Difference between revisions of "VPP/STN Testing"

From fd.io
< VPP
Jump to: navigation, search
(Created page with "== Setup == <pre> # In this simulation, we use 192.168.1.2/24 as the 'shared address' between a vpp interface, and one end of a veth pair connected to vpp # We need to setup...")
 
(Setup)
Line 12: Line 12:
 
sudo ip link set eth0 netns pretendroot
 
sudo ip link set eth0 netns pretendroot
 
sudo ip netns exec pretendroot ip addr add 192.168.1.2/24 dev eth0
 
sudo ip netns exec pretendroot ip addr add 192.168.1.2/24 dev eth0
 +
# Set the mac address of the eth0 interface.  VPP will use 00:00:00:00:00:02 to address it, so we need to make sure the kernel accepts that mac for the eth0 interface
 +
sudo ip netns exec pretendroot ip link set dev eth0 address 00:00:00:00:00:02
 
sudo ip netns exec pretendroot ip link set dev eth0 up
 
sudo ip netns exec pretendroot ip link set dev eth0 up
  

Revision as of 22:00, 4 October 2017

Setup

# In this simulation, we use 192.168.1.2/24 as the 'shared address' between a vpp interface, and one end of a veth pair connected to vpp

# We need to setup a testing environment that uses the stn path in an analogous manner to what we need it to do.
# To do this, we create a 'pretendroot' namespace, and connect vpp to it with an eth0 interface in the pretendroot namespace
sudo ip netns add pretendroot
sudo ip link add name vpp2eth0 type veth peer name eth0
# Don't forget to disable the tcp offload, or we will get bitten by the Linux kernels misbehavior around checksums over veth pairs
sudo ethtool --offload  eth0  rx off  tx off
sudo ip link set eth0 netns pretendroot
sudo ip netns exec pretendroot ip addr add 192.168.1.2/24 dev eth0
# Set the mac address of the eth0 interface.  VPP will use 00:00:00:00:00:02 to address it, so we need to make sure the kernel accepts that mac for the eth0 interface
sudo ip netns exec pretendroot ip link set dev eth0 address 00:00:00:00:00:02
sudo ip netns exec pretendroot ip link set dev eth0 up

# Playing the part of our 'realnic' in this simulation, we create a 'realeth0' veth to connect to vpp.
# So that we can use it to originate traffic towards vpp, we give it IP 192.168.1.1/24
sudo ip link add name vpp2realeth0 type veth peer name realeth0
sudo ethtool --offload  realeth0  rx off  tx off
sudo ip addr add 192.168.1.1/24 dev realeth0
sudo ip link set dev realeth0 up

# Connect the vpp side of realeth0 (vpp2realeth0), addres it, and make sure its working
sudo vppctl create host-interface name vpp2realeth0
sudo vppctl set interface ip address host-vpp2realeth0 192.168.1.2/24
sudo vppctl set int state host-vpp2realeth0 up
ping 192.168.1.2

# Connect the vpp side of eth0 (vpp2eth0), set it up as an unnumbered slave of vpp2realeth0
sudo vppctl create host-interface name vpp2eth0
REALETH0_INT_IDX=$(sudo vppctl show int | grep host-vpp2realeth0 | awk '{print $2}')
echo ${REALETH0_INT_IDX}
ETH0_INT_IDX=$(sudo vppctl show int | grep host-vpp2eth0 | awk '{print $2}')
echo ${ETH0_INT_IDX}
echo sw_interface_set_unnumbered sw_if_index ${REALETH0_INT_IDX} unnum_if_index ${ETH0_INT_IDX} | sudo vpp_api_test | grep -v "#vat"
sudo vppctl set int state host-vpp2eth0 up

# Setup proxy arp for vpp2eth0
sudo vppctl set ip arp proxy 192.168.1.1-192.168.1.255
sudo vppctl set interface proxy-arp host-vpp2eth0 enable

# Setup the stn rule for 192.168.1.2 to host-vpp2eth0
sudo vppctl stn rule address 192.168.1.2 interface host-vpp2eth0
sudo vppctl show stn rule

Test 1: Ping from pretendroot (192.168.1.2) to realeth0 (192.168.1.1) via vpp

# Don't forget to setup vpp trace
sudo vppctl trace add af-packet-input 100
sudo ip netns exec pretendroot ping 192.168.1.1

Test1 Results

Packet 1

00:35:22:677092: af-packet-input
  af_packet: hw_if_index 2 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 98 snaplen 98 mac 66 net 80
      sec 0x59ceb06b nsec 0x288737f0 vlan 0 vlan_tpid 0
00:35:22:677112: ethernet-input
  IP4: 3a:05:e2:3a:21:2f -> 02:fe:09:42:eb:3a
00:35:22:677133: ip4-input
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 64, length 84, checksum 0xf39b
    fragment id 0xc3b9, flags DONT_FRAGMENT
  ICMP echo_request checksum 0x461
00:35:22:677138: ip4-lookup
  fib 0 dpo-idx 1 flow hash: 0x00000000
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 64, length 84, checksum 0xf39b
    fragment id 0xc3b9, flags DONT_FRAGMENT
  ICMP echo_request checksum 0x461
00:35:22:677144: ip4-rewrite
  tx_sw_if_index 1 dpo-idx 1 : ipv4 via 192.168.1.1 host-vpp2realeth0: 7e743508a73602fe2bec2a580800 flow hash: 0x00000000
  00000000: 7e743508a73602fe2bec2a58080045000054c3b940003f01f49bc0a80102c0a8
  00000020: 0101080004610b6100016bb0ce5900000000e55f0a00000000001011
00:35:22:677149: host-vpp2realeth0-output
  host-vpp2realeth0
  IP4: 02:fe:2b:ec:2a:58 -> 7e:74:35:08:a7:36
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 63, length 84, checksum 0xf49b
    fragment id 0xc3b9, flags DONT_FRAGMENT
  ICMP echo_request checksum 0x461

Packet 2

00:35:22:677209: af-packet-input
  af_packet: hw_if_index 1 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 98 snaplen 98 mac 66 net 80
      sec 0x59ceb06b nsec 0x288a535e vlan 0 vlan_tpid 0
00:35:22:677212: ethernet-input
  IP4: 7e:74:35:08:a7:36 -> 02:fe:2b:ec:2a:58
00:35:22:677214: ip4-input
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef60
    fragment id 0x07f5
  ICMP echo_reply checksum 0xc61
00:35:22:677215: ip4-lookup
  fib 0 dpo-idx 6 flow hash: 0x00000000
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef60
    fragment id 0x07f5
  ICMP echo_reply checksum 0xc61
00:35:22:677216: ip4-local
    ICMP: 192.168.1.1 -> 192.168.1.2
      tos 0x00, ttl 64, length 84, checksum 0xef60
      fragment id 0x07f5
    ICMP echo_reply checksum 0xc61
00:35:22:677220: ip4-icmp-input
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef60
    fragment id 0x07f5
  ICMP echo_reply checksum 0xc61
00:35:22:677221: ip4-icmp-echo-reply
  ICMP echo id 2913 seq 1 (unknown)
00:35:22:677235: error-punt
  ip4-icmp-input: unknown type
00:35:22:677238: stn-ip4-punt
  dst_address: 192.168.1.2
  rule:
    rule_index: 0
    address: 192.168.1.2
    iface: host-vpp2eth0 (2)
    next_node: host-vpp2eth0-output (358)
00:35:22:677240: host-vpp2eth0-output
  host-vpp2eth0
  IP4: 00:00:00:00:00:01 -> 00:00:00:00:00:02
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef60
    fragment id 0x07f5
  ICMP echo_reply checksum 0xc61

Packet 3

00:35:23:687940: af-packet-input
  af_packet: hw_if_index 2 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 98 snaplen 98 mac 66 net 80
      sec 0x59ceb06c nsec 0x292ce4e4 vlan 0 vlan_tpid 0
00:35:23:688050: ethernet-input
  IP4: 3a:05:e2:3a:21:2f -> 02:fe:09:42:eb:3a
00:35:23:688064: ip4-input
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 64, length 84, checksum 0xf389
    fragment id 0xc3cb, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xae35
00:35:23:688069: ip4-lookup
  fib 0 dpo-idx 1 flow hash: 0x00000000
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 64, length 84, checksum 0xf389
    fragment id 0xc3cb, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xae35
00:35:23:688076: ip4-rewrite
  tx_sw_if_index 1 dpo-idx 1 : ipv4 via 192.168.1.1 host-vpp2realeth0: 7e743508a73602fe2bec2a580800 flow hash: 0x00000000
  00000000: 7e743508a73602fe2bec2a58080045000054c3cb40003f01f489c0a80102c0a8
  00000020: 01010800ae350b6100026cb0ce59000000003a8a0a00000000001011
00:35:23:688079: host-vpp2realeth0-output
  host-vpp2realeth0
  IP4: 02:fe:2b:ec:2a:58 -> 7e:74:35:08:a7:36
  ICMP: 192.168.1.2 -> 192.168.1.1
    tos 0x00, ttl 63, length 84, checksum 0xf489
    fragment id 0xc3cb, flags DONT_FRAGMENT
  ICMP echo_request checksum 0xae35

Packet 4

00:35:23:688145: af-packet-input
  af_packet: hw_if_index 1 next-index 4
    tpacket2_hdr:
      status 0x20000001 len 98 snaplen 98 mac 66 net 80
      sec 0x59ceb06c nsec 0x2931c082 vlan 0 vlan_tpid 0
00:35:23:688148: ethernet-input
  IP4: 7e:74:35:08:a7:36 -> 02:fe:2b:ec:2a:58
00:35:23:688150: ip4-input
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef56
    fragment id 0x07ff
  ICMP echo_reply checksum 0xb635
00:35:23:688152: ip4-lookup
  fib 0 dpo-idx 6 flow hash: 0x00000000
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef56
    fragment id 0x07ff
  ICMP echo_reply checksum 0xb635
00:35:23:688154: ip4-local
    ICMP: 192.168.1.1 -> 192.168.1.2
      tos 0x00, ttl 64, length 84, checksum 0xef56
      fragment id 0x07ff
    ICMP echo_reply checksum 0xb635
00:35:23:688158: ip4-icmp-input
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef56
    fragment id 0x07ff
  ICMP echo_reply checksum 0xb635
00:35:23:688160: ip4-icmp-echo-reply
  ICMP echo id 2913 seq 2 (unknown)
00:35:23:688167: error-punt
  ip4-icmp-input: unknown type
00:35:23:688170: stn-ip4-punt
  dst_address: 192.168.1.2
  rule:
    rule_index: 0
    address: 192.168.1.2
    iface: host-vpp2eth0 (2)
    next_node: host-vpp2eth0-output (358)
00:35:23:688171: host-vpp2eth0-output
  host-vpp2eth0
  IP4: 00:00:00:00:00:01 -> 00:00:00:00:00:02
  ICMP: 192.168.1.1 -> 192.168.1.2
    tos 0x00, ttl 64, length 84, checksum 0xef56
    fragment id 0x07ff
  ICMP echo_reply checksum 0xb635

Test 1: Analysis

If you look at Packet 4, you will see the icp echo response is being addressed to mac address 00:00:00:00:00:02 (and bogus source 00:00:00:00:00:01) which causes the eth0 interface to reject the response. Tests for TCP and UDP showed the same issue.

Retrieved from "https://wiki.fd.io/index.php?title=VPP/STN_Testing&oldid=5961"