Learning VPP: Packets tracing

logo_fdio-300x184

Overview

There are multiple ways to run VPP on your laptop, namely, it could be run on the host Linux, in VM or in a docker container.

Also, besides DPDK interfaces, VPP supports low performant while very handy interface types that could be used for connection to network namespaces. These are veth (host interface in VPP) and TAP interface.

Build and run

To test traffic through VPP installed on a host Linux, two network namespaces have to be created to emulate external host machines. And packets will come and leave VPP either TAP or veth interfaces.

Now, build and run VPP as described in a previous post.

make run STARTUP_CONF=startup.conf

Virtual network over TAPs

To set up namespaces, taps and a bridge run the following script.


#!/bin/bash
./build-root/build-vpp-native/vpp/bin/vppctl tap connect vpp1
./build-root/build-vpp-native/vpp/bin/vppctl tap connect vpp2
./build-root/build-vpp-native/vpp/bin/vppctl set interface state tapcli-0 up
./build-root/build-vpp-native/vpp/bin/vppctl set interface state tapcli-1 up
ip netns delete vpp1
ip netns delete vpp2
ip netns add vpp1
ip netns add vpp2
ip link set dev vpp1 netns vpp1
ip link set dev vpp2 netns vpp2
ip netns exec vpp1 ip link set vpp1 up
ip netns exec vpp2 ip link set vpp2 up
ip netns exec vpp1 ip addr add 192.168.0.1/24 dev vpp1
ip netns exec vpp2 ip addr add 192.168.0.2/24 dev vpp2
./build-root/build-vpp-native/vpp/bin/vppctl set interface l2 bridge tapcli-0 23
./build-root/build-vpp-native/vpp/bin/vppctl set interface l2 bridge tapcli-1 23

Tracing packets

The below commands can be used to test the VPP based bridge.

ip netns exec vpp1 ping -c1 192.168.0.2
ip netns exec vpp2 ping -c1 192.168.0.1

To see packets inside VPP, the trace feature has to be enabled beforehand.

DBGvpp# trace add tapcli-rx 8

Then to see how packet traversed VPP graph the following command has to be used.

DBGvpp# show trace

------------------- Start of thread 0 vpp_main -------------------
Packet 1

00:50:54:290610: tapcli-rx
tapcli-0
00:50:54:377068: ethernet-input
IP4: 12:77:2b:e0:b9:81 -> c2:12:c9:0d:80:23
00:50:54:406116: l2-input
l2-input: sw_if_index 1 dst c2:12:c9:0d:80:23 src 12:77:2b:e0:b9:81
00:50:54:414204: l2-learn
l2-learn: sw_if_index 1 dst c2:12:c9:0d:80:23 src 12:77:2b:e0:b9:81 bd_index 1
00:50:54:414940: l2-fwd
l2-fwd: sw_if_index 1 dst c2:12:c9:0d:80:23 src 12:77:2b:e0:b9:81 bd_index 1
00:50:54:415656: l2-output
l2-output: sw_if_index 2 dst c2:12:c9:0d:80:23 src 12:77:2b:e0:b9:81 data 08 00 45 00 00 54 2a 1a 40 00 40 01
00:50:54:415697: tapcli-1-output
tapcli-1
IP4: 12:77:2b:e0:b9:81 -> c2:12:c9:0d:80:23
ICMP: 192.168.0.1 -> 192.168.0.2
tos 0x00, ttl 64, length 84, checksum 0x8f3b
fragment id 0x2a1a, flags DONT_FRAGMENT
ICMP echo_request checksum 0xde15

Virtual network over veth pair

To set up namespaces and veth pairs run the following script.


#!/bin/bash
PATH=$PATH:./build-root/build-vpp-native/vpp/bin/
if [ $USER != "root" ] ; then
echo "Restarting script with sudo…"
sudo $0 ${*}
exit
fi
# delete previous incarnations if they exist
ip link del dev vpp1
ip link del dev vpp2
ip netns del vpp1
ip netns del vpp2
#create namespaces
ip netns add vpp1
ip netns add vpp2
# create and configure 1st veth pair
ip link add name veth_vpp1 type veth peer name vpp1
ip link set dev vpp1 up
ip link set dev veth_vpp1 up netns vpp1
ip netns exec vpp1 \
bash -c "
ip link set dev lo up
ip addr add 172.16.1.2/24 dev veth_vpp1
ip route add 172.16.2.0/24 via 172.16.1.1
"
# create and configure 2st veth pair
ip link add name veth_vpp2 type veth peer name vpp2
ip link set dev vpp2 up
ip link set dev veth_vpp2 up netns vpp2
ip netns exec vpp2 \
bash -c "
ip link set dev lo up
ip addr add 172.16.2.2/24 dev veth_vpp2
ip route add 172.16.1.0/24 via 172.16.2.1
"
vppctl create host-interface name vpp1
vppctl create host-interface name vpp2
vppctl set int state host-vpp1 up
vppctl set int state host-vpp2 up
vppctl set int ip address host-vpp1 172.16.1.1/24
vppctl set int ip address host-vpp2 172.16.2.1/24
vppctl ip route add 172.16.1.0/24 via 172.16.1.1 host-vpp1
vppctl ip route add 172.16.2.0/24 via 172.16.2.1 host-vpp2

Tracing packets

The below commands can be used to test the VPP based bridge.

ip netns exec vpp1 ping 172.16.2.1 -c 1

To see packets inside VPP, the trace feature has to be enabled beforehand.

DBGvpp# trace add af-packet-input 8

Then to see how packet traversed VPP graph the following command has to be used.

DBGvpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 1

00:02:26:500404: af-packet-input
  af_packet: hw_if_index 1 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 98 snaplen 98 mac 66 net 80
      sec 0x5b7a7435 nsec 0x2ed6d440 vlan 0 vlan_tpid 0
00:02:26:500486: ethernet-input
  IP4: b6:7b:f1:64:fe:8c -> 02:fe:9e:f6:c1:8f
00:02:26:500501: ip4-input
  ICMP: 172.16.1.2 -> 172.16.2.1
    tos 0x00, ttl 64, length 84, checksum 0xeaf8
    fragment id 0xf48c, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xdbe0
00:02:26:500509: ip4-lookup
  fib 0 dpo-idx 8 flow hash: 0x00000000
  ICMP: 172.16.1.2 -> 172.16.2.1
    tos 0x00, ttl 64, length 84, checksum 0xeaf8
    fragment id 0xf48c, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xdbe0
00:02:26:500523: ip4-local
    ICMP: 172.16.1.2 -> 172.16.2.1
      tos 0x00, ttl 64, length 84, checksum 0xeaf8
      fragment id 0xf48c, flags DONT_FRAGMENT
    ICMP echo_request checksum 0xdbe0
00:02:26:500529: ip4-icmp-input
  ICMP: 172.16.1.2 -> 172.16.2.1
    tos 0x00, ttl 64, length 84, checksum 0xeaf8
    fragment id 0xf48c, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xdbe0
00:02:26:500533: ip4-icmp-echo-request
  ICMP: 172.16.1.2 -> 172.16.2.1
    tos 0x00, ttl 64, length 84, checksum 0xeaf8
    fragment id 0xf48c, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xdbe0
00:02:26:500540: ip4-load-balance
  fib 0 dpo-idx 17 flow hash: 0x00000000
  ICMP: 172.16.2.1 -> 172.16.1.2
    tos 0x00, ttl 64, length 84, checksum 0x8e73
    fragment id 0x5112, flags DONT_FRAGMENT
  ICMP echo_reply checksum 0xe3e0
00:02:26:500543: ip4-rewrite
  tx_sw_if_index 1 dpo-idx 2 : ipv4 via 172.16.1.2 host-vpp1: mtu:9000 b67bf164fe8c02fe9ef6c18f0800 flow hash: 0x00000000
  00000000: b67bf164fe8c02fe9ef6c18f0800450000545112400040018e73ac100201ac10
  00000020: 01020000e3e0167e000135747a5b000000008bfd0b00000000001011
00:02:26:500550: host-vpp1-output
  host-vpp1
  IP4: 02:fe:9e:f6:c1:8f -> b6:7b:f1:64:fe:8c
  ICMP: 172.16.2.1 -> 172.16.1.2
    tos 0x00, ttl 64, length 84, checksum 0x8e73
    fragment id 0x5112, flags DONT_FRAGMENT
  ICMP echo_reply checksum 0xe3e0

References

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s