Skip to main content
Version: v1.1.0

Gateway - Frontend

nsm-vlan

vlan-id 1 to 4094 - NSM VPP-Forwarder v1.7.0 to latest

Here is the implementation of the network using the nsm-vlan attractor type with vlan-id set to a value from 1 to 4094 and with NSM the VPP-Forwarder from v1.7.0 to latest. This example use eth0 as base interface and 100 as vlan-id, we will also consider traffic used is 20.0.0.1/32 and 2000::1/128 as VIPs and 4000 as destination port.

Dataplane-nsm-vlan-100-v1.7.0

List the kernel interfaces of the host

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- ip a show dev eth0
899: eth0@if900: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fc00:f853:ccd:e793::2/64 scope global nodad 
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe12:2/64 scope link 
       valid_lft forever preferred_lft forever

You can capture VLAN traffic with VLAN 100 and 4000 as destination port with:

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- tcpdump -nn -i eth0 -e 'dst port 4000 and (vlan 100)'

List the VPP interfaces:

  • host-eth0: VPP interface representing the Linux kernel base interface eth0 of the host
  • host-eth0.100: VPP VLAN (ID: 100) interface based on eth0
  • 7271263: VPP bridge-domain interface bridging host-eth0.100 and tap0
  • tap0: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the stateless-lb-frontend (ext-vlan0)
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface addr
host-eth0 (up):
  L3 172.18.0.2/16
host-eth0.100 (up):
  L2 bridge bd-id 7271263 idx 1 shg 0
tap0 (up):
  L2 bridge bd-id 7271263 idx 1 shg 1

Note: vppctl show mode can also be used.

List the VPP bridges:

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show bridge-domain
  BD-ID   Index   BSN  Age(min)  Learning  U-Forwrd   UU-Flood   Flooding  ARP-Term  arp-ufwd Learn-co Learn-li   BVI-Intf 
 7271263    1      0     off        on        on       flood        on       off       off        2    16777216     N/A

To find the peer interface of a TAP interface in VPP, you can do it by listing the TAP interfaces and finding the one that has the same host-mac-addr property as the MAC address on the Linux Kernel interface.

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap0
Interface: tap0 (ifindex 2)
  name "ext-vlan0"
  host-ns "/proc/1/fd/19"
  host-mac-addr: 02:fe:1c:50:da:6c
  host-carrier-up: 1
  vhost-fds 15
  tap-fds 14
  gso-enabled 0
  csum-enabled 0
  packet-coalesce 0
  packet-buffering 0
  Mac Address: 02:fe:7b:f9:4e:98
  Device instance: 0
  flags 0x1
    admin-up (0)
  features 0x110008000
    VIRTIO_NET_F_MRG_RXBUF (15)
    VIRTIO_RING_F_INDIRECT_DESC (28)
    VIRTIO_F_VERSION_1 (32)
  remote-features 0x33d008000
    VIRTIO_NET_F_MRG_RXBUF (15)
    VIRTIO_F_NOTIFY_ON_EMPTY (24)
    VHOST_F_LOG_ALL (26)
    VIRTIO_F_ANY_LAYOUT (27)
    VIRTIO_RING_F_INDIRECT_DESC (28)
    VIRTIO_RING_F_EVENT_IDX (29)
    VIRTIO_F_VERSION_1 (32)
    VIRTIO_F_IOMMU_PLATFORM (33)
  Number of RX Virtqueue  1
  Number of TX Virtqueue  1
  Virtqueue (RX) 0
    qsz 1024, last_used_idx 2793, desc_next 640, desc_in_use 919
    avail.flags 0x0 avail.idx 3712 used.flags 0x1 used.idx 2793
    kickfd 17, callfd 16
  Virtqueue (TX) 1
    qsz 1024, last_used_idx 2765, desc_next 718, desc_in_use 1
    avail.flags 0x1 avail.idx 2766 used.flags 0x0 used.idx 2766
    kickfd 18, callfd -1

Access the network namespace of the tap0 peer:

  • /proc/1/fd/19: network namespace file (host-ns) of the tap0 peer
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/19 bash

List the VPP interfaces with metrics and index:

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface
              Name               Idx    State  MTU (L3/IP4/IP6/MPLS)     Counter          Count     
host-eth0                         1      up     1454/1454/1454/1454 rx packets                222890
                                                                    rx bytes               272031148
                                                                    tx packets                  3356
                                                                    tx bytes                  283573
                                                                    drops                     219563
                                                                    ip4                        72607
                                                                    ip6                           12
host-eth0.100                     2      up           0/0/0/0       rx packets                  3284
                                                                    rx bytes                  274240
                                                                    tx packets                  3312
                                                                    tx bytes                  276867
tap0                              3      up     1454/1454/1454/1454 rx packets                  3312
                                                                    rx bytes                  263619
                                                                    tx packets                  3284
                                                                    tx bytes                  261104

To capture traffic inside the vpp forwarder:

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl trace add virtio-input 100
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show trace

Alternative to capture traffic inside the vpp forwarder:

  • vppctl pcap trace rx tx max COUNT intfc INTERFACE: Start capturing traffic
  • vppctl pcap trace off: Stop trace. You can use tcpdump -nn -e -r /tmp/rxtx.pcap to read it or use Wireshark.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap0
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off

To capture the VLAN traffic using vlan 100 with 4000 as port:

$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- tcpdump -nn -i eth0 -e 'port 4000 and (vlan 100)'

List the interfaces in the stateless-lb-frontend:

  • ext-vlan0: peer of VPP tap0 interface
$ kubectl exec -it stateless-lb-frontend-attractor-a-1-ghi -n red -- ip a show dev ext-vlan0
3: ext-vlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1454 qdisc mq state UNKNOWN group default qlen 1000
    link/ether 02:fe:1c:50:da:6c brd ff:ff:ff:ff:ff:ff
    inet 169.254.100.2/24 brd 169.254.100.255 scope global ext-vlan0
       valid_lft forever preferred_lft forever
    inet6 100:100::2/64 scope global nodad 
       valid_lft forever preferred_lft forever
    inet6 fe80::fe:1cff:fe50:da6c/64 scope link 
       valid_lft forever preferred_lft forever

note: if ip command is not available, it is also possible to use these commands:

  • List the interfaces: cat /proc/net/dev
  • Get the MAC address of an interface: cat /sys/class/net/ext-vlan0/address
  • Get the ARP table: cat /proc/net/arp

To capture traffic inside the stateless-lb-frontend:

$ kubectl exec -it stateless-lb-frontend-attractor-a-1-ghi -n red -- tcpdump -nn -i any port 4000

vlan-id 0 - NSM VPP-Forwarder v1.7.0 to latest

Here is the implementation of the network using the nsm-vlan attractor type with vlan-id set to 0 and with the NSM VPP-Forwarder from v1.7.0 to latest.

TODO

vlan-id 1 to 4094 - NSM VPP-Forwarder v1.1.0 to v1.6.1

Here is the implementation of the network using the nsm-vlan attractor type with vlan-id set to a value from 1 to 4094 and with NSM the VPP-Forwarder from v1.1.0 to v1.6.1.

TODO

vlan-id 0 - NSM VPP-Forwarder v1.4.0 to v1.6.1

Here is the implementation of the network using the nsm-vlan attractor type with vlan-id set to 0 and with the NSM VPP-Forwarder from v1.4.0 to v1.6.1.

TODO

network-attachment

TODO