta mark & 0x00000f00 != 0x00000d00 meta mark & 0x00000f00 != 0x00000400 meta mark & 0x00000e00 != 0x00000a00 meta mark & 0x00000e00 != 0x00000800 meta mark & 0x00000f00 != 0x00000f00 counter packets 73464 bytes 25359005 meta mark set mark and 0xfffff0ff xor 0xc00
ip saddr 127.0.0.0/8 counter packets 3 bytes 180 return
meta mark & 0x00004000 != 0x00004000 counter packets 53 bytes 3180 return
oifname "cilium_host" ip saddr != 10.233.65.0/24 ip daddr != 10.233.65.0/24 counter packets 18 bytes 1080 snat to 10.233.65.116
oifname "lxc*" meta mark & 0x00000e00 == 0x00000800 counter packets 0 bytes 0 notrack
oifname "cilium_host" meta mark & 0x00000e00 == 0x00000800 counter packets 0 bytes 0 notrack
ip saddr 169.254.25.10 tcp sport 8080 counter packets 0 bytes 0 notrack
ip daddr 169.254.25.10 tcp dport 8080 counter packets 0 bytes 0 notrack
[root@node1 ~]# nft list ruleset | grep 32109
[root@node1 ~]#

```
10 天前
回复了 ukec 创建的主题 Kubernetes metallb vip ping 不通,但可以访问业务,网络插件用的 ciliumv1.15.4,会禁用 ICMP 协议吗,如何 ping 通 LoadBalancer 的 vip.
@ZeroAsh [root@node1 ~]# kubectl get svc -n nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service LoadBalancer 10.233.49.91 172.27.0.7 80:32109/TCP 20h
[root@node1 ~]# arping 172.27.0.7
Interface "lo" is not ARPable
11 天前
回复了 sinycn1 创建的主题 Kubernetes 咨询 cilium loadbalancer 问题
ping 不通是不是同一个问题
```JavaScript
[root@node1 metallb]# tcpdump -i any host 172.27.0.7 -s0 -A
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:26:33.131273 lo In IP node1 > node1: ICMP echo request, id 6, seq 1, length 64
E..Te:@.@.}*..................:f....}....................... !"#$%&'()*+,-./01234567
10:26:33.131305 lo In IP node1 > node1: ICMP node1 protocol 1 port 42460 unreachable, length 92
E..pe;[email protected]:@.@.}*..................:f....}....................... !"#$%&'()*+,-./01234567
10:26:34.165170 lo In IP node1 > node1: ICMP echo request, id 6, seq 2, length 64
E..Th&@[email protected]>...........W......:f............................ !"#$%&'()*+,-./01234567
10:26:34.165194 lo In IP node1 > node1: ICMP node1 protocol 1 port 3927 unreachable, length 92
E..ph'[email protected]&@[email protected]>...........W......:f............................ !"#$%&'()*+,-./01234567
10:26:35.194465 lo In IP node1 > node1: ICMP echo request, id 6, seq 3, length 64
E..Tl&@[email protected]>..................:f....X....................... !"#$%&'()*+,-./01234567
10:26:35.194505 lo In IP node1 > node1: ICMP node1 protocol 1 port 51171 unreachable, length 92
E..pl'[email protected]&@[email protected]>..................:f....X....................... !"#$%&'()*+,-./01234567
10:26:36.218668 lo In IP node1 > node1: ICMP echo request, id 6, seq 4, length 64
E..TnS@[email protected].......:f.....U...................... !"#$%&'()*+,-./01234567
10:26:36.218798 lo In IP node1 > node1: ICMP node1 protocol 1 port 12676 unreachable, length 92
[email protected]@[email protected].......:f.....U...................... !"#$%&'()*+,-./01234567
^C
8 packets captured
21 packets received by filter
0 packets dropped by kernel
[root@node1 metallb]# kubectl get svc -n nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-service LoadBalancer 10.233.12.235 172.27.0.7 80:32022/TCP 16h
[root@node1 metallb]# curl -I 172.27.0.7
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 02:32:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/8.2.7

[root@node1 metallb]# ping 172.27.0.7
PING 172.27.0.7 (172.27.0.7) 56(84) bytes of data.
From 172.27.0.7 icmp_seq=1 Destination Port Unreachable
From 172.27.0.7 icmp_seq=2 Destination Port Unreachable
From 172.27.0.7 icmp_seq=3 Destination Port Unreachable
From 172.27.0.7 icmp_seq=4 Destination Port Unreachable
^C
--- 172.27.0.7 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3100ms

[root@node1 metallb]# kubectl get pod -A | grep cil
kube-system cilium-mbjx2 1/1 Running 2 (57m ago) 24h
kube-system cilium-operator-5547b984f4-5d9c8 1/1 Running 2 (57m ago) 24h
kube-system cilium-operator-5547b984f4-z9kgk 1/1 Running 2 (57m ago) 24h
kube-system cilium-pc8hh 1/1 Running 2 (57m ago) 24h
[root@node1 metallb]# crictl images | grep cilium
quay.io/cilium/cilium v1.15.4 aebfd554d3483 209MB
quay.io/cilium/operator v1.15.4 cf4b9cdd4ba07 36.1MB
```
» ukec 创建的更多回复
关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1035 人在线   最高记录 6679   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 12ms · UTC 18:28 · PVG 02:28 · LAX 11:28 · JFK 14:28
Developed with CodeLauncher
♥ Do have faith in what you're doing.