VPP/Configure VPP As A Router Between Namespaces
This example shows how to configure VPP as an IPv4 router between 2 linux namespaces (or containers).
In this setup we use 2 linux veth interface pairs as an interconnect between VPP and 2 different namespaces called vpp1 and vpp2.
Setup
The Linux infrastructure can be setup by running this bash script:
#!/bin/bash if [ $USER != "root" ] ; then echo "Restarting script with sudo..." sudo $0 ${*} exit fi # delete previous incarnations if they exist ip link del dev veth_vpp1 ip link del dev veth_vpp2 ip netns del vpp1 ip netns del vpp2 #create namespaces ip netns add vpp1 ip netns add vpp2 # create and configure 1st veth pair ip link add name veth_vpp1 type veth peer name vpp1 ip link set dev vpp1 up ip link set dev veth_vpp1 up netns vpp1 ip netns exec vpp1 \ bash -c " ip link set dev lo up ip addr add 172.16.1.2/24 dev veth_vpp1 ip route add 172.16.2.0/24 via 172.16.1.1 " # create and configure 2st veth pair ip link add name veth_vpp2 type veth peer name vpp2 ip link set dev vpp2 up ip link set dev veth_vpp2 up netns vpp2 ip netns exec vpp2 \ bash -c " ip link set dev lo up ip addr add 172.16.2.2/24 dev veth_vpp2 ip route add 172.16.1.0/24 via 172.16.2.1 "
Modify Startup
VPP will attach to interfaces vpp1 and vpp2 over the linux AF_PACKET interface, which is not high performing but still significantly faster than standard TUN/TAP. You need to change the VPP startup config file (/etc/vpp/startup.conf
) to contain the following lines:
dpdk { no-pci vdev eth_af_packet0,iface=vpp1 vdev eth_af_packet1,iface=vpp2 }
Make sure to restart the VPP executable after you modify the startup.conf
file.
Configure Interfaces
We need to configure VPP interface ip address and interface state:
sudo vppctl set int state af_packet0 up sudo vppctl set int state af_packet1 up sudo vppctl set int ip address af_packet0 172.16.1.1/24 sudo vppctl set int ip address af_packet1 172.16.2.1/24
Test
We should now be able to send a ping from one namespace to another:
$ sudo ip netns exec vpp1 ping 172.16.2.2 -c 1 PING 172.16.2.2 (172.16.2.2) 56(84) bytes of data. 64 bytes from 172.16.2.2: icmp_seq=1 ttl=63 time=0.135 ms --- 172.16.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.135/0.135/0.135/0.000 ms
Using the VPP debug Command-line Interface (CLI) we can verify interface and fib statistics.
Use the VPP CLI command show ip arp
:
vpp# show ip arp Time FIB IP4 Stat Ethernet Interface 1050.5729 0 172.16.1.2 5a:df:31:28:dc:5c af_packet0 1050.5768 0 172.16.2.2 12:fa:19:cb:39:e3 af_packet1
Use the command show interface
:
vpp# show interface Name Idx State Counter Count af_packet0 5 up rx packets 1 rx bytes 98 tx packets 1 tx bytes 98 ip4 1 af_packet1 6 up rx packets 1 rx bytes 98 tx packets 1 tx bytes 98 ip4 1
Use the command show ip fib
:
vpp# show ip fib Table 0, fib_index 0, flow hash: src dst sport dport proto Destination Packets Bytes Adjacency 172.16.1.0/24 0 0 weight 1, index 3 arp af_packet0 172.16.1.1/24 172.16.1.1/32 0 0 weight 1, index 4 local 172.16.1.1/24 172.16.1.2/32 0 0 weight 1, index 11 af_packet0 IP4: 02:fe:67:ce:36:a9 -> 5a:df:31:28:dc:5c 172.16.2.0/24 1 98 weight 1, index 5 arp af_packet1 172.16.2.1/24 172.16.2.1/32 0 0 weight 1, index 6 local 172.16.2.1/24 172.16.2.2/32 0 0 weight 1, index 9 af_packet1 IP4: 02:fe:cc:9a:f7:d4 -> 12:fa:19:cb:39:e3