ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Fine-tuning routing rau MetalLB hauv L2 hom

Fine-tuning routing rau MetalLB hauv L2 hom

Fine-tuning routing rau MetalLB hauv L2 hom
Tsis ntev tas los no kuv tau ntsib nrog ib txoj haujlwm txawv heev ntawm kev teeb tsa rau MetalLB. Txhua yam yuav zoo, vim ... Feem ntau MetalLB tsis tas yuav muaj kev nqis tes ua ntxiv, tab sis nyob rau hauv peb rooj plaub peb muaj ib pawg loj loj nrog kev teeb tsa network yooj yim heev.

Hauv tsab xov xwm no kuv yuav qhia koj yuav ua li cas teeb tsa qhov chaw raws li txoj cai thiab txoj cai-raws li txoj kev rau lub network sab nraud ntawm koj pawg.

Kuv yuav tsis mus rau hauv kev nthuav dav txog kev txhim kho thiab teeb tsa MetalLB, txij li kuv xav tias koj twb muaj qee qhov kev paub dhau los. Kuv xav kom mus ncaj nraim mus rau lub ntsiab lus, uas yog teeb tsa routing. Yog li peb muaj plaub qhov xwm txheej:

Case 1: Thaum tsis xav tau kev teeb tsa

Cia peb saib ib rooj plaub yooj yim.

Fine-tuning routing rau MetalLB hauv L2 hom

Ntxiv routing configuration tsis tas yuav tsum tau thaum cov chaw nyob muab los ntawm MetalLB nyob rau hauv tib lub subnet raws li qhov chaw nyob ntawm koj nodes.

Piv txwv li, koj muaj subnet 192.168.1.0/24, nws muaj ib tug router 192.168.1.1, thiab koj cov nodes tau txais chaw nyob: 192.168.1.10-30, ces rau MetalLB koj tuaj yeem kho qhov ntau 192.168.1.100-120 thiab nco ntsoov tias lawv yuav ua haujlwm yam tsis muaj kev teeb tsa ntxiv.

Yog vim li cas? Vim tias koj cov nodes twb muaj cov kev teeb tsa:

# ip route
default via 192.168.1.1 dev eth0 onlink 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10

Thiab qhov chaw nyob los ntawm tib qhov ntau yuav rov siv dua yam tsis muaj kev ua ntxiv.

Case 2: Thaum xav tau kev hloov kho ntxiv

Fine-tuning routing rau MetalLB hauv L2 hom

Koj yuav tsum teeb tsa txoj hauv kev ntxiv thaum twg koj cov nodes tsis muaj qhov chaw nyob IP lossis txoj hauv kev mus rau subnet uas MetalLB teeb meem chaw nyob.

Kuv mam piav me ntsis ntxiv. Thaum twg MetalLB tso tawm qhov chaw nyob, nws tuaj yeem muab piv rau txoj haujlwm yooj yim xws li:

ip addr add 10.9.8.7/32 dev lo

Ua tib zoo mloog rau:

  • a) Qhov chaw nyob yog muab nrog ua ntej /32 uas yog, txoj hauv kev yuav tsis raug muab ntxiv rau hauv subnet rau nws (nws tsuas yog qhov chaw nyob xwb)
  • b) Qhov chaw nyob yog txuas mus rau ib qho ntawm lub interface (piv txwv li loopback). Nws yog tsim nyog hais ntawm no cov yam ntxwv ntawm Linux network pawg. Txawm hais tias koj ntxiv qhov chaw nyob rau qhov twg, cov ntsiav yuav ib txwm ua cov lus thov arp thiab xa cov lus teb arp rau ib qho ntawm lawv, tus cwj pwm no suav tias yog qhov tseeb thiab, ntxiv rau, tau siv dav heev hauv ib puag ncig zoo li Kubernetes.

Tus cwj pwm no tuaj yeem hloov kho, piv txwv li los ntawm kev ua kom nruj arp:

echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

Hauv qhov no, arp cov lus teb tsuas yog xa tawm yog tias lub interface qhia meej meej muaj qhov chaw nyob IP tshwj xeeb. Qhov kev teeb tsa no yuav tsum tau yog tias koj npaj yuav siv MetalLB thiab koj tus kube-proxy tab tom khiav hauv IPVS hom.

Txawm li cas los xij, MetalLB tsis siv cov ntsiav los ua cov ntawv thov arp, tab sis nws puas yog nws tus kheej hauv cov neeg siv qhov chaw, yog li qhov kev xaiv no yuav tsis cuam tshuam rau kev ua haujlwm ntawm MetalLB.

Cia peb rov qab los rau peb txoj haujlwm. Yog tias txoj hauv kev rau qhov chaw nyob tsis muaj nyob ntawm koj cov nodes, ntxiv nws ua ntej rau tag nrho cov nodes:

ip route add 10.9.8.0/24 dev eth1

Case 3: Thaum koj xav tau qhov chaw raws li txoj kev

Koj yuav tsum tau teeb tsa qhov chaw raws li txoj kev thaum koj tau txais cov pob ntawv los ntawm ib lub rooj vag sib cais, tsis yog ib qho teeb tsa los ntawm lub neej ntawd, yog li cov ntawv teb yuav tsum mus dhau ntawm tib lub rooj vag.

Piv txwv li, koj muaj tib lub subnet 192.168.1.0/24 mob siab rau koj cov nodes, tab sis koj xav muab qhov chaw nyob sab nraud siv MetalLB. Cia peb xav tias koj muaj ntau qhov chaw nyob los ntawm subnet 1.2.3.0/24 nyob hauv VLAN 100 thiab koj xav siv lawv nkag mus rau Kubernetes cov kev pabcuam sab nraud.

Fine-tuning routing rau MetalLB hauv L2 hom

Thaum hu rau 1.2.3.4 koj yuav tau thov los ntawm ib tug sib txawv subnet dua 1.2.3.0/24 thiab tos kom teb. Cov node uas tam sim no yog tus tswv rau MetalLB-muab chaw nyob 1.2.3.4, yuav tau txais pob ntawv los ntawm lub router 1.2.3.1, tab sis cov lus teb rau nws yuav tsum tau mus tib txoj kev, los ntawm 1.2.3.1.

Txij li thaum peb cov node twb tau teeb tsa lub rooj vag qub 192.168.1.1, ces los ntawm lub neej ntawd teb yuav mus rau nws, thiab tsis mus 1.2.3.1, los ntawm qhov peb tau txais lub pob.

Yuav ua li cas tiv nrog qhov teeb meem no?

Nyob rau hauv cov ntaub ntawv no, koj yuav tsum tau npaj tag nrho koj cov nodes nyob rau hauv xws li ib txoj kev uas lawv npaj txhij mus ua hauj lwm rau lwm qhov chaw nyob tsis muaj configuration ntxiv. Ntawd yog, rau qhov piv txwv saum toj no, koj yuav tsum tsim VLAN interface ntawm lub pob ua ntej:

ip link add link eth0 name eth0.100 type vlan id 100
ip link set eth0.100 up

Thiab ces ntxiv cov kev:

ip route add 1.2.3.0/24 dev eth0.100 table 100
ip route add default via 1.2.3.1 table 100

Thov nco ntsoov tias peb ntxiv cov kev mus rau ib lub rooj sib cais 100 nws yuav tsuas muaj ob txoj hauv kev uas yuav tsum tau xa cov ntawv teb los ntawm lub rooj vag 1.2.3.1, nyob hauv qab lub interface eth0.100.

Tam sim no peb yuav tsum ntxiv txoj cai yooj yim:

ip rule add from 1.2.3.0/24 lookup 100

uas qhia meej meej tias: yog tias pob ntawv qhov chaw nyob nyob hauv 1.2.3.0/24, ces koj yuav tsum tau siv lub routing rooj 100. Hauv nws peb twb tau piav txog txoj kev uas yuav xa nws mus 1.2.3.1

Case 4: Thaum koj xav tau txoj cai raws li txoj cai

Lub network topology zoo ib yam li hauv qhov piv txwv dhau los, tab sis cia peb hais tias koj kuj xav nkag mus rau cov chaw nyob sab nraud. 1.2.3.0/24 los ntawm koj cov phooj ywg:

Fine-tuning routing rau MetalLB hauv L2 hom

Lub peculiarity yog tias thaum nkag mus rau ib qho chaw nyob hauv 1.2.3.0/24, lub pob ntawv teb hits node thiab muaj qhov chaw nyob hauv qhov ntau 1.2.3.0/24 yuav mloog lus xa mus rau eth0.100, tab sis peb xav kom Kubernetes redirect nws mus rau peb thawj pod, uas generated tus thawj thov.

Kev daws qhov teeb meem no tau dhau los ua nyuaj, tab sis nws tau dhau los ua tsaug rau txoj cai raws li txoj cai:

Rau kev nkag siab zoo dua ntawm cov txheej txheem, ntawm no yog netfilter thaiv daim duab:
Fine-tuning routing rau MetalLB hauv L2 hom

Ua ntej, zoo li hauv qhov piv txwv yav dhau los, cia peb tsim ib qho ntxiv routing rooj:

ip route add 1.2.3.0/24 dev eth0.100 table 100
ip route add default via 1.2.3.1 table 100

Tam sim no cia peb ntxiv ob peb txoj cai rau iptables:

iptables -t mangle -A PREROUTING -i eth0.100 -j CONNMARK --set-mark 0x100
iptables -t mangle -A PREROUTING  -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j RETURN
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

Cov cai no yuav cim cov kev sib txuas nkag mus rau lub interface eth0.100, kos tag nrho cov pob ntawv nrog lub cim npe 0x100, cov lus teb nyob rau hauv tib qho kev sib txuas kuj tseem yuav raug cim nrog tib lub cim npe.

Tam sim no peb tuaj yeem ntxiv txoj cai routing:

ip rule add from 1.2.3.0/24 fwmark 0x100 lookup 100

Ntawd yog, txhua pob ntawv nrog qhov chaw nyob 1.2.3.0/24 thiab tag 0x100 yuav tsum tau siv lub rooj 100.

Yog li, lwm cov pob ntawv tau txais ntawm lwm qhov sib cuam tshuam tsis raug raws li txoj cai no, uas yuav tso cai rau lawv mus siv cov cuab yeej Kubernetes tus qauv.

Muaj ib qho ntxiv, hauv Linux muaj qhov hu ua rov qab txoj kev lim dej, uas ua rau tag nrho cov khoom tsis zoo; nws ua ib qho kev kuaj xyuas yooj yim: rau tag nrho cov pob khoom tuaj, nws hloov qhov chaw nyob ntawm pob ntawv nrog tus xa ntawv chaw nyob thiab xyuas seb puas yog. lub pob ntawv tuaj yeem tawm ntawm tib lub interface uas nws tau txais, yog tias tsis yog, nws yuav lim nws tawm.

Qhov teeb meem yog tias nyob rau hauv peb rooj plaub nws yuav tsis ua hauj lwm kom raug, tab sis peb muaj peev xwm lov tes taw nws:

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0.100/rp_filter

Thov nco ntsoov tias thawj cov lus txib tswj hwm tus cwj pwm thoob ntiaj teb ntawm rp_filter; yog tias nws tsis yog neeg xiam oob qhab, cov lus txib thib ob yuav tsis muaj txiaj ntsig. Txawm li cas los xij, qhov seem interfaces yuav nyob nrog rp_filter enabled.

Txhawm rau kom tsis txhob txwv kev ua haujlwm ntawm lub lim, peb tuaj yeem siv qhov kev siv rp_filter rau netfilter. Siv rpfilter ua ib qho iptables module, koj tuaj yeem teeb tsa cov cai hloov tau yooj yim, piv txwv li:

iptables -t raw -A PREROUTING -i eth0.100 -d 1.2.3.0/24 -j RETURN
iptables -t raw -A PREROUTING -i eth0.100 -m rpfilter --invert -j DROP

pab rp_filter ntawm lub interface eth0.100 rau txhua qhov chaw nyob tshwj tsis yog 1.2.3.0/24.

Tau qhov twg los: www.hab.com

Ntxiv ib saib