|
rp_filter (Reverse Path Filtering)参数定义了网卡对接收到的数据包进行反向路由验证的规则。他有三个值,0、1、2,具体含意如下: - 0:关闭反向路由校验
- 1:开启严格的反向路由校验。对每个进来的数据包,校验其反向路由是否是最佳路由。如果反向路由不是最佳路由,则直接丢弃该数据包。
- 2:开启松散的反向路由校验。对每个进来的数据包,校验其源地址是否可达,即反向路由是否能通(通过任意网口),如果反向路径不通,则直接丢弃该数据包。
什么是反向路由校验所谓反向路由校验,就是在一个网卡收到数据包后,把源地址和目标地址对调后查找路由出口,从而得到反身后路由出口。然后根据反向路由出口进行过滤。 当rp_filter的值为1时,要求反向路由的出口必须与数据包的入口网卡是同一块,否则就会丢弃数据包。
当rp_filter的值为2时,要求反向路由必须是可达的,如果反路由不可达,则会丢弃数据包。 rp_filter的配置项rp_filter是Linux的内核参数,可以针对每个网卡进行配置
在19C RAC安装时,如果有多个私网网卡,需要设置这个,在 /etc/sysctl.conf net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.eth1.rp_filter = 2 net.ipv4.conf.eth2.rp_filter = 2
具体参加官方文档: https://docs.oracle.com/database/121/CWLIN/networks.htm#CWLIN481
5.14 Multiple Private Interconnects and Oracle LinuxWith Oracle Linux kernel 2.6.31, which also includes Oracle Unbreakable Enterprise Kernel 2.6.32, a bug has been fixed in the Reverse Path Filtering. As a consequence of this correction, Oracle RAC systems that use multiple NICs for the private interconnect now require specific settings for the rp_filter parameter. This requirement also applies to all Exadata systems that are running Linux kernel 2.6.32 and above. Without these rp_filter parameter settings systems, interconnect packets can be blocked or discarded. The rp_filter values set the Reverse Path filter to no filtering (0), to strict filtering (1), or to loose filtering (2). Set the rp_filter value for the private interconnects to either 0 or 2. Setting the private interconnect NIC to 1 can cause connection issues on the private interconnect. It is not considered unsafe to disable or relax this filtering, because the private interconnect should be on a private and isolated network. For example, where eth1 and eth2 are the private interconnect NICs, and eth0 is the public network NIC, set the rp_filter of the private address to 2 (loose filtering), the public address to 1 (strict filtering), using the following entries in /etc/sysctl.conf: net.ipv4.conf.eth2.rp_filter = 2net.ipv4.conf.eth1.rp_filter = 2net.ipv4.conf.eth0.rp_filter = 1
| 
|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛
( 渝ICP备12004239号-4 )
发表于 2023-9-15 18:56:32
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
支持
反对