Comments (9)
ishidawataru
commented on August 17, 2024
1
Chain FORWARD (policy DROP)
It seems this is causing the trouble.
Please run iptables -P FORWARD ACCEPT
from goplane.
skjune12
commented on August 17, 2024
1
It works well.
Thank you for your kind support!
from goplane.
skjune12
commented on August 17, 2024
FYI: I use Vagrant for running goplane evpn/vxlan demo.
So please refer it if you need.
https://gist.github.com/skjune12/a042b8634cfb32b835971a255457ff35
from goplane.
ishidawataru
commented on August 17, 2024
Please refer to this issue. #19
from goplane.
skjune12
commented on August 17, 2024
Thank you for your information. I found the reason why demo doesn't work is that there is no reachability among g1, g2, and g3.
I check the interface has an IPv4 address correctly, but it doesn't work.
g1
root@ubuntu-xenial:~# docker exec -it g1 ip addr show eth1
17: eth1@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 92:14:b0:32:2a:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.2/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::9014:b0ff:fe32:2a17/64 scope link
valid_lft forever preferred_lft forever
root@ubuntu-xenial:~# docker exec -it g1 ip r
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
root@ubuntu-xenial:~# docker exec -it g1 ip neigh
192.168.10.4 dev eth1 lladdr c2:ea:66:aa:30:37 STALE
192.168.10.3 dev eth1 lladdr 86:50:17:51:a9:2d STALE
192.168.10.1 dev eth1 lladdr 0a:0e:b9:bc:7e:d2 STALE
root@ubuntu-xenial:~# docker exec -it g1 ping -c 3 192.168.10.3
PING 192.168.10.3 (192.168.10.3): 56 data bytes
--- 192.168.10.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g1 ping -c 3 192.168.10.4
PING 192.168.10.4 (192.168.10.4): 56 data bytes
--- 192.168.10.4 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
g2
root@ubuntu-xenial:~# docker exec -it g2 ip addr show eth1
19: eth1@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 86:50:17:51:a9:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.10.3/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::8450:17ff:fe51:a92d/64 scope link
valid_lft forever preferred_lft forever
root@ubuntu-xenial:~# docker exec -it g2 ping -c 3 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
--- 192.168.10.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g2 ip r
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.3
root@ubuntu-xenial:~# docker exec -it g2 ip neigh
192.168.10.4 dev eth1 lladdr c2:ea:66:aa:30:37 STALE
192.168.10.2 dev eth1 lladdr 92:14:b0:32:2a:17 STALE
root@ubuntu-xenial:~# docker exec -it g2 ping -c 3 192.168.10.4
PING 192.168.10.4 (192.168.10.4): 56 data bytes
--- 192.168.10.4 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
g3
root@ubuntu-xenial:~# docker exec -it g3 ip addr show eth1
21: eth1@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c2:ea:66:aa:30:37 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.4/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::c0ea:66ff:feaa:3037/64 scope link
valid_lft forever preferred_lft forever
root@ubuntu-xenial:~# docker exec -it g3 ip r
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.4
root@ubuntu-xenial:~# docker exec -it g3 ip neigh
192.168.10.1 dev eth1 lladdr 0a:0e:b9:bc:7e:d2 STALE
192.168.10.2 dev eth1 lladdr 92:14:b0:32:2a:17 STALE
192.168.10.3 dev eth1 lladdr 86:50:17:51:a9:2d STALE
root@ubuntu-xenial:~# docker exec -it g3 ping -c 3 192.168.10.3
PING 192.168.10.3 (192.168.10.3): 56 data bytes
--- 192.168.10.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g3 ping -c 3 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
--- 192.168.10.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
Could you help me?
from goplane.
ishidawataru
commented on August 17, 2024
Do you have reachability to 192.168.10.1?
Also, please check if any iptables rules prevent packet flows.
from goplane.
skjune12
commented on August 17, 2024
Yes, each containers can send ping to 192.168.10.1, but when I set this address as a gateway of eth0, it doesn't work too.
root@ubuntu-xenial:~# docker exec -it g1 ping -c 3 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.083 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.097 ms
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.083/0.092/0.097/0.000 ms
root@ubuntu-xenial:~# docker exec -it g2 ping -c 3 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.131 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.070 ms
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.070/0.091/0.131/0.028 ms
root@ubuntu-xenial:~# docker exec -it g3 ping -c 3 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.104 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.103 ms
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.103/0.104/0.106/0.000 ms
This is the output after I set the default gateway of eth1 to 192.168.10.1. BGP speakers have no reachability each other.
root@ubuntu-xenial:~# docker exec -it g1 ip route add default via 192.168.10.1 dev eth1
root@ubuntu-xenial:~# docker exec -it g2 ip route add default via 192.168.10.1 dev eth1
root@ubuntu-xenial:~# docker exec -it g3 ip route add default via 192.168.10.1 dev eth1
root@ubuntu-xenial:~# docker exec -it g1 ping -c 3 192.168.10.3
PING 192.168.10.3 (192.168.10.3): 56 data bytes
--- 192.168.10.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g1 ping -c 3 192.168.10.4
PING 192.168.10.4 (192.168.10.4): 56 data bytes
--- 192.168.10.4 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g2 ping -c 3 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
--- 192.168.10.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g2 ping -c 3 192.168.10.4
PING 192.168.10.4 (192.168.10.4): 56 data bytes
--- 192.168.10.4 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g3 ping -c 3 192.168.10.2
PING 192.168.10.2 (192.168.10.2): 56 data bytes
--- 192.168.10.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@ubuntu-xenial:~# docker exec -it g3 ping -c 3 192.168.10.3
PING 192.168.10.3 (192.168.10.3): 56 data bytes
--- 192.168.10.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
There is also a problem when I try to check the iptables rules: All container says "No such file or directory"
root@ubuntu-xenial:~# docker exec -it g3 iptables -L
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:262: starting container process caused "exec: \"/bin/iptables\": stat /bin/iptables: no such file or directory"
root@ubuntu-xenial:~# docker exec -it g3 which iptables
So I have no idea what I need to check...
from goplane.
ishidawataru
commented on August 17, 2024
You don't need to exec iptables in container namespace. Instead, just run iptables -L in default namespace.
from goplane.
skjune12
commented on August 17, 2024
Sorry for that.
I have no rules in my default namespace.
root@ubuntu-xenial:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION (0 references)
target prot opt source destination
Chain DOCKER-USER (0 references)
target prot opt source destination
from goplane.
Related Issues (13)
- Similar project HOT 1
- evpn_vxlan_test don't work HOT 11
- Unable to install GoPlane HOT 3
- netlink example, glide installation broken HOT 1
- Changes to external projects have broken this HOT 1
- VXLAN demo, macadv routes have route distinguisher of 0:0 HOT 1
- future of goplane and how to use with gobgpd HOT 1
- netfilter integration
- iptables test: "listen tcp :50051: bind: address already in use" HOT 1
- github.com/Sirupsen/logrus has been renamed HOT 1
- demo.py prepare error HOT 1
- Goplane panics when FSM state gets reaches Established HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goplane.