IPv6 Router Advertisement Floods (by quqi99)

作者:张华  发表于:2016-06-23
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明

( http://blog.csdn.net/quqi99 )


今天,遇到一个很诡异的问题,当ssh连接远程虚机做实验时,突然连接断开了。最后查出的原因如下:有一个脚本执行一次会给虚机增加一块网卡并加到br-ex里去,当再执行一次br-ex里会添加第二块网卡,会造成IPv6 router advertisement floods,然后虚机会变得奇慢无比,然后ssh连接断开。实验结果如下:


1, 当往br-ex里添加第一块网卡,且radvd关闭时:

23:50:50.306032 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 2234092183:2234092219, ack 99372432, win 342, options [nop,nop,TS val 51145217 ecr 33461], length 36
23:50:50.306542 IP 192.168.102.100.ssh > 192.168.102.1.50264: Flags [P.], seq 1:37, ack 36, win 312, options [nop,nop,TS val 39271 ecr 51145217], length 36
23:50:50.306556 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [.], ack 37, win 342, options [nop,nop,TS val 51145217 ecr 39271], length 0
23:50:50.362157 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 36:72, ack 37, win 342, options [nop,nop,TS val 51145231 ecr 39271], length 36
23:50:50.362490 IP 192.168.102.100.ssh > 192.168.102.1.50264: Flags [P.], seq 37:73, ack 72, win 312, options [nop,nop,TS val 39285 ecr 51145231], length 36
23:50:50.362506 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [.], ack 73, win 342, options [nop,nop,TS val 51145231 ecr 39285], length 0
23:50:50.493481 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 72:108, ack 73, win 342, options [nop,nop,TS val 51145264 ecr 39285], length 36
23:50:50.915926 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 216:252, ack 217, win 342, options [nop,nop,TS val 51145369 ecr 39393], length 36
23:50:50.916389 IP 192.168.102.100.ssh > 192.168.102.1.50264: Flags [P.], seq 217:253, ack 252, win 312, options [nop,nop,TS val 39424 ecr 51145369], length 36
23:50:50.916415 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [.], ack 253, win 342, options [nop,nop,TS val 51145369 ecr 39424], length 0
23:50:51.096128 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 252:288, ack 253, win 342, options [nop,nop,TS val 51145414 ecr 39424], length 36
23:50:51.096502 IP 192.168.102.100.ssh > 192.168.102.1.50264: Flags [P.], seq 253:289, ack 288, win 312, options [nop,nop,TS val 39469 ecr 51145414], length 36
23:50:51.096521 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [.], ack 289, win 342, options [nop,nop,TS val 51145414 ecr 39469], length 0
23:50:51.152884 IP 192.168.102.1.50264 > 192.168.102.100.ssh: Flags [P.], seq 288:324, ack 289, win 342, options [nop,nop,TS val 51145429 ecr 39469], length 36
23:50:51.153268 IP 192.168.102.100.ssh > 192.168.102.1.50264: Flags [P.], seq 289:325, ack 324, win 312, options [nop,nop,TS val 39483 ecr 51145429], length 36

2, 当往br-ex里添加第二块网卡,且radvd关闭时,ssh连接不会断开。

23:52:13.634073 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634115 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634157 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634199 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634256 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634308 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634367 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634417 IP6 :: > ff02::1:fff1:6bf4: ICMP6, neighbor solicitation, who has fe80::5054:ff:fef1:6bf4, length 24
23:52:13.634484 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634529 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634608 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634676 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634729 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634779 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.634811 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.634861 IP6 :: > ff02::1:fff1:6bf4: ICMP6, neighbor solicitation, who has fe80::5054:ff:fef1:6bf4, length 24
23:52:13.634944 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.637932 IP6 :: > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:52:13.637973 IP6 fe80::5054:ff:fef1:6bf4 > ip6-allrouters: ICMP6, router solicitation, length 16
23:52:13.638066 IP6 :: > ff02::1:fff1:6bf4: ICMP6, neighbor solicitation, who has fe80::5054:ff:fef1:6bf4, length 24
23:52:13.638133 IP6 fe80::5054:ff:fef1:6bf4 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28

3, 此时,将radvd打开,ssh连接立马断开。但此时虚机里的默认路由还在。

23:53:13.273412 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.273490 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.273568 IP6 fe80::5054:ff:fe42:13a9 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:53:13.273613 IP6 fe80::5054:ff:fe42:13a9 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
23:53:13.273678 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.273756 IP6 2001:db8:0:1:7056:5fff:fe91:74b > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:7056:5fff:fe91:74b, length 32
23:53:13.273835 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.273913 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.273995 IP6 fe80::8c42:64ff:fed7:fc4f > ip6-allnodes: ICMP6, router advertisement, length 56
23:53:13.274040 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.274098 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.274183 IP6 2001:db8:0:1:7056:5fff:fe91:74b > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:7056:5fff:fe91:74b, length 32
23:53:13.274263 IP6 2001:db8:0:1:7056:5fff:fe91:74b > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:7056:5fff:fe91:74b, length 32
23:53:13.274379 IP6 2001:db8:0:1:5054:ff:fe42:13a9 > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:5054:ff:fe42:13a9, length 32
23:53:13.274438 IP6 2001:db8:0:1:7056:5fff:fe91:74b > ip6-allnodes: ICMP6, neighbor advertisement, tgt is 2001:db8:0:1:7056:5fff:fe91:74b, length 32
23:53:13.274523 IP6 fe80::8c42:64ff:fed7:fc4f > ip6-allnodes: ICMP6, router advertisement, length 56

4, 再关闭radvd,ssh连接无法恢复,此时虚机里的默认路由丢失,虚机里报大量的这种错“ICMPv6: RA: ndisc_router_discovery failed to add default route”。此时,虚机奇慢无比,只能强制重启。





你可能感兴趣的:(IPv6 Router Advertisement Floods (by quqi99))