openstack vm网络流量

时间:2014-10-23 06:42:14

标签: linux networking openstack

我设置了一个openstack环境并创建了几个vms。 vms如下:


    root@controller:~# nova list
    +--------------------------------------+----------+--------+----------------------------------+
    | ID                                   | Name     | Status | Networks                         |
    +--------------------------------------+----------+--------+----------------------------------+
    | 2a2dbaa8-8ae1-47c9-a9c1-516ef8b955ba | key1     | ACTIVE | private=10.0.0.11, 172.16.10.114 |
    | 6f2831d0-8263-40de-8ebc-9ed9f8eab905 | keytest  | ACTIVE | private=10.0.0.10, 172.16.10.123 |
    | 7f732f7b-d19e-42da-bf9e-b2c2c3e401af | t2       | ACTIVE | private=10.0.0.4, 172.16.10.121  |
    | e858db20-20a6-43d2-bac8-45a0ade319f4 | test0001 | ACTIVE | private=10.0.0.13                |
    | d1ca2f5d-ba09-47af-8126-b68e38ded582 | tt01     | ACTIVE | private=10.0.0.12                |
    | cae980d4-3973-49ad-ba76-94d5284a849a | zls01    | ACTIVE | private=10.0.0.14, 172.16.10.124 |
    +--------------------------------------+----------+--------+----------------------------------+

10.0.0.0/24是内部网络,172.16.10.0 / 24是floaing ips。

我在我的vm tt01(10.0.0.12)中ping 8.8.8.8 


    root@controller:~# ssh root@10.0.0.12
    root@10.0.0.12's password:
    Permission denied, please try again.
    root@10.0.0.12's password:
    Last login: Thu Oct 23 14:16:10 2014 from 10.0.0.5
    [root@tt01 ~]#
    [root@tt01 ~]#
    [root@tt01 ~]#
    [root@tt01 ~]# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=27 time=287 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=27 time=286 ms
    64 bytes from 8.8.8.8: icmp_seq=4 ttl=27 time=289 ms
    ^C

我使用tcpdump捕获网络数据包,如下所示:


    root@controller:~# tcpdump icmp -ee -n -v -i any
    tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
    14:18:24.972228   P fa:16:3e:ca:a8:8e ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.0.0.12 > 8.8.8.8: ICMP echo request, id 34381, seq 1, length 64
    14:18:24.972228  In fa:16:3e:ca:a8:8e ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.0.0.12 > 8.8.8.8: ICMP echo request, id 34381, seq 1, length 64
    14:18:24.972280 Out 00:1e:67:45:85:ac ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        172.16.10.15 > 8.8.8.8: ICMP echo request, id 34381, seq 1, length 64
    14:18:25.259378  In 00:12:7f:7d:37:a1 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 28, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 172.16.10.15: ICMP echo reply, id 34381, seq 1, length 64
    14:18:25.259401 Out 00:1e:67:45:85:ad ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 27, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 10.0.0.12: ICMP echo reply, id 34381, seq 1, length 64
    14:18:25.259407 Out 00:1e:67:45:85:ad ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 27, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 10.0.0.12: ICMP echo reply, id 34381, seq 1, length 64
    14:18:25.972520   P fa:16:3e:ca:a8:8e ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.0.0.12 > 8.8.8.8: ICMP echo request, id 34381, seq 2, length 64
    14:18:25.972520  In fa:16:3e:ca:a8:8e ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        10.0.0.12 > 8.8.8.8: ICMP echo request, id 34381, seq 2, length 64
    14:18:25.972557 Out 00:1e:67:45:85:ac ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
        172.16.10.15 > 8.8.8.8: ICMP echo request, id 34381, seq 2, length 64
    14:18:26.258533  In 00:12:7f:7d:37:a1 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 28, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 172.16.10.15: ICMP echo reply, id 34381, seq 2, length 64
    14:18:26.258557 Out 00:1e:67:45:85:ad ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 27, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 10.0.0.12: ICMP echo reply, id 34381, seq 2, length 64
    14:18:26.258562 Out 00:1e:67:45:85:ad ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 27, id 0, offset 0, flags [none], proto ICMP (1), length 84)
        8.8.8.8 > 10.0.0.12: ICMP echo reply, id 34381, seq 2, length 64
    14:18:26.972630   P fa:16:3e:ca:a8:8e ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)

根据iptables我知道有一个snat,10.0.0.12被翻译为172.16.10.15。


    root@controller:~# iptables -t nat -S nova-network-snat
    -N nova-network-snat
    -A nova-network-snat -j nova-network-float-snat
    -A nova-network-snat -s 10.0.0.0/24 -o eth1 -j SNAT --to-source 172.16.10.15

所以我的问题是,当icmp echo reply数据包到达172.16.10.15时,它应该如何将172.16.10.15转换为10.0.0.12?

0 个答案:

没有答案
相关问题
最新问题