VPP/Configure VPP As A Router Between Namespaces
This example shows how to configure VPP as an IPv4 router between 2 linux namespaces (or containers).
In this setup we use 2 linux veth interface pairs as an interconnect between VPP and 2 different namespaces called vpp1 and vpp2.
Setup
The Linux infrastructure can be setup by running this bash script:
#!/bin/bash
if [ $USER != "root" ] ; then
echo "Restarting script with sudo..."
sudo $0 ${*}
exit
fi
# delete previous incarnations if they exist
ip link del dev veth_vpp1
ip link del dev veth_vpp2
ip netns del vpp1
ip netns del vpp2
#create namespaces
ip netns add vpp1
ip netns add vpp2
# create and configure 1st veth pair
ip link add name veth_vpp1 type veth peer name vpp1
ip link set dev vpp1 up
ip link set dev veth_vpp1 up netns vpp1
ip netns exec vpp1 \
bash -c "
ip link set dev lo up
ip addr add 172.16.1.2/24 dev veth_vpp1
ip route add 172.16.2.0/24 via 172.16.1.1
"
# create and configure 2st veth pair
ip link add name veth_vpp2 type veth peer name vpp2
ip link set dev vpp2 up
ip link set dev veth_vpp2 up netns vpp2
ip netns exec vpp2 \
bash -c "
ip link set dev lo up
ip addr add 172.16.2.2/24 dev veth_vpp2
ip route add 172.16.1.0/24 via 172.16.2.1
"
Modify Startup
This section has been deprecated.
Creating an af_packet interface via the (/etc/vpp/startup.conf) file is no longer supported. Use the CLI create host-interface as described below. This section was left in place for historical purposes.
VPP will attach to interfaces vpp1 and vpp2 over the linux AF_PACKET interface, which is not high performing but still significantly faster than standard TUN/TAP. You need to change the VPP startup config file (/etc/vpp/startup.conf) to contain the following lines:
dpdk {
no-pci
vdev eth_af_packet0,iface=vpp1
vdev eth_af_packet1,iface=vpp2
}
Make sure to restart the VPP executable after you modify the startup.conf file.
Configure Interfaces
We need to configure VPP interface ip address and interface state:
sudo vppctl create host-interface name vpp1 sudo vppctl create host-interface name vpp2 sudo vppctl set int state host-vpp1 up sudo vppctl set int state host-vpp2 up sudo vppctl set int ip address host-vpp1 172.16.1.1/24 sudo vppctl set int ip address host-vpp2 172.16.2.1/24
Test
We should now be able to send a ping from one namespace to another:
$ sudo ip netns exec vpp1 ping 172.16.2.1 -c 1 PING 172.16.2.2 (172.16.2.2) 56(84) bytes of data. 64 bytes from 172.16.2.2: icmp_seq=1 ttl=63 time=0.135 ms --- 172.16.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.135/0.135/0.135/0.000 ms
Using the VPP debug Command-line Interface (CLI) we can verify interface and fib statistics.
Use the VPP CLI command show ip arp:
vpp# show ip arp
Time FIB IP4 Stat Ethernet Interface
1050.5729 0 172.16.1.2 5a:df:31:28:dc:5c host-vpp1
1050.5768 0 172.16.2.2 12:fa:19:cb:39:e3 host-vpp2
Use the command show interface:
vpp# show interface
Name Idx State Counter Count
host-vpp1 5 up rx packets 1
rx bytes 98
tx packets 1
tx bytes 98
ip4 1
host-vpp2 6 up rx packets 1
rx bytes 98
tx packets 1
tx bytes 98
ip4 1
Use the command show ip fib:
vpp# show ip fib
Table 0, fib_index 0, flow hash: src dst sport dport proto
Destination Packets Bytes Adjacency
172.16.1.0/24 0 0 weight 1, index 3
arp host-vpp1 172.16.1.1/24
172.16.1.1/32 0 0 weight 1, index 4
local 172.16.1.1/24
172.16.1.2/32 0 0 weight 1, index 11
host-vpp1
IP4: 02:fe:67:ce:36:a9 -> 5a:df:31:28:dc:5c
172.16.2.0/24 1 98 weight 1, index 5
arp host-vpp2 172.16.2.1/24
172.16.2.1/32 0 0 weight 1, index 6
local 172.16.2.1/24
172.16.2.2/32 0 0 weight 1, index 9
host-vpp2
IP4: 02:fe:cc:9a:f7:d4 -> 12:fa:19:cb:39:e3
