[英]How to mirror udp traffic between two hosts to a third remote k8s host in a readable manner?
Use case: Onpremise log server traffic need to be replicated to a cloud based log server.用例:本地日志服务器流量需要复制到基于云的日志服务器。
What works: Device A can send logs to log Server B over UDP 514. Server B and cloud based log server C are reachable to each other but on different network.工作原理:设备 A 可以通过 UDP 514 将日志发送到日志服务器 B。服务器 B 和基于云的日志服务器 C 可以在不同的网络上相互访问。 A GRE network tunnel is created between B and C to bring them in same network.在 B 和 C 之间创建 GRE 网络隧道,以将它们带入同一网络。 So, traffic mirror from B to C works as below.因此,从 B 到 C 的交通镜工作如下。
B # iptables -t mangle -I PREROUTING -i eth0 -p UDP --dport 514 -j TEE --gateway C.greIP
Challenge: Traffic received by C was actually destined for B hence getting dropped in C.挑战:C 收到的流量实际上是发往 B 的,因此在 C 中被丢弃。 There is a listener on UDP port 514 on C server binded to 0.0.0.0 however the log server of C does not see the logs.在 C 服务器上的 UDP 端口 514 上有一个侦听器,绑定到 0.0.0.0 但是 C 的日志服务器没有看到日志。
It seems the UDP packets are getting dropped at C. UDP 数据包似乎在 C 处被丢弃。 What could be possible solution to handle non local ip traffic?处理非本地 ip 流量的可能解决方案是什么?
I have tried DNAT C # iptables -t nat -I PREROUTING -p UDP -d B --dport 514 -j DNAT --to-destination C:514
but it won't work.我已经尝试过 DNAT C # iptables -t nat -I PREROUTING -p UDP -d B --dport 514 -j DNAT --to-destination C:514
tcpdump
on C shows packets are being received for non local IP and C # iptables -nvL -t nat
shows that DNAT rule is getting matched. C 上的tcpdump
显示正在接收非本地 IP 和C # iptables -nvL -t nat
的数据包,这表明 DNAT 规则正在匹配。
Well, the same method which duplicated the packets from B to C worked on C.好吧,将数据包从 B 复制到 C 的相同方法适用于 C。
Basically B duplicates the packets B # iptables -t mangle -I PREROUTING -i eth0 -p UDP --dport 514 -j TEE --gateway C.greIP
and then once the packets are arrived in C, C can duplicate the packets to C # iptables -t mangle -I PREROUTING -i enlight -p udp -d B --dport 514 -j TEE --gateway C
Basically B duplicates the packets B # iptables -t mangle -I PREROUTING -i eth0 -p UDP --dport 514 -j TEE --gateway C.greIP
and then once the packets are arrived in C, C can duplicate the packets to C # iptables -t mangle -I PREROUTING -i enlight -p udp -d B --dport 514 -j TEE --gateway C
This allowed the local process on C machine to handle duplicate udp syslog packets.这允许 C 机器上的本地进程处理重复的 udp 系统日志数据包。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.