dpvs
dpvs copied to clipboard
Published
20 hours ago •
iqiyi
iqiyi
双臂fullnat不通,求助
dpvs.conf:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! This is dpvs default configuration file.
!
! The attribute "<init>" denotes the configuration item at initialization stage. Item of
! this type is configured oneshoot and not reloadable. If invalid value configured in the
! file, dpvs would use its default value.
!
! Note that dpvs configuration file supports the following comment type:
! * line comment: using '#" or '!'
! * inline range comment: using '<' and '>', put comment in between
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! global config
global_defs {
log_level WARNING
! log_file /usr1/vgw/log/dpvs.log
! log_async_mode on
}
! netif config
netif_defs {
<init> pktpool_size 65535
<init> pktpool_cache 32
<init> device dpdk0 {
rx {
queue_number 1
descriptor_number 1024
rss all
}
tx {
queue_number 1
descriptor_number 1024
}
! mtu 1500
! promisc_mode
kni_name dpdk0
}
<init> device dpdk1 {
rx {
queue_number 1
descriptor_number 1024
rss all
}
tx {
queue_number 1
descriptor_number 1024
}
! mtu 1500
! promisc_mode
kni_name dpdk1
}
}
! worker config (lcores)
worker_defs {
<init> worker cpu0 {
type master
cpu_id 0
}
<init> worker cpu1 {
type slave
cpu_id 1
port dpdk0 {
rx_queue_ids 0
tx_queue_ids 0
! isol_rx_cpu_ids 9
! isol_rxq_ring_sz 1048576
}
port dpdk1 {
rx_queue_ids 0
tx_queue_ids 0
! isol_rx_cpu_ids 9
! isol_rxq_ring_sz 1048576
}
}
}
! timer config
timer_defs {
# cpu job loops to schedule dpdk timer management
schedule_interval 500
}
! dpvs neighbor config
neigh_defs {
<init> unres_queue_length 128
timeout 60
}
! dpvs ipv4 config
ipv4_defs {
forwarding off
<init> default_ttl 64
fragment {
<init> bucket_number 4096
<init> bucket_entries 16
<init> max_entries 4096
<init> ttl 1
}
}
! dpvs ipv6 config
ipv6_defs {
disable off
forwarding off
route6 {
<init> method hlist
recycle_time 10
}
}
! control plane config
ctrl_defs {
lcore_msg {
<init> ring_size 4096
sync_msg_timeout_us 20000
priority_level low
}
ipc_msg {
<init> unix_domain /var/run/dpvs_ctrl
}
}
! ipvs config
ipvs_defs {
conn {
<init> conn_pool_size 65536
<init> conn_pool_cache 16
conn_init_timeout 3
! expire_quiescent_template
! fast_xmit_close
<init> redirect on
}
udp {
! defence_udp_drop
uoa_mode opp
uoa_max_trail 3
timeout {
normal 300
last 3
}
}
tcp {
! defence_tcp_drop
timeout {
none 2
established 90
syn_sent 3
syn_recv 30
fin_wait 7
time_wait 7
close 3
close_wait 7
last_ack 7
listen 120
synack 30
last 2
}
synproxy {
synack_options {
mss 1452
ttl 63
sack
! wscale
! timestamp
}
! defer_rs_syn
rs_syn_max_retry 3
ack_storm_thresh 10
max_ack_saved 3
conn_reuse_state {
close
time_wait
! fin_wait
! close_wait
! last_ack
}
}
}
}
! sa_pool config
sa_pool {
pool_hash_size 16
flow_enable off
}
地址、路由、服务配置
./dpip addr add 192.168.1.148/32 dev dpdk0
./dpip route add 192.168.1.0/24 dev dpdk0
./dpip route add 192.168.4.0/24 dev dpdk1
./ipvsadm -A -t 192.168.1.148:8080 -s rr
./ipvsadm -a -t 192.168.1.148:8080 -r 192.168.4.40 -b
./ipvsadm --add-laddr -z 192.168.4.175 -t 192.168.1.148:8080 -F dpdk1
回显
# ./dpip addr show
inet 192.168.1.148/32 scope global dpdk0
valid_lft forever preferred_lft forever
inet 192.168.4.175/32 scope global dpdk1
valid_lft forever preferred_lft forever
# ./dpip route show
inet 192.168.1.148/32 via 0.0.0.0 src 0.0.0.0 dev dpdk0 mtu 1500 tos 0 scope host metric 0 proto auto
inet 192.168.4.175/32 via 0.0.0.0 src 0.0.0.0 dev dpdk1 mtu 1500 tos 0 scope host metric 0 proto auto
inet 192.168.1.0/24 via 0.0.0.0 src 0.0.0.0 dev dpdk0 mtu 1500 tos 0 scope link metric 0 proto auto
inet 192.168.4.0/24 via 0.0.0.0 src 0.0.0.0 dev dpdk1 mtu 1500 tos 0 scope link metric 0 proto auto
# ./ipvsadm -G
VIP:VPORT TOTAL SNAT_IP CONFLICTS CONNS
192.168.1.148:8080 1
192.168.4.175 0 0
# ./ipvsadm -ln
IP Virtual Server version 0.0.0 (size=0)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.148:8080 rr
-> 192.168.4.40:8080 FullNat 1 0 0
访问:
# curl 192.168.1.148:8080
curl: (7) Failed to connect to 192.168.1.148 port 8080: Connection refused
在dpvs直接访问RS可以
# curl 192.168.4.40:8080
Server addr: [192.168.4.40]
可以试试配置中的 rx/tx descriptor_number 调大一些,如果还是不行,建议按如下步骤排查:
- 查看是否有转发连接:
ipvsadm -lnc或ipvsadm -ln --stats - 如果有转发连接,分析哪个环节出现了丢包(比如 DPVS转发丢包,DPVS到RS网络丢包等),可以抓包或者gdb debug跟一下 syn 包。
- 如果没有转发连接,分析确认syn包是否到达 DPVS,如果没有到DPVS就排查 client和 DPVS 网络问题,否则按照第2步方法排查。
可以试试配置中的 rx/tx descriptor_number 调大一些,如果还是不行,建议按如下步骤排查:
- 查看是否有转发连接:
ipvsadm -lnc或ipvsadm -ln --stats- 如果有转发连接,分析哪个环节出现了丢包(比如 DPVS转发丢包,DPVS到RS网络丢包等),可以抓包或者gdb debug跟一下 syn 包。
- 如果没有转发连接,分析确认syn包是否到达 DPVS,如果没有到DPVS就排查 client和 DPVS 网络问题,否则按照第2步方法排查。
把descriptor_number调成1024还是不行; 然后在dpvs上抓包sync ack回包中reset flag被set了
[Expert Info (Warning/Sequence): Connection reset (RST)]
另外弱弱问一下大佬,怎么确认syn包是否到达DPVS? @ywc689 另外配置文件中的kni_name有没有影响,我看创建的网卡name都是带.kni的
使用./dpip link set dpdk0 forward2kni on打开转发标志后使用tcpdump抓包,发现dpdk0上没有任何包
