Skip to content

Instantly share code, notes, and snippets.

@tamalsaha

tamalsaha/tc mirroring.md

Forked from mcastelino/tc mirroring.md
Created September 6, 2022 07:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tamalsaha/61f175174aa19180ebc2861db2b7e4ee to your computer and use it in GitHub Desktop.
Save tamalsaha/61f175174aa19180ebc2861db2b7e4ee to your computer and use it in GitHub Desktop.
Download ZIP
Using tc redirect to connect a virtual machine to a container network
Raw
tc mirroring.md

Connecting a veth device to tap

  • veth device from CNI/CNM plugin: eth0
  • tap device that connects to the VM: tap0

Redirecting traffic between the two devices

tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev tap0
tc qdisc add dev tap0 ingress
tc filter add dev tap0 parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev eth0

tc qdisc add dev eth0 ingress

  • Add a queuing discipline
  • on dev eth0
  • attach the ingress qdisc Here the handle defaults to ffff:

tc filter add dev eth0 parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev tap0

  • Add a filter
  • to device dev eth0
  • to parent (class) handle to which we are attaching, ffff: i.e. ingress which we created before (there is no need for tc class add in the ingress case as it does not support classful queuing discplines).
  • protocol all
  • classifier u32
  • parameters to the classifier u8 0 0, and the first byte of the packet with 0 and if the result is 0 (which it always will be) (i.e. always true)
  • action mirred egress redirect dev eth0, redirect the packet to egress of dev eth0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment