flannel vxlan

 dialing dial unix /var/run/antrea/cni.sock: connect: connection refused

 Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9" network for pod "web-nginx-5f769fdc6-dlnqq": 
networkPlugin cni failed to set up pod "web-nginx-5f769fdc6-dlnqq_default" network: rpc error:
code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused",
failed to clean up sandbox container "63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9" network for pod "web-nginx-5f769fdc6-dlnqq": networkPlugin cni failed to teardown
pod "web-nginx-5f769fdc6-dlnqq_default" network: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused"]

 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-nginx
spec:
  selector:
    matchLabels:
      app: web-nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: web-nginx
    spec:
      affinity:
              #pod 反亲和性, 打散 web-nginx 各个副本
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: web 
                operator: In
                values:
                - nginx
            topologyKey: "kubernetes.io/hostname"
      containers:
      - image: nginx
        imagePullPolicy: IfNotPresent
        name: web2-worker
        ports:
        - containerPort: 8087
          protocol: TCP

 

 

 

 

root@ubuntu:~# kubectl describe pod web-nginx-5f769fdc6-dlnqq
Name:           web-nginx-5f769fdc6-dlnqq
Namespace:      default
Priority:       0
Node:           cloud/10.10.16.47
Start Time:     Fri, 18 Jun 2021 10:03:43 +0800
Labels:         app=web-nginx
                pod-template-hash=5f769fdc6
Annotations:    <none>
Status:         Pending
IP:             
IPs:            <none>
Controlled By:  ReplicaSet/web-nginx-5f769fdc6
Containers:
  web2-worker:
    Container ID:   
    Image:          nginx
    Image ID:       
    Port:           8087/TCP
    Host Port:      0/TCP
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-ckv9x (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-ckv9x:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-ckv9x
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                  Age               From               Message
  ----     ------                  ----              ----               -------
  Normal   Scheduled               <unknown>         default-scheduler  Successfully assigned default/web-nginx-5f769fdc6-dlnqq to cloud
  Warning  FailedCreatePodSandBox  51s               kubelet, cloud     Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9" network for pod "web-nginx-5f769fdc6-dlnqq": networkPlugin cni failed to set up pod "web-nginx-5f769fdc6-dlnqq_default" network: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused", failed to clean up sandbox container "63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9" network for pod "web-nginx-5f769fdc6-dlnqq": networkPlugin cni failed to teardown pod "web-nginx-5f769fdc6-dlnqq_default" network: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused"]
  Normal   SandboxChanged          2s (x5 over 51s)  kubelet, cloud     Pod sandbox changed, it will be killed and re-created.

 

 

root@cloud:~# journalctl  -u kubelet -f
-- Logs begin at Tue 2020-10-20 19:26:58 CST. --
Jun 18 10:09:23 cloud kubelet[406675]: E0618 10:09:23.235161  406675 remote_runtime.go:144] "StopPodSandbox from runtime service failed" err="rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \"web-nginx-5f769fdc6-tt8mf_default\" network: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\"" podSandboxID="3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8"
Jun 18 10:09:23 cloud kubelet[406675]: E0618 10:09:23.235212  406675 kuberuntime_manager.go:958] "Failed to stop sandbox" podSandboxID={Type:docker ID:3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8}
Jun 18 10:09:23 cloud kubelet[406675]: E0618 10:09:23.235301  406675 kuberuntime_manager.go:729] "killPodWithSyncResult failed" err="failed to \"KillPodSandbox\" for \"b045617d-721d-477f-8db4-62c4fdc0c358\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-tt8mf_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\""
Jun 18 10:09:23 cloud kubelet[406675]: E0618 10:09:23.235369  406675 pod_workers.go:190] "Error syncing pod, skipping" err="failed to \"KillPodSandbox\" for \"b045617d-721d-477f-8db4-62c4fdc0c358\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-tt8mf_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\"" pod="default/web-nginx-5f769fdc6-tt8mf" podUID=b045617d-721d-477f-8db4-62c4fdc0c358
Jun 18 10:09:28 cloud kubelet[406675]: I0618 10:09:28.217152  406675 cni.go:333] "CNI failed to retrieve network namespace path" err="cannot find network namespace for the terminated container \"63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9\""
Jun 18 10:09:28 cloud kubelet[406675]: E0618 10:09:28.233226  406675 cni.go:380] "Error deleting pod from network" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\"" pod="default/web-nginx-5f769fdc6-dlnqq" podSandboxID={Type:docker ID:63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9} podNetnsPath="" networkType="antrea" networkName="antrea"
Jun 18 10:09:28 cloud kubelet[406675]: E0618 10:09:28.233972  406675 remote_runtime.go:144] "StopPodSandbox from runtime service failed" err="rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \"web-nginx-5f769fdc6-dlnqq_default\" network: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\"" podSandboxID="63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9"
Jun 18 10:09:28 cloud kubelet[406675]: E0618 10:09:28.234021  406675 kuberuntime_manager.go:958] "Failed to stop sandbox" podSandboxID={Type:docker ID:63a01c2405a404eb56920f2d7af34f19ed88fef0519e76cb4e493fa3f0c4bba9}
Jun 18 10:09:28 cloud kubelet[406675]: E0618 10:09:28.234103  406675 kuberuntime_manager.go:729] "killPodWithSyncResult failed" err="failed to \"KillPodSandbox\" for \"b44537e7-292f-481d-b347-f6df12f1e53a\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-dlnqq_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\""
Jun 18 10:09:28 cloud kubelet[406675]: E0618 10:09:28.234183  406675 pod_workers.go:190] "Error syncing pod, skipping" err="failed to \"KillPodSandbox\" for \"b44537e7-292f-481d-b347-f6df12f1e53a\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-dlnqq_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\"" pod="default/web-nginx-5f769fdc6-dlnqq" podUID=b44537e7-292f-481d-b347-f6df12f1e53a
Jun 18 10:09:35 cloud kubelet[406675]: I0618 10:09:35.217071  406675 cni.go:333] "CNI failed to retrieve network namespace path" err="cannot find network namespace for the terminated container \"3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8\""
Jun 18 10:09:35 cloud kubelet[406675]: E0618 10:09:35.232950  406675 cni.go:380] "Error deleting pod from network" err="rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\"" pod="default/web-nginx-5f769fdc6-tt8mf" podSandboxID={Type:docker ID:3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8} podNetnsPath="" networkType="antrea" networkName="antrea"
Jun 18 10:09:35 cloud kubelet[406675]: E0618 10:09:35.233568  406675 remote_runtime.go:144] "StopPodSandbox from runtime service failed" err="rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \"web-nginx-5f769fdc6-tt8mf_default\" network: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\"" podSandboxID="3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8"
Jun 18 10:09:35 cloud kubelet[406675]: E0618 10:09:35.233611  406675 kuberuntime_manager.go:958] "Failed to stop sandbox" podSandboxID={Type:docker ID:3eca7a32f1c2fb9d72ad58ab7dae887b4c6db5bf7892809a2d3e6897c48655b8}
Jun 18 10:09:35 cloud kubelet[406675]: E0618 10:09:35.234523  406675 kuberuntime_manager.go:729] "killPodWithSyncResult failed" err="failed to \"KillPodSandbox\" for \"b045617d-721d-477f-8db4-62c4fdc0c358\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-tt8mf_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\""
Jun 18 10:09:35 cloud kubelet[406675]: E0618 10:09:35.234612  406675 pod_workers.go:190] "Error syncing pod, skipping" err="failed to \"KillPodSandbox\" for \"b045617d-721d-477f-8db4-62c4fdc0c358\" with KillPodSandboxError: \"rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod \\\"web-nginx-5f769fdc6-tt8mf_default\\\" network: rpc error: code = Unavailable desc = connection error: desc = \\\"transport: Error while dialing dial unix /var/run/antrea/cni.sock: connect: connection refused\\\"\"" pod="default/web-nginx-5f769fdc6-tt8mf" podUID=b045617d-721d-477f-8db4-62c4fdc0c358
^C
root@cloud:~# 

 

 

 

root@ubuntu:~# kubectl get pods
NAME                                READY   STATUS              RESTARTS   AGE
debian-6c44fc6956-ltsrt             0/1     CrashLoopBackOff    5065       17d
mc1                                 2/2     Running             0          17d
my-deployment-68bdbbb5cc-bbszv      0/1     ImagePullBackOff    0          36d
my-deployment-68bdbbb5cc-nrst9      0/1     ImagePullBackOff    0          36d
my-deployment-68bdbbb5cc-rlgzt      0/1     ImagePullBackOff    0          36d
my-nginx-5dc4865748-jqx54           1/1     Running             2          36d
my-nginx-5dc4865748-pcrbg           1/1     Running             2          36d
nginx                               0/1     ImagePullBackOff    0          36d
nginx-deployment-6b474476c4-r6z5b   1/1     Running             0          9d
nginx-deployment-6b474476c4-w6xh9   1/1     Running             0          9d
web-nginx-5f769fdc6-dlnqq           0/1     ContainerCreating   0          7m49s
web-nginx-5f769fdc6-tt8mf           0/1     ContainerCreating   0          7m49s
root@ubuntu:~# kubectl describe daemonset cloud  -n kube-system | grep Image | cut -d "/" -f 2
Error from server (NotFound): daemonsets.apps "cloud" not found
root@ubuntu:~# kubectl describe daemonset web-nginx-5f769fdc6-dlnqq   -n default | grep Image | cut -d "/" -f 2
Error from server (NotFound): daemonsets.apps "web-nginx-5f769fdc6-dlnqq" not found
 
root@ubuntu:~# 
root@ubuntu:~# kubectl delete --namespace=default deployment web-nginx
deployment.apps "web-nginx" deleted
root@ubuntu:~# kubectl get pods
NAME                                READY   STATUS             RESTARTS   AGE
debian-6c44fc6956-ltsrt             0/1     CrashLoopBackOff   5067       17d
mc1                                 2/2     Running            0          17d
my-deployment-68bdbbb5cc-bbszv      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-nrst9      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-rlgzt      0/1     ImagePullBackOff   0          36d
my-nginx-5dc4865748-jqx54           1/1     Running            2          36d
my-nginx-5dc4865748-pcrbg           1/1     Running            2          36d
nginx                               0/1     ImagePullBackOff   0          36d
nginx-deployment-6b474476c4-r6z5b   1/1     Running            0          9d
nginx-deployment-6b474476c4-w6xh9   1/1     Running            0          9d
web-nginx-5f769fdc6-dlnqq           0/1     Terminating        0          14m
web-nginx-5f769fdc6-tt8mf           0/1     Terminating        0          14m
root@ubuntu:~# 

 

/etc/cni/net.d/10-antrea.conflist 删除

root@cloud:~# ls /var/lib/cni/
cache
root@cloud:~# ls /etc/cni/net.d/
10-antrea.conflist  10-flannel.conflist
root@cloud:~# rm -rf  /etc/cni/net.d/10-antrea.conflist 
root@cloud:~# 

 

kubectl apply  -f  web-anti-affinity.yaml  成功了

root@ubuntu:~# kubectl get pods
NAME                                READY   STATUS             RESTARTS   AGE
debian-6c44fc6956-ltsrt             0/1     Completed          5069       18d
mc1                                 2/2     Running            0          17d
my-deployment-68bdbbb5cc-bbszv      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-nrst9      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-rlgzt      0/1     ImagePullBackOff   0          36d
my-nginx-5dc4865748-jqx54           1/1     Running            2          36d
my-nginx-5dc4865748-pcrbg           1/1     Running            2          36d
nginx                               0/1     ImagePullBackOff   0          36d
nginx-deployment-6b474476c4-r6z5b   1/1     Running            0          9d
nginx-deployment-6b474476c4-w6xh9   1/1     Running            0          9d
web-nginx-5f769fdc6-779lg           1/1     Running            0          2s
web-nginx-5f769fdc6-sstj4           1/1     Running            0          2s
root@ubuntu:~# 

 

root@ubuntu:~# kubectl get pods web-nginx-5f769fdc6-779lg -o wide
NAME                        READY   STATUS    RESTARTS   AGE    IP           NODE    NOMINATED NODE   READINESS GATES
web-nginx-5f769fdc6-779lg   1/1     Running   0          102s   10.244.2.4   cloud   <none>           <none>
root@ubuntu:~# kubectl get pods web-nginx-5f769fdc6-sstj4 -o wide
NAME                        READY   STATUS    RESTARTS   AGE    IP           NODE    NOMINATED NODE   READINESS GATES
web-nginx-5f769fdc6-sstj4   1/1     Running   0          111s   10.244.2.5   cloud   <none>           <none>
root@ubuntu:~# 

 

root@ubuntu:~# kubectl get nodes --show-labels
NAME     STATUS   ROLES    AGE    VERSION   LABELS
cloud    Ready    worker   15h    v1.21.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=cloud,kubernetes.io/os=linux,node-role.kubernetes.io/worker=worker
ubuntu   Ready    master   244d   v1.18.1   beta.kubernetes.io/arch=arm64,beta.kubernetes.io/os=linux,kubernetes.io/arch=arm64,kubernetes.io/hostname=ubuntu,kubernetes.io/os=linux,node-role.kubernetes.io/master=
root@ubuntu:~# 

两个pod没有打散哦

 

 

root@ubuntu:~# cat  web-anti-affinity.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-nginx
spec:
  selector:
    matchLabels:
      app: web-nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: web-nginx
    spec:
      affinity:
              #pod 反亲和性, 打散 web-nginx 各个副本
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - web-nginx
            topologyKey: "kubernetes.io/hostname"
      containers:
      - image: nginx
        imagePullPolicy: IfNotPresent
        name: web2-worker
        ports:
        - containerPort: 8087
          protocol: TCP

 

root@ubuntu:~# kubectl apply  -f  web-anti-affinity.yaml 
deployment.apps/web-nginx created
root@ubuntu:~# kubectl get pods
NAME                                READY   STATUS             RESTARTS   AGE
debian-6c44fc6956-ltsrt             0/1     CrashLoopBackOff   5071       18d
mc1                                 2/2     Running            0          17d
my-deployment-68bdbbb5cc-bbszv      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-nrst9      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-rlgzt      0/1     ImagePullBackOff   0          36d
my-nginx-5dc4865748-jqx54           1/1     Running            2          36d
my-nginx-5dc4865748-pcrbg           1/1     Running            2          36d
nginx                               0/1     ImagePullBackOff   0          36d
nginx-deployment-6b474476c4-r6z5b   1/1     Running            0          9d
nginx-deployment-6b474476c4-w6xh9   1/1     Running            0          9d
web-nginx-7bdc6b976b-br45g          1/1     Running            0          9s
web-nginx-7bdc6b976b-p9rxc          1/1     Running            0          9s
root@ubuntu:~# kubectl get pods web-nginx-7bdc6b976b-br45g  -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
web-nginx-7bdc6b976b-br45g   1/1     Running   0          23s   10.244.0.22   ubuntu   <none>           <none>
root@ubuntu:~# kubectl get pods web-nginx-7bdc6b976b-p9rxc  -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP           NODE    NOMINATED NODE   READINESS GATES
web-nginx-7bdc6b976b-p9rxc   1/1     Running   0          34s   10.244.2.6   cloud   <none>           <none>
root@ubuntu:~# cat  web-anti-affinity.yaml 

 

 

 

root@ubuntu:~# crictl inspect ca1b5c5a7aa2905d75a1f680ec774b09298ac09f03799b083e5eabffe0b5124a  | grep -i pid
    "pid": 30603,
            "pid": 1
            "type": "pid"
root@ubuntu:~# nsenter -n --target   30603
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if673: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether ee:ee:d4:3a:73:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.0.22/24 brd 10.244.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ecee:d4ff:fe3a:7367/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# ping  10.244.2.6    ----------访问不了
PING 10.244.2.6 (10.244.2.6) 56(84) bytes of data.
From 10.244.2.0 icmp_seq=1 Destination Host Unreachable
From 10.244.2.0 icmp_seq=2 Destination Host Unreachable
From 10.244.2.0 icmp_seq=3 Destination Host Unreachable
From 10.244.2.0 icmp_seq=4 Destination Host Unreachable
From 10.244.2.0 icmp_seq=5 Destination Host Unreachable
From 10.244.2.0 icmp_seq=6 Destination Host Unreachable
From 10.244.2.0 icmp_seq=7 Destination Host Unreachable
^C
--- 10.244.2.6 ping statistics ---
8 packets transmitted, 0 received, +7 errors, 100% packet loss, time 7112ms
pipe 4
root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.244.0.1      0.0.0.0         UG    0      0        0 eth0
10.244.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.244.0.0      10.244.0.1      255.255.0.0     UG    0      0        0 eth0
root@ubuntu:~# 

原来是antrea-gw0没有卸载干净,

 

 

root@ubuntu:~# ip a | grep  10.244.0.1
    inet 10.244.0.1/24 brd 10.244.0.255 scope global antrea-gw0
    inet 10.244.0.1/24 brd 10.244.0.255 scope global cni0
root@ubuntu:~# ip l del  antrea-gw0
RTNETLINK answers: Operation not supported
root@ubuntu:~# ip link  del dev  antrea-gw0
RTNETLINK answers: Operation not supported
root@ubuntu:~# ip link delete  antrea-gw0
RTNETLINK answers: Operation not supported
root@ubuntu:~# ip a sh antrea-gw0
658: antrea-gw0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether f2:c9:55:a9:35:ad brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/24 brd 10.244.0.255 scope global antrea-gw0
       valid_lft forever preferred_lft forever
    inet6 fe80::f0c9:55ff:fea9:35ad/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# ip a flush antrea-gw0
root@ubuntu:~# ip a | grep  10.244.0.1
    inet 10.244.0.1/24 brd 10.244.0.255 scope global cni0

 

 

 

root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.244.0.1      0.0.0.0         UG    0      0        0 eth0
10.244.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.244.0.0      10.244.0.1      255.255.0.0     UG    0      0        0 eth0
root@ubuntu:~# ping  10.244.2.6
PING 10.244.2.6 (10.244.2.6) 56(84) bytes of data.
64 bytes from 10.244.2.6: icmp_seq=1 ttl=62 time=0.442 ms
64 bytes from 10.244.2.6: icmp_seq=2 ttl=62 time=0.327 ms
^C
--- 10.244.2.6 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 0.327/0.384/0.442/0.060 ms
root@ubuntu:~# 

 

 

root@ubuntu:~# kubectl exec -it web-nginx-7bdc6b976b-p9rxc  -- /bin/bash
root@web-nginx-7bdc6b976b-p9rxc:/# ip a
bash: ip: command not found
root@web-nginx-7bdc6b976b-p9rxc:/# 

 

 

root@ubuntu:~# brctl show 
bridge name     bridge id               STP enabled     interfaces
cni0            8000.beca862286b8       no              veth0dff33d9
                                                        veth224c8103
                                                        veth29d9bae9
                                                        veth38f93c57
                                                        veth3e31adfe
                                                        veth45f94c26
                                                        veth7c984be7
                                                        veth8c55c45e
                                                        veth8e1ca39c
docker0         8000.02427319673d       no              vethc2ba676
                                                        vethf6368c9
virbr1          8000.cedad4f6fb17       no              ftap0
root@ubuntu:~# ip a | grep 673
    inet6 fe80::42:73ff:fe19:673d/64 scope link 
673: veth8e1ca39c@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
root@ubuntu:~# 

 

 

root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.34.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i3
10.10.100.0     0.0.0.0         255.255.255.0   U     0      0        0 peerh
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 virbr1
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i2
10.244.0.0      0.0.0.0         255.255.255.0   U     0      0        0 cni0
10.244.2.0      10.244.2.0      255.255.255.0   UG    0      0        0 flannel.1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
root@ubuntu:~# 

 由于flannel.1是一个vtep二层设备,所以需要根据vxlan的协议标准进行二层封装转发

mtu是1450

root@ubuntu:~# ip a show  flannel.1
198: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 3a:2b:ed:85:2f:74 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::382b:edff:fe85:2f74/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# tcpdump -i flannel.1 icmp -nv
tcpdump: listening on flannel.1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:02:45.407622 IP (tos 0x0, ttl 63, id 23793, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 41718, seq 1, length 64
11:02:45.408285 IP (tos 0x0, ttl 63, id 8634, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 41718, seq 1, length 64
11:02:46.426314 IP (tos 0x0, ttl 63, id 23814, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 41718, seq 2, length 64
11:02:46.426436 IP (tos 0x0, ttl 63, id 8844, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 41718, seq 2, length 64
^C

 

root@ubuntu:~# bridge fdb show | grep flannel
72:d3:9a:47:fd:43 dev flannel.1 dst 10.10.16.47 self permanent
root@ubuntu:~# 

 

woker节点上

72:d3:9a:47:fd:43是flannel.1的mac
root@cloud:~# ip a sh  flannel.1
14: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 72:d3:9a:47:fd:43 brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::70d3:9aff:fe47:fd43/64 scope link 
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

 

 

root@ubuntu:~# ping  10.244.2.6
PING 10.244.2.6 (10.244.2.6) 56(84) bytes of data.
64 bytes from 10.244.2.6: icmp_seq=1 ttl=62 time=0.425 ms
^C
--- 10.244.2.6 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.425/0.425/0.425/0.000 ms
root@ubuntu:~# ip n
10.244.0.1 dev eth0 lladdr be:ca:86:22:86:b8 DELAY
root@ubuntu:~# 

 

3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43
3a:2b:ed:85:2f:74是master flannel
root@ubuntu:~# ip link show  flannel.1
198: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/ether 3a:2b:ed:85:2f:74 brd ff:ff:ff:ff:ff:ff

 



root@ubuntu:~# tcpdump -i enahisic2i0 host 10.10.16.47 and udp  -eennv  
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:15:48.634354 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 36729, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 27945, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 47832, seq 12, length 64
11:15:48.634440 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 53685, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 51026, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 47832, seq 12, length 64
11:15:49.658347 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 36859, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 27961, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 47832, seq 13, length 64
11:15:49.658438 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 53714, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 51066, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 47832, seq 13, length 64
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

 

 

worker节点上

root@cloud:~#  kubectl get pods
NAME                                READY   STATUS             RESTARTS   AGE
debian-6c44fc6956-ltsrt             0/1     CrashLoopBackOff   5077       18d
mc1                                 2/2     Running            0          18d
my-deployment-68bdbbb5cc-bbszv      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-nrst9      0/1     ImagePullBackOff   0          36d
my-deployment-68bdbbb5cc-rlgzt      0/1     ImagePullBackOff   0          36d
my-nginx-5dc4865748-jqx54           1/1     Running            2          36d
my-nginx-5dc4865748-pcrbg           1/1     Running            2          36d
nginx                               0/1     ImagePullBackOff   0          36d
nginx-deployment-6b474476c4-r6z5b   1/1     Running            0          9d
nginx-deployment-6b474476c4-w6xh9   1/1     Running            0          9d
web-nginx-7bdc6b976b-br45g          1/1     Running            0          29m
web-nginx-7bdc6b976b-p9rxc          1/1     Running            0          29m
root@cloud:~# kubectl -n  default     describe pod  web-nginx-7bdc6b976b-p9rxc | grep  Container
Containers:
    Container ID:   docker://eb20022b723803ef0cac93ba07c7584751821e388abc482709336777e7ba7c0a
  ContainersReady   True 
  Normal  Pulled     29m        kubelet, cloud     Container image "nginx" already present on machine
root@cloud:~# crictl inspect eb20022b723803ef0cac93ba07c7584751821e388abc482709336777e7ba7c0a | grep -i pid
root@cloud:~# docker ps
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS               NAMES
eb20022b7238        d0f910f78b97           "/docker-entrypoint.…"   30 minutes ago      Up 30 minutes                           k8s_web2-worker_web-nginx-7bdc6b976b-p9rxc_default_30a12f33-be07-4294-bc43-88c6adb3ea18_0
01ddc519e9aa        k8s.gcr.io/pause:3.2   "/pause"                 30 minutes ago      Up 30 minutes                           k8s_POD_web-nginx-7bdc6b976b-p9rxc_default_30a12f33-be07-4294-bc43-88c6adb3ea18_0
1812049e5eb5        7cf4a417daaa           "/opt/bin/flanneld -…"   About an hour ago   Up About an hour                        k8s_kube-flannel_kube-flannel-ds-arm64-28rkj_kube-system_d683b27b-a6e8-448b-870b-709f07149187_0
9f396b91c6ea        k8s.gcr.io/pause:3.2   "/pause"                 About an hour ago   Up About an hour                        k8s_POD_kube-flannel-ds-arm64-28rkj_kube-system_d683b27b-a6e8-448b-870b-709f07149187_0
813710f5eac2        f782b1121865           "/usr/local/bin/kube…"   16 hours ago        Up 16 hours                             k8s_kube-proxy_kube-proxy-nh2cp_kube-system_20b8a4ec-96e5-419f-8b6e-ff6137017318_0
596b821e1709        k8s.gcr.io/pause:3.2   "/pause"                 16 hours ago        Up 16 hours                             k8s_POD_kube-proxy-nh2cp_kube-system_20b8a4ec-96e5-419f-8b6e-ff6137017318_0
d8d153f65ace        alpine                 "/bin/sh"                5 weeks ago         Up 5 weeks                              alpine
root@cloud:~# docker inspect eb20022b7238 | grep -i pid
            "Pid": 126118,
            "PidMode": "",
            "PidsLimit": null,
root@cloud:~# 

 

root@cloud:~# docker inspect eb20022b7238 | grep -i pid
            "Pid": 126118,
            "PidMode": "",
            "PidsLimit": null,
root@cloud:~# nsenter -n --target  126118
root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

 

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.244.2.1      0.0.0.0         UG    0      0        0 eth0
10.244.0.0      10.244.2.1      255.255.0.0     UG    0      0        0 eth0
10.244.2.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@cloud:~# 

 

root@cloud:~# brctl show 
bridge name     bridge id               STP enabled     interfaces
cni0            8000.0af9a27f2f2a       no              veth9cd09543
docker0         8000.0242c28bb536       no              veth3c8f176
root@cloud:~# ip a | grep 20
7: dm-493626720dc1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
20: veth9cd09543@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master cni0 state UP group default 
root@cloud:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
9.251.0.0       172.17.0.1      255.255.0.0     UG    0      0        0 docker0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.99.1.231     10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.110.79.116   10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.110.171.213  10.10.16.82     255.255.255.255 UGH   0      0        0 enahisic2i0
10.244.0.0      10.244.0.0      255.255.255.0   UG    0      0        0 flannel.1
10.244.2.0      0.0.0.0         255.255.255.0   U     0      0        0 cni0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
root@cloud:~# ip n
10.10.16.252 dev enahisic2i0 lladdr 00:23:81:26:93:6e STALE
10.10.16.81 dev enahisic2i0 lladdr 48:57:02:64:ea:1b STALE
10.244.2.6 dev cni0 lladdr 82:ea:86:37:c3:8d STALE
10.244.0.0 dev flannel.1 lladdr 3a:2b:ed:85:2f:74 PERMANENT
10.10.16.82 dev enahisic2i0 lladdr 48:57:02:64:e7:ab REACHABLE
10.10.16.253 dev enahisic2i0 lladdr 00:23:81:26:94:a0 STALE
10.10.16.254 dev enahisic2i0 lladdr f4:1d:6b:87:53:2a REACHABLE
10.10.16.250 dev enahisic2i0 lladdr 48:57:02:64:e7:ab STALE
root@cloud:~# ip a sh flannel.1
14: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 72:d3:9a:47:fd:43 brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::70d3:9aff:fe47:fd43/64 scope link 
       valid_lft forever preferred_lft forever
root@cloud:~# ip a sh cni0
15: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 0a:f9:a2:7f:2f:2a brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.1/24 brd 10.244.2.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::8f9:a2ff:fe7f:2f2a/64 scope link 
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

root@cloud:~# bridge fdb show | grep  flannel.1
3a:2b:ed:85:2f:74 dev flannel.1 dst 10.10.16.82 self permanent
root@cloud:~# 

 

master节点看不到worker节点上的容器

root@ubuntu:~# crictl inspect eb20022b723803ef0cac93ba07c7584751821e388abc482709336777e7ba7c0a | grep -i pid
FATA[0000] Getting the status of the container "eb20022b723803ef0cac93ba07c7584751821e388abc482709336777e7ba7c0a" failed: rpc error: code = Unknown desc = an error occurred when try to find container "eb20022b723803ef0cac93ba07c7584751821e388abc482709336777e7ba7c0a": does not exist 
root@ubuntu:~# 

 

root@cloud:~# bridge fdb show | grep  3a:2b:ed:85:2f:74
3a:2b:ed:85:2f:74 dev flannel.1 dst 10.10.16.82 self permanent
root@cloud:~# 

 

 

vxlan 封装

root@ubuntu:~# tcpdump -i enahisic2i0 host 10.10.16.47 and udp  -nv  
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:06:43.999084 IP (tos 0x0, ttl 64, id 45401, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
IP (tos 0x0, ttl 63, id 56784, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 43612, seq 1, length 64
11:06:43.999600 IP (tos 0x0, ttl 64, id 23676, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
IP (tos 0x0, ttl 63, id 45400, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 43612, seq 1, length 64
11:06:45.018332 IP (tos 0x0, ttl 64, id 45473, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
IP (tos 0x0, ttl 63, id 56853, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 43612, seq 2, length 64
11:06:45.018876 IP (tos 0x0, ttl 64, id 23723, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
IP (tos 0x0, ttl 63, id 45528, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 43612, seq 2, length 64

 

 

内层报文mac是两个flannel.1设备的mac

root@ubuntu:~# tcpdump -i enahisic2i0 host 10.10.16.47 and udp  -eennv  
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:15:48.634354 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 36729, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 27945, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 47832, seq 12, length 64
11:15:48.634440 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 53685, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 51026, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 47832, seq 12, length 64
11:15:49.658347 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 36859, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.82.47009 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 27961, offset 0, flags [DF], proto ICMP (1), length 84)
    10.244.0.22 > 10.244.2.6: ICMP echo request, id 47832, seq 13, length 64
11:15:49.658438 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 53714, offset 0, flags [none], proto UDP (17), length 134)
    10.10.16.47.55810 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 51066, offset 0, flags [none], proto ICMP (1), length 84)
    10.244.2.6 > 10.244.0.22: ICMP echo reply, id 47832, seq 13, length 64

 

flannel 设备

root@ubuntu:~# ip -d link show flannel.1
198: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/ether 3a:2b:ed:85:2f:74 brd ff:ff:ff:ff:ff:ff promiscuity 0 
    vxlan id 1 local 10.10.16.82 dev enahisic2i0 srcport 0 0 dstport 8472 nolearning ttl inherit ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 28672 gso_max_segs 65535 
root@ubuntu:~# 

 

root@ubuntu:~# bridge fdb show dev flannel.1
72:d3:9a:47:fd:43 dst 10.10.16.47 self permanent

 

10.244.2.0/24的下一跳是 10.244.2.0(worker节点flannel.1的ip)
root@ubuntu:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.16.254    0.0.0.0         UG    0      0        0 enahisic2i0
10.10.16.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i0
10.10.34.0      0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i3
10.10.100.0     0.0.0.0         255.255.255.0   U     0      0        0 peerh
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 virbr1
10.10.104.0     0.0.0.0         255.255.255.0   U     0      0        0 enahisic2i2
10.244.0.0      0.0.0.0         255.255.255.0   U     0      0        0 cni0
10.244.2.0      10.244.2.0      255.255.255.0   UG    0      0        0 flannel.1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

 

10.244.2.0的mac是72:d3:9a:47:fd:43
root@ubuntu:~# ip n
10.244.0.2 dev cni0 lladdr 22:44:c3:88:d4:a4 REACHABLE
10.244.2.0 dev flannel.1 lladdr 72:d3:9a:47:fd:43 PERMANENT
10.10.16.81 dev enahisic2i0 lladdr 48:57:02:64:ea:1b STALE
10.10.100.82 dev peerh lladdr 1a:46:0b:ca:bc:7b STALE
10.10.16.254 dev enahisic2i0 lladdr f4:1d:6b:87:53:2a REACHABLE
10.10.16.47 dev enahisic2i0 lladdr 9c:52:f8:67:c4:d3 REACHABLE
10.244.0.20 dev cni0 lladdr 6e:5a:30:bc:6d:5b STALE
10.10.34.251 dev enahisic2i3  FAILED
10.10.16.250 dev enahisic2i0 lladdr 48:57:02:64:ea:1b STALE
10.244.0.3 dev cni0 lladdr b6:3f:e6:3b:a0:cc REACHABLE
10.10.16.27 dev enahisic2i0 lladdr 9c:52:f8:67:c6:47 STALE
10.244.0.4 dev cni0 lladdr 22:9a:d3:1f:e3:49 STALE
10.244.0.22 dev cni0 lladdr ee:ee:d4:3a:73:67 STALE
172.17.0.4 dev docker0 lladdr 02:42:ac:11:00:04 STALE
172.17.0.3 dev docker0 lladdr 02:42:ac:11:00:03 STALE
10.10.16.48 dev enahisic2i0  FAILED
10.244.0.19 dev cni0 lladdr fa:66:b3:ab:05:9f STALE
10.244.0.5 dev cni0 lladdr 32:26:5a:e7:0d:83 STALE
10.10.16.1 dev enahisic2i0 lladdr 48:57:02:64:ee:9b STALE
root@ubuntu:~# 

 

72:d3:9a:47:fd:43的remote vtep ip 是10.10.16.47
root@ubuntu:~# bridge fdb show dev flannel.1
72:d3:9a:47:fd:43 dst 10.10.16.47 self permanent

 

 

flannel配置

 

root@ubuntu:~# cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
root@ubuntu:~# 

 

 

root@cloud:~#  cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.2.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
root@cloud:~# 

 

 

node port 

root@cloud:~# telnet 10.244.0.22  8087  ------无法访问
Trying 10.244.0.22...
telnet: Unable to connect to remote host: Connection refused
root@cloud:~# telnet 10.244.0.22  80  
Trying 10.244.0.22...
Connected to 10.244.0.22.
Escape character is '^]'.
^CConnection closed by foreign host.
root@cloud:~# 

 

 

root@ubuntu:~# kubectl apply -f web-ngx-svc.yml 
service/nodeport-svc created
root@ubuntu:~#  kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP          244d
my-nginx       ClusterIP   10.110.79.116    <none>        8280/TCP         36d
my-nginx-np    NodePort    10.99.1.231      <none>        8081:31199/TCP   36d
nodeport-svc   NodePort    10.97.11.232     <none>        3000:30090/TCP   5s
web2           NodePort    10.110.171.213   <none>        8097:31866/TCP   20d
root@ubuntu:~# cat web-ngx-svc.yml 
apiVersion: v1
kind: Service
metadata: 
  name: nodeport-svc
spec:
  type: NodePort
  selector:
    app: web-nginx
  ports:
  - protocol: TCP
    port: 3000
    targetPort: 8087
    nodePort: 30090
 root@ubuntu:~# 

 

 

  1. nodePort 是节点上监听的端口
  2. port ClusterIP 上监听的端口
  3. targetPort Pod 监听的端口

port

port是k8s集群内部访问service的端口,即通过clusterIP: port可以访问到某个service

nodePort

nodePort是外部访问k8s集群中service的端口,通过nodeIP: nodePort可以从外部访问到某个service。

targetPort

targetPort是pod的端口,从port和nodePort来的流量经过kube-proxy流入到后端pod的targetPort上,最后进入容器。

containerPort

containerPort是pod内部容器的端口,targetPort映射到containerPort。

图解

Gpm92D.png

 

nodeport-svc   NodePort    10.97.11.232     <none>        3000:30090/TCP   5m25s

 

从10.10.16.81上访问,无法访问

[root@bogon ~]# telnet 10.10.16.82 3000
Trying 10.10.16.82...
telnet: connect to address 10.10.16.82: Connection refused
[root@bogon ~]# 

 

[root@bogon ~]# telnet 10.10.16.82 30090
Trying 10.10.16.82...

 

containerPort有问题
root@ubuntu:~# cat web-anti-affinity.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-nginx
spec:
  selector:
    matchLabels:
      app: web-nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: web-nginx
    spec:
      affinity:
              #pod 反亲和性, 打散 web-nginx 各个副本
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - web-nginx
            topologyKey: "kubernetes.io/hostname"
      containers:
      - image: nginx
        imagePullPolicy: IfNotPresent
        name: web2-worker
        ports:
        - containerPort: 8087
          protocol: TCP

 

更改

kubectl edit  deployment  web-nginx 

- containerPort: 80

 

编辑

kubectl edit svc/nodeport-svc
更改nodeport-svc

 

 

 

 

 

 

 

[root@bogon ~]# telnet 10.10.16.82 30090
Trying 10.10.16.82...
Connected to 10.10.16.82.
Escape character is '^]'.
^CConnection closed by foreign host.
You have new mail in /var/spool/mail/root
[root@bogon ~]# 

 

 

 

 

 

 

node port 上抓包

root@ubuntu:~# tcpdump -i enahisic2i0  tcp and port 30090 -ennvv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:51:19.081510 48:57:02:64:ea:1b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 60738, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.16.81.59402 > 10.10.16.82.30090: Flags [S], cksum 0xc918 (correct), seq 2066571357, win 29200, options [mss 1460,sackOK,TS val 16096779 ecr 0,nop,wscale 7], length 0
14:51:19.082383 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.10.16.82.30090 > 10.10.16.81.59402: Flags [S.], cksum 0x18f4 (correct), seq 2393608867, ack 2066571358, win 64308, options [mss 1410,sackOK,TS val 2683332065 ecr 16096779,nop,wscale 7], length 0
14:51:19.082441 48:57:02:64:ea:1b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 60739, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.81.59402 > 10.10.16.82.30090: Flags [.], cksum 0x41dd (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 16096780 ecr 2683332065], length 0
14:51:21.830731 48:57:02:64:ea:1b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 64, id 60740, offset 0, flags [DF], proto TCP (6), length 57)
    10.10.16.81.59402 > 10.10.16.82.30090: Flags [P.], cksum 0x3121 (correct), seq 1:6, ack 1, win 229, options [nop,nop,TS val 16099528 ecr 2683332065], length 5
14:51:21.831085 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 62, id 31192, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.82.30090 > 10.10.16.81.59402: Flags [.], cksum 0x2b4d (correct), seq 1, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0
14:51:21.831218 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 62, id 31193, offset 0, flags [DF], proto TCP (6), length 361)
    10.10.16.82.30090 > 10.10.16.81.59402: Flags [P.], cksum 0x81f9 (correct), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 309
14:51:21.831260 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 62, id 31194, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.82.30090 > 10.10.16.81.59402: Flags [F.], cksum 0x2a17 (correct), seq 310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0
14:51:21.831270 48:57:02:64:ea:1b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 60741, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.81.59402 > 10.10.16.82.30090: Flags [.], cksum 0x2b22 (correct), seq 6, ack 310, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0
14:51:21.831341 48:57:02:64:ea:1b > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 60742, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.81.59402 > 10.10.16.82.30090: Flags [F.], cksum 0x2b20 (correct), seq 6, ack 311, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0
14:51:21.831464 48:57:02:64:e7:ab > 48:57:02:64:ea:1b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 62, id 31195, offset 0, flags [DF], proto TCP (6), length 52)
    10.10.16.82.30090 > 10.10.16.81.59402: Flags [.], cksum 0x2a16 (correct), seq 311, ack 7, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0

 

 

worker 节点 pod  ns tcpdump

 

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# ip a | grep 72:d3:9a:47:fd:43
root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.244.2.1      0.0.0.0         UG    0      0        0 eth0
10.244.0.0      10.244.2.1      255.255.0.0     UG    0      0        0 eth0
10.244.2.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@cloud:~# telnet 10.244.0.22  8087
Trying 10.244.0.22...
telnet: Unable to connect to remote host: Connection refused
root@cloud:~# telnet 10.244.0.22  80
Trying 10.244.0.22...
Connected to 10.244.0.22.
Escape character is '^]'.
^CConnection closed by foreign host.
root@cloud:~# telnet 10.244.0.22  8087
Trying 10.244.0.22...
telnet: Unable to connect to remote host: Connection refused
  

root@cloud:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:51:19.079556 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 62, id 60738, offset 0, flags [DF], proto TCP (6), length 60)
10.244.0.0.51150 > 10.244.2.6.80: Flags [S], cksum 0x7b58 (correct), seq 2066571357, win 29200, options [mss 1460,sackOK,TS val 16096779 ecr 0,nop,wscale 7], length 0
14:51:19.079633 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
10.244.2.6.80 > 10.244.0.0.51150: Flags [S.], cksum 0x181c (incorrect -> 0xcb33), seq 2393608867, ack 2066571358, win 64308, options [mss 1410,sackOK,TS val 2683332065 ecr 16096779,nop,wscale 7], length 0
14:51:19.079874 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 60739, offset 0, flags [DF], proto TCP (6), length 52)
10.244.0.0.51150 > 10.244.2.6.80: Flags [.], cksum 0xf41c (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 16096780 ecr 2683332065], length 0
14:51:21.828291 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 62, id 60740, offset 0, flags [DF], proto TCP (6), length 57)
10.244.0.0.51150 > 10.244.2.6.80: Flags [P.], cksum 0xe360 (correct), seq 1:6, ack 1, win 229, options [nop,nop,TS val 16099528 ecr 2683332065], length 5: HTTP
14:51:21.828347 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31192, offset 0, flags [DF], proto TCP (6), length 52)
10.244.2.6.80 > 10.244.0.0.51150: Flags [.], cksum 0x1814 (incorrect -> 0xdd8c), seq 1, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0
14:51:21.828441 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 64, id 31193, offset 0, flags [DF], proto TCP (6), length 361)
10.244.2.6.80 > 10.244.0.0.51150: Flags [P.], cksum 0x1949 (incorrect -> 0x3439), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 309: HTTP, length: 309
HTTP/1.1 400 Bad Request
Server: nginx/1.19.5
Date: Fri, 18 Jun 2021 06:51:21 GMT
Content-Type: text/html
Content-Length: 157
Connection: close


<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.19.5</center>
</body>
</html>
14:51:21.828560 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31194, offset 0, flags [DF], proto TCP (6), length 52)
10.244.2.6.80 > 10.244.0.0.51150: Flags [F.], cksum 0x1814 (incorrect -> 0xdc56), seq 310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0
14:51:21.828678 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 60741, offset 0, flags [DF], proto TCP (6), length 52)
10.244.0.0.51150 > 10.244.2.6.80: Flags [.], cksum 0xdd61 (correct), seq 6, ack 310, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0
14:51:21.828747 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 60742, offset 0, flags [DF], proto TCP (6), length 52)
10.244.0.0.51150 > 10.244.2.6.80: Flags [F.], cksum 0xdd5f (correct), seq 6, ack 311, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0
14:51:21.828765 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31195, offset 0, flags [DF], proto TCP (6), length 52)
10.244.2.6.80 > 10.244.0.0.51150: Flags [.], cksum 0x1814 (incorrect -> 0xdc55), seq 311, ack 7, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0

 

 

10.244.0.0 是 master flannel.1的ip
root@ubuntu:~# ip a | grep 10.244.0.0
    inet 10.244.0.0/32 scope global flannel.1
root@ubuntu:~# 

 

root@ubuntu:~# ip a sh flannel.1
198: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 3a:2b:ed:85:2f:74 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::382b:edff:fe85:2f74/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# 

 

 0a:f9:a2:7f:2f:2a 是cni0的mac
root@cloud:~# ip a | grep 0a:f9:a2:7f:2f:2a
    link/ether 0a:f9:a2:7f:2f:2a brd ff:ff:ff:ff:ff:ff
root@cloud:~# ip a | grep 0a:f9:a2:7f:2f:2a -A 3
    link/ether 0a:f9:a2:7f:2f:2a brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.1/24 brd 10.244.2.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::8f9:a2ff:fe7f:2f2a/64 scope link 
root@cloud:~# ip a sh cni0
15: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether 0a:f9:a2:7f:2f:2a brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.1/24 brd 10.244.2.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::8f9:a2ff:fe7f:2f2a/64 scope link 
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

82:ea:86:37:c3:8d
root@cloud:~# ip a | grep 82:ea:86:37:c3:8d
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

 

在cloud 节点上抓vxlan报文

 

root@cloud:~# tcpdump  -i enahisic2i0  udp and host 10.10.16.82 -eennv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:51:19.079030 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 32281, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.82.22431 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 63, id 60738, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.51150 > 10.244.2.6.80: Flags [S], cksum 0x7b58 (correct), seq 2066571357, win 29200, options [mss 1460,sackOK,TS val 16096779 ecr 0,nop,wscale 7], length 0
14:51:19.079680 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 9365, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.47.48491 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
回复报文
10.244.2.6.80 > 10.244.0.0.51150: Flags [S.], cksum 0xcb33 (correct), seq 2393608867, ack 2066571358, win 64308, options [mss 1410,sackOK,TS val 2683332065 ecr 16096779,nop,wscale 7], length 0 14:51:19.079853 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 32282, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.82.22431 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1 3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 60739, offset 0, flags [DF], proto TCP (6), length 52) 10.244.0.0.51150 > 10.244.2.6.80: Flags [.], cksum 0xf41c (correct), ack 1, win 229, options [nop,nop,TS val 16096780 ecr 2683332065], length 0 14:51:21.828191 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 121: (tos 0x0, ttl 64, id 32342, offset 0, flags [none], proto UDP (17), length 107) 10.10.16.82.22431 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1 3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 63, id 60740, offset 0, flags [DF], proto TCP (6), length 57) 10.244.0.0.51150 > 10.244.2.6.80: Flags [P.], cksum 0xe360 (correct), seq 1:6, ack 1, win 229, options [nop,nop,TS val 16099528 ecr 2683332065], length 5: HTTP 14:51:21.828393 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 9965, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.47.48491 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1 72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 31192, offset 0, flags [DF], proto TCP (6), length 52) 10.244.2.6.80 > 10.244.0.0.51150: Flags [.], cksum 0xdd8c (correct), ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0 14:51:21.828526 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 425: (tos 0x0, ttl 64, id 9966, offset 0, flags [none], proto UDP (17), length 411) 10.10.16.47.48491 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1 72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 63, id 31193, offset 0, flags [DF], proto TCP (6), length 361) 10.244.2.6.80 > 10.244.0.0.51150: Flags [P.], cksum 0x3439 (correct), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 309: HTTP, length: 309 HTTP/1.1 400 Bad Request Server: nginx/1.19.5 Date: Fri, 18 Jun 2021 06:51:21 GMT Content-Type: text/html Content-Length: 157 Connection: close <html> <head><title>400 Bad Request</title></head> <body> <center><h1>400 Bad Request</h1></center> <hr><center>nginx/1.19.5</center> </body> </html> 14:51:21.828576 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 9967, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.47.48491 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1 72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 31194, offset 0, flags [DF], proto TCP (6), length 52) 10.244.2.6.80 > 10.244.0.0.51150: Flags [F.], cksum 0xdc56 (correct), seq 310, ack 6, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0 14:51:21.828659 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 32343, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.82.22431 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1 3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 60741, offset 0, flags [DF], proto TCP (6), length 52) 10.244.0.0.51150 > 10.244.2.6.80: Flags [.], cksum 0xdd61 (correct), ack 310, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0 14:51:21.828734 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 32344, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.82.22431 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1 3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 60742, offset 0, flags [DF], proto TCP (6), length 52) 10.244.0.0.51150 > 10.244.2.6.80: Flags [F.], cksum 0xdd5f (correct), seq 6, ack 311, win 237, options [nop,nop,TS val 16099528 ecr 2683334814], length 0 14:51:21.828793 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 9968, offset 0, flags [none], proto UDP (17), length 102) 10.10.16.47.48491 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1 72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 31195, offset 0, flags [DF], proto TCP (6), length 52) 10.244.2.6.80 > 10.244.0.0.51150: Flags [.], cksum 0xdc55 (correct), ack 7, win 503, options [nop,nop,TS val 2683334814 ecr 16099528], length 0 ^C 10 packets captured 10 packets received by filter 0 packets dropped by kernel

 

 

转发到master上的pod

[root@bogon ~]# telnet 10.10.16.82 30090
Trying 10.10.16.82...
Connected to 10.10.16.82.
Escape character is '^]'.
Connection closed by foreign host.
You have mail in /var/spool/mail/root
[root@bogon ~]

 

 

root@ubuntu:~#  conntrack -L -o ktimestamp | grep 30090
tcp      6 86374 ESTABLISHED src=10.10.16.81 dst=10.10.16.82 sport=59600 dport=30090 src=10.244.0.22 dst=10.244.0.1 sport=80 dport=9351 [ASSURED] mark=0 use=1
conntrack v1.4.4 (conntrack-tools): 157 flow entries have been shown.
root@ubuntu:~# 

 

root@ubuntu:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:03:43.259291 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 63, id 59038, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.1.9351 > 10.244.0.22.80: Flags [S], cksum 0x1226 (correct), seq 1169049935, win 29200, options [mss 1460,sackOK,TS val 16840950 ecr 0,nop,wscale 7], length 0
15:03:43.259337 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.22.80 > 10.244.0.1.9351: Flags [S.], cksum 0x162d (incorrect -> 0x40ca), seq 3025682805, ack 1169049936, win 64308, options [mss 1410,sackOK,TS val 3735122920 ecr 16840950,nop,wscale 7], length 0
15:03:43.259466 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 59039, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.1.9351 > 10.244.0.22.80: Flags [.], cksum 0x69b4 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 16840950 ecr 3735122920], length 0
15:04:43.300895 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 58214, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.0.1.9351: Flags [F.], cksum 0x1625 (incorrect -> 0x7e17), seq 1, ack 1, win 503, options [nop,nop,TS val 3735182961 ecr 16840950], length 0
15:04:43.301177 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 59040, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.1.9351 > 10.244.0.22.80: Flags [F.], cksum 0x949d (correct), seq 1, ack 2, win 229, options [nop,nop,TS val 16900992 ecr 3735182961], length 0
15:04:43.301212 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 58215, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.0.1.9351: Flags [.], cksum 0x1625 (incorrect -> 0x938a), seq 2, ack 2, win 503, options [nop,nop,TS val 3735182962 ecr 16900992], length 0
10.244.0.1是cni0接口的ip不是flannel
root@ubuntu:~# ip a sh cni0
193: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether be:ca:86:22:86:b8 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/24 brd 10.244.0.255 scope global cni0
       valid_lft forever preferred_lft forever
    inet6 fe80::bcca:86ff:fe22:86b8/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# 

 

 

worker节点上的contrack

 

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever

 

root@cloud:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:10:11.390387 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 62, id 24198, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [S], cksum 0x5918 (correct), seq 565778920, win 29200, options [mss 1460,sackOK,TS val 17229084 ecr 0,nop,wscale 7], length 0
15:10:11.390454 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [S.], cksum 0x181c (incorrect -> 0x4fce), seq 2968027747, ack 565778921, win 64308, options [mss 1410,sackOK,TS val 2684464376 ecr 17229084,nop,wscale 7], length 0
15:10:11.390693 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 24199, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [.], cksum 0x78b8 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 17229084 ecr 2684464376], length 0
15:11:11.450903 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 54256, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [F.], cksum 0x1814 (incorrect -> 0x8d08), seq 1, ack 1, win 503, options [nop,nop,TS val 2684524436 ecr 17229084], length 0
15:11:11.451320 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 24200, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [F.], cksum 0xa37b (correct), seq 1, ack 2, win 229, options [nop,nop,TS val 17289145 ecr 2684524436], length 0
15:11:11.451343 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 54257, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [.], cksum 0x1814 (incorrect -> 0xa268), seq 2, ack 2, win 503, options [nop,nop,TS val 2684524437 ecr 17289145], length 0

 

 

root@cloud:~# conntrack -L -o ktimestamp | grep 17110
conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
tcp      6 106 TIME_WAIT src=10.244.0.0 dst=10.244.2.6 sport=17110 dport=80 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=17110 [ASSURED] mark=0 use=1
root@cloud:~# conntrack -L -o ktimestamp | grep 17110
conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
tcp      6 103 TIME_WAIT src=10.244.0.0 dst=10.244.2.6 sport=17110 dport=80 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=17110 [ASSURED] mark=0 use=1
root@cloud:~# ip a sh flannl.1
Device "flannl.1" does not exist.
root@cloud:~# ip a sh flannel.1
14: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether 72:d3:9a:47:fd:43 brd ff:ff:ff:ff:ff:ff
    inet 10.244.2.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::70d3:9aff:fe47:fd43/64 scope link 
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

demo2

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever

 

 

root@cloud:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:10:11.390387 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 62, id 24198, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [S], cksum 0x5918 (correct), seq 565778920, win 29200, options [mss 1460,sackOK,TS val 17229084 ecr 0,nop,wscale 7], length 0
15:10:11.390454 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [S.], cksum 0x181c (incorrect -> 0x4fce), seq 2968027747, ack 565778921, win 64308, options [mss 1410,sackOK,TS val 2684464376 ecr 17229084,nop,wscale 7], length 0
15:10:11.390693 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 24199, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [.], cksum 0x78b8 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 17229084 ecr 2684464376], length 0
15:11:11.450903 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 54256, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [F.], cksum 0x1814 (incorrect -> 0x8d08), seq 1, ack 1, win 503, options [nop,nop,TS val 2684524436 ecr 17229084], length 0
15:11:11.451320 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 24200, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.17110 > 10.244.2.6.80: Flags [F.], cksum 0xa37b (correct), seq 1, ack 2, win 229, options [nop,nop,TS val 17289145 ecr 2684524436], length 0
15:11:11.451343 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 54257, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.17110: Flags [.], cksum 0x1814 (incorrect -> 0xa268), seq 2, ack 2, win 503, options [nop,nop,TS val 2684524437 ecr 17289145], length 0
15:13:54.600850 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 62, id 9591, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.31890 > 10.244.2.6.80: Flags [S], cksum 0xd396 (correct), seq 1670495208, win 29200, options [mss 1460,sackOK,TS val 17452293 ecr 0,nop,wscale 7], length 0
15:13:54.600913 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.31890: Flags [S.], cksum 0x181c (incorrect -> 0x52f7), seq 1541400276, ack 1670495209, win 64308, options [mss 1410,sackOK,TS val 2684687586 ecr 17452293,nop,wscale 7], length 0
15:13:54.601144 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 62, id 9592, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.31890 > 10.244.2.6.80: Flags [.], cksum 0x7be1 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 17452293 ecr 2684687586], length 0

 

master节点上的contrack

root@ubuntu:~# conntrack -L -o ktimestamp | grep 31890
tcp      6 86376 ESTABLISHED src=10.10.16.81 dst=10.10.16.82 sport=59720 dport=30090 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=31890 [ASSURED] mark=0 use=2
conntrack v1.4.4 (conntrack-tools): 158 flow entries have been shown.
root@ubuntu:~# 

worker节点上的contrack

conntrack v1.4.4 (conntrack-tools): 9 flow entries have been shown.
tcp      6 86384 ESTABLISHED src=10.244.0.0 dst=10.244.2.6 sport=31890 dport=80 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=31890 [ASSURED] mark=0 use=1
root@cloud:~# conntrack -L -o ktimestamp | grep 31890
conntrack v1.4.4 (conntrack-tools): 7 flow entries have been shown.
tcp      6 9 TIME_WAIT src=10.244.0.0 dst=10.244.2.6 sport=31890 dport=80 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=31890 [ASSURED] mark=0 use=1
root@cloud:~# 

 

使用etcdctl访问kubernetes数据

Kubenretes1.6中使用etcd V3版本的API,使用etcdctl直接ls的话只能看到/kube-centos一个路径。需要在命令前加上ETCDCTL_API=3这个环境变量才能看到kuberentes在etcd中保存的数据。

root@ubuntu:~/etcd-v3.5.0-linux-arm64# ETCDCTL_API=3 etcdctl get /registry/namespaces/default -w=json|python -m json.tool
Error:  context deadline exceeded
No JSON object could be decoded
root@ubuntu:~/etcd-v3.5.0-linux-arm64# 

 

如果是使用 kubeadm 创建的集群,在 Kubenretes 1.11 中,etcd 默认使用 tls ,这时你可以在 master 节点上使用以下命令来访问 etcd :

root@ubuntu:~/etcd-v3.5.0-linux-arm64#  ETCDCTL_API=3 ./etcdctl --cacert=/etc/kubernetes/pki/etcd/ca.crt \
> --cert=/etc/kubernetes/pki/etcd/peer.crt \
> --key=/etc/kubernetes/pki/etcd/peer.key \
> get /registry/namespaces/default -w=json | jq .
{
  "header": {
    "cluster_id": 755078206002876000,
    "member_id": 9167673865571135000,
    "revision": 46601099,
    "raft_term": 2
  },
  "kvs": [
    {
      "key": "L3JlZ2lzdHJ5L25hbWVzcGFjZXMvZGVmYXVsdA==",
      "create_revision": 152,
      "mod_revision": 152,
      "version": 1,
      "value": "azhzAAoPCgJ2MRIJTmFtZXNwYWNlErIBCpcBCgdkZWZhdWx0EgAaACIAKiQ5MTcxNWVkNy1hM2VjLTQ4MzAtOTk2ZS0zNTM1MmY2Y2Y2NDQyADgAQggIz8il/AUQAHoAigFPCg5rdWJlLWFwaXNlcnZlchIGVXBkYXRlGgJ2MSIICM/IpfwFEAAyCEZpZWxkc1YxOh0KG3siZjpzdGF0dXMiOnsiZjpwaGFzZSI6e319fRIMCgprdWJlcm5ldGVzGggKBkFjdGl2ZRoAIgA="
    }
  ],
  "count": 1
}
root@ubuntu:~/etcd-v3.5.0-linux-arm64# ETCDCTL_API=3 ./etcdctl get /registry/namespaces --prefix -w=json|python -m json.tool
{"level":"warn","ts":"2021-06-18T11:56:38.960+0800","logger":"etcd-client","caller":"v3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0x40004aaa80/#initially=[127.0.0.1:2379]","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection closed"}
Error: context deadline exceeded
No JSON object could be decoded
root@ubuntu:~/etcd-v3.5.0-linux-arm64# 

 

iptables 和30090

worker 节点

root@cloud:~# iptables -nvL -t nat | grep 30090
    0     0 KUBE-MARK-MASQ  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nodeport-svc: */ tcp dpt:30090
    0     0 KUBE-SVC-GFPAJ7EGCNM4QF4H  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nodeport-svc: */ tcp dpt:30090
root@cloud:~# 

 

 

 

 master pod tcpdump

root@ubuntu:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:24:46.235872 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 55, id 38770, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [S], cksum 0xb1ea (correct), seq 799646685, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 857682193 ecr 0], length 0
15:24:46.235924 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.22.80 > 10.244.2.0.19231: Flags [S.], cksum 0x182c (incorrect -> 0x362f), seq 4026376631, ack 799646686, win 64308, options [mss 1410,sackOK,TS val 741064120 ecr 857682193,nop,wscale 7], length 0
15:24:46.237318 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 55, id 38773, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [.], cksum 0x5dfb (correct), seq 1, ack 1, win 513, options [nop,nop,TS val 857682195 ecr 741064120], length 0
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if673: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether ee:ee:d4:3a:73:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.0.22/24 brd 10.244.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ecee:d4ff:fe3a:7367/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# 

 

master tcp vxlan 

访问http://10.10.16.47:30090/从worker封装vxlan转发到master 的 pod

tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:24:46.235778 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 50002, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.47.11568 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 56, id 38770, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [S], cksum 0xb1ea (correct), seq 799646685, win 64240, options [mss 1460,nop,wscale 8,sackOK,TS val 857682193 ecr 0], length 0
15:24:46.235969 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 1499, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.82.58148 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.22.80 > 10.244.2.0.19231: Flags [S.], cksum 0x362f (correct), seq 4026376631, ack 799646686, win 64308, options [mss 1410,sackOK,TS val 741064120 ecr 857682193,nop,wscale 7], length 0
15:24:46.237290 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 50003, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.47.11568 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 56, id 38773, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [.], cksum 0x5dfb (correct), ack 1, win 513, options [nop,nop,TS val 857682195 ecr 741064120], length 0
15:25:31.249957 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 105: (tos 0x0, ttl 64, id 54722, offset 0, flags [none], proto UDP (17), length 91)
    10.10.16.47.59334 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 55: (tos 0x0, ttl 56, id 38782, offset 0, flags [DF], proto TCP (6), length 41)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [.], cksum 0xe528 (correct), seq 0:1, ack 1, win 513, length 1: HTTP
15:25:31.250099 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 128: (tos 0x0, ttl 64, id 7543, offset 0, flags [none], proto UDP (17), length 114)
    10.10.16.82.58148 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 63, id 53960, offset 0, flags [DF], proto TCP (6), length 64)
    10.244.0.22.80 > 10.244.2.0.19231: Flags [.], cksum 0xd108 (correct), ack 1, win 503, options [nop,nop,TS val 741109134 ecr 857682195,nop,nop,sack 1 {0:1}], length 0
15:25:46.246753 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 9669, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.82.58148 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 53961, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.2.0.19231: Flags [F.], cksum 0x7398 (correct), seq 1, ack 1, win 503, options [nop,nop,TS val 741124131 ecr 857682195], length 0
15:25:46.249499 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 57649, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.47.59334 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 56, id 38784, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.0.19231 > 10.244.0.22.80: Flags [.], cksum 0x8921 (correct), ack 2, win 513, options [nop,nop,TS val 857742207 ecr 741124131], length 0
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel
root@ubuntu:~# 

 

 

master节点

root@ubuntu:~# iptables -nvL -t nat | grep 30090
   12   720 KUBE-MARK-MASQ  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nodeport-svc: */ tcp dpt:30090
   12   720 KUBE-SVC-GFPAJ7EGCNM4QF4H  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/nodeport-svc: */ tcp dpt:30090
root@ubuntu:~# 

 

 

 

tartgetport

root@ubuntu:~# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP          244d
my-nginx       ClusterIP   10.110.79.116    <none>        8280/TCP         37d
my-nginx-np    NodePort    10.99.1.231      <none>        8081:31199/TCP   36d
nodeport-svc   NodePort    10.97.11.232     <none>        3000:30090/TCP   60m
web2           NodePort    10.110.171.213   <none>        8097:31866/TCP   20d

 

master 节点

root@ubuntu:~# telnet 10.97.11.232 3000
Trying 10.97.11.232...
Connected to 10.97.11.232.
Escape character is '^]'.
^CConnection closed by foreign host.
root@ubuntu:~#

 

root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if673: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether ee:ee:d4:3a:73:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.0.22/24 brd 10.244.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ecee:d4ff:fe3a:7367/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:38:01.400552 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 47011, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.1.22003 > 10.244.0.22.80: Flags [S], cksum 0x162d (incorrect -> 0x6ed9), seq 2804599892, win 64240, options [mss 1460,sackOK,TS val 1489413550 ecr 0,nop,wscale 7], length 0
15:38:01.400599 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.22.80 > 10.244.0.1.22003: Flags [S.], cksum 0x162d (incorrect -> 0xba83), seq 2185197484, ack 2804599893, win 64308, options [mss 1410,sackOK,TS val 3737181061 ecr 1489413550,nop,wscale 7], length 0
15:38:01.400652 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 47012, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.1.22003 > 10.244.0.22.80: Flags [.], cksum 0x1625 (incorrect -> 0xe25c), seq 1, ack 1, win 502, options [nop,nop,TS val 1489413550 ecr 3737181061], length 0
15:38:04.725599 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 64, id 47013, offset 0, flags [DF], proto TCP (6), length 57)
    10.244.0.1.22003 > 10.244.0.22.80: Flags [P.], cksum 0x162a (incorrect -> 0xcf5f), seq 1:6, ack 1, win 502, options [nop,nop,TS val 1489416875 ecr 3737181061], length 5: HTTP
15:38:04.725633 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 3162, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.0.1.22003: Flags [.], cksum 0x1625 (incorrect -> 0xc85c), seq 1, ack 6, win 503, options [nop,nop,TS val 3737184386 ecr 1489416875], length 0
15:38:04.725812 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 64, id 3163, offset 0, flags [DF], proto TCP (6), length 361)
    10.244.0.22.80 > 10.244.0.1.22003: Flags [P.], cksum 0x175a (incorrect -> 0x1b1e), seq 1:310, ack 6, win 503, options [nop,nop,TS val 3737184386 ecr 1489416875], length 309: HTTP, length: 309
        HTTP/1.1 400 Bad Request
        Server: nginx/1.21.0
        Date: Fri, 18 Jun 2021 07:38:04 GMT
        Content-Type: text/html
        Content-Length: 157
        Connection: close

        <html>
        <head><title>400 Bad Request</title></head>
        <body>
        <center><h1>400 Bad Request</h1></center>
        <hr><center>nginx/1.21.0</center>
        </body>
        </html>
15:38:04.725918 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 47014, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.1.22003 > 10.244.0.22.80: Flags [.], cksum 0x1625 (incorrect -> 0xc729), seq 6, ack 310, win 501, options [nop,nop,TS val 1489416875 ecr 3737184386], length 0
15:38:04.725949 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 3164, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.0.1.22003: Flags [F.], cksum 0x1625 (incorrect -> 0xc726), seq 310, ack 6, win 503, options [nop,nop,TS val 3737184386 ecr 1489416875], length 0
15:38:04.726018 be:ca:86:22:86:b8 > ee:ee:d4:3a:73:67, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 47015, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.1.22003 > 10.244.0.22.80: Flags [F.], cksum 0x1625 (incorrect -> 0xc727), seq 6, ack 311, win 501, options [nop,nop,TS val 1489416875 ecr 3737184386], length 0
15:38:04.726040 ee:ee:d4:3a:73:67 > be:ca:86:22:86:b8, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 3165, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.22.80 > 10.244.0.1.22003: Flags [.], cksum 0x1625 (incorrect -> 0xc725), seq 311, ack 7, win 503, options [nop,nop,TS val 3737184386 ecr 1489416875], length 0

 

第二次telnet 转发到worker节点

 

root@ubuntu:~# telnet  10.97.11.232   3000
Trying 10.97.11.232...
Connected to 10.97.11.232.
Escape character is '^]'.
^CConnection closed by foreign host.
root@ubuntu:~# 

 

root@cloud:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:38:39.005965 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 63, id 54603, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.19739 > 10.244.2.6.80: Flags [S], cksum 0xa6c7 (correct), seq 1688161016, win 64240, options [mss 1460,sackOK,TS val 1489451152 ecr 0,nop,wscale 7], length 0
15:38:39.006028 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.19739: Flags [S.], cksum 0x181c (incorrect -> 0x95c3), seq 353214560, ack 1688161017, win 64308, options [mss 1410,sackOK,TS val 2686171991 ecr 1489451152,nop,wscale 7], length 0
15:38:39.006188 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 54604, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.19739 > 10.244.2.6.80: Flags [.], cksum 0xbd9c (correct), seq 1, ack 1, win 502, options [nop,nop,TS val 1489451152 ecr 2686171991], length 0
15:38:41.193491 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 63, id 54605, offset 0, flags [DF], proto TCP (6), length 57)
    10.244.0.0.19739 > 10.244.2.6.80: Flags [P.], cksum 0xaf11 (correct), seq 1:6, ack 1, win 502, options [nop,nop,TS val 1489453339 ecr 2686171991], length 5: HTTP
15:38:41.193534 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 63679, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.19739: Flags [.], cksum 0x1814 (incorrect -> 0xac7f), seq 1, ack 6, win 503, options [nop,nop,TS val 2686174179 ecr 1489453339], length 0
15:38:41.193606 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 64, id 63680, offset 0, flags [DF], proto TCP (6), length 361)
    10.244.2.6.80 > 10.244.0.0.19739: Flags [P.], cksum 0x1949 (incorrect -> 0x0423), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2686174179 ecr 1489453339], length 309: HTTP, length: 309
        HTTP/1.1 400 Bad Request
        Server: nginx/1.19.5
        Date: Fri, 18 Jun 2021 07:38:41 GMT
        Content-Type: text/html
        Content-Length: 157
        Connection: close

        <html>
        <head><title>400 Bad Request</title></head>
        <body>
        <center><h1>400 Bad Request</h1></center>
        <hr><center>nginx/1.19.5</center>
        </body>
        </html>
15:38:41.193659 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 63681, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.19739: Flags [F.], cksum 0x1814 (incorrect -> 0xab49), seq 310, ack 6, win 503, options [nop,nop,TS val 2686174179 ecr 1489453339], length 0
15:38:41.193725 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 54606, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.19739 > 10.244.2.6.80: Flags [.], cksum 0xab4c (correct), seq 6, ack 310, win 501, options [nop,nop,TS val 1489453339 ecr 2686174179], length 0
15:38:41.193799 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 54607, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.19739 > 10.244.2.6.80: Flags [F.], cksum 0xab4a (correct), seq 6, ack 311, win 501, options [nop,nop,TS val 1489453339 ecr 2686174179], length 0
15:38:41.193818 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 63682, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.19739: Flags [.], cksum 0x1814 (incorrect -> 0xab48), seq 311, ack 7, win 503, options [nop,nop,TS val 2686174179 ecr 1489453339], length 0
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# 

 

root@ubuntu:~#  conntrack -L -o ktimestamp | grep 19739 
tcp      6 26 TIME_WAIT src=10.10.16.82 dst=10.97.11.232 sport=46522 dport=3000 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=19739 [ASSURED] mark=0 use=1
conntrack v1.4.4 (conntrack-tools): 160 flow entries have been shown.
root@ubuntu:~# 

 

 

root@ubuntu:~# iptables -nvL -t nat | grep 10.97.11.232
    3   180 KUBE-MARK-MASQ  tcp  --  *      *      !10.244.0.0/16        10.97.11.232         /* default/nodeport-svc: cluster IP */ tcp dpt:3000
    3   180 KUBE-SVC-GFPAJ7EGCNM4QF4H  tcp  --  *      *       0.0.0.0/0            10.97.11.232         /* default/nodeport-svc: cluster IP */ tcp dpt:3000
root@ubuntu:~# 

 

tcpdump vxlan

root@ubuntu:~# telnet  10.97.11.232   3000
Trying 10.97.11.232...
Connected to 10.97.11.232.
Escape character is '^]'.
^CConnection closed by foreign host.
root@ubuntu:~#  conntrack -L -o ktimestamp | grep 1222
tcp      6 76 TIME_WAIT src=10.10.16.82 dst=10.97.11.232 sport=48714 dport=3000 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=1222 [ASSURED] mark=0 use=1
conntrack v1.4.4 (conntrack-tools): 160 flow entries have been shown.
root@ubuntu:~# 

 

root@cloud:~# conntrack -L -o ktimestamp | grep 1222
conntrack v1.4.4 (conntrack-tools): 7 flow entries have been shown.
tcp      6 49 TIME_WAIT src=10.244.0.0 dst=10.244.2.6 sport=1222 dport=80 src=10.244.2.6 dst=10.244.0.0 sport=80 dport=1222 [ASSURED] mark=0 use=1
root@cloud:~# 

 

 

root@cloud:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default 
    link/ether 82:ea:86:37:c3:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.244.2.6/24 brd 10.244.2.255 scope global eth0
       valid_lft forever preferred_lft forever
root@cloud:~# tcpdump -i eth0 tcp and port 80 -ennvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:45:04.478443 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 63, id 63071, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [S], cksum 0x2957 (correct), seq 2769809023, win 64240, options [mss 1460,sackOK,TS val 1489836624 ecr 0,nop,wscale 7], length 0
15:45:04.478509 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [S.], cksum 0x181c (incorrect -> 0xa563), seq 2111359165, ack 2769809024, win 64308, options [mss 1410,sackOK,TS val 2686557464 ecr 1489836624,nop,wscale 7], length 0
15:45:04.478825 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 63072, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [.], cksum 0xcd3c (correct), seq 1, ack 1, win 502, options [nop,nop,TS val 1489836624 ecr 2686557464], length 0
15:45:05.380852 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 63, id 63073, offset 0, flags [DF], proto TCP (6), length 57)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [P.], cksum 0xc3b6 (correct), seq 1:6, ack 1, win 502, options [nop,nop,TS val 1489837526 ecr 2686557464], length 5: HTTP
15:45:05.380874 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 25132, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [.], cksum 0x1814 (incorrect -> 0xc62a), seq 1, ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 0
15:45:05.380935 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 64, id 25133, offset 0, flags [DF], proto TCP (6), length 361)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [P.], cksum 0x1949 (incorrect -> 0x18d5), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 309: HTTP, length: 309
        HTTP/1.1 400 Bad Request
        Server: nginx/1.19.5
        Date: Fri, 18 Jun 2021 07:45:05 GMT
        Content-Type: text/html
        Content-Length: 157
        Connection: close

        <html>
        <head><title>400 Bad Request</title></head>
        <body>
        <center><h1>400 Bad Request</h1></center>
        <hr><center>nginx/1.19.5</center>
        </body>
        </html>
15:45:05.380997 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 25134, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [F.], cksum 0x1814 (incorrect -> 0xc4f4), seq 310, ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 0
15:45:05.381085 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 63074, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [.], cksum 0xc4f7 (correct), seq 6, ack 310, win 501, options [nop,nop,TS val 1489837526 ecr 2686558366], length 0
15:45:05.381259 0a:f9:a2:7f:2f:2a > 82:ea:86:37:c3:8d, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 63, id 63075, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [F.], cksum 0xc4f5 (correct), seq 6, ack 311, win 501, options [nop,nop,TS val 1489837526 ecr 2686558366], length 0
15:45:05.381277 82:ea:86:37:c3:8d > 0a:f9:a2:7f:2f:2a, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 25135, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [.], cksum 0x1814 (incorrect -> 0xc4f2), seq 311, ack 7, win 503, options [nop,nop,TS val 2686558367 ecr 1489837526], length 0

 

vxlan

root@cloud:~# tcpdump  -i enahisic2i0  udp and host 10.10.16.82 -eennv
tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture size 262144 bytes
15:45:03.458416 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 48686, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.82.34152 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 63070, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [S], cksum 0x2d53 (correct), seq 2769809023, win 64240, options [mss 1460,sackOK,TS val 1489835604 ecr 0,nop,wscale 7], length 0
15:45:04.478372 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 48882, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.82.34588 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 63071, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [S], cksum 0x2957 (correct), seq 2769809023, win 64240, options [mss 1460,sackOK,TS val 1489836624 ecr 0,nop,wscale 7], length 0
15:45:04.478570 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 124: (tos 0x0, ttl 64, id 65355, offset 0, flags [none], proto UDP (17), length 110)
    10.10.16.47.58500 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [S.], cksum 0xa563 (correct), seq 2111359165, ack 2769809024, win 64308, options [mss 1410,sackOK,TS val 2686557464 ecr 1489836624,nop,wscale 7], length 0
15:45:04.478801 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 48883, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.82.34588 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 63072, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [.], cksum 0xcd3c (correct), ack 1, win 502, options [nop,nop,TS val 1489836624 ecr 2686557464], length 0
15:45:05.380826 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 121: (tos 0x0, ttl 64, id 49016, offset 0, flags [none], proto UDP (17), length 107)
    10.10.16.82.34588 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 71: (tos 0x10, ttl 64, id 63073, offset 0, flags [DF], proto TCP (6), length 57)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [P.], cksum 0xc3b6 (correct), seq 1:6, ack 1, win 502, options [nop,nop,TS val 1489837526 ecr 2686557464], length 5: HTTP
15:45:05.380894 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 65476, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.47.58500 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 25132, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [.], cksum 0xc62a (correct), ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 0
15:45:05.380974 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 425: (tos 0x0, ttl 64, id 65477, offset 0, flags [none], proto UDP (17), length 411)
    10.10.16.47.58500 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 375: (tos 0x0, ttl 63, id 25133, offset 0, flags [DF], proto TCP (6), length 361)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [P.], cksum 0x18d5 (correct), seq 1:310, ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 309: HTTP, length: 309
        HTTP/1.1 400 Bad Request
        Server: nginx/1.19.5
        Date: Fri, 18 Jun 2021 07:45:05 GMT
        Content-Type: text/html
        Content-Length: 157
        Connection: close

        <html>
        <head><title>400 Bad Request</title></head>
        <body>
        <center><h1>400 Bad Request</h1></center>
        <hr><center>nginx/1.19.5</center>
        </body>
        </html>
15:45:05.381012 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 65478, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.47.58500 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 25134, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [F.], cksum 0xc4f4 (correct), seq 310, ack 6, win 503, options [nop,nop,TS val 2686558366 ecr 1489837526], length 0
15:45:05.381071 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 49017, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.82.34588 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 63074, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [.], cksum 0xc4f7 (correct), ack 310, win 501, options [nop,nop,TS val 1489837526 ecr 2686558366], length 0
15:45:05.381240 48:57:02:64:e7:ab > 9c:52:f8:67:c4:d3, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 49018, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.82.34588 > 10.10.16.47.8472: OTV, flags [I] (0x08), overlay 0, instance 1
3a:2b:ed:85:2f:74 > 72:d3:9a:47:fd:43, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 63075, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.0.0.1222 > 10.244.2.6.80: Flags [F.], cksum 0xc4f5 (correct), seq 6, ack 311, win 501, options [nop,nop,TS val 1489837526 ecr 2686558366], length 0
15:45:05.381298 9c:52:f8:67:c4:d3 > 48:57:02:64:e7:ab, ethertype IPv4 (0x0800), length 116: (tos 0x0, ttl 64, id 65479, offset 0, flags [none], proto UDP (17), length 102)
    10.10.16.47.58500 > 10.10.16.82.8472: OTV, flags [I] (0x08), overlay 0, instance 1
72:d3:9a:47:fd:43 > 3a:2b:ed:85:2f:74, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 63, id 25135, offset 0, flags [DF], proto TCP (6), length 52)
    10.244.2.6.80 > 10.244.0.0.1222: Flags [.], cksum 0xc4f2 (correct), ack 7, win 503, options [nop,nop,TS val 2686558367 ecr 1489837526], length 0

 

 

worker节点也能访问service ip

root@cloud:~#  telnet 10.97.11.232 3000
Trying 10.97.11.232...
Connected to 10.97.11.232.
Escape character is '^]'.
^CConnection closed by foreign host.
root@cloud:~# 

 

 

root@cloud:~# iptables -nvL -t nat | grep 10.97.11.232
    1    60 KUBE-MARK-MASQ  tcp  --  *      *      !10.244.0.0/16        10.97.11.232         /* default/nodeport-svc: cluster IP */ tcp dpt:3000
    1    60 KUBE-SVC-GFPAJ7EGCNM4QF4H  tcp  --  *      *       0.0.0.0/0            10.97.11.232         /* default/nodeport-svc: cluster IP */ tcp dpt:3000
root@cloud:~# 

 

Pod 打散调度

k8s网络之flannel(vxlan)

 

Flannel 和etcd

 

使用etcdctl访问kubernetes数据

Kubernetes中的网络解析——以flannel为例

posted on 2021-06-18 10:30  tycoon3  阅读(485)  评论(0编辑  收藏  举报

导航