fd.io vpp bootsrap - Meetupfiles.meetup.com/19623913/Day2DevLab_VPP_Bootstrap.pdf · • cone: •...
Transcript of fd.io vpp bootsrap - Meetupfiles.meetup.com/19623913/Day2DevLab_VPP_Bootstrap.pdf · • cone: •...
fd.iovpp_bootsrap
RayKinsella
fd.ioFoundation 1
KeithBurns
Devenvironment(1)• TwoLinuxContainers• cone:NetworkTestTools(Scapy)• ctwo:VPPLite
• TwoBridges• lxcbr0:LinuxBridgetoaccesscontainersviaSSH/SCPetc.• VPPbridge:Sandboxnetworktraffic;i.e.scapy tovpp_lite.
• Authentication• Keysareautomaticallyprovisionedforpasswordlessaccess.
fd.ioFoundation 2
Virtual Appliance (Ubuntu 14.04)
lxc: cone (, 14.04) lxc:ctwo, 14.04
eth0 veth_link1 eth0 veth_link1
lxcbr0 (Linux Bridge)Bridge 1 (vpp)
Linux Kernel
ssh, ip tools, etc
Linux Kernelscapy, etcVPPssh, ip tools, etc
• cone:• Scapy
• Softwarepacketgenerator,basedonPythonandLibpcap.
• LinuxIPTools• ip,pingetc.
• ctwo:vpp-lite• gitcloneofVPP16.09.• vpp-lite isprebuiltwithplugins.• vpp-lite isabuildprofilefortheVPPcodebase.• af_packet isusedforpacketrx/tx.
fd.ioFoundation 3
Devenvironment(2)
Kernel
Cont
aine
rs
VPP Bridge 1
TXRX TXRX
TXRX
TXRXlibpcappython
scapy
icmp_inputVPP
af_packet_input
ethernet_input
ip4_input
vethXXXX vethXXXX
veth_link1
veth_link1
lxc:cone lxc:ctwo
Hos
t
Devenvironment(3)• Host
• VPP16.09binariesinstalled.• VPPrunningasaservice.• VPPCLIaccessedoversocketwithvppctl.
• Exercise1 configuresBridgeonthehost(re-usedinExercise2and3).
• ctwo• VPP16.09sourcecodebuilt.• RunVPPininteractivemode.• Exercise2and3configuresVPPininteractivemode.
fd.ioFoundation 4
Virtual Appliance (Ubuntu 14.04)
lxc: cone (, 14.04) lxc:ctwo, 14.04
veth_link1 veth_link1
VPPssh, ip tools, etc
Bridge 1 (vpp)
Setup
fd.ioFoundation 5
VirtualAppliance
• Builtfromvpp-bootstrapsandboxproject.• OntheUSBStickyouwillfind…
• vpp-bootstrap.ova– VirtualAppliance(OVAFormat).• vagrant.ppk – PrivateKeytoaccesstheVirtualAppliance.
• Pleaseinstalllocally …• VirtualBox• Putty
fd.ioFoundation 6
ImporttheVirtualAppliance
• VirtualBox →File→ ImportAppliance• Selectvpp-bootstrap.ova• Clicknext
fd.ioFoundation 7
Tweaktheappliancesettings
Ifrequired…• CPU– adjustnumberofcores.2Coresminimum.• RAM– adjustamountofRAM.2048megsminimum.
Thenclickimportandwait…
fd.ioFoundation 8
BoottheVirtualAppliance
• Logonwithcredentials• Username:vagrant• Password:vagrant
• GettheVirtualAppliance’sIPaddress
ip addr showdeveth1
• MinimizetheVirtualMachine
fd.ioFoundation 9
fd.ioFoundation 10
1)
2)
3)
1)SessionTabAdd IPaddressofVirtualAppliance
SetupPutty
2)Connection→DataAddusername`vagrant`
3)Connection→SSH→AuthAddvagrantprivatekey.
4)Hitopen….
4)
LogontotheVirtualAppliance
• Confirmisworkingasexpected.• ssh cone• ssh ctwo• sudo vppctl help
fd.ioFoundation 11
Exercise
fd.ioFoundation 12
Exercise1
• Estimatedtimerequired:20Minutes• Objective:FamiliarizationwiththeVPPCLI• Steps:• Playingwithvppctl andtheVPPCLI;`help`and`?`.• Addingthecontainerback-endstoaL2bridgeonthehost.
• Createhostinterfacesforthecontainerback-endsinVPP.• AssignthehostinterfacestoanL2Bridge.
• PingingbetweencontainersovertheL2bridge.• AssignIPstoveth_link1inContainer’sOneandTwo(coneandctwo).• SetinterfacestatestoupinContainer’sOneandTwo(coneandctwo).
fd.ioFoundation 13
TheVPPCLI:vppctlroot@xxxx:~/vppsb/vpp-bootstrap# ssh vagrant@<whatever>Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.16.0-30-generic x86_64)* Documentation: https://help.ubuntu.com/cone: This container is used for vpp testing with scapy.ctwo: This is the vpp build/test container.Last login: Tue Nov 29 07:01:35 2016 from 10.0.2.2
vagrant@host:~$ sudo vppctl help | head -n 10api api commandscj cj <enable | disable | dump>classify classify commandsclear Clear commandsconfigure configure commandscop cop commandscreate create commandsdelete delete commandsdisable disable commandsenable enable commands
vagrant@host:~$ sudo vppctl_______ _ _ _____ ___
__/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
vpp# set interface ip address ?set interface ip address set interface ip address <interface> [<ip-addr>/<mask> [del]] | [del all]
fd.ioFoundation 14
ssh tothevm
- runvppctl innon-interactivemode- accessonlinehelp
- runvppctl ininteractivemode- accesscommandspecifichelp
Exercise1
CreateL2Bridgeforcontainersvagrant@host:~$ ip link | grep -A 1 -e 'veth-.*:'8: veth-cone: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether fe:17:74:98:8a:b9 brd ff:ff:ff:ff:ff:ff--12: veth-ctwo: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether fe:05:4e:01:1b:18 brd ff:ff:ff:ff:ff:ff
vagrant@host:~$ sudo vppctl_______ _ _ _____ ___
__/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
vpp# create host-interface name veth-conehost-veth-conevpp# create host-interface name veth-ctwohost-veth-ctwovpp# set interface state host-veth-cone up vpp# set interface state host-veth-ctwo up
vpp# set interface l2 bridge host-veth-cone 1vpp# set interface l2 bridge host-veth-ctwo 1
vpp# show bridge-domain 1 detailID Index Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf1 1 on on on on off N/A
Interface Index SHG BVI VLAN-Tag-Rewrite host-veth-cone 1 0 - none host-veth-ctwo 2 0 - none
fd.ioFoundation 15
listthecontainerveth backends
createthevpp host-interfacesfortheveth(s)
setthehostinterfacesstateup
addthehostinterfacestobridge1
showtheinterfacesonbridge1
Exercise1
Setupcontainers;coneandctwo
fd.ioFoundation 16
vagrant@host:~$ ssh ctwoThe authenticity of host 'ctwo (10.0.3.112)' can't be established.ECDSA key fingerprint is 14:71:50:b9:ca:24:89:9c:b9:e5:6a:ad:9a:6e:9a:f5.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'ctwo,10.0.3.112' (ECDSA) to the list of known hosts.Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/vagrant@ctwo:~$ sudo ip addr add 172.16.1.3/24 dev veth_link1vagrant@ctwo:~$ sudo ip link set dev veth_link1 up
vagrant@ctwo:~$ ping –c 2 172.16.1.2PING 172.16.1.2 (172.16.1.2) 56(84) bytes of data.64 bytes from 172.16.1.2: icmp_seq=1 ttl=64 time=0.559 ms64 bytes from 172.16.1.2: icmp_seq=2 ttl=64 time=0.301 ms
vagrant@host:~$ ssh coneThe authenticity of host 'cone (10.0.3.139)' can't be established.ECDSA key fingerprint is 94:a2:01:d6:51:4f:15:42:5e:26:09:69:5b:02:f7:9b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'cone,10.0.3.139' (ECDSA) to the list of known hosts.Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/vagrant@cone:~$ sudo ip addr add 172.16.1.2/24 dev veth_link1vagrant@cone:~$ sudo ip link set dev veth_link1 up
vagrant@cone:~$ ping –c 2 172.16.1.3PING 172.16.1.3 (172.16.1.3) 56(84) bytes of data.64 bytes from 172.16.1.3: icmp_seq=1 ttl=64 time=0.306 ms64 bytes from 172.16.1.3: icmp_seq=2 ttl=64 time=0.460 ms
- setip addressesoninterfaces- setinterfacestateup
pingacrossthebridge
Exercise1
Pingvpp inctwo (1)
fd.ioFoundation 17
vagrant@host:~$ ssh ctwoWelcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Tue Nov 29 15:52:20 2016 from 10.0.3.1vagrant@ctwo:~$ sudo ip addr del 172.16.1.3/24 dev veth_link1vagrant@ctwo:~$ cd vppvagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite runWARNING: STARTUP_CONF not defined or file doesn't exist.
Running with minimal startup config: unix { interactive }\nunix_physmem_init: use huge pagesvlib_plugin_early_init:213: plugin path /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_pluginsload_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/libsixrd_plugin.so…load_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/lb_plugin.soload_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/ioam_e2e_plugin.so
_______ _ _ _____ ___ __/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
DBGvpp#DBGvpp# create host-interface name veth_link1host-veth_link1DBGvpp# set interface state host-veth_link1 upDBGvpp# set interface ip address host-veth_link1 172.16.1.3/24
removetheip fromLinuxinctwo
- changedirectory tovpp- runVPPininteractivemode
- createthevpp host-interfaces- settheinterfacestateup- addaddresstotheinterface
Exercise1
Pingvpp inctwo (2)
fd.ioFoundation 18
vagrant@host:~$ ssh coneThe authenticity of host 'cone (10.0.3.139)' can't be established.ECDSA key fingerprint is 94:a2:01:d6:51:4f:15:42:5e:26:09:69:5b:02:f7:9b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'cone,10.0.3.139' (ECDSA) to the list of known hosts.Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/vagrant@cone:~$ ping –c 2 172.16.1.3PING 172.16.1.3 (172.16.1.3) 56(84) bytes of data.64 bytes from 172.16.1.3: icmp_seq=1 ttl=64 time=0.306 ms64 bytes from 172.16.1.3: icmp_seq=2 ttl=64 time=0.460 ms
vagrant@host:~$ sudo vppctl_______ _ _ _____ ___
__/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
vpp# trace add af-packet-input 50
vpp# show trace------------------- Start of thread 0 vpp_main -------------------Packet 1
02:33:35:000544: af-packet-inputaf_packet: hw_if_index 1 next-index 3
tpacket2_hdr:status 0x20000001 len 98 snaplen 98 mac 66 net 80sec 0x583daa0f nsec 0x7d9ea22 vlan 0
02:33:35:000606: ethernet-inputIP4: 00:17:3e:9e:7a:3b -> 02:fe:81:16:8f:6a
02:33:35:000629: l2-inputl2-input: sw_if_index 1 dst 02:fe:81:16:8f:6a src 00:17:3e:9e:7a:3b
02:33:35:000650: l2-learnl2-learn: sw_if_index 1 dst 02:fe:81:16:8f:6a src 00:17:3e:9e:7a:3b bd_index 1
02:33:35:000671: l2-fwdl2-fwd: sw_if_index 1 dst 02:fe:81:16:8f:6a src 00:17:3e:9e:7a:3b bd_index 1
02:33:35:000677: l2-outputl2-output: sw_if_index 2 dst 02:fe:81:16:8f:6a src 00:17:3e:9e:7a:3b
02:33:35:000683: host-veth-ctwo-outputhost-veth-ctwoIP4: 00:17:3e:9e:7a:3b -> 02:fe:81:16:8f:6aICMP: 172.16.1.2 -> 172.16.1.3
tos 0x00, ttl 64, length 84, checksum 0x884ffragment id 0x5834, flags DONT_FRAGMENT
ICMP echo_request checksum 0x7d03
pingvpp inctwo fromcone captureatraceofthepingonhost
viewechorequestandechoresponsetracethrough vpp graphnodes
Exercise1
Exercise2
• Estimatedtimerequired:30Minutes• Objective:BuildandtesttheMACSWAPPlugin• Steps:• Familiarizationwiththebuildsystem;sourcetree,build-data,build-rootetc.• EnabletheMACSWAPplugin,dist-cleanandrebuild.• Runvpp_lite intheContainerTwooveraf_packet.
• CreatehostinterfaceinContainerTwofor veth_link1`• Setinterface host-veth_link1`stateup.• Enablemacswap on`host-veth_link1`
• Testingthemacswap pluginwithScapy.• SendapacketfromContainerOnetoContainerTwowithScapy.• Traceresultingmacswap onthehost.
fd.ioFoundation 19
VPPsourcelayout
fd.ioFoundation 20
Exercise2
Directoryname Descriptionbuild-data Buildmetadata – package andplatformspecific build settings. e.g. vpp_lite,x86,cavium etc.
build-root
Buildoutputdirectory• build-vpp_lite_debug-native - buildartifacts forvpp_lite,builtwithsymbols.• install-vpp_lite_debug-native – fakeroot forvpp_lite installation,builtwithsymbols.• deb– debian packages• rpm– rpmpackages• vagrant– bootstrapadevelopment environment
plugins
VPPbundledpluginsdirectory- ila-plugin: IdentifierLocatorAddressing(ILA)- flowperpkt-plugin: Per-packetIPFIXrecordgenerationplugin- lb-plugin:MagLev-likeLoadBalancer,similartoGoogle's MaglevLoadBalancer- snat-plugin: Simpleip4NATplugin- sample-plugin:Sample macswap plugin
vnet
VPPnetworkingsource- device: af-packet, dpdk pmd,ssvm- l2:ethernet,mpls,lldp,ppp,l2tp,mcast- l3+: ip[4,6],ipsec, icmp,udp- overlays:vxlan,gre
vpp VPPapplicationsourcevlib VPPapplicationlibrarysource;vlib-api VPPAPIlibrarysourcevpp-api VPPapplicationAPIsourcevppapigen VPPAPIgeneratorsourcevppinfra VPPcorelibrarysource
VPPbuildsystem
fd.ioFoundation 21
Exercise2
MakeTargets Descriptionbootstrap preparetreeforbuild, setuppathsandcompilersetcinstall-dep installsoftwaredependencies, automaticallyapt-getbuilddependencies, usedbyvagrantprovisioning scripts.wipe,wipe-release wipeallproducts ofdebug/release buildbuild, build-release build debug/release binariesplugins, plugins-release build debug/release pluginbinariesrebuild, rebuild-release wipeandbuild debug/release binariesrun,run-release rundebug/release binaryininteractivemodedebug rundebugbinarywithdebugger(gdb)test,test-debug build andrunfunctional testsbuild-vpp-api build vpp-apipkg-deb, pkg-rpm build packages, build debian andrpmpackagingforVPP,canbedpkg’ed orrpm’ed afterward.ctags,gtags,cscope (re)generatectags/gtags/cscope databasesdoxygen (re)generatedocumentationMakeVariables DescriptionV 1or0,toswitch onverbose buildsPLATFORM Platform specific build, e.g.vpp_lite
don’t forgetPLATFORM=vpp_lite inthisexercise
Buildthesampleplugininctwo
fd.ioFoundation 22
vagrant@host:~$ ssh ctwoWelcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Tue Nov 29 15:55:07 2016 from 10.0.3.1vagrant@ctwo:~$ cd vppvagrant@ctwo:~/vpp$ (cd build-root; make distclean; rm .bootstrap.ok)rm -rf /home/vagrant/vpp/build-root/build-*/rm -rf /home/vagrant/vpp/build-root/build-tool-*…rm -f /home/vagrant/vpp/build-root/deb/debian/changelogvagrant@ctwo:~/vpp$ sed -i "s/PLUGIN_DISABLED[(]sample[)]/PLUGIN_ENABLED\(sample\)/" plugins/configure.ac…vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite bootstrap…vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite build..vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite build-vpp-api..vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite plugins
vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite runWARNING: STARTUP_CONF not defined or file doesn't exist.
Running with minimal startup config: unix { interactive }\nhtlb_init:128: shmget: Cannot allocate memory (errno 12)unix_physmem_init: use fake dma pagesload_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/libsixrd_plugin.so..load_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/sample_plugin.so..load_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/ioam_e2e_plugin.so_______ _ _ _____ _____/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
DBGvpp#;
Exercise2
dist-cleanthepreviousbuild
- enabletheplugin- build thefollowing targets
- bootstrap- build- build-vpp-api- plugins
runvpp andensure theplugin isloaded.
Enablemacswap onctwo
fd.ioFoundation 23
vagrant@host:~$ ssh ctwoWelcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Tue Nov 29 15:55:07 2016 from 10.0.3.1vagrant@ctwo:~$ cd vppvagrant@ctwo:~/vpp$ ip link show dev veth_link111: veth_link1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:17:3e:93:76:36 brd ff:ff:ff:ff:ff:ffvagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite runWARNING: STARTUP_CONF not defined or file doesn't exist.
Running with minimal startup config: unix { interactive }\nunix_physmem_init: use huge pagesvlib_plugin_early_init:213: plugin path /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_pluginsload_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/libsixrd_plugin.so…load_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/ioam_e2e_plugin.so
_______ _ _ _____ ___ __/ __/ _ \ (_)__ | | / / _ \/ _ \_/ _// // / / / _ \ | |/ / ___/ ___//_/ /____(_)_/\___/ |___/_/ /_/
DBGvpp# create host-interface name veth_link1host-veth_link1DBGvpp# set interface state host-veth_link1 upDBGvpp# sample ?sample macswap sample macswap <interface-name> [disable]
DBGvpp# sample macswap host-veth_link1
Exercise2
Inctwo getthemacaddressofveth_link1
- createthevpp host-interface- settheinterfacestateup- enablemacswaponveth_link1
Sendpackettoctwo,tracethemacswap.
fd.ioFoundation 24
vagrant@host:~$ ssh conevagrant@cone:~$ sudo scapyINFO: Can't import python gnuplot wrapper . Won't be able to plot.…Welcome to Scapy (2.2.0)>>> x=Ether(dst="00:17:3e:93:76:36")/IP(dst="172.16.1.3/32",proto=255)/Raw("Hello World") >>> ls(x)dst : DestMACField = '00:17:3e:93:76:36' (None)src : SourceMACField = '00:17:3e:9e:7a:3b' (None)type : XShortEnumField = 2048 (0)--version : BitField = 4 (4)ihl : BitField = None (None)tos : XByteField = 0 (0)len : ShortField = None (None)id : ShortField = 1 (1)flags : FlagsField = 0 (0)frag : BitField = 0 (0)ttl : ByteField = 64 (64)proto : ByteEnumField = 255 (0)chksum : XShortField = None (None)src : Emph = '172.16.1.2' (None)dst : Emph = Net('172.16.1.3/32') ('127.0.0.1')options : PacketListField = [] ([])--load : StrField = 'Hello World' ('')Sent 1 packets.>>> sendp(x,iface="veth_link1") .
vagrant@host:~$ sudo vppctlvpp# trace af-packet-input 50------------------- Start of thread 0 vpp_main -------------------No packets in trace buffervpp# show trace------------------- Start of thread 0 vpp_main -------------------Packet 1
04:23:33:529244: af-packet-inputaf_packet: hw_if_index 1 next-index 3tpacket2_hdr:status 0x20000001 len 45 snaplen 45 mac 66 net 80sec 0x583dc3e4 nsec 0x318c8a0d vlan 0
04:23:33:529301: ethernet-inputIP4: 00:17:3e:9e:7a:3b -> 00:17:3e:93:76:36
…
Packet 2
04:23:33:529772: af-packet-inputaf_packet: hw_if_index 2 next-index 3tpacket2_hdr:status 0x20000001 len 45 snaplen 45 mac 66 net 80sec 0x583dc3e4 nsec 0x3195b3d6 vlan 0
04:23:33:529803: ethernet-inputIP4: 00:17:3e:93:76:36 -> 00:17:3e:9e:7a:3b
sendpackettoctwo usingscapyusethemacaddressgatheredinthepreviousstep
captureatraceofthepacketonthehostensuretheaddressmacgetsswapped
Exercise2
Exercise3• Estimatedtimerequired:40Minutes.• Objective:Implementanewgraphnode.• Steps:
• ImplementabasicVXLANsetupwithVPP.• CreateahostinterfaceinContainerTwofor veth_link1`.• Assignthehostinterface`host-veth_link1`anIPaddress.• CreateaVXLANTunnel forVNI42inContainerTwo.• SendapackettotheVXLANTunnelonUDPport4789withScapy.• Traceandconfirmthepackethitsthevxlan4_inputgraphnode.
• Createanewgraphnodebasedonvlan4_inputnode.• Createvxlan4_v2_inputgraphnodebasedontheexistingvlan4_inputnode.• Thevxlan4_v2_inputgraphnodewilllistenforpacketsonUDPport4791.
• Confirmvxlan4_v2_inputnodeworksasexpectedwithScapy.• SendapackettotheVXLANTunnelonUDPport4791.• Traceandconfirmthepackethitsthevxlan4_v2_inputgraphnode.
fd.ioFoundation 25
VPP:Anatomyofagraphnode
vlib_node_registration_tType Name Description User visible?vlib_node_function_t * function Vectorprocessing function forthisnodechar* name Nodename see`showrun`u16 n_errors Numberoferrorcodesusedbythisnode.char** error_strings Errorstringsindexedbyerrorcodeforthisnode. see`showerror`u16 n_next_nodes Numberofnextnodenamesthatfollow.char* next_nodes[] Namesofnextnodeswhichthisnode feedsinto.fd.ioFoundation 26
- VLIB_REGISTER_NODE,macrotodeclareagraphnode.
- Creates:-- agraphnode registration
vlib_node_registration_t <graphnode>- initializesvaluesin<graphnode>- aconstruction function
__vlib_add_node_registration_<graph node>toregisterthegraphnodeatstartup.
Exercise3
VPP:AnatomyofaVXLANgraphnode
fd.ioFoundation 27
- VLIB_REGISTER_NODEregisters vxlan4_input_node` node- vxlan4_input isthevectorprocessing function.- vxlan errorsstrings.
- nosuchtunnel.- addnextnodestrings.
- error-drop – nosuchtunnel.- l2-input– layer2input.
Exercise3
Setupandtracevxlan tunnelonctwo
fd.ioFoundation 28
vagrant@localhost:~$ ssh coneWelcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Sun Dec 4 16:58:59 2016 from 10.0.3.1vagrant@cone:~$ sudo scapyINFO: Can't import matplotlib. Won't be able to plot.INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().WARNING: Failed to execute tcpdump. Check it is installed and in the PATHWARNING: No route found for IPv6 destination :: (no default route?)INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.INFO: Can't import python Crypto lib. Disabled certificate manipulation toolsINFO: Can't import python ecdsa lib. Disabled certificate manipulation toolsWelcome to Scapy (2.3.3)>>> x=Ether()/IP(dst="172.16.1.3")/UDP(sport=1337,dport=4789)/VXLAN(vni=42,flags=8)/Ether()/IP()/UDP()>>> sendp(x,iface="veth_link1").Sent 1 packets.>>>
vagrant@localhost:~$ ssh ctwoWelcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Fri Dec 2 17:15:01 2016 from 10.0.3.1vagrant@ctwo:~/vpp$ make PLATFORM=vpp_lite runWARNING: STARTUP_CONF not defined or file doesn't exist.
Running with minimal startup config: unix { interactive }\nhtlb_init:128: shmget: Cannot allocate memory (errno 12)unix_physmem_init: use fake dma pagesvlib_plugin_early_init:213: plugin path /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_pluginsload_one_plugin:92: Loaded plugin: /home/vagrant/vpp/build-root/install-vpp_lite_debug-native/plugins/lib64/vpp_plugins/libsixrd_plugin.so….DBGvpp# create host-interface name veth_link1host-veth_link1DBGvpp# set interface state host-veth_link1 upDBGvpp# set interface ip address host-veth_link1 172.16.1.3/24DBGvpp# DBGvpp# create vxlan tunnel src 172.16.1.3 dst 172.16.1.2 vni 42vxlan_tunnel0DBGvpp# set interface state vxlan_tunnel0 upDBGvpp#DBGvpp# trace add af-packet-input 5
createhost-interface,setstateup,assignipcreateVXLANtunnel forVNI42onip.
createVXLANpacketx,destined forctwo.tx packetonveth_link1
Exercise3
Tracevxlan tunnelonctwo
fd.ioFoundation 29
Packet 2
00:00:29:644596: af-packet-inputaf_packet: hw_if_index 1 next-index 3tpacket2_hdr:status 0x20000001 len 92 snaplen 92 mac 66 net 80sec 0x58444bdf nsec 0x2481bd6f vlan 0
00:00:29:644702: ethernet-inputIP4: 00:17:3e:37:19:89 -> 02:fe:42:6b:6d:84
00:00:29:644740: ip4-inputUDP: 172.16.1.2 -> 172.16.1.3tos 0x00, ttl 64, length 78, checksum 0x2079fragment id 0x0001
UDP: 1337 -> 4789length 58, checksum 0x5182
00:00:29:644995: ip4-lookup…00:00:29:645051: ip4-local…00:00:29:645094: ip4-udp-lookupUDP: src-port 1337 dst-port 4789
00:00:29:645117: vxlan4-inputVXLAN decap from vxlan_tunnel0 vni 42 next 1 error 0
00:00:29:645139: l2-inputl2-input: sw_if_index 2 dst ff:ff:ff:ff:ff:ff src 00:00:00:00:00:00
00:00:29:645212: feature-bitmap-dropfeat_bitmap_drop: feature bitmap 0x00000001
00:00:29:645222: error-dropfeature-bitmap-drop: L2 feature forwarding disabled
Packet 1
00:00:29:632073: af-packet-inputaf_packet: hw_if_index 1 next-index 3tpacket2_hdr:status 0x20000001 len 42 snaplen 42 mac 66 net 80sec 0x58444bdf nsec 0x23af6597 vlan 0
00:00:29:634712: ethernet-inputARP: 00:17:3e:37:19:89 -> ff:ff:ff:ff:ff:ff
00:00:29:634812: arp-inputrequest, type ethernet/IP4, address size 6/400:17:3e:37:19:89/172.16.1.2 -> 00:00:00:00:00:00/172.16.1.3
00:00:29:634958: host-veth_link1-outputhost-veth_link1ARP: 02:fe:42:6b:6d:84 -> 00:17:3e:37:19:89reply, type ethernet/IP4, address size 6/402:fe:42:6b:6d:84/172.16.1.3 -> 00:17:3e:37:19:89/172.16.1.2
showtraceonctwo,packet1ARPrequest/response forVTEP
showtraceonctwo,packet2VXLANdecap andforwardtol2-input
Exercise3
SendVXLANpackettoport4791
fd.ioFoundation 30
Packet 2
00:04:34:985933: af-packet-input…
00:04:34:986021: ethernet-inputIP4: 00:17:3e:37:19:89 -> 02:fe:8d:9c:6e:06
00:04:34:986053: ip4-input…
00:04:34:986084: ip4-lookup…00:04:34:986116: ip4-local…00:04:34:986143: ip4-udp-lookupUDP: src-port 1337 dst-port 4791 (no listener)
00:04:34:986143: ip4-icmp-error…00:04:34:986143: ip4-lookup…00:04:34:986143: ip4-rewrite-transit00:04:34:986143: host-veth_link1-output
showtrace onctwo,packet2ICMPerrorduetonolisteneronport4791
vagrant@localhost:~$ ssh cone Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Sun Dec 4 16:58:59 2016 from 10.0.3.1vagrant@cone:~$ sudo scapyINFO: Can't import matplotlib. Won't be able to plot.INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().WARNING: Failed to execute tcpdump. Check it is installed and in the PATHWARNING: No route found for IPv6 destination :: (no default route?)INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.INFO: Can't import python Crypto lib. Disabled certificate manipulation toolsINFO: Can't import python ecdsa lib. Disabled certificate manipulation toolsWelcome to Scapy (2.3.3)>>> x=Ether()/IP(dst="172.16.1.3")/UDP(sport=1337,dport=4791)/VXLAN(vni=42,flags=8)/Ether()/IP()/UDP()>>> sendp(x,iface="veth_link1").Sent 1 packets.>>>
createVXLANpacketxonport4791,destined forctwo.tx packetonveth_link1
Exercise3
Addnewnodevxlan4-v2-input
fd.ioFoundation 31
Step Where(file/directory) Description1 vnet/vnet/ip/udp.h AddnewUDPIPv4DestinationPort
2 vnet/vnet/vxlan/decap.c
• Copy andpasteVLIB_REGISTER_NODE(vxlan4_input_node) ={…}toVLIB_REGISTER_NODE(vxlan4_v2_input_node) = {…}
• Updatethenamefield tosomething unique,e.g..name="vxlan4-v2-input“3 vnet/vnet/vxlan/vxlan.h Addaforwarddeclarationforvlib_node_registration_t vxlan4_v2_input_node
4 vnet/vnet/vxlan/vxlan.c
Invxlan_init registerthedestinationUDPport.
udp_register_dst_port (vm,UDP_DST_PORT_vxlan_v2,vxlan4_v2_input_node.index, /*is_ip4*/1);
Whenyouaredone,- `makePLATFORM=vpp_lite build`- `makePLATFORM=vpp_lite run`- setupvxlan tunnelasshownpreviously.
Exercise3
SendVXLANpackettoport4791
fd.ioFoundation 32
Packet 2
00:00:52:869779: af-packet-input…00:00:52:869893: ethernet-input…00:00:52:869967: ip4-lookup…00:00:52:870014: ip4-local…00:00:52:870051: ip4-udp-lookupUDP: src-port 1337 dst-port 4791
00:00:52:870073: vxlan4-v2-inputVXLAN decap from vxlan_tunnel0 vni 42 next 1 error 0
00:00:52:870093: l2-input…
showtraceonctwo,packet2vxlan decap andforwardtol2-input
vagrant@localhost:~$ ssh cone Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.16.0-30-generic x86_64)
* Documentation: https://help.ubuntu.com/Last login: Sun Dec 4 16:58:59 2016 from 10.0.3.1vagrant@cone:~$ sudo scapyINFO: Can't import matplotlib. Won't be able to plot.INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().WARNING: Failed to execute tcpdump. Check it is installed and in the PATHWARNING: No route found for IPv6 destination :: (no default route?)INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.INFO: Can't import python Crypto lib. Disabled certificate manipulation toolsINFO: Can't import python ecdsa lib. Disabled certificate manipulation toolsWelcome to Scapy (2.3.3)>>> x=Ether()/IP(dst="172.16.1.3")/UDP(sport=1337,dport=4791)/VXLAN(vni=42,flags=8)/Ether()/IP()/UDP()>>> sendp(x,iface="veth_link1").Sent 1 packets.>>>
createVXLANpacketxonport4791,destined forctwo.tx packetonveth_link1
Exercise3
BACKUP
fd.ioFoundation 33
Introducingvpp-bootstrap*• Whatisit?
AvagrantbasedtooltobootstrapalightweightVPPdevelopmentenvironment.
• Whatareitsfeatures?
• Developmentenvironmentfeaturingasandboxnetwork,scapy andvpp_lite.• Autoprovisioningofcredentialsforpassword-lessauthentication.• SupportforbothVirtualBox andAWSviaVagrant.
• Howeasyisit?
git clone https://gerrit.fd.io/r/vppsbcdvpp-bootstrapvagrantup
fd.ioFoundation 34
*vpp-bootstrap isnotyetasanctionedFd.ioProject.