Stateless-lb-frontend - Target
VPP-Forwarder: Same node stateless-lb-frontend - proxy
List the interfaces in the stateless-lb-frontend:
- conduit-a--f75b: peer of VPP
tap3interface
$ kubectl exec -it stateless-lb-frontend-attractor-a-1-ghi -n red -- ip a show dev conduit-a--f75b
5: conduit-a--f75b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ether 02:fe:18:32:8d:87 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.4/24 brd 172.16.1.255 scope global conduit-a--f75b
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::4/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:18ff:fe32:8d87/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/conduit-a--f75b/address
List the interfaces in the proxy:
- conduit-a--1b2a: peer of VPP
tap4interface
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip a show dev conduit-a--1b2a
5: conduit-a--1b2a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:7d:e7:f6:2a brd ff:ff:ff:ff:ff:ff
inet 172.16.1.5/24 brd 172.16.1.255 scope global conduit-a--1b2a
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::5/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:7dff:fee7:f62a/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/conduit-a--1b2a/address
List the VPP interfaces:
- tap3: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
stateless-lb-frontend(conduit-a--f75b). It is cross connected (l2 xconnect) withtap4 - tap4: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
proxy(conduit-a--1b2a). It is cross connected (l2 xconnect) withtap3
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface addr
tap3 (up):
L2 xconnect tap4
tap4 (up):
L2 xconnect tap3
To find the peer interface of a TAP interface in VPP, you can do it by listing the TAP interfaces and finding the one that has the same host-mac-addr property as the MAC address on the Linux Kernel interface.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap3
Interface: tap3 (ifindex 7)
name "conduit-a--f75b"
host-ns "/proc/1/fd/43"
host-mac-addr: 02:fe:18:32:8d:87
host-carrier-up: 1
vhost-fds 30
tap-fds 29
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:62:6c:fa:ab
Device instance: 3
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 6, desc_next 960, desc_in_use 954
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 6
kickfd 32, callfd 31
Virtqueue (TX) 1
qsz 1024, last_used_idx 36, desc_next 37, desc_in_use 1
avail.flags 0x1 avail.idx 37 used.flags 0x0 used.idx 37
kickfd 33, callfd -1
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap4
Interface: tap4 (ifindex 8)
name "conduit-a--1b2a"
host-ns "/proc/1/fd/37"
host-mac-addr: 02:fe:7d:e7:f6:2a
host-carrier-up: 1
vhost-fds 35
tap-fds 34
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:c9:28:47:65
Device instance: 4
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 37, desc_next 960, desc_in_use 923
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 37
kickfd 37, callfd 36
Virtqueue (TX) 1
qsz 1024, last_used_idx 3, desc_next 4, desc_in_use 1
avail.flags 0x1 avail.idx 4 used.flags 0x0 used.idx 4
kickfd 38, callfd -1
Access the network namespace of the tap5 peer and tap4 peer:
/proc/1/fd/43: network namespace file (host-ns) of thetap3peer/proc/1/fd/37: network namespace file (host-ns) of thetap4peer
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/43 bash
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/37 bash
List the VPP interfaces with metrics and index:
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
tap3 8 up 1500/1500/1500/1500 rx packets 6
rx bytes 796
tx packets 37
tx bytes 3578
drops 2
ip6 2
tap4 9 up 1500/1500/1500/1500 rx packets 37
rx bytes 3578
tx packets 4
tx bytes 536
To capture traffic inside the vpp forwarder:
vppctl pcap trace rx tx max COUNT intfc INTERFACE: Start capturing trafficvppctl pcap trace off: Stop trace. You can usetcpdump -nn -e -r /tmp/rxtx.pcapto read it or use Wireshark.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap3
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap4
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off
VPP-Forwarder: Different node stateless-lb-frontend - proxy
Proxy Node
List the interfaces in the proxy:
- conduit-a--90c8: peer of VPP
tap1interface
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip a show dev conduit-a--90c8
4: conduit-a--90c8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:eb:4a:02:dc brd ff:ff:ff:ff:ff:ff
inet 172.16.1.3/24 brd 172.16.1.255 scope global conduit-a--90c8
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::3/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:ebff:fe4a:2dc/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/conduit-a--90c8/address
List the VPP interfaces:
- vxlan_tunnel0: VPP VxLAN. It is cross connected (l2 xconnect) with
tap1. The VxLAN ID is 9832580, it uses the host IP addresses and port 4789 - tap1: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
proxy(conduit-a--90c8). It is cross connected (l2 xconnect) withvxlan_tunnel0
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface addr
tap1 (up):
L2 xconnect vxlan_tunnel0
vxlan_tunnel0 (up):
L2 xconnect tap1
To find the peer interface of a TAP interface in VPP, you can do it by listing the TAP interfaces and finding the one that has the same host-mac-addr property as the MAC address on the Linux Kernel interface.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap1
Interface: tap1 (ifindex 4)
name "conduit-a--90c8"
host-ns "/proc/1/fd/31"
host-mac-addr: 02:fe:eb:4a:02:dc
host-carrier-up: 1
vhost-fds 20
tap-fds 19
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:49:44:7f:80
Device instance: 1
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 42, desc_next 960, desc_in_use 918
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 42
kickfd 22, callfd 21
Virtqueue (TX) 1
qsz 1024, last_used_idx 3, desc_next 4, desc_in_use 1
avail.flags 0x1 avail.idx 4 used.flags 0x0 used.idx 4
kickfd 23, callfd -1
Access the network namespace of the tap1 peer:
/proc/1/fd/31: network namespace file (host-ns) of thetap1peer
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/31 bash
Get more details (source/destination IP/Port, VxLAN ID...) about the VxLAN tunnels:
- 172.18.0.2: Source IP the VxLAN will use
- 172.18.0.4: Destination IP the VxLAN will use (Check with
ip route get 172.18.0.4to find through which interface the traffic will go) - 4789: Source and destination port used for vxlan
- 9832580: VNI / VxLAN ID
- 4: Index of the VPP interface (can be found with
vppctl show interface)
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show vxlan tunnel raw
[0] instance 0 src 172.18.0.2 dst 172.18.0.4 src_port 4789 dst_port 4789 vni 9832580 fib-idx 0 sw-if-idx 4 encap-dpo-idx 2 decap-next-index 3
Note: You can get the sw-if-idx with vppctl show interface
List the VPP interfaces with metrics and index:
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
tap1 5 up 1400/1400/1400/1400 rx packets 42
rx bytes 4344
tx packets 4
tx bytes 536
vxlan_tunnel0 4 up 1400/1400/1400/1400 rx packets 4
rx bytes 536
tx packets 42
tx bytes 5856
To capture traffic inside the vpp forwarder:
vppctl pcap trace rx tx max COUNT intfc INTERFACE: Start capturing trafficvppctl pcap trace off: Stop trace. You can usetcpdump -nn -e -r /tmp/rxtx.pcapto read it or use Wireshark.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc vxlan_tunnel0
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap1
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off
List the interfaces in worker node:
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- ip a show dev eth0
899: eth0@if900: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fc00:f853:ccd:e793::2/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:2/64 scope link
valid_lft forever preferred_lft forever
To capture the VxLAN traffic with 9832580 as VNI, 4789 as port and eth0 as base interface:
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- tcpdump -nn -i eth0 'port 4789 and udp[8:2] = 0x0800 & 0x0800 and udp[11:4] = 9832580 & 0x00FFFFFF'
Stateless-lb-frontend Node
List the interfaces in the stateless-lb-frontend:
- conduit-a--0a17: peer of VPP
tap1interface
$ kubectl exec -it stateless-lb-frontend-attractor-a-1-jkl -n red -- ip a show dev conduit-a--0a17
4: conduit-a--0a17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc mq state UNKNOWN group default qlen 1000
link/ether 02:fe:66:8b:f7:da brd ff:ff:ff:ff:ff:ff
inet 172.16.1.2/24 brd 172.16.1.255 scope global conduit-a--0a17
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::2/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:66ff:fe8b:f7da/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/conduit-a--0a17/address
List the VPP interfaces:
- vxlan_tunnel0: VPP VxLAN. It is cross connected (l2 xconnect) with
tap1. The VxLAN ID is 9832580, it uses the host IP addresses and port 4789 - tap1: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
proxy(conduit-a--0a17). It is cross connected (l2 xconnect) withvxlan_tunnel0
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl show interface addr
tap1 (up):
L2 xconnect vxlan_tunnel0
vxlan_tunnel0 (up):
L2 xconnect tap1
To find the peer interface of a TAP interface in VPP, you can do it by listing the TAP interfaces and finding the one that has the same host-mac-addr property as the MAC address on the Linux Kernel interface.
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl show tap tap1
Interface: tap1 (ifindex 3)
name "conduit-a--0a17"
host-ns "/proc/1/fd/32"
host-mac-addr: 02:fe:66:8b:f7:da
host-carrier-up: 1
vhost-fds 20
tap-fds 19
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:cb:c6:ff:65
Device instance: 1
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 5, desc_next 960, desc_in_use 955
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 5
kickfd 22, callfd 21
Virtqueue (TX) 1
qsz 1024, last_used_idx 41, desc_next 42, desc_in_use 1
avail.flags 0x1 avail.idx 42 used.flags 0x0 used.idx 42
kickfd 23, callfd -1
Access the network namespace of the tap5 peer:
/proc/1/fd/32: network namespace file (host-ns) of thetap1peer
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- nsenter --net=/proc/1/fd/32 bash
Get more details (source/destination IP/Port, VxLAN ID...) about the VxLAN tunnels:
- 172.18.0.4: Source IP the VxLAN will use
- 172.18.0.2: Destination IP the VxLAN will use (Check with
ip route get 172.18.0.2to find through which interface the traffic will go) - 4789: Source and destination port used for vxlan
- 9832580: VNI / VxLAN ID
- 5: Index of the VPP interface (can be found with
vppctl show interface)
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl show vxlan tunnel raw
[0] instance 0 src 172.18.0.4 dst 172.18.0.2 src_port 4789 dst_port 4789 vni 9832580 fib-idx 0 sw-if-idx 5 encap-dpo-idx 1 decap-next-index 3
List the VPP interfaces with metrics and index:
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl show interface
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
tap1 4 up 1400/1400/1400/1400 rx packets 5
rx bytes 686
tx packets 42
tx bytes 4344
drops 1
ip6 1
vxlan_tunnel0 5 up 1400/1400/1400/1400 rx packets 42
rx bytes 4344
tx packets 4
tx bytes 680
To capture traffic inside the vpp forwarder:
vppctl pcap trace rx tx max COUNT intfc INTERFACE: Start capturing trafficvppctl pcap trace off: Stop trace. You can usetcpdump -nn -e -r /tmp/rxtx.pcapto read it or use Wireshark.
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl pcap trace rx tx max 100 intfc vxlan_tunnel0
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl pcap trace off
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl pcap trace rx tx max 100 intfc tap1
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- vppctl pcap trace off
List the interfaces in worker node:
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- ip a show dev eth0
903: eth0@if904: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.4/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fc00:f853:ccd:e793::4/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe12:4/64 scope link
valid_lft forever preferred_lft forever
To capture the VxLAN traffic with 9832580 as VNI, 4789 as port and eth0 as base interface:
$ kubectl exec -it forwarder-vpp-worker-b -n nsm -- tcpdump -nn -i eth0 'port 4789 and udp[8:2] = 0x0800 & 0x0800 and udp[11:4] = 9832580 & 0x00FFFFFF'
Proxy: Bridging (Ingress) and Routing (Egress)
List the interfaces in the proxy:
- bridge0: Linux kernel bridge interface bridging
conduit-a--90c8,conduit-a--1b2aandproxy.cond-97e3 - conduit-a--90c8: Linux kernel interface towards a stateless-lb-frontend attached to
bridge0 - conduit-a--1b2a: Linux kernel interface towards a stateless-lb-frontend attached to
bridge0 - proxy.cond-97e3: Linux kernel interface towards a target attached to
bridge0
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip a
3: bridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default
link/ether 02:fe:d2:cc:a2:95 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global bridge0
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::e443:1fff:fe88:c669/64 scope link
valid_lft forever preferred_lft forever
4: conduit-a--90c8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:eb:4a:02:dc brd ff:ff:ff:ff:ff:ff
inet 172.16.1.3/24 brd 172.16.1.255 scope global conduit-a--90c8
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::3/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:ebff:fe4a:2dc/64 scope link
valid_lft forever preferred_lft forever
5: conduit-a--1b2a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:7d:e7:f6:2a brd ff:ff:ff:ff:ff:ff
inet 172.16.1.5/24 brd 172.16.1.255 scope global conduit-a--1b2a
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::5/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:7dff:fee7:f62a/64 scope link
valid_lft forever preferred_lft forever
6: proxy.cond-97e3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:d4:d5:c4:53 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.7/24 brd 172.16.1.255 scope global proxy.cond-97e3
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::7/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:d4ff:fed5:c453/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/bridge0/address
Check the Forwarding Database entry:
- 02:fe:c2:14:ec:dd: (MAC address of a target) is accessible via
proxy.cond-97e3
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- bridge fdb
02:fe:c2:14:ec:dd dev proxy.cond-97e3 master bridge0
List the ip rules for IPv4:
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip rule
32765: from 20.0.0.1 lookup 1
There is a rule matching the VIP as source IP address, the rule has a corresponding table.
List the route for a table for IPv4:
- 172.16.1.2: IP of the stateless-lb-frontend on first node (See section: Same node)
- 172.16.1.4: IP of the stateless-lb-frontend on second node (See section: Different node)
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip route show table 1
default
nexthop via 172.16.1.2 dev bridge0 weight 1
nexthop via 172.16.1.4 dev bridge0 weight 1
List the ip rules for IPv6:
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip -6 rule
32765: from 2000::1 lookup 2
List the route for a table for IPv6:
- fd00:0:0:1::2: IP of the stateless-lb-frontend on first node (See section: Same node)
- fd00:0:0:1::4: IP of the stateless-lb-frontend on second node (See section: Different node)
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip -6 route show table 2
default metric 1024 pref medium
nexthop via fd00:0:0:1::2 dev bridge0 weight 1
nexthop via fd00:0:0:1::4 dev bridge0 weight 1
Check the ARP table:
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- cat /proc/net/arp
IP address HW type Flags HW address Mask Device
172.16.1.4 0x1 0x2 02:fe:18:32:8d:87 * bridge0
172.16.1.2 0x1 0x2 02:fe:66:8b:f7:da * bridge0
note: it is also possible to use arp -a or also ip neighbour
Check the NDP table:
$ kubectl exec -it stateless-lb-frontend-attractor-a-1-ghi -n red -- ip -6 neighbour
fd00:0:0:1::4 dev bridge0 lladdr 02:fe:18:32:8d:87 router REACHABLE
fd00:0:0:1::2 dev bridge0 lladdr 02:fe:66:8b:f7:da router REACHABLE
VPP-Forwarder: Proxy - Target
List the interfaces in the proxy:
- proxy.cond-97e3: peer of VPP
tap5interface
$ kubectl exec -it proxy-conduit-a-1-abc -n red -- ip a show dev proxy.cond-97e3
6: proxy.cond-97e3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master bridge0 state UNKNOWN group default qlen 1000
link/ether 02:fe:d4:d5:c4:53 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.7/24 brd 172.16.1.255 scope global proxy.cond-97e3
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::7/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:d4ff:fed5:c453/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/proxy.cond-97e3/address
List the interfaces in the target:
- nsm-0: peer of VPP
tap6interface
$ kubectl exec -it target-a-1 -n red -- ip a show dev nsm-0
3: nsm-0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ether 02:fe:c2:14:ec:dd brd ff:ff:ff:ff:ff:ff
inet 172.16.1.6/24 brd 172.16.1.255 scope global nsm-0
valid_lft forever preferred_lft forever
inet 20.0.0.1/32 scope global nsm-0
valid_lft forever preferred_lft forever
inet6 2000::1/128 scope global nodad
valid_lft forever preferred_lft forever
inet6 fd00:0:0:1::6/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::fe:c2ff:fe14:ecdd/64 scope link
valid_lft forever preferred_lft forever
note: if ip command is not available, it is also possible to use these commands:
- List the interfaces:
cat /proc/net/dev - Get the MAC address of an interface:
cat /sys/class/net/nsm-0/address
List the VPP interfaces:
- tap5: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
proxy(proxy.cond-97e3). It is cross connected (l2 xconnect) withtap6 - tap6: VPP vETH (might also be tapV2). Its peer interface is the Linux kernel interface in the
target(nsm-0). It is cross connected (l2 xconnect) withtap5
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface addr
tap5 (up):
L2 xconnect tap6
tap6 (up):
L2 xconnect tap5
To find the peer interface of a TAP interface in VPP, you can do it by listing the TAP interfaces and finding the one that has the same host-mac-addr property as the MAC address on the Linux Kernel interface.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap5
Interface: tap5 (ifindex 9)
name "proxy.cond-97e3"
host-ns "/proc/1/fd/50"
host-mac-addr: 02:fe:d4:d5:c4:53
host-carrier-up: 1
vhost-fds 40
tap-fds 39
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:3a:5d:1c:f9
Device instance: 5
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 21, desc_next 960, desc_in_use 939
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 21
kickfd 42, callfd 41
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show tap tap6
Interface: tap6 (ifindex 10)
name "nsm-0"
host-ns "/proc/1/fd/46"
host-mac-addr: 02:fe:c2:14:ec:dd
host-carrier-up: 1
vhost-fds 45
tap-fds 44
gso-enabled 0
csum-enabled 0
packet-coalesce 0
packet-buffering 0
Mac Address: 02:fe:2d:7a:0c:17
Device instance: 6
flags 0x1
admin-up (0)
features 0x110008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_F_VERSION_1 (32)
remote-features 0x33d008000
VIRTIO_NET_F_MRG_RXBUF (15)
VIRTIO_F_NOTIFY_ON_EMPTY (24)
VHOST_F_LOG_ALL (26)
VIRTIO_F_ANY_LAYOUT (27)
VIRTIO_RING_F_INDIRECT_DESC (28)
VIRTIO_RING_F_EVENT_IDX (29)
VIRTIO_F_VERSION_1 (32)
VIRTIO_F_IOMMU_PLATFORM (33)
Number of RX Virtqueue 1
Number of TX Virtqueue 1
Virtqueue (RX) 0
qsz 1024, last_used_idx 15, desc_next 960, desc_in_use 945
avail.flags 0x0 avail.idx 960 used.flags 0x1 used.idx 15
kickfd 47, callfd 46
Virtqueue (TX) 1
qsz 1024, last_used_idx 19, desc_next 20, desc_in_use 1
avail.flags 0x1 avail.idx 20 used.flags 0x0 used.idx 20
kickfd 48, callfd -1
Access the network namespace of the tap5 peer and tap6 peer:
/proc/1/fd/50: network namespace file (host-ns) of thetap5peer/proc/1/fd/46: network namespace file (host-ns) of thetap6peer
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/50 bash
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- nsenter --net=/proc/1/fd/46 bash
List the VPP interfaces with metrics and index:
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl show interface
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
tap5 10 up 1500/1500/1500/1500 rx packets 19
rx bytes 1922
tx packets 16
tx bytes 1456
drops 1
ip6 1
tap6 11 up 1500/1500/1500/1500 rx packets 16
rx bytes 1456
tx packets 18
tx bytes 1772
To capture traffic inside the vpp forwarder:
vppctl pcap trace rx tx max COUNT intfc INTERFACE: Start capturing trafficvppctl pcap trace off: Stop trace. You can usetcpdump -nn -e -r /tmp/rxtx.pcapto read it or use Wireshark.
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap5
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace rx tx max 100 intfc tap6
$ kubectl exec -it forwarder-vpp-worker-a -n nsm -- vppctl pcap trace off