先说结论: 有些人连 nginx 是否监听在 ipv6 地址上都不知道, 以为监听在 ipv4,就能通 ipv6
headless svc
[root@csy-wx-pm-os01-eis-node01 deployer]# k get svc -n wy426 -o wide | grep None
aaaaaa666666 ClusterIP None <none> 57777/TCP 16h eis.io/creator=admin,kind=deployment,workload=ng
wya22 ClusterIP None <none> 53687/TCP 20h kind=deployment,workload=wy520y
wyaa1123 ClusterIP None <none> 53421/TCP 16h eis.io/creator=admin,kind=deployment,workload=ng
wysv02 ClusterIP None <none> 63333/TCP 21h kind=statefulset,workload=wy-c20
kubectl get endpoints <headless-service-name>
nslookup aaaaaa666666.wy426
[root@csy-wx-pm-os01-eis-node01 deployer]# k exec -it -n kube-system kube-ovn-pinger-44p9f -- bash
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn# nslookup aaaaaa666666.wy426
Server: 10.233.0.10
Address: 10.233.0.10#53
Name: aaaaaa666666.wy426.svc.cluster.local
Address: 10.222.7.20
root@kube-ovn-pinger-44p9f:/kube-ovn# curl nslookup aaaaaa666666.wy426
curl: (6) Could not resolve host: nslookup
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
v4 headless 正常
###### 检查 v6
nslookup wyaa1123.wy426
[root@csy-wx-pm-os01-eis-node01 deployer]# k get ep -n wy426 wyaa1123
NAME ENDPOINTS AGE
wyaa1123 [fd11:1111:1111::714]:80 17h
curl -6 [fd11:1111:1111::714]:80
[root@csy-wx-pm-os01-eis-node01 deployer]# k exec -it -n kube-system kube-ovn-pinger-44p9f -- bash
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2172: eth0@if2173: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether 00:00:00:3a:6e:8e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.222.0.14/18 brd 10.222.63.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fd11:1111:1111::e/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::200:ff:fe3a:6e8e/64 scope link
valid_lft forever preferred_lft forever
root@kube-ovn-pinger-44p9f:/kube-ovn# ping fd11:1111:1111::714
ping: unknown host
root@kube-ovn-pinger-44p9f:/kube-ovn# ping -6 fd11:1111:1111::714
ping: invalid option -- '6'
Try 'ping --help' or 'ping --usage' for more information.
root@kube-ovn-pinger-44p9f:/kube-ovn# ping6 fd11:1111:1111::714
PING fd11:1111:1111::714 (fd11:1111:1111::714): 56 data bytes
64 bytes from fd11-1111-1111--714.wyaa1123.wy426.svc.cluster.local: icmp_seq=0 ttl=64 time=1.944 ms
64 bytes from fd11-1111-1111--714.a888889.wy426.svc.cluster.local: icmp_seq=1 ttl=64 time=0.227 ms
^C--- fd11:1111:1111::714 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.227/1.085/1.944/0.859 ms
root@kube-ovn-pinger-44p9f:/kube-ovn# curl fd11:1111:1111::714
curl: (3) URL using bad/illegal format or missing URL
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn# curl [fd11:1111:1111::714]:80
curl: (7) Failed to connect to fd11:1111:1111::714 port 80 after 1 ms: Connection refused
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn# telnet
bash: telnet: command not found
root@kube-ovn-pinger-44p9f:/kube-ovn# curl -6 [fd11:1111:1111::714]:80
curl: (7) Failed to connect to fd11:1111:1111::714 port 80 after 2 ms: Connection refused
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
root@kube-ovn-pinger-44p9f:/kube-ovn#
ping -6 通, curl 不通, 应该 nginx 启动的有问题,自己用 netshoot 起一个 python http 试试
root@kube-ovn-pinger-44p9f:/kube-ovn# nslookup wyaa1123.wy426
Server: 10.233.0.10
Address: 10.233.0.10#53
Name: wyaa1123.wy426.svc.cluster.local
Address: fd11:1111:1111::714
root@kube-ovn-pinger-44p9f:/kube-ovn#
[root@csy-wx-pm-os01-eis-node01 deployer]# k get ip | grep fd11:1111:1111::714
ng-78b8d4b564-gvxbh.wy426 10.222.7.20 fd11:1111:1111::714 00:00:00:8C:94:87 csy-wx-pm-os01-eis-node01 ovn-default
[root@csy-wx-pm-os01-eis-node01 deployer]#
[root@csy-wx-pm-os01-eis-node01 deployer]#
[root@csy-wx-pm-os01-eis-node01 deployer]#
[root@csy-wx-pm-os01-eis-node01 deployer]# k get po -A -o wide | grep ng-78b8d4b564-gvxbh
wy426 ng-78b8d4b564-gvxbh 1/1 Running 0 20h 10.222.7.20 csy-wx-pm-os01-eis-node01 <none> <none>
[root@csy-wx-pm-os01-eis-node01 deployer]#
经查看 pod 内没有监听在 ipv6 上
[root@csy-wx-pm-os01-eis-node01 deployer]# k exec -it -n wy426 ng-78b8d4b564-gvxbh -- bash
root@ng-78b8d4b564-gvxbh:/#
root@ng-78b8d4b564-gvxbh:/#
root@ng-78b8d4b564-gvxbh:/# ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 * -1662761596 * -1662761595
u_str ESTAB 0 0 * -1662761595 * -1662761596
root@ng-78b8d4b564-gvxbh:/# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=1,fd=6))
root@ng-78b8d4b564-gvxbh:/#
root@ng-78b8d4b564-gvxbh:/#
如何区分是否监听 tcp6
1. netstat -ntlp 正确的监听在 ipv6,会显示 tcp6
# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29391/nginx: master
tcp6 0 0 :::80 :::* LISTEN 29391/nginx: master
2. ss -tunlp 对比 netstat -tunlp
(v) root@u24:~# ss -tunlp | grep 80
tcp LISTEN 0 5 0.0.0.0:80 0.0.0.0:* users:(("python3",pid=1548078,fd=3))
tcp LISTEN 0 1024 127.0.0.1:38049 0.0.0.0:* users:(("code-dc96b837cf",pid=1013640,fd=9))
tcp LISTEN 0 5 *:8000 *:* users:(("python3",pid=1518617,fd=3))
(v) root@u24:~# netstat -tunlp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1548078/python3 # 这种是单栈 V4
tcp 0 0 127.0.0.1:38049 0.0.0.0:* LISTEN 1013640/code-dc96b8
tcp6 0 0 :::8000 :::* LISTEN 1518617/python3 # 单栈V6
(v) root@u24:~#
ss 只能通过 ip 类型来区分是否监听在 ipv6 地址。 而 netnstat 显示了 tcp6 可以更方便。
###### 单栈 v6 监听
(v) root@u24:~/feat/test/kovn# python3 -m http.server -b :: 8000
Serving HTTP on :: port 8000 (http://[::]:8000/) ...
::ffff:127.0.0.1 - - [21/May/2024 08:57:38] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 08:58:01] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 09:08:09] "GET / HTTP/1.1" 200 -
::ffff:127.0.0.1 - - [21/May/2024 09:08:20] "GET / HTTP/1.1" 200 - # 这里 V4 地址被转义为 V6 地址
::ffff:127.0.0.1 - - [21/May/2024 09:08:45] "GET / HTTP/1.1" 200 -
::ffff:127.0.0.1 - - [21/May/2024 09:09:14] "GET / HTTP/1.1" 200 -
::ffff:127.0.0.1 - - [21/May/2024 09:09:23] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 09:09:43] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 09:09:51] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 09:09:53] "GET / HTTP/1.1" 200 -
::1 - - [21/May/2024 09:09:58] "GET / HTTP/1.1" 200 -
###### 测试
(v) root@u24:~# curl -sk http://127.0.0.1:8000/ | grep html
<html lang="en">
</html>
(v) root@u24:~#
(v) root@u24:~# curl -6sk http://[::]:8000/ | grep html # 这个请求被转义为 v6 地址
<html lang="en">
</html>
###### 单栈 v4 监听
(v) root@u24:~# python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
127.0.0.1 - - [21/May/2024 09:10:50] "GET / HTTP/1.1" 200 -
###### 测试
(v) root@u24:~# curl -6 http://[::]:80/
curl: (7) Failed to connect to :: port 80 after 0 ms: Couldn't connect to server
(v) root@u24:~# curl -sk http://127.0.0.1/ | grep html
<html lang="en">
</html>
总结: 双栈往往监听在同一个 端口,ss 或者 netstat 命令肯定可以看到两条记录。从 ip地址可以区分 v4 和 v6
