Docker 호스트 컨테이너 간 데이터 전송 문제 및 해결 방법
orrupted MAC on input.
Disconnecting: Packet corrupt
lost connection구글 검색을 통해 문제점을 발견한 이유는
"Corrupted MAC on input"
This situation happens when the packet is decrypted, the length field is checked, the MAC is computed over the decrypted data and then checked against the MAC field from the SSH packet (see the picture above). If those two MACs don't match we print the "bad mac" error message.
Possible reasons for "Corrupted MAC on input"
If you see those messages instead of the "Bad packet length" one you can safely assume that the encryption/decryption works fine. If it wasn't then the packet length check could hardly pass a few times in a row - assuming we have seen the message a couple of times at least. That means that we have a data corruption somewhere. There are many situations this could happen. It could be a mulfunctioning:
firewall, or
NAT, or
NIC device driver, or
NIC itself, or
switch/router along the way, or
...something else that corrupted the data in between the two SSH parties
Again, it could also be the SSH implementation itself but as with the "bad packet length" problem that's usually not the case. Note that all those corruptions assume that the TCP packet passes the checksum test but that can easily happen. The checksum is basically a sum of all 16 bit words in the TCP frame; see RFC 793 (Transmission Control Protocol) for the details.구체적인 홈페이지 주소는https://blogs.oracle.com/janp/entry/ssh_messages_code_bad_packet
내 용기 크로스 호스트 호환은 ovs+vxlan을 사용합니다. 이 문제가 사실인지 확인하기 위해서 다음 방법으로 테스트를 진행합니다.
1. 테스트 환경
IP
test_mac 172.16.2.114 A
test_mac_2 172.16.2.115 B
test_mac_3 172.16.2.116 A숙박 호스트 A의 용기 테스트mac에서 3G 테스트 파일 생성
09:56:16 # dd if=/dev/zero of=/tmp/test.tgz bs=1G count=3
3+0 records in
3+0 records out
3221225472 bytes (3.2 GB) copied, 5.21114 s, 618 MB/s2. 다른 숙박 호스트 B의 전체 호스트 컨테이너 데이터 동기화 상황 테스트
root@41255dbf85b4:/tmp
09:56:21 # scp -P 22 172.16.2.114:/tmp/test.tgz .
[email protected]'s password:
test.tgz 3% 99MB 50.6MB/s 00:58 ETA
Corrupted MAC on input.
Disconnecting: Packet corrupt
lost connection문제가 생긴 것을 볼 수 있다.
3. 호스트 컨테이너 데이터 동기화 테스트
09:59:50 # scp -P 22 172.16.2.114:/tmp/test.tgz .
[email protected]'s password:
test.tgz 100% 3072MB 80.8MB/s 00:38
root@5805f5017f89:/tmp정상 동기화가 표시됩니다.
4, 해결 하숙 호스트 컨테이너 데이터 동기화 방법
숙박 호스트 B에서 용기 테스트 가져오기mac_2의pid
[root@ip-10-10-125-10 ~]# docker inspect test_mac_2|grep -i pid
"PidMode": "",
"Pid": 29416,보시면 pid가 29416입니다.
그리고 nsenter를 사용하여 용기의 네트워크 카드 eth1을 설정하고 검사와
nsenter --target 29416 --mount --uts --ipc --net --pid -- /bin/bash -c "ethtool -k eth1"nsenter를 사용하는 이유는 이 방법은 가장 높은 권한을 가지고 수정할 수 있기 때문입니다. 용기에 직접 입력하면 다음 오류가 발생합니다.
10:12:52 # ethtool -K eth0 tx off rx off
Cannot get device feature names: No such device
root@41255dbf85b4:/다음은 해결 전 eth1 네트워크 카드 정보입니다.
[root@ip-10-10-125-10 ~]# nsenter --target 29416 --mount --uts --ipc --net --pid -- /bin/bash -c "ethtool -k eth1"
Features for eth1:
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: on
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: on
tcp-segmentation-offload: on
tx-tcp-segmentation: on
tx-tcp-ecn-segmentation: on
tx-tcp6-segmentation: on
udp-fragmentation-offload: on
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: on [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: on
tx-ipip-segmentation: on
tx-sit-segmentation: on
tx-udp_tnl-segmentation: on
tx-mpls-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: on
rx-vlan-stag-hw-parse: on
rx-vlan-stag-filter: off [fixed]
busy-poll: off [fixed]명령 실행을 시작하여 체크섬 닫기
[root@ip-10-10-125-10 ~]# nsenter --target 29416 --mount --uts --ipc --net --pid -- /bin/bash -c "ethtool -K eth1 tx off rx off "
Actual changes:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ip-generic: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]
tx-tcp6-segmentation: off [requested on]
udp-fragmentation-offload: off [requested on]그리고 eth1 NIC 정보를 다시 한 번 확인해 보도록 하겠습니다.
Features for eth1:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: off
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: on
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [requested on]
tx-tcp6-segmentation: off [requested on]
udp-fragmentation-offload: off [requested on]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: on [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: on
tx-ipip-segmentation: on
tx-sit-segmentation: on
tx-udp_tnl-segmentation: on
tx-mpls-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: on
rx-vlan-stag-hw-parse: on
rx-vlan-stag-filter: off [fixed]
busy-poll: off [fixed]rx-checksumming과 tx-checksumming이 모두 on에서 off로 바뀐 것을 분명히 볼 수 있다.
그리고 숙박 호스트 B에서testmac_2 데이터 동기화 호스트 A의 테스트mac 데이터
10:16:09 # scp -P 22 172.16.2.114:/tmp/test.tgz .
[email protected]'s password:
test.tgz 100% 3072MB 46.6MB/s 01:06
root@41255dbf85b4:/데이터가 정상적으로 전송되는 것을 볼 수 있다.
좋은 웹페이지 즐겨찾기
