7月 282020
 

CentOS 8

编译报错(提示为nghttp2版本太旧)

[root@test httpd-2.4.43]# ./configure --enable-http2

checking for nghttp2... checking for user-provided nghttp2 base directory... none
checking for pkg-config along ... checking for nghttp2 version >= 1.2.1... FAILED
configure: WARNING: nghttp2 version is too old

启用仅CentOS 8支持的Power Tools软件源仓库

可供 CentOS 使用的软件库
https://wiki.centos.org/zh/AdditionalResources/Repositories

PowerTools —— 只供 CentOS8 使用,PowerTools 软件库提供了大量开发者用的工具。缺省是停用的。

[root@test httpd-2.4.43]# dnf config-manager --set-enabled PowerTools
[root@test httpd-2.4.43]# dnf makecache
CentOS-8 - AppStream                                           9.6 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                                8.6 kB/s | 3.9 kB     00:00
CentOS-8 - Extras                                              4.4 kB/s | 1.5 kB     00:00
CentOS-8 - PowerTools                                          1.7 MB/s | 1.9 MB     00:01
Extra Packages for Enterprise Linux Modular 8 - x86_64          57 kB/s |  18 kB     00:00
Extra Packages for Enterprise Linux 8 - x86_64                  58 kB/s |  18 kB     00:00
Metadata cache created.
[root@test httpd-2.4.43]#

安装开发库

[root@test httpd-2.4.43]# dnf -y install libnghttp2-devel

===============================================================================================
 Package                   Architecture    Version                   Repository           Size
===============================================================================================
Installing:
 libnghttp2-devel          x86_64          1.33.0-3.el8_2.1          PowerTools           60 k

Transaction Summary
===============================================================================================
Install  1 Package

重新编译

[root@test httpd-2.4.43]# ./configure --enable-http2

checking whether to enable mod_http2... checking dependencies
checking for OpenSSL... (cached) yes
  setting MOD_LDFLAGS to "-lssl -lcrypto    -lpthread -ldl"
  setting MOD_CFLAGS to ""
  setting MOD_CPPFLAGS to "-DH2_OPENSSL"
checking for nghttp2... checking for user-provided nghttp2 base directory... none
checking for pkg-config along ...   setting MOD_CFLAGS to ""
checking for nghttp2 version >= 1.2.1... OK
  adding "-lnghttp2" to MOD_LDFLAGS
  setting LIBS to "-lnghttp2    -lpthread -ldl"
checking nghttp2/nghttp2.h usability... yes
checking nghttp2/nghttp2.h presence... yes
checking for nghttp2/nghttp2.h... yes
checking for nghttp2_session_server_new2... yes
checking for nghttp2_stream_get_weight... yes
checking for nghttp2_session_change_stream_priority... yes
  adding "-DH2_NG2_CHANGE_PRIO" to MOD_CPPFLAGS
checking for nghttp2_session_callbacks_set_on_invalid_header_callback... yes
  adding "-DH2_NG2_INVALID_HEADER_CB" to MOD_CPPFLAGS
checking for nghttp2_session_get_stream_local_window_size... yes
  adding "-DH2_NG2_LOCAL_WIN_SIZE" to MOD_CPPFLAGS
yes
  setting MOD_HTTP2_LDADD to "-export-symbols-regex http2_module"
7月 282020
 

防火墙IPSEC规则方向:入站方向

Firewall -> Rules -> IPsec

[SITE A][10.25.100.0/22] 
Allow Protocol IPv4 * Source 10.25.112.0/22 Port * to Destination 10.25.100.0/22 Port *

[SITE B][10.25.112.0/22]
Allow Protocol IPv4 * Source 10.25.100.0/22 Port * to Destination 10.25.112.0/22 Port *

基于隧道的路由测试A节点

[A][10.25.100.4]

[root@test ~]# ip route add 10.25.112.0/22 via 10.25.100.3 dev ens7 metric 101 proto static

[root@test ~]# ping -c 4 10.25.100.3
PING 10.25.100.3 (10.25.100.3) 56(84) bytes of data.
64 bytes from 10.25.100.3: icmp_seq=1 ttl=64 time=0.455 ms
64 bytes from 10.25.100.3: icmp_seq=2 ttl=64 time=0.540 ms
64 bytes from 10.25.100.3: icmp_seq=3 ttl=64 time=0.465 ms
64 bytes from 10.25.100.3: icmp_seq=4 ttl=64 time=0.455 ms

--- 10.25.100.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 116ms
rtt min/avg/max/mdev = 0.455/0.478/0.540/0.044 ms
[root@test ~]#
[root@test ~]# ping -c 4 10.25.112.3
PING 10.25.112.3 (10.25.112.3) 56(84) bytes of data.
64 bytes from 10.25.112.3: icmp_seq=1 ttl=63 time=36.0 ms
64 bytes from 10.25.112.3: icmp_seq=2 ttl=63 time=35.9 ms
64 bytes from 10.25.112.3: icmp_seq=3 ttl=63 time=35.9 ms
64 bytes from 10.25.112.3: icmp_seq=4 ttl=63 time=35.9 ms

--- 10.25.112.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 7ms
rtt min/avg/max/mdev = 35.860/35.922/36.009/0.145 ms
[root@test ~]#

基于隧道的路由测试B节点

[B][10.25.112.4]

[root@test2 ~]# ip route add 10.25.100.0/22 via 10.25.112.3 dev ens7 metric 101 proto static

[root@test2 ~]# ping -c 4 10.25.112.3
PING 10.25.112.3 (10.25.112.3) 56(84) bytes of data.
64 bytes from 10.25.112.3: icmp_seq=1 ttl=64 time=0.573 ms
64 bytes from 10.25.112.3: icmp_seq=2 ttl=64 time=0.558 ms
64 bytes from 10.25.112.3: icmp_seq=3 ttl=64 time=0.458 ms
64 bytes from 10.25.112.3: icmp_seq=4 ttl=64 time=0.469 ms

--- 10.25.112.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 93ms
rtt min/avg/max/mdev = 0.458/0.514/0.573/0.056 ms
[root@test2 ~]#
[root@test2 ~]# ping -c 4 10.25.100.3
PING 10.25.100.3 (10.25.100.3) 56(84) bytes of data.
64 bytes from 10.25.100.3: icmp_seq=1 ttl=63 time=35.9 ms
64 bytes from 10.25.100.3: icmp_seq=2 ttl=63 time=35.8 ms
64 bytes from 10.25.100.3: icmp_seq=3 ttl=63 time=35.7 ms
64 bytes from 10.25.100.3: icmp_seq=4 ttl=63 time=35.7 ms

--- 10.25.100.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 35.663/35.783/35.947/0.170 ms
[root@test2 ~]#
[root@test2 ~]# ping -c 4 10.25.100.4
PING 10.25.100.4 (10.25.100.4) 56(84) bytes of data.
64 bytes from 10.25.100.4: icmp_seq=1 ttl=62 time=36.5 ms
64 bytes from 10.25.100.4: icmp_seq=2 ttl=62 time=36.5 ms
64 bytes from 10.25.100.4: icmp_seq=3 ttl=62 time=36.3 ms
64 bytes from 10.25.100.4: icmp_seq=4 ttl=62 time=36.5 ms

--- 10.25.100.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 36.300/36.448/36.535/0.162 ms
[root@test2 ~]#

节点A与节点B均需要配置静态路由,即必须有双向路由,节点间才可正常通信。