Calico 使用IPIP封包时各阶段抓包

集群信息

calico配置

apiVersion: crd.projectcalico.org/v1
kind: IPPool
metadata:
  name: default-ipv4-ippool
spec:
  blockSize: 26
  cidr: 10.10.0.0/16
  ipipMode: Always
  natOutgoing: false
  nodeSelector: all()
  vxlanMode: Never

 

calico version: v3.19.1

 

测试环境

k8s-node-4 192.168.99.204 podA 10.10.55.134

k8s-node-5 192.168.99.205 podB 10.10.86.131

Calico 使用IPIP封包时各阶段抓包

 

过程抓包

当podA访问podB时,各阶段抓包如下

节点k8s-node-4中的calic211b2bb019抓包

pod中发出的包通过veth pair直接到达宿主机对应的cali*网卡(对应关系可以在pod中通过cat /sys/class/net/eth0/iflink查看)

root@k8s-node-4:~# tcpdump -i calic211b2bb019 tcp and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on calic211b2bb019, link-type EN10MB (Ethernet), capture size 262144 bytes
12:04:02.681304 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [S], seq 2695070920, win 64860, options [mss 1410,sackOK,TS val 3501275550 ecr 0,nop,wscale 7], length 0
12:04:02.681779 IP 10.10.86.131.http > 10.10.55.134.38064: Flags [S.], seq 2150062280, ack 2695070921, win 65160, options [mss 1460,sackOK,TS val 2555844366 ecr 3501275550,nop,wscale 7], length 0
12:04:02.681789 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [.], ack 1, win 507, options [nop,nop,TS val 3501275550 ecr 2555844366], length 0
12:04:02.683390 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [P.], seq 1:77, ack 1, win 507, options [nop,nop,TS val 3501275552 ecr 2555844366], length 76: HTTP: GET / HTTP/1.1
12:04:02.683711 IP 10.10.86.131.http > 10.10.55.134.38064: Flags [.], ack 77, win 509, options [nop,nop,TS val 2555844368 ecr 3501275552], length 0
12:04:02.683948 IP 10.10.86.131.http > 10.10.55.134.38064: Flags [P.], seq 1:143, ack 77, win 509, options [nop,nop,TS val 2555844368 ecr 3501275552], length 142: HTTP: HTTP/1.1 200 OK
12:04:02.683952 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [.], ack 143, win 506, options [nop,nop,TS val 3501275553 ecr 2555844368], length 0
12:04:02.684653 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [F.], seq 77, ack 143, win 506, options [nop,nop,TS val 3501275553 ecr 2555844368], length 0
12:04:02.684896 IP 10.10.86.131.http > 10.10.55.134.38064: Flags [F.], seq 143, ack 78, win 509, options [nop,nop,TS val 2555844369 ecr 3501275553], length 0
12:04:02.684901 IP 10.10.55.134.38064 > 10.10.86.131.http: Flags [.], ack 144, win 506, options [nop,nop,TS val 3501275554 ecr 2555844369], length 0
View Code

相关文章:

  • 2021-06-25
  • 2021-06-16
  • 2021-07-26
  • 2022-02-05
  • 2021-10-01
  • 2022-12-23
  • 2021-12-19
猜你喜欢
  • 2022-12-23
  • 2021-10-21
  • 2021-08-08
  • 2022-12-23
  • 2021-09-30
  • 2021-04-24
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode