我在一個網路環境中工作,其中有一些 Cisco 交換器 WS-C3560X-48 和運行 CentOS 7.7 的 Linux 伺服器。
Linux 伺服器在我的交換器上連接了 3 次:1 個管理鏈接、1 個生產鏈接和 1 個 ILO 鏈接,因為它們在 HP 硬體上運行。
當我嘗試從 Cisco 交換器 ping 管理 LAN 上的伺服器時,得到以下結果:
SWTCisco#ping 10.123.213.152 source 10.123.213.158 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.123.213.152, timeout is 2 seconds:
Packet sent with a source address of 10.123.213.158
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!!.
!!!!!!.!!!!!!.!!!!!!.!!!!!!.!!
Success rate is 86 percent (86/100), round-trip min/avg/max = 1/3/17 ms
正如你所看到的,我有一個模式,我總是在第 7 次 ping 時丟失一個資料包。在伺服器端,我可以使用 tcpdump 看到已收到 icmp 請求,但未發送 icmp 回覆。在下面的範例中,我對伺服器進行了 8 次 ping 操作,我們可以看到 2 個請求相互跟隨。
root@CentOSserver:/etc/sysconfig/network-scripts# tcpdump -i eno1 host 10.123.213.158 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:37:04.770292 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 0, length 80
11:37:04.770354 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 0, length 80
11:37:04.772624 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 1, length 80
11:37:04.772644 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 1, length 80
11:37:04.774394 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 2, length 80
11:37:04.774411 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 2, length 80
11:37:04.776592 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 3, length 80
11:37:04.776606 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 3, length 80
11:37:04.789083 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 4, length 80
11:37:04.789099 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 4, length 80
11:37:04.791466 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 5, length 80
11:37:04.791483 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 5, length 80
11:37:04.793669 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 6, length 80
11:37:04.822159 ARP, Request who-has 10.123.213.158 tell 10.123.213.144, length 46
11:37:06.793024 IP 10.123.213.158 > 10.123.213.152: ICMP echo request, id 134, seq 7, length 80
11:37:06.793068 IP 10.123.213.152 > 10.123.213.158: ICMP echo reply, id 134, seq 7, length 80
10.123.213.158 是我的 Cisco 交換器上的 VLAN 位址
10.123.213.152 是 Linux 伺服器上的 eno1 的位址
10.123.213.144 是在我的 tcpdump 運作時執行 arp 的另一個伺服器請求伺服器的 Iarp LO 位址的 Iarp LO 位址。
經過新的調查,我發現問題與生成樹有關。我主持了我發現的內容的 pcap。 https://filebin.net/9x9ech3uude93sda
在pcap中,我們可以看到2個icmp請求之間有一個STP封包。我嘗試了幾次,每次我都應該在 STP 資料包中找到回應。
對我來說,這只是一條 bpdu 訊息,不會對我的介面 GigabitEthernet0/27 產生任何影響。
在 cisco 上的生成樹配置中沒有看到任何特別令人擔憂的內容(對我來說):
SWTCisco#sh spanning-tree vlan 28
VLAN0028
Spanning tree enabled protocol ieee
Root ID Priority 32796
Address 501c.bf45.1c00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32796 (priority 32768 sys-id-ext 28)
Address 501c.bf45.1c00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/11 Desg FWD 4 128.11 P2p
Gi0/18 Desg FWD 4 128.18 P2p
Gi0/19 Desg FWD 4 128.19 P2p
Gi0/20 Desg FWD 4 128.20 P2p
Gi0/21 Desg FWD 19 128.21 P2p
Gi0/22 Desg FWD 4 128.22 P2p
Gi0/23 Desg FWD 4 128.23 P2p
Gi0/24 Desg FWD 4 128.24 P2p
Gi0/25 Desg FWD 4 128.25 P2p
Gi0/26 Desg FWD 4 128.26 P2p
Gi0/27 Desg FWD 4 128.27 P2p
Gi0/31 Desg FWD 4 128.31 P2p
Gi0/32 Desg FWD 19 128.32 P2p
Gi0/33 Desg FWD 4 128.33 P2p
Gi0/34 Desg FWD 4 128.34 P2p
Gi0/35 Desg FWD 4 128.35 P2p
Gi0/36 Desg FWD 4 128.36 P2p
Gi0/37 Desg FWD 4 128.37 P2p
Gi0/38 Desg FWD 4 128.38 P2p
Gi0/39 Desg FWD 4 128.39 P2p
Gi0/40 Desg FWD 4 128.40 P2p
Gi0/47 Desg FWD 19 128.47 P2p
Gi1/3 Desg FWD 4 128.51 P2p
SWTCisco#sh run int gigabitEthernet 0/27
Building configuration...
Current configuration : 113 bytes
!
interface GigabitEthernet0/27
switchport access vlan 28
switchport mode access
end
SWTCisco#sh spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
Number of blocked ports (segments) in the system : 0
SWTCisco#sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0028, VLAN0031, VLAN3715
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0028 0 0 0 23 23
VLAN0031 0 0 0 12 12
VLAN0157 0 0 0 1 1
VLAN3715 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
4 vlans 0 0 0 37 37
SWTCisco#sh version | in RELEASE
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE1, RELEASE SOFTWARE (fc1)
當 ping 處於活動狀態且介面保持 FWD 狀態時,我觀察了介面 Gi0/27。
有誰知道為什麼我在交換器發送 bdpu 訊框時丟失資料包?我在理解一些高級 stp 功能時遇到了一些困難,所以我可能在這裡遺漏了一些東西。