一、作用
开启了proxy_arp功能之后,主机就会看起来像一个网关,会响应所有的ARP请求,并将自己的MAC地址告诉客户端
二、测试
1、服务器信息
服务器1:10.30.20.56 服务器2:10.30.20.104
2、节点10.30.20.56
# ip link add veth0 type veth peer name veth0_p # ip netns add ns0 # ip link set veth0_p netns ns0 # ip netns exec ns0 ip link set veth0_p name eth0 # ip netns exec ns0 ip a add 10.10.10.10/24 dev eth0 # ip netns exec ns0 ip link set eth0 up # ip netns exec ns0 ip link set lo up # ip netns exec ns0 ip route add 169.254.1.1 dev eth0 # ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0 # ip netns exec ns0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 169.254.1.1 0.0.0.0 UG 0 0 0 eth0 10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 # ip link set veth0 up # ip route add 10.10.10.10 dev veth0 # ip route add 10.10.10.20 via 10.30.20.104 dev eth0 # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.20.1 0.0.0.0 UG 0 0 0 eth0 10.10.10.10 0.0.0.0 255.255.255.255 UH 0 0 0 veth0 10.10.10.20 10.30.20.104 255.255.255.255 UGH 0 0 0 eth0 10.30.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
3、节点10.30.20.104
# ip link add veth0 type veth peer name veth0_p # ip netns add ns0 # ip link set veth0_p netns ns0 # ip netns exec ns0 ip link set veth0_p name eth0 # ip netns exec ns0 ip a add 10.10.10.20/24 dev eth0 # ip netns exec ns0 ip link set eth0 up # ip netns exec ns0 ip link set lo up # ip netns exec ns0 ip route add 169.254.1.1 dev eth0 # ip netns exec ns0 ip route add default via 169.254.1.1 dev eth0 # ip netns exec ns0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 169.254.1.1 0.0.0.0 UG 0 0 0 eth0 10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 # ip link set veth0 up # ip route add 10.10.10.20 dev veth0 # ip route add 10.10.10.10 via 10.30.20.56 dev eth0
4、调整内核参数
net.ipv4.ip_forward = 1 echo 1 > /proc/sys/net/ipv4/conf/veth0/proxy_arp
5、测试联通性,在10.20.30.56
# ip netns exec ns0 ping 10.10.10.20 PING 10.10.10.20 (10.10.10.20) 56(84) bytes of data. 64 bytes from 10.10.10.20: icmp_seq=1 ttl=62 time=0.541 ms 64 bytes from 10.10.10.20: icmp_seq=2 ttl=62 time=0.509 ms 64 bytes from 10.10.10.20: icmp_seq=3 ttl=62 time=0.430 ms
抓包
# tcpdump -nni veth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:05:55.830678 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 6137, seq 1, length 64 18:05:55.831288 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 6137, seq 1, length 64 18:06:00.839706 ARP, Request who-has 10.10.10.20 tell 10.10.10.10, length 28 18:06:00.839736 ARP, Reply 10.10.10.20 is-at ea:ba:99:f6:2f:f0, length 28
6、删除主机路由
# ip netns exec ns0 ip route default via 169.254.1.1 dev eth0 10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.10 169.254.1.1 dev eth0 scope link # ip netns exec ns0 ip route delete 10.10.10.0/24 dev eth0 # ip netns exec ns0 ip route default via 169.254.1.1 dev eth0 169.254.1.1 dev eth0 scope link
重新抓包
# tcpdump -nni veth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:10:59.141794 IP 10.10.10.10 > 10.10.10.20: ICMP echo request, id 7048, seq 1, length 64 18:10:59.142307 IP 10.10.10.20 > 10.10.10.10: ICMP echo reply, id 7048, seq 1, length 64 18:11:04.151665 ARP, Request who-has 169.254.1.1 tell 10.10.10.10, length 28 18:11:04.151706 ARP, Reply 169.254.1.1 is-at ea:ba:99:f6:2f:f0, length 28
参考文档: