环境:
基于provider network, vlan ,subnet 运营商网络创建vm, net1归属 underlay provider network。
然后会必现一个问题,目前怀疑是arp的冲突检测可能有点问题
- 创建网桥和veth-pair
建一个网桥
dnf install bridge-utils
brctl addbr br0
ip link set br0 up
ip addr add 192.168.0.254/24 dev br0
建一对veth-pair,一端放到网桥上,一端放到ns内
ip link add veth0 type veth peer name veth1
brctl addif br0 veth0
ip link set veth0 up
ip netns add test
ip link set veth1 netns test
ip netns exec test bash
ip link set veth1 up
ip link set lo up
ip addr add 192.168.0.1/24 dev veth1
ip route replace default via 192.168.0.254 dev veth1
ping -c 1 192.168.0.254
创建一个tap设备用于模拟ip冲突
ip tuntap add tap0 mode tap
# ip tuntap del tap0 mode tap
brctl addif br0 tap0
ip link set tap0 up
# 配置一个非冲突主ip测试连通性
ip addr add 192.168.0.100/24 dev tap0
[root@mst # ping -c 1 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.072 ms
## 可以看到和veth1 联通性没问题
- 测试arp-scan 检测ip冲突
# 再创建一个tap1,用于配置冲突的ip
ip tuntap add tap1 mode tap
ip link set tap1 up
ip addr add 192.168.0.1/24 dev tap1
# ip addr del 192.168.0.1/24 dev tap1
ip netns exec test bash
[root@mst # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: veth1@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 66:c4:54:2d:b2:28 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.1/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::64c4:54ff:fe2d:b228/64 scope link
valid_lft forever preferred_lft forever
arp-scan --interface=veth1 --localnet
# 当冲突的时候检测不到
# 可以使用arp -D -I
arping -D -I veth1 192.168.0.1; echo $?
