This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-worker2 ~]# ovs-dpctl dump-flows | |
recirc_id(0x48),in_port(2),ct_state(+new-est-rel-rpl-inv+trk),ct_mark(0/0x1),eth(src=66:49:b8:4b:12:3e,dst=0a:58:0a:f4:01:05),eth_type(0x0800),ipv4(src=10.244.1.2,dst=10.244.1.5,frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone=19,mark=0/0x1,nat(src)),6 | |
recirc_id(0),in_port(3),skb_mark(0),eth(dst=02:42:ac:12:00:03),eth_type(0x0800),ipv4(proto=6,frag=no),tcp(dst=8192/0xe000), packets:797, bytes:70414, used:0.004s, flags:SP., actions:ct(zone=64000,nat),recirc(0x27) | |
recirc_id(0),in_port(3),eth(dst=02:42:ac:12:00:03),eth_type(0x0800),ipv4(proto=17,frag=no),udp(dst=6081), packets:1, bytes:132, used:0.753s, actions:4 | |
recirc_id(0x46),tunnel(tun_id=0xff0003,src=172.18.0.2,dst=172.18.0.3,geneve({}{}),flags(-df+csum+key)),in_port(5),ct_state(+new-est-rel-rpl-inv+trk),ct_mark(0/0x1),eth(src=0a:58:0a:f4:01:01,dst=00:00:00:00:00:00/01:00:00:00:00:00),eth_type(0x0800),ipv4(src=10.244.0.0/255.255.255.0,frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: client | |
labels: | |
pod-name: client | |
role: webserver | |
#app: spk-coredns | |
spec: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-control-plane ~]# ovs-appctl ofproto/trace --ct-next trk,rpl --ct-next trk,rpl br-int in_port=3,tun_id=16711683,tun_metadata0=262147,dl_src=0a:58:2b:22:eb:86,dl_dst=0a:58:92:3f:71:e5,tcp6,tp_src=8080,tp_dst=43434,ipv6_dst=fd00:10:244:1::7,ipv6_src=fc00:f853:ccd:e793::4,nw_ttl=254 | ovn-detrace | |
Flow: tcp6,tun_id=0xff0003,in_port=3,vlan_tci=0x0000,dl_src=0a:58:2b:22:eb:86,dl_dst=0a:58:92:3f:71:e5,ipv6_src=fc00:f853:ccd:e793::4,ipv6_dst=fd00:10:244:1::7,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=254,nw_frag=no,tp_src=8080,tp_dst=43434,tcp_flags=0 | |
bridge("br-int") | |
---------------- | |
0. in_port=3, priority 100 | |
move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23] | |
-> OXM_OF_METADATA[0..23] is now 0xff0003 | |
move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14] | |
-> NXM_NX_REG14[0..14] is now 0x4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-control-plane ~]# ovn-trace --ct trk,rpl --ct trk,rpl transit_switch 'inport == "tstor-ovn-worker" && eth.src ==0a:58:2b:22:eb:86 && eth.dst==0a:58:92:3f:71:e5 && ip6 && ip.ttl==64 && ip6.src==fc00:f853:ccd:e793::4 && ip6.dst==fd00:10:244:1::7 && tcp && tcp.src == 8080 && tcp.dst ==43434' | |
2024-04-17T17:08:05Z|00001|ovntrace|WARN|ct.new && !ct.rel && ip6 && ip6.dst == ^NODEIP_IPv6_0 && tcp && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00002|ovntrace|WARN|ct.new && ip6.dst == ^NODEIP_IPv6_0 && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00003|ovntrace|WARN|reg0[2] == 1 && ip6.dst == ^NODEIP_IPv6_0 && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00004|ovntrace|WARN|ip && ip6.dst == ^NODEIP_IPv6_0: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### ebpf | |
#include <linux/bpf.h> | |
#include <linux/if_ether.h> | |
#include <linux/ip.h> | |
#include <linux/in.h> | |
#include <linux/tcp.h> | |
struct data_t { | |
__u32 src_ip; | |
__u32 dst_ip; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[trozet@fedora 250-nodetracker]$ cat must-gather.local.3877710284032856534/inspect.local.4295100335563262757/namespaces/openshift-ovn-kubernetes/pods/ovnkube-node-5ksf5/ovnkube-controller/ovnkube-controller/logs/current.log | grep -E 'Starting controller|router changed, syncing services| Node tracker sync took|Full service sync requested' | |
2024-01-16T02:33:18.213324326Z I0116 02:33:18.213311 3961 services_controller.go:163] Starting controller ovn-lb-controller | |
2024-01-16T02:33:18.213864591Z I0116 02:33:18.213856 3961 node_tracker.go:185] Node ip-10-0-236-9.us-west-2.compute.internal switch + router changed, syncing services | |
2024-01-16T02:33:18.214366306Z I0116 02:33:18.214357 3961 services_controller.go:513] Full service sync requested | |
2024-01-16T02:33:18.238191487Z I0116 02:33:18.238179 3961 node_tracker.go:185] Node ip-10-0-149-39.us-west-2.compute.internal switch + router changed, syncing services | |
2024-01-16T02:33:18.238242960Z I0116 02:33:18.238234 3961 services_controller.go:513] Full serv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pkt received on worker node: | |
01:30:41.176263 M 00:07:35:c0:23:cd ethertype IPv6 (0x86dd), length 88: (flowlabel 0x8e949, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::207:35ff:fec0:23cd > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is fd2e:6f44:5dd8:c956::18, Flags [override] | |
destination link-address option (2), length 8 (1): 00:07:35:c0:23:cd | |
datapath flow: | |
recirc_id(0xd),in_port(1),ct_state(-new-est-rel+trk),ct_mark(0),eth(src=00:07:35:c0:23:cd,dst=33:33:00:00:00:01),eth_type(0x86dd),ipv6(src=fe80::207:35ff:fec0:23cd,dst=ff02::1,proto=58,hlimit=255,frag=no),icmpv6(type=136,code=0), packets:27611, bytes:2374546, used:0.002s, actions:2,check_pkt_len(size=1414,gt(sample(sample=100.0%,actions(meter(3),userspace(pid=4294967295,controller(reason=1,dont_send=0,continuation=0,recirc_id=25194,rule_cookie=0x25862262,controller_id=0,max_len=65535))))),le(drop) | |
mac is not changing: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#### setup, client curling a service with session affinity that is backed by server and server-sdn pods | |
[trozet@fedora test]$ oc get service | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
kubernetes ClusterIP 172.30.0.1 <none> 443/TCP 46m | |
my-service1 ClusterIP 172.30.189.139 <none> 1337/UDP,80/TCP 5m5s | |
openshift ExternalName <none> kubernetes.default.svc.cluster.local <none> 41m | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import argparse | |
import ipaddress | |
import subprocess | |
import time | |
dpdk1_rx_dest_mac = "3c0000000019" | |
dpdk0_rx_dest_mac = "3c0000000099" | |
dpdk1_rx_int_mac = int(dpdk1_rx_dest_mac, 16) | |
dpdk0_rx_int_mac = int(dpdk0_rx_dest_mac, 16) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## NP with port range | |
--- | |
apiVersion: networking.k8s.io/v1 | |
kind: NetworkPolicy | |
metadata: | |
name: default-deny-egress | |
spec: | |
podSelector: | |
policyTypes: |
NewerOlder