导航：首页 > 数据库 >

关于ECS 无法使用VIP的问题 - SDN , openflow

发表于：2025-11-08 作者：千家信息网编辑

千家信息网最后更新 2025年11月08日，背景给ECS虚拟机配置VIP，无法通讯，原因？HOST A[root@pg11 ~]# ip addr show eth0 2: eth0: mtu 1500 qdisc mq state UP

千家信息网最后更新 2025年11月08日关于ECS 无法使用VIP的问题 - SDN , openflow

背景

给ECS虚拟机配置VIP，无法通讯，原因？

HOST A

[root@pg11 ~]# ip addr show eth0  2: eth0:  mtu 1500 qdisc mq state UP qlen 1000      link/ether 00:16:3e:0a:5c:f1 brd ff:ff:ff:ff:ff:ff      inet 172.17.20.29/20 brd 172.17.31.255 scope global dynamic eth0         valid_lft 313883835sec preferred_lft 313883835sec

HOST B

postgres@pg11-> ip addr show eth0  2: eth0:  mtu 1500 qdisc mq state UP qlen 1000      link/ether 00:16:3e:12:2f:48 brd ff:ff:ff:ff:ff:ff      inet 172.17.20.30/20 brd 172.17.31.255 scope global dynamic eth0         valid_lft 313883847sec preferred_lft 313883847sec

互相在同一个VPC（vswitch , hub）

相互可以访问

a ping b  ping 172.17.20.29  PING 172.17.20.29 (172.17.20.29) 56(84) bytes of data.  64 bytes from 172.17.20.29: icmp_seq=1 ttl=64 time=0.156 ms  64 bytes from 172.17.20.29: icmp_seq=2 ttl=64 time=0.102 ms    b ping a  ping 172.17.20.30  PING 172.17.20.30 (172.17.20.30) 56(84) bytes of data.  64 bytes from 172.17.20.30: icmp_seq=1 ttl=64 time=0.166 ms  64 bytes from 172.17.20.30: icmp_seq=2 ttl=64 time=0.112 ms

配置VIP，无法跨机访问

host a

[root@pg11 ~]# ip addr add 172.17.20.39/20 brd + dev eth0 label eth0:1  [root@pg11 ~]# ifconfig  eth0: flags=4163  mtu 1500          inet 172.17.20.29  netmask 255.255.240.0  broadcast 172.17.31.255          ether 00:16:3e:0a:5c:f1  txqueuelen 1000  (Ethernet)          RX packets 22221492822  bytes 33552649055304 (30.5 TiB)          RX errors 0  dropped 0  overruns 0  frame 0          TX packets 631860042  bytes 42907936724 (39.9 GiB)          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0    eth0:1: flags=4163  mtu 1500          inet 172.17.20.39  netmask 255.255.240.0  broadcast 172.17.31.255          ether 00:16:3e:0a:5c:f1  txqueuelen 1000  (Ethernet)    lo: flags=73  mtu 65536          inet 127.0.0.1  netmask 255.0.0.0          loop  txqueuelen 1  (Local Loopback)          RX packets 959417  bytes 111291935 (106.1 MiB)          RX errors 0  dropped 0  overruns 0  frame 0          TX packets 959417  bytes 111291935 (106.1 MiB)          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0      [root@pg11 ~]# ping 172.17.20.39  PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data.  64 bytes from 172.17.20.39: icmp_seq=1 ttl=64 time=0.012 ms  64 bytes from 172.17.20.39: icmp_seq=2 ttl=64 time=0.008 ms

host b

[root@pg11 ~]# ping 172.17.20.39  PING 172.17.20.39 (172.17.20.39) 56(84) bytes of data.

无防火墙

[root@pg11 ~]# iptables -L -v -n  Chain INPUT (policy ACCEPT 8 packets, 528 bytes)   pkts bytes target     prot opt in     out     source               destination             Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)   pkts bytes target     prot opt in     out     source               destination             Chain OUTPUT (policy ACCEPT 6 packets, 1000 bytes)   pkts bytes target     prot opt in     out     source               destination

原因

宿主机通过openflow进行流控，未注册的vm+ip可以被拒绝。具体可参考SDN文档。

删除VIP

[root@pg11 ~]# ip addr del 172.17.20.39/20 brd + dev eth0 label eth0:1  [root@pg11 ~]# ifconfig  eth0: flags=4163  mtu 1500          inet 172.17.20.29  netmask 255.255.240.0  broadcast 172.17.31.255          ether 00:16:3e:0a:5c:f1  txqueuelen 1000  (Ethernet)          RX packets 22221492889  bytes 33552649060975 (30.5 TiB)          RX errors 0  dropped 0  overruns 0  frame 0          TX packets 631860095  bytes 42907943783 (39.9 GiB)          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0    lo: flags=73  mtu 65536          inet 127.0.0.1  netmask 255.0.0.0          loop  txqueuelen 1  (Local Loopback)          RX packets 959424  bytes 111292619 (106.1 MiB)          RX errors 0  dropped 0  overruns 0  frame 0          TX packets 959424  bytes 111292619 (106.1 MiB)          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0