John DeNisco | 06dcd45 | 2018-07-26 12:45:10 -0400 | [diff] [blame] | 1 | .. _Routing: |
| 2 | |
| 3 | .. toctree:: |
| 4 | |
| 5 | Connecting the two Containers |
| 6 | _____________________________ |
| 7 | |
| 8 | Now for connecting these two linux containers to VPP and pinging between them. |
| 9 | |
| 10 | Enter container *cone*, and check the current network configuration: |
| 11 | |
| 12 | .. code-block:: console |
| 13 | |
| 14 | root@cone:/# ip -o a |
| 15 | 1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever |
| 16 | 1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever |
| 17 | 30: veth0 inet 10.0.3.157/24 brd 10.0.3.255 scope global veth0\ valid_lft forever preferred_lft forever |
| 18 | 30: veth0 inet6 fe80::216:3eff:fee2:d0ba/64 scope link \ valid_lft forever preferred_lft forever |
| 19 | 32: veth_link1 inet6 fe80::2c9d:83ff:fe33:37e/64 scope link \ valid_lft forever preferred_lft forever |
| 20 | |
| 21 | You can see that there are three network interfaces, *lo, veth0*, and *veth_link1*. |
| 22 | |
| 23 | Notice that *veth_link1* has no assigned IP. |
| 24 | |
| 25 | Check if the interfaces are down or up: |
| 26 | |
| 27 | .. code-block:: console |
| 28 | |
| 29 | root@cone:/# ip link |
| 30 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 |
| 31 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 |
| 32 | 30: veth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 |
| 33 | link/ether 00:16:3e:e2:d0:ba brd ff:ff:ff:ff:ff:ff link-netnsid 0 |
| 34 | 32: veth_link1@if33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 |
| 35 | link/ether 2e:9d:83:33:03:7e brd ff:ff:ff:ff:ff:ff link-netnsid 0 |
| 36 | |
| 37 | .. _networkNote: |
| 38 | |
| 39 | .. note:: |
| 40 | |
| 41 | Take note of the network index for **veth_link1**. In our case, it 32, and its parent index (the host machine, not the containers) is 33, shown by **veth_link1@if33**. Yours will most likely be different, but **please take note of these index's**. |
| 42 | |
| 43 | Make sure your loopback interface is up, and assign an IP and gateway to veth_link1. |
| 44 | |
| 45 | .. code-block:: console |
| 46 | |
| 47 | root@cone:/# ip link set dev lo up |
| 48 | root@cone:/# ip addr add 172.16.1.2/24 dev veth_link1 |
| 49 | root@cone:/# ip link set dev veth_link1 up |
| 50 | root@cone:/# dhclient -r |
| 51 | root@cone:/# ip route add default via 172.16.1.1 dev veth_link1 |
| 52 | |
| 53 | Here, the IP is 172.16.1.2/24 and the gateway is 172.16.1.1. |
| 54 | |
| 55 | Run some commands to verify the changes: |
| 56 | |
| 57 | .. code-block:: console |
| 58 | |
| 59 | root@cone:/# ip -o a |
| 60 | 1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever |
| 61 | 1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever |
| 62 | 30: veth0 inet6 fe80::216:3eff:fee2:d0ba/64 scope link \ valid_lft forever preferred_lft forever |
| 63 | 32: veth_link1 inet 172.16.1.2/24 scope global veth_link1\ valid_lft forever preferred_lft forever |
| 64 | 32: veth_link1 inet6 fe80::2c9d:83ff:fe33:37e/64 scope link \ valid_lft forever preferred_lft forever |
| 65 | |
| 66 | root@cone:/# route |
| 67 | Kernel IP routing table |
| 68 | Destination Gateway Genmask Flags Metric Ref Use Iface |
| 69 | default 172.16.1.1 0.0.0.0 UG 0 0 0 veth_link1 |
| 70 | 172.16.1.0 * 255.255.255.0 U 0 0 0 veth_link1 |
| 71 | |
| 72 | |
| 73 | We see that the IP has been assigned, as well as our default gateway. |
| 74 | |
| 75 | Now exit this container and repeat this process with container *ctwo*, except with IP 172.16.2.2/24 and gateway 172.16.2.1. |
| 76 | |
| 77 | |
| 78 | After thats done for *both* containers, exit from the container if you're in one: |
| 79 | |
| 80 | .. code-block:: console |
| 81 | |
| 82 | root@ctwo:/# exit |
| 83 | exit |
| 84 | root@localhost:~# |
| 85 | |
| 86 | In the machine running the containers, run **ip link** to see the host *veth* network interfaces, and their link with their respective *container veth's*. |
| 87 | |
| 88 | .. code-block:: console |
| 89 | |
| 90 | root@localhost:~# ip link |
| 91 | 1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT group default qlen 1 |
| 92 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 |
| 93 | 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 |
| 94 | link/ether 08:00:27:33:82:8a brd ff:ff:ff:ff:ff:ff |
| 95 | 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 |
| 96 | link/ether 08:00:27:d9:9f:ac brd ff:ff:ff:ff:ff:ff |
| 97 | 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 |
| 98 | link/ether 08:00:27:78:84:9d brd ff:ff:ff:ff:ff:ff |
| 99 | 5: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 |
| 100 | link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff |
| 101 | 19: veth0C2FL7@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP mode DEFAULT group default qlen 1000 |
| 102 | link/ether fe:0d:da:90:c1:65 brd ff:ff:ff:ff:ff:ff link-netnsid 1 |
| 103 | 21: veth8NA72P@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 |
| 104 | link/ether fe:1c:9e:01:9f:82 brd ff:ff:ff:ff:ff:ff link-netnsid 1 |
| 105 | 31: vethXQMY4C@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP mode DEFAULT group default qlen 1000 |
| 106 | link/ether fe:9a:d9:29:40:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0 |
| 107 | 33: vethQL7KOC@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 |
| 108 | link/ether fe:ed:89:54:47:a2 brd ff:ff:ff:ff:ff:ff link-netnsid 0 |
| 109 | |
| 110 | |
| 111 | Remember our network interface index 32 in *cone* from this :ref:`note <networkNote>`? We can see at the bottom the name of the 33rd index **vethQL7KOC@if32**. Keep note of this network interface name for the veth connected to *cone* (ex. vethQL7KOC), and the other network interface name for *ctwo*. |
| 112 | |
| 113 | With VPP in the host machine, show current VPP interfaces: |
| 114 | |
| 115 | .. code-block:: console |
| 116 | |
| 117 | root@localhost:~# vppctl show inter |
| 118 | Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count |
| 119 | local0 0 down 0/0/0/0 |
| 120 | |
| 121 | Which should only output local0. |
| 122 | |
| 123 | Based on the names of the network interfaces discussed previously, which are specific to my systems, we can create VPP host-interfaces: |
| 124 | |
| 125 | .. code-block:: console |
| 126 | |
| 127 | root@localhost:~# vppctl create host-interface name vethQL7K0C |
| 128 | root@localhost:~# vppctl create host-interface name veth8NA72P |
| 129 | |
| 130 | Verify they have been set up properly: |
| 131 | |
| 132 | .. code-block:: console |
| 133 | |
| 134 | root@localhost:~# vppctl show inter |
| 135 | Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count |
| 136 | host-vethQL7K0C 1 down 9000/0/0/0 |
| 137 | host-veth8NA72P 2 down 9000/0/0/0 |
| 138 | local0 0 down 0/0/0/0 |
| 139 | |
| 140 | Which should output *three network interfaces*, local0, and the other two host network interfaces linked to the container veth's. |
| 141 | |
| 142 | |
| 143 | Set their state to up: |
| 144 | |
| 145 | .. code-block:: console |
| 146 | |
| 147 | root@localhost:~# vppctl set interface state host-vethQL7K0C up |
| 148 | root@localhost:~# vppctl set interface state host-veth8NA72P up |
| 149 | |
| 150 | Verify they are now up: |
| 151 | |
| 152 | .. code-block:: console |
| 153 | |
| 154 | root@localhost:~# vppctl show inter |
| 155 | Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count |
| 156 | host-vethQL7K0C 1 up 9000/0/0/0 |
| 157 | host-veth8NA72P 2 up 9000/0/0/0 |
| 158 | local0 0 down 0/0/0/0 |
| 159 | |
| 160 | |
| 161 | Add IP addresses for the other end of each veth link: |
| 162 | |
| 163 | .. code-block:: console |
| 164 | |
| 165 | root@localhost:~# vppctl set interface ip address host-vethQL7K0C 172.16.1.1/24 |
| 166 | root@localhost:~# vppctl set interface ip address host-veth8NA72P 172.16.2.1/24 |
| 167 | |
| 168 | |
| 169 | Verify the addresses are set properly by looking at the L3 table: |
| 170 | |
| 171 | .. code-block:: console |
| 172 | |
| 173 | root@localhost:~# vppctl show inter addr |
| 174 | host-vethQL7K0C (up): |
| 175 | L3 172.16.1.1/24 |
| 176 | host-veth8NA72P (up): |
| 177 | L3 172.16.2.1/24 |
| 178 | local0 (dn): |
| 179 | |
| 180 | Or looking at the FIB by doing: |
| 181 | |
| 182 | .. code-block:: console |
| 183 | |
| 184 | root@localhost:~# vppctl show ip fib |
| 185 | ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ] |
| 186 | 0.0.0.0/0 |
| 187 | unicast-ip4-chain |
| 188 | [@0]: dpo-load-balance: [proto:ip4 index:1 buckets:1 uRPF:0 to:[0:0]] |
| 189 | [0] [@0]: dpo-drop ip4 |
| 190 | 0.0.0.0/32 |
| 191 | unicast-ip4-chain |
| 192 | [@0]: dpo-load-balance: [proto:ip4 index:2 buckets:1 uRPF:1 to:[0:0]] |
| 193 | [0] [@0]: dpo-drop ip4 |
| 194 | 172.16.1.0/32 |
| 195 | unicast-ip4-chain |
| 196 | [@0]: dpo-load-balance: [proto:ip4 index:10 buckets:1 uRPF:9 to:[0:0]] |
| 197 | [0] [@0]: dpo-drop ip4 |
| 198 | 172.16.1.0/24 |
| 199 | unicast-ip4-chain |
| 200 | [@0]: dpo-load-balance: [proto:ip4 index:9 buckets:1 uRPF:8 to:[0:0]] |
| 201 | [0] [@4]: ipv4-glean: host-vethQL7K0C: mtu:9000 ffffffffffff02fec953f98c0806 |
| 202 | 172.16.1.1/32 |
| 203 | unicast-ip4-chain |
| 204 | [@0]: dpo-load-balance: [proto:ip4 index:12 buckets:1 uRPF:13 to:[0:0]] |
| 205 | [0] [@2]: dpo-receive: 172.16.1.1 on host-vethQL7K0C |
| 206 | 172.16.1.255/32 |
| 207 | unicast-ip4-chain |
| 208 | [@0]: dpo-load-balance: [proto:ip4 index:11 buckets:1 uRPF:11 to:[0:0]] |
| 209 | [0] [@0]: dpo-drop ip4 |
| 210 | 172.16.2.0/32 |
| 211 | unicast-ip4-chain |
| 212 | [@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:15 to:[0:0]] |
| 213 | [0] [@0]: dpo-drop ip4 |
| 214 | 172.16.2.0/24 |
| 215 | unicast-ip4-chain |
| 216 | [@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:14 to:[0:0]] |
| 217 | [0] [@4]: ipv4-glean: host-veth8NA72P: mtu:9000 ffffffffffff02fe305400e80806 |
| 218 | 172.16.2.1/32 |
| 219 | unicast-ip4-chain |
| 220 | [@0]: dpo-load-balance: [proto:ip4 index:16 buckets:1 uRPF:19 to:[0:0]] |
| 221 | [0] [@2]: dpo-receive: 172.16.2.1 on host-veth8NA72P |
| 222 | 172.16.2.255/32 |
| 223 | unicast-ip4-chain |
| 224 | [@0]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:17 to:[0:0]] |
| 225 | [0] [@0]: dpo-drop ip4 |
| 226 | 224.0.0.0/4 |
| 227 | unicast-ip4-chain |
| 228 | [@0]: dpo-load-balance: [proto:ip4 index:4 buckets:1 uRPF:3 to:[0:0]] |
| 229 | [0] [@0]: dpo-drop ip4 |
| 230 | 240.0.0.0/4 |
| 231 | unicast-ip4-chain |
| 232 | [@0]: dpo-load-balance: [proto:ip4 index:3 buckets:1 uRPF:2 to:[0:0]] |
| 233 | [0] [@0]: dpo-drop ip4 |
| 234 | 255.255.255.255/32 |
| 235 | unicast-ip4-chain |
| 236 | [@0]: dpo-load-balance: [proto:ip4 index:5 buckets:1 uRPF:4 to:[0:0]] |
| 237 | [0] [@0]: dpo-drop ip4 |
| 238 | |
| 239 | At long last you probably want to see some pings: |
| 240 | |
| 241 | .. code-block:: console |
| 242 | |
| 243 | root@localhost:~# lxc-attach -n cone -- ping -c3 172.16.2.2 |
| 244 | PING 172.16.2.2 (172.16.2.2) 56(84) bytes of data. |
| 245 | 64 bytes from 172.16.2.2: icmp_seq=1 ttl=63 time=0.102 ms |
| 246 | 64 bytes from 172.16.2.2: icmp_seq=2 ttl=63 time=0.189 ms |
| 247 | 64 bytes from 172.16.2.2: icmp_seq=3 ttl=63 time=0.150 ms |
| 248 | |
| 249 | --- 172.16.2.2 ping statistics --- |
| 250 | 3 packets transmitted, 3 received, 0% packet loss, time 1999ms |
| 251 | rtt min/avg/max/mdev = 0.102/0.147/0.189/0.035 ms |
| 252 | |
| 253 | root@localhost:~# lxc-attach -n ctwo -- ping -c3 172.16.1.2 |
| 254 | PING 172.16.1.2 (172.16.1.2) 56(84) bytes of data. |
| 255 | 64 bytes from 172.16.1.2: icmp_seq=1 ttl=63 time=0.111 ms |
| 256 | 64 bytes from 172.16.1.2: icmp_seq=2 ttl=63 time=0.089 ms |
| 257 | 64 bytes from 172.16.1.2: icmp_seq=3 ttl=63 time=0.096 ms |
| 258 | |
| 259 | --- 172.16.1.2 ping statistics --- |
| 260 | 3 packets transmitted, 3 received, 0% packet loss, time 1998ms |
| 261 | rtt min/avg/max/mdev = 0.089/0.098/0.111/0.014 ms |
| 262 | |
| 263 | |
| 264 | Which should send/recieve three packets for each command. |
| 265 | |
| 266 | This is the end of this guide. Great work! |