我似乎无法找出这个在亚马逊EC2上的IP别名。 我知道这应该是直接转向。
总之,我有两个问题(我的情景细节在问题之后),优先:
configuration文件是我的第二个问题,看到我甚至无法通过CLI进行路由。
这是我默认的:
eth0 Link encap:Ethernet HWaddr 0a:64:bd:67:d6:4a inet addr:172.31.16.15 Bcast:172.31.31.255 Mask:255.255.240.0 inet6 addr: fe80::864:bdff:fe67:d64a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:266 errors:0 dropped:0 overruns:0 frame:0 TX packets:257 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29714 (29.7 KB) TX bytes:29843 (29.8 KB) 使用以下路由表:
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.16.1 0.0.0.0 UG 0 0 0 eth0 172.31.16.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
我想要的是:
eth0 -> 172.31.16.15 eth0:0 -> 172.31.16.100 eth0:1 -> 172.31.16.101
当然,正确的路线(我认为这是事情出错的地方),以便我能够成功地完成这个工作:
1. telnet -b 172.31.16.15 172.31.16.20 5222 2. telnet -b 172.31.16.100 172.31.16.20 5222 3. telnet -b 172.31.16.101 172.31.16.20 5222
即使ping只能从172.31.16.15 ip:
1. ping -I 172.31.16.15 172.31.16.20 2. ping -I 172.31.16.100 172.31.16.20 3. ping -I 172.31.16.101 172.31.16.20
只有[1]适用于上面的telnet和ping命令。
当我做telnet命令的时候,我把tcpdump的stream量,结果如下:
For 172.31.16.15 when it works:
12:58:14.082176 IP (tos 0x10, ttl 64, id 59547, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.15.26798 > 172.31.16.20.5222: Flags [S], cksum 0x7890 (incorrect -> 0x455e), seq 2790518412, win 29200, options [mss 1460,sackOK,TS val 2360855 ecr 0,nop,wscale 7], length 0 12:58:14.082848 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.20.5222 > 172.31.16.15.26798: Flags [S.], cksum 0xfb9b (correct), seq 1051320718, ack 2790518413, win 28960, options [mss 1460,sackOK,TS val 2304582 ecr 2360855,nop,wscale 7], length 0 12:58:14.082877 IP (tos 0x10, ttl 64, id 59548, offset 0, flags [DF], proto TCP (6), length 52) 172.31.16.15.26798 > 172.31.16.20.5222: Flags [.], cksum 0x7888 (incorrect -> 0x9aa3), ack 1, win 229, options [nop,nop,TS val 2360855 ecr 2304582], length 0
For 172.31.16.100 when it doesn't work (also, nothing arrives at receiving end):
12:59:01.001723 IP (tos 0x10, ttl 64, id 45034, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf906), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2372585 ecr 0,nop,wscale 7], length 0 12:59:02.000831 IP (tos 0x10, ttl 64, id 45035, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf80c), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2372835 ecr 0,nop,wscale 7], length 0 12:59:04.004827 IP (tos 0x10, ttl 64, id 45036, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf617), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2373336 ecr 0,nop,wscale 7], length 0 12:59:08.012822 IP (tos 0x10, ttl 64, id 45037, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xf22d), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2374338 ecr 0,nop,wscale 7], length 0 12:59:16.036831 IP (tos 0x10, ttl 64, id 45038, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xea57), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2376344 ecr 0,nop,wscale 7], length 0 12:59:32.068840 IP (tos 0x10, ttl 64, id 45039, offset 0, flags [DF], proto TCP (6), length 60) 172.31.16.100.17006 > 172.31.16.20.5222: Flags [S], cksum 0x78e5 (incorrect -> 0xdaaf), seq 1028496387, win 29200, options [mss 1460,sackOK,TS val 2380352 ecr 0,nop,wscale 7], length 0
我已经在/ etc / network / interfaces中试过了:
auto eth0:0 iface eth0:0 inet static address 172.31.16.100 netmask 255.255.240.0 broadcast 172.31.31.255 network 172.31.16.0 gateway 172.31.16.1 auto eth0:1 iface eth0:1 inet static address 172.31.16.101 netmask 255.255.240.0 broadcast 172.31.31.255 network 172.31.16.0 gateway 172.31.16.1
当我重新启动networking时,它不会生效。 另外,当我重新启动机器,我也不能ssh到它再次。 似乎有些事情会起作用,但显然是非常错误的。
我也做了CLI的sudo ifconfig方式:
$ sudo ifconfig eth0:0 172.31.16.100 netmask 255.255.240.0 broadcast 172.31.31.255 up $ sudo ifconfig eth0:1 172.31.16.101 netmask 255.255.240.0 broadcast 172.31.31.255 up
我的IP别名立即生效:
$ ifconfig eth0 Link encap:Ethernet HWaddr 0a:64:bd:67:d6:4a inet addr:172.31.16.15 Bcast:172.31.31.255 Mask:255.255.240.0 inet6 addr: fe80::864:bdff:fe67:d64a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1224 errors:0 dropped:0 overruns:0 frame:0 TX packets:943 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:93498 (93.4 KB) TX bytes:118463 (118.4 KB) eth0:0 Link encap:Ethernet HWaddr 0a:64:bd:67:d6:4a inet addr:172.31.16.100 Bcast:172.31.31.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:1 Link encap:Ethernet HWaddr 0a:64:bd:67:d6:4a inet addr:172.31.16.101 Bcast:172.31.31.255 Mask:255.255.240.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
与路由表仍然看起来一样:
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.16.1 0.0.0.0 UG 0 0 0 eth0 172.31.16.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
但是我又不能像上面[2]和[3]所描述的那样做telnet了。
另外,input以下命令(并刷新路由表)之后:
echo 200 EJ0 >> /etc/iproute2/rt_tables echo 201 EJ1 >> /etc/iproute2/rt_tables ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100 table EJ0 ip route add default via 172.31.16.1 table EJ0 ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101 table EJ1 ip route add default via 172.31.16.1 table EJ1 ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100 ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101 ip rule add from 172.31.16.100 table EJ0 ip rule add from 172.31.16.101 table EJ1
ping和telnet命令仍然不起作用。
更多信息:
$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 0a:64:bd:67:d6:4a brd ff:ff:ff:ff:ff:ff inet 172.31.16.15/20 brd 172.31.31.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.31.16.100/20 brd 172.31.31.255 scope global secondary eth0:0 valid_lft forever preferred_lft forever inet 172.31.16.101/20 brd 172.31.31.255 scope global secondary eth0:1 valid_lft forever preferred_lft forever inet6 fe80::864:bdff:fe67:d64a/64 scope link valid_lft forever preferred_lft forever
和
$ ip route show default via 172.31.16.1 dev eth0 172.31.16.0 dev eth0 scope link src 172.31.16.100 172.31.16.0/20 dev eth0 proto kernel scope link src 172.31.16.15
这是为了使HAProxy可以成功连接到一个ejabberd实例,但是通过两个不同的src IP(eth0:0和eth0:1)来完成。
任何build议最受欢迎,吨赞赏。
亚马逊EC2 VPC确实可以实现IP别名!
如果您正在使用Ubuntu Linux(就像我现在一样),您仍然需要为Linux添加您的IP别名, 但是关键的部分是在Amazon EC2控制台本身上进行额外的configuration,如下所示Multiple私人IP地址 。
感谢所有您的意见和贡献。
类似于路由,当linux在同一个networking中find多个实体时,它将使用第一个匹配的路由/接口到达那里。 在这种情况下,它是eth0和172.31.16.15 。
为了使linux使用这些别名作为源地址,并且作为完整的function接口,您需要创build多个路由表,每个虚拟接口一个。
echo 200 EJ0 >> /etc/iproute2/rt_tables
echo 201 EJ1 >> /etc/iproute2/rt_tables
添加路线
ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100 table EJ0
ip route add default via 172.31.16.1 table EJ0
ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101 table EJ1
ip route add default via 172.31.16.1 table EJ1
然后告诉主表。
ip route add 172.31.16.0 dev eth0:0 src 172.31.16.100
ip route add 172.31.16.0 dev eth0:1 src 172.31.16.101
然后添加规则
ip rule add from 172.31.16.100 table EJ0
ip rule add from 172.31.16.101 table EJ1
很多这从采取的有用的Linux政策路由页面