简体   繁体   中英

Vagrant issue when trying to get traffic flowing to multiple network interfaces

PROBLEM


I have two network interfaces set up on my vagrant node. The eth1 is bound to .11 address and eth2 is bound to .12 .

When I do:

ping 192.168.1.12

and

ping 192.168.1.11

... and listen to the ICMP messages on the node on different interfaces

root@node1:/home/vagrant# tcpdump -i eth1 -v icmp -nn

For eth1 I'm getting the ICMP's, but when doing

root@node1:/home/vagrant# tcpdump -i eth2 -v icmp -nn

I do not see my ping requests on tcpdump. However if I send the ping requests to the .12 and listen to the eth1 I see the requests, which is strange to me. So all the ICMP messages are visible in tcpdump when I listen on the eth1 interface - even when I ping the .12 address.

I was expecting to see the requests comming to eth1 when .11 was ping'ed and comming to eth2 when .12 was pind'ed - why is this not the case?


UPDATE 1:

Broadcast ping is visible when listening to 192.168.1.12 with tcpdump:

root@node1:/home/vagrant# tcpdump -i eth2 -v icmp -nn and src host 192.168.1.10
tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
05:30:21.800964 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.1.10 > 192.168.1.255: ICMP echo request, id 28770, seq 1, length 64
05:30:22.800953 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)

UPDATE 2:

Broadcasts indicated that there is something wrong on L2 and MAC addresses - indeed the host that hosts vagrant has this ARP table

mindaugas@Mindaugas-Lenovo-Y50-70:~$ arp -an
? (192.168.1.1) at xxxxxxxx [ether] on wlan0
? (192.168.1.12) at 08:00:27:82:f6:0c [ether] on wlan0
? (192.168.1.11) at 08:00:27:82:f6:0c [ether] on wlan0

Even though the interfaces have these:

eth1      Link encap:Ethernet  HWaddr 08:00:27:82:f6:0c  
          inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0

eth2      Link encap:Ethernet  HWaddr 08:00:27:7b:8d:fd  
          inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0

Added the MAC address to ARP table:

? (192.168.1.12) at 08:00:27:7b:8d:fd [ether] PERM on wlan0
? (192.168.1.11) at 08:00:27:82:f6:0c [ether] PERM on wlan0

But now,I can see the datagrams comming on eth0 , but I do not get the ping reply messages! ... I wonder why that is?


UPDATE 3:

Tried on my other laptop with virtual box installed and a linux box as a VM. Added two interfaces - both bridged adapters. Same behavior. So this is related to virtual box or something more general (like me not understanding how virtual nics work), not necessarily vagrant.


DATA USED:

My ifconfig on the vagrant node:

root@node1:/home/vagrant# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:ca:3e:f9  
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feca:3ef9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:872 errors:0 dropped:0 overruns:0 frame:0
          TX packets:689 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:77679 (77.6 KB)  TX bytes:78655 (78.6 KB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:82:f6:0c  
          inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe82:f60c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7362 (7.3 KB)  TX bytes:6796 (6.7 KB)

eth2      Link encap:Ethernet  HWaddr 08:00:27:7b:8d:fd  
          inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe7b:8dfd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2444 (2.4 KB)  TX bytes:2520 (2.5 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1184 (1.1 KB)  TX bytes:1184 (1.1 KB)

My vagrantfile:

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.define "node1" do |node1|

    node1.vm.box = "ubuntu/trusty64"
    node1.vm.hostname = "node1"

    config.vm.network :public_network, type: "dhcp", bridge: "wlan0"
    config.vm.network :public_network, type: "dhcp", bridge: "wlan0"
    # config.vm.network :public_network, bridge: "wlan0", ip: "192.168.1.251"
    # config.vm.network :public_network, bridge: "wlan0", ip: "192.168.1.252"

    config.vm.provider "virtualbox" do |v|
        v.memory = 256
        v.cpus = 2
    end

end

The problem is that I'm assigning the two NICs to the same network, so IP routing will not work correctly.

Here is how the routing table in the vagrant host looks like:

root@node1:/home/vagrant# route -ne
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth2

Arp will be resolved with eth1 MAC, because eth1 will be used to send packets to 192.168.1.0/24 hosts.

As soon as I delete one route - the other starts to work.

Alsi, it does not matter whether I would use

net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2

Because routing will still not work (even if I force correct ARP resolution (see the OP) the PING replies never get back to me (not sure why though)).

This illustrates an important concept in IP routing - IP is per host , not per NIC .

Some references:

Why arp ignore/annouce are not enable by default https://serverfault.com/questions/556943/multiple-nic-arp-issue

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM