我正在尝试使用 Vyatta 设置一个非常简单的 OSPF 网络。据我所知,他们默认允许所有流量进入,而且我没有设置任何防火墙规则。vyatta 实例作为 DevStack 内的虚拟实例启动,我允许 ICMP 消息进入其中。
网络看起来像这样:
我可以 ping 从:
* 10.0.1.4 (R1 eth1) 到 10.0.1.6 (R2 eth0),反之亦然
* 10.0.2.7 (R3 eth0) 到 10.0.2.5 (R2 eth1),反之亦然
但是,当我尝试在地址 10.0.2.5 上从 R1 ping 到 R2 时,我从未在 R1 上收到任何回复。在 R2 上使用 tcpdump 嗅探流量时,我可以看到以下内容:
16:31:29.540951 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 14, length 64
16:31:29.541297 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 14, length 64
16:31:30.540303 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 15, length 64
16:31:30.540536 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 15, length 64
16:31:31.541623 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 16, length 64
16:31:31.542315 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 16, length 64
似乎收到了请求并发回了回复,但它永远不会回到 R1。我可以通过嗅探 R0 上的 eth0 来验证这一点,而不会看到任何流量通过接口。这对我来说是一个很大的困惑。
当我尝试从 R3 ping 到 10.0.1.6 时,也会发生同样的事情。
当我尝试从 R1 ping 到 R3 并在 R2 和 R3 上使用 tcpdump 嗅探流量时,我可以看到请求通过 R2 但从未到达 R3。
R2 上 tcpdump 的输出:
16:38:13.230972 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 5, length 64
16:38:14.230283 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 6, length 64
16:38:15.232537 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 7, length 64
16:38:16.241314 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 8, length 64
R1 上的路由表显示它应该将目标为 10.0.2.0/24 的请求发送到 ip 10.0.1.6 上的 R2,R3 上的路由表显示它应该将目标为 10.0.1.0/24 的请求发送到 R2 上ip 10.0.2.5。上面的输出也证实了这一点。
下面是来自 R1、R2、R3 的 ip 路由和配置的输出
R1 的 ip 路由:
vyatta@R1:~$ 显示ip路由
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
C>* 10.0.0.0/24 is directly connected, eth0
O 10.0.1.0/24 [110/10] is directly connected, eth1, 17:04:56
C>* 10.0.1.0/24 is directly connected, eth1
O 10.0.1.4/32 [110/10] is directly connected, lo, 16:15:49
C>* 10.0.1.4/32 is directly connected, lo
O>* 10.0.2.0/24 [110/20] via 10.0.1.6, eth1, 17:03:23
C>* 127.0.0.0/8 is directly connected, lo
R2 的 ip 路由:
vyatta@R2:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O 10.0.1.0/24 [110/10] is directly connected, eth0, 01:39:14
C>* 10.0.1.0/24 is directly connected, eth0
O 10.0.1.4/32 [110/20] via 10.0.1.4 inactive, 00:51:29
O 10.0.2.0/24 [110/10] is directly connected, eth1, 01:39:08
C>* 10.0.2.0/24 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
R3 的 ip 路由:
vyatta@R3:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.0.1.0/24 [110/20] via 10.0.2.5, eth0, 17:07:20
O>* 10.0.1.4/32 [110/30] via 10.0.2.5, eth0, 16:20:33
O 10.0.2.0/24 [110/10] is directly connected, eth0, 17:08:05
C>* 10.0.2.0/24 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
R1配置
vyatta@R1:~$ show configuration
interfaces {
ethernet eth0 {
address 10.0.0.5/24
}
ethernet eth1 {
address 10.0.1.4/24
}
loopback lo {
address 10.0.1.4/32
}
}
protocols {
ospf {
area 0.0.0.0 {
network 10.0.1.0/24
}
}
}
service {
ssh {
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name R1
login {
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
R2配置
vyatta@R2:~$ show configuration
interfaces {
ethernet eth0 {
address 10.0.1.6/24
hw-id 00:0c:29:9f:5f:22
}
ethernet eth1 {
address 10.0.2.5/24
hw-id 00:0c:29:9f:5f:23
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
network 10.0.1.0/24
network 10.0.2.0/24
}
}
}
service {
ssh {
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name R2
login {
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
R3 的配置
vyatta@R3:~$ show configuration
interfaces {
ethernet eth0 {
address 10.0.2.7/24
}
loopback lo {
}
}
protocols {
ospf {
area 0.0.0.0 {
network 10.0.2.0/24
}
}
}
service {
ssh {
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name R3
login {
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
repository community {
components main
distribution stable
url http://packages.vyatta.com/vyatta
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
}
有人能告诉我我错过了什么吗?这是一个非常简单的配置,但从我读过的内容来看,它应该可以工作。
谢谢,莫夫