跳至内容

GRE 与多播

Multicast (often referred to as multicasting) is where data transmission is addressed to a group of destination computers simultaneously. Multicast can be a one-to-many or a many-to-many distribution. Multicast requires the source to send a packet only once, even if it needs to be delivered to a large number of receivers.

为什么Equinix Metal 网络上的多播功能被禁用?

Equinix Metal™ 在其默认的三层网络拓扑中不支持多播。这是由于多租户交换机和路由器扩展带来的性能和安全问题。

为此,我们建议利用 GRE 隧道。

什么是 GRE?

通用路由封装(简称 GRE)是由Cisco系统开发的一种隧道协议,它可以将多种网络层协议封装在互联网协议网络上的虚拟点对点链路内。

设置 GRE 隧道

在设备之间设置 GRE 隧道非常简单。以下是 CentOS 设备的基本配置。

设备 1:

DEVICE=gre1
BOOTPROTO=none
ONBOOT=yes
TYPE=GRE
PEER_OUTER_IPADDR=Site2.public.address
PEER_INNER_IPADDR=Site2.private.address
MY_INNER_IPADDR=Site1.private.address

设备 2:

DEVICE=gre1
BOOTPROTO=none
ONBOOT=yes
TYPE=GRE
PEER_OUTER_IPADDR=Site1.public.address
PEER_INNER_IPADDR=Site1.private.address
MY_INNER_IPADDR=Site2.private.address

在两台设备上,通过运行 ifup gre1 来启动接口

要验证配置,您可以在**设备 1:**上运行 ifconfig gre 命令并在此处查看输出。

[root@centos-ewr1 ~]# ifconfig gre1
gre1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1476
        inet 10.100.126.3  netmask 255.255.255.255  destination 10.88.152.3
        unspec 00-00-00-00-00-00-F0-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@centos-ewr1 ~]#

同样的操作也在设备 2上运行。

[root@centos-sjc1 ~]# ifconfig gre1
gre1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1476
        inet 10.88.152.3  netmask 255.255.255.255  destination 10.100.126.3
        unspec 00-00-00-00-00-00-F0-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@centos-sjc1 ~]#

Ping 设备 2 <> 设备 1

[root@centos-sjc1 ~]# ping -c5 10.100.126.3
PING 10.100.126.3 (10.100.126.3) 56(84) bytes of data.
64 bytes from 10.100.126.3: icmp_seq=1 ttl=64 time=73.5 ms
64 bytes from 10.100.126.3: icmp_seq=2 ttl=64 time=73.5 ms
64 bytes from 10.100.126.3: icmp_seq=3 ttl=64 time=73.5 ms
64 bytes from 10.100.126.3: icmp_seq=4 ttl=64 time=73.5 ms
64 bytes from 10.100.126.3: icmp_seq=5 ttl=64 time=73.4 ms
--- 10.100.126.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 73.416/73.516/73.558/0.179 ms
[root@centos-sjc1 ~]#
[root@centos-ewr1 ~]# ping -c5 10.88.152.3
PING 10.88.152.3 (10.88.152.3) 56(84) bytes of data.
64 bytes from 10.88.152.3: icmp_seq=1 ttl=64 time=73.4 ms
64 bytes from 10.88.152.3: icmp_seq=2 ttl=64 time=73.1 ms
64 bytes from 10.88.152.3: icmp_seq=3 ttl=64 time=73.4 ms
64 bytes from 10.88.152.3: icmp_seq=4 ttl=64 time=73.4 ms
64 bytes from 10.88.152.3: icmp_seq=5 ttl=64 time=73.4 ms
--- 10.88.152.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 73.183/73.405/73.489/0.360 ms
[root@centos-ewr1 ~]#

通过对 bond0 进行快速 TCPDump(tcpdump -n -i bond0 proto 47),您可以验证两个设备之间的流量是否通过 GRE 隧道传输。

17:36:22.295418 IP 147.75.64.13 > 147.75.69.141: GREv0, length 56: IP 10.100.126.3.48950 > 10.88.152.3.ssh: Flags [.], ack 2897, win 249, options [nop,nop,TS val 2332411 ecr 6130351], length 0

17:36:25.360737 IP 147.75.64.13 > 147.75.69.141: GREv0, length 124: IP 10.100.126.3.48950 > 10.88.152.3.ssh: Flags [P.], seq
1764:1832, ack 2897, win 249, options [nop,nop,TS val 2335476 ecr 6130351], length 68

17:36:25.360917 IP 147.75.69.141 > 147.75.64.13: GREv0, length 124: IP 10.88.152.3.ssh > 10.100.126.3.48950: Flags [P.], seq
2897:2965, ack 1832, win 149, options [nop,nop,TS val 6133490 ecr 2335476], length 68

注意:上述方法以纯文本形式发送流量。要加密流量,最好设置 IPSec、Wireguard 等。

启用多播

为确保 gre1 在重启后启用多播,请检查 /usr/sbin/ifup-pre-local 并确保其内容与以下示例类似:

#!/bin/bash
set -o errexit -o nounset -o pipefail -o xtrace
iface=${1#*-}
case $iface in
  bond0 | enp0s20f0) ip link set $iface address 0c:c4:7a:81:0a:84;;
          enp0s20f1) ip link set $iface address 0c:c4:7a:81:0a:85 && sleep 4;;
               gre1) ip link set $iface multicast on;;
                  *) echo "ignoring unknown interface $iface" && exit 0;;
esac

️ 需要注意的是,名为 gre1 的接口当然可以重命名为与您的部署和配置相匹配的名称。

此页面有帮助吗?