客户端访问数据包到lvs1
lvs1 看不到流量过来
[root@edge-gs-tianshui1-lvs-01 network-scripts]# ipvsadm -Lnc
IPVS connection entries
pro expire state source virtual destination
抓包可以抓到访问VIP的包
检查iptables 关闭防火墙还是一样
iptables加LOG在mangle表prerouting与input发现prerouting有日志记录,input没有,中间有个路由处理过程怀疑路由丢弃,可能是松散路由配置导致
#sysctl -a | grep "\<rp_filter\>"
net.ipv4.conf.Bond0.rp_filter = 1
net.ipv4.conf.Bond0/1002.rp_filter = 1
net.ipv4.conf.Bond0/118.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.bond0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.eno1.rp_filter = 1
net.ipv4.conf.eno2.rp_filter = 1
net.ipv4.conf.ens2f0.rp_filter = 1
net.ipv4.conf.ens2f1.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 0
默认严格松散路由
修改参数后lvs可以接管到流量
sysctl -w net.ipv4.conf.all.rp_filter=2
排查路由
