LINUX-socket与VRF

40次阅读

共计 10014 个字符,预计需要花费 26 分钟才能阅读完成。

实验环境如下图所示:

配置如下:

#!/bin/bash
sudo ip netns add ns1 
sudo ip link add ns1veth1 type veth peer name eth0 netns ns1
sudo ip netns add ns2
sudo ip link add ns2veth1 type veth peer name eth0 netns ns2
sudo ip link set ns1veth1 master vrftest
sudo ip link set ns2veth1 master vrftest
sudo ip link set ns2veth1 up
sudo ip link set ns1veth1 up
sudo ip addr add 1.1.1.254/24 dev ns1veth1 
sudo ip addr add 2.2.2.254/24 dev ns2veth1 
sudo ip netns exec ns2 ip addr add 2.2.2.1/24 dev eth0 
sudo ip netns exec ns1 ip addr add 1.1.1.1/24 dev eth0 
sudo ip netns exec ns1 ip link set eth0 up
sudo ip netns exec ns1 ip link set lo up
sudo ip netns exec ns1 ip route add default via 1.1.1.254 dev eth0
sudo ip netns exec ns2 ip link set eth0 up
sudo ip netns exec ns2 ip link set lo up
sudo ip netns exec ns2 ip route add default via 2.2.2.254 dev eth0

实验使用 c 语言写了两个套接字交互程序:

  • 服务器:vrfs
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<errno.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include <unistd.h>

#define MAXLINE 4096

int main(int argc, char** argv)
{
    int    listenfd, connfd;
    struct sockaddr_in     servaddr;
    char    buff[4096];
    int     n;
    int     on = 1;



    if((listenfd = socket(AF_INET, SOCK_STREAM, 0)) == -1 ){printf("create socket error: %s(errno: %d)\n",strerror(errno),errno);
        exit(0);
    }
    setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
                         sizeof(on));
    setsockopt(listenfd, SOL_SOCKET, SO_REUSEPORT, (void *)&on,
                         sizeof(on));

    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
    servaddr.sin_port = htons(6666);

    if(argc == 2){printf("vrf device name: %s\r\n", argv[1]);
        if(0 > setsockopt(listenfd, SOL_SOCKET, SO_BINDTODEVICE, argv[1], strlen(argv[1])+1)){printf("bind socket master dev error: %s(errno: %d)\n",strerror(errno),errno);
             exit(0);
        }
    }

    if(bind(listenfd, (struct sockaddr*)&servaddr, sizeof(servaddr)) == -1){printf("bind socket error: %s(errno: %d)\n",strerror(errno),errno);
        exit(0);
    }

    if(listen(listenfd, 10) == -1){printf("listen socket error: %s(errno: %d)\n",strerror(errno),errno);
        exit(0);
    }

    printf("======waiting for client's request======\n");
    while(1){if((connfd = accept(listenfd, (struct sockaddr*)NULL, NULL)) == -1){printf("accept socket error: %s(errno: %d)",strerror(errno),errno);
                continue;
        }
        n = recv(connfd, buff, MAXLINE, 0);
        buff[n] = '\0';
        printf("recv msg from client: %s\n", buff);
        close(connfd);
    }

    close(listenfd);
}
  • 客户端程序:vrfc
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<errno.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<unistd.h>
#define MAXLINE 4096
#include <arpa/inet.h>

int main(int argc, char** argv)
{
    int    sockfd, n;
    char   *sendline = "hello vrf";
    struct sockaddr_in    servaddr;

    if(argc != 2){printf("usage: ./client <ipaddress> [master device]\n");
    exit(0);
    }

    if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0){printf("create socket error: %s(errno: %d)\n", strerror(errno),errno);
    exit(0);
    }

    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_port = htons(6666);
    if(inet_pton(AF_INET, argv[1], &servaddr.sin_addr) <= 0){printf("inet_pton error for %s\n",argv[1]);
    exit(0);
    }

    if(argc == 3){printf("vrf device name: %s\r\n", argv[2]);
        if(0 > setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2])+1)){printf("bind socket master dev error: %s(errno: %d)\n",strerror(errno),errno);
             exit(0);
        }
    }
    if(connect(sockfd, (struct sockaddr*)&servaddr, sizeof(servaddr)) < 0){printf("connect error: %s(errno: %d)\n",strerror(errno),errno);
    exit(0);
    }

    printf("send msg to server: hello vrf\n");
    
    if(send(sockfd, sendline, strlen(sendline), 0) < 0)
    {printf("send msg error: %s(errno: %d)\n", strerror(errno), errno);
    exit(0);
    }

    close(sockfd);
    exit(0);
}

实验一:惊群效应

在默认 VRF 环境下,启动两个进程,监听相同的端口和地址 :程序中套接口使用了 SO_REUSEADDR 和 SO_REUSEPORT。查看内核如何处理惊群效应。

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do ./vrfc 127.0.0.1; done  
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$ 

console2:

admin@ubuntu:~/vrfsocket$ ./vrfs 
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

console3:

admin@ubuntu:~/vrfsocket$ ./vrfs 
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

结论

新内核似乎已经能够处理惊群效应了,收到请求时不再通知所有监听该端口的服务器程序,而是会进行一定的负载均衡调度处理。

实验二:启动两个服务器,一个绑定 VRF,一个不绑定,客户端不绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 127.0.0.1; done
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$ 

console2:

root@ubuntu:/home/jd/vrfsocket# ./vrfs
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

console3:

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======

结论:服务器监听套接字绑定 VRF 后,不再处理默认 VRF 中的请求

实验三:启动两个服务器,一个绑定 VRF,一个不绑定,客户端绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 1.1.1.254 vrftest; done
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$ 

console2:在 root 用户下运行

root@ubuntu:/home/jd/vrfsocket# ./vrfs
======waiting for client's request======

console3:在 root 用户下运行。

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

结论:服务器监听套接字不绑定 VRF,不能处理非默认 VRF 中的请求

实验四:设置 sudo sysctl -w net.ipv4.tcp_l3mdev_accept=1

启动两个服务器,一个绑定 VRF,一个不绑定,客户端不绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 127.0.0.1; done
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$ 

console2:

root@ubuntu:/home/jd/vrfsocket# ./vrfs
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

console3:

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======

启动一个服务器,绑定 VRF,客户端不绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 127.0.0.1; done
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
connect error: Connection refused(errno: 111)
admin@ubuntu:~/vrfsocket$ 

console3:

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======

启动一个服务器,绑定 VRF,客户端绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 1.1.1.254 vrftest; done
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$

console3:

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

启动两个服务器,一个绑定 VRF,一个不绑定,客户端绑定 VRF

console1:

admin@ubuntu:~/vrfsocket$ for i in {0..9}; do sudo ./vrfc 1.1.1.254 vrftest; done
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
vrf device name: vrftest
send msg to server: hello vrf
admin@ubuntu:~/vrfsocket$ 

console2:

root@ubuntu:/home/jd/vrfsocket# ./vrfs
======waiting for client's request======
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf
recv msg from client: hello vrf

console3:

root@ubuntu:/home/jd/vrfsocket# ./vrfs vrftest
vrf device name: vrftest
======waiting for client's request======

在打开 sudo sysctl -w net.ipv4.tcp_l3mdev_accept= 1 后,默认 VRF 中的监听套接字能够处理所有 VRF 中的请求,且优先级高于其它的 VRF 的监听套接字。

总结

序号 结论
1 多个服务器器监听同一地址和端口,内核会进行负载均衡,选择唤醒其中一个进程处理请求。
2 默认 VRF 中的服务器进程不能处理非默认 VRF 中的请求,非默认 VRF 中的服务器进程不能处理其它 VRF 中的请求
3 开启 net.ipv4.tcp_l3mdev_accept= 1 后,默认 VRF 中的服务器进程可以处理任意 VRF 中的请求,且优先级最高
4 开启 net.ipv4.tcp_l3mdev_accept= 1 后,非默认 VRF 中的服务器进程不能处理其它 VRF 中的请求,在处理本 VRF 中的流量时,优先级低于默认 VRF 中的进程。

正文完
 0