5 .. _introduction-to-vpp-vagrant:
10 This tutorial is designed for you to be able to run it on a single Ubuntu 16.04 VM on your laptop.
11 It walks you through some very basic vpp senarios, with a focus on learning vpp commands, doing common actions,
12 and being able to discover common things about the state of a running vpp.
14 This is *not* intended to be a 'how to run in a production environment' set of instructions.
16 Exercise: Setting up your environment
17 -------------------------------------
19 All of these exercises are designed to be performed on an Ubuntu 16.04 (Xenial) box.
21 If you have an Ubuntu 16.04 box on which you have sudo, you can feel free to use that.
23 If you do not, a Vagrantfile is provided to setup a basic Ubuntu 16.04 box for you
30 Action: Install Virtualbox
31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
33 If you do not already have virtualbox on your laptop (or if it is not up to date), please download and install it:
35 https://www.virtualbox.org/wiki/Downloads
37 Action: Install Vagrant
38 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
40 If you do not already have Vagrant on your laptop (or if it is not up to date), please download it:
42 https://www.vagrantup.com/downloads.html
44 Action: Create a Vagrant Directory
45 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
46 Create a directory on your laptop
48 .. code-block:: console
53 .. _create-vagrant-file:
58 .. code-block:: console
63 Vagrant.configure(2) do |config|
65 config.vm.box = "puppetlabs/ubuntu-16.04-64-nocm"
66 config.vm.box_check_update = false
68 vmcpu=(ENV['VPP_VAGRANT_VMCPU'] || 2)
69 vmram=(ENV['VPP_VAGRANT_VMRAM'] || 4096)
71 config.ssh.forward_agent = true
73 config.vm.provider "virtualbox" do |vb|
74 vb.customize ["modifyvm", :id, "--ioapic", "on"]
75 vb.memory = "#{vmram}"
77 #support for the SSE4.x instruction is required in some versions of VB.
78 vb.customize ["setextradata", :id, "VBoxInternal/CPUM/SSE4.1", "1"]
79 vb.customize ["setextradata", :id, "VBoxInternal/CPUM/SSE4.2", "1"]
86 Bring up your Vagrant VM:
88 .. code-block:: console
93 Action: ssh to Vagrant VM
94 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
96 .. code-block:: console
100 Exercise: Install VPP
101 ---------------------
102 **Skills to be Learned**
104 * Learn how to install vpp binary packges using apt-get.
106 Follow the instructions at :ref:`Installing VPP Binaries <install_vpp>` for installing xenial vpp packages from the release repo. Please note, certain aspects of this tutorial require vpp 17.10 or later.
109 ---------------------
110 **Skills to be Learned**
112 By the end of the exercise you should be able to:
114 * Run a vpp instance in a mode which allows multiple vpp processes to run
115 * Issue vpp commands from the unix shell
116 * Run a vpp shell and issue it commands
119 VPP command learned in this exercise
120 --------------------------------------
122 * `show ver <https://docs.fd.io/vpp/17.04/clicmd_src_vpp_app.html#clicmd_show_version>`_
124 Action: Remove dpdk plugin
125 --------------------------
126 In this tutorial, we will be running multiple vpp instances. DPDK does not work well with multiple instances, and so to run multiple instances we will need to disable the dpdk-plugin by removing it:
128 .. code-block:: console
130 sudo rm -rf /usr/lib/vpp_plugins/dpdk_plugin.so
137 VPP runs in userspace. In a production environment you will often run it with DPDK to connect to real NICs or vhost to connect to VMs.
138 In those circumstances you usually run a single instance of vpp.
140 For purposes of this tutorial, it is going to be extremely useful to run multiple instances of vpp, and connect them to each other to form
141 a topology. Fortunately, vpp supports this.
143 When running multiple vpp instances, each instance needs to have specified a 'name' or 'prefix'. In the example below, the 'name' or 'prefix' is "vpp1". Note that only one instance can use the dpdk plugin, since this plugin is trying to acquire a lock on a file.
145 .. code-block:: console
147 sudo vpp unix {cli-listen /run/vpp/cli-vpp1.sock} api-segment { prefix vpp1 }
151 .. code-block:: console
153 vlib_plugin_early_init:230: plugin path /usr/lib/vpp_plugins
157 * "api-segment {prefix vpp1}" tells vpp how to name the files in /dev/shm/ for your vpp instance differently from the default.
158 * "unix {cli-listen /run/vpp/cli-vpp1.sock}" tells vpp to use a non-default socket file when being addressed by vppctl.
160 If you can't see the vpp process running on the host, activate the nodaemon option to better understand what is happening
162 .. code-block:: console
164 sudo vpp unix {nodaemon cli-listen /run/vpp/cli-vpp1.sock} api-segment { prefix vpp1 }
166 **Example Output with errors from the dpdk plugin:**
168 .. code-block:: console
170 vlib_plugin_early_init:356: plugin path /usr/lib/vpp_plugins
171 load_one_plugin:184: Loaded plugin: acl_plugin.so (Access Control Lists)
172 load_one_plugin:184: Loaded plugin: dpdk_plugin.so (Data Plane Development Kit (DPDK))
173 load_one_plugin:184: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
174 load_one_plugin:184: Loaded plugin: gtpu_plugin.so (GTPv1-U)
175 load_one_plugin:184: Loaded plugin: ila_plugin.so (Identifier-locator addressing for IPv6)
176 load_one_plugin:184: Loaded plugin: ioam_plugin.so (Inbound OAM)
177 load_one_plugin:114: Plugin disabled (default): ixge_plugin.so
178 load_one_plugin:184: Loaded plugin: kubeproxy_plugin.so (kube-proxy data plane)
179 load_one_plugin:184: Loaded plugin: l2e_plugin.so (L2 Emulation)
180 load_one_plugin:184: Loaded plugin: lb_plugin.so (Load Balancer)
181 load_one_plugin:184: Loaded plugin: libsixrd_plugin.so (IPv6 Rapid Deployment on IPv4 Infrastructure (RFC5969))
182 load_one_plugin:184: Loaded plugin: memif_plugin.so (Packet Memory Interface (experimetal))
183 load_one_plugin:184: Loaded plugin: nat_plugin.so (Network Address Translation)
184 load_one_plugin:184: Loaded plugin: pppoe_plugin.so (PPPoE)
185 load_one_plugin:184: Loaded plugin: stn_plugin.so (VPP Steals the NIC for Container integration)
186 vpp[10211]: vlib_pci_bind_to_uio: Skipping PCI device 0000:00:03.0 as host interface eth0 is up
187 vpp[10211]: vlib_pci_bind_to_uio: Skipping PCI device 0000:00:04.0 as host interface eth1 is up
188 vpp[10211]: dpdk_config:1240: EAL init args: -c 1 -n 4 --huge-dir /run/vpp/hugepages --file-prefix vpp -b 0000:00:03.0 -b 0000:00:04.0 --master-lcore 0 --socket-mem 64
189 EAL: No free hugepages reported in hugepages-1048576kB
190 EAL: Error - exiting with code: 1
191 Cause: Cannot create lock on '/var/run/.vpp_config'. Is another primary process running?
193 Action: Send commands to VPP using vppctl
194 ---------------------------------------------------------------
196 You can send vpp commands with a utility called *vppctl*.
198 When running vppctl against a named version of vpp, you will need to run:
200 .. code-block:: console
202 sudo vppctl -s /run/vpp/cli-${name}.sock ${cmd}
206 .. code-block:: console
208 /run/vpp/cli-${name}.sock
210 is the particular naming convention used in this tutorial. By default you can set vpp to use what ever socket file name you would like at startup (the default config file uses /run/vpp/cli.sock) if two different vpps are being run (as in this tutorial) you must use distinct socket files for each one.
212 So to run 'show ver' against the vpp instance named vpp1 you would run:
214 .. code-block:: console
216 sudo vppctl -s /run/vpp/cli-vpp1.sock show ver
220 .. code-block:: console
222 vpp v17.04-rc0~177-g006eb47 built by ubuntu on fdio-ubuntu1604-sevt at Mon Jan 30 18:30:12 UTC 2017
224 Action: Start a VPP shell using vppctl
225 ---------------------------------------------------------------
226 You can also use vppctl to launch a vpp shell with which you can run multiple vpp commands interactively by running:
228 .. code-block:: console
230 sudo vppctl -s /run/vpp/cli-${name}.sock
232 which will give you a command prompt.
234 Try doing show ver that way:
236 .. code-block:: console
238 sudo vppctl -s /run/vpp/cli-vpp1.sock
243 .. code-block:: console
245 vpp v17.04-rc0~177-g006eb47 built by ubuntu on fdio-ubuntu1604-sevt at Mon Jan 30 18:30:12 UTC 2017
249 To exit the vppctl shell:
251 .. code-block:: console
255 Exercise: Create an interface
256 -----------------------------
261 #. Create a veth interface in Linux host
262 #. Assign an IP address to one end of the veth interface in the Linux host
263 #. Create a vpp host-interface that connected to one end of a veth interface via AF_PACKET
264 #. Add an ip address to a vpp interface
268 #. Verify using ping from host
273 VPP command learned in this exercise
274 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
275 #. `create host-interface <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_devices_af_packet.html#clicmd_create_host-interface>`_
276 #. `set int state <https://docs.fd.io/vpp/17.04/clicmd_src_vnet.html#clicmd_set_interface_state>`_
277 #. `set int ip address <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_ip.html#clicmd_set_interface_ip_address>`_
278 #. `show hardware <https://docs.fd.io/vpp/17.04/clicmd_src_vnet.html#clicmd_show_hardware-interfaces>`_
279 #. `show int <https://docs.fd.io/vpp/17.04/clicmd_src_vnet.html#clicmd_show_interfaces>`_
280 #. `show int addr <https://docs.fd.io/vpp/17.04/clicmd_src_vnet.html#clicmd_show_interfaces>`_
281 #. `trace add <https://docs.fd.io/vpp/17.04/clicmd_src_vlib.html#clicmd_trace_add>`_
282 #. `clear trace <https://docs.fd.io/vpp/17.04/clicmd_src_vlib.html#clicmd_clear_trace>`_
283 #. `ping <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_ip.html#clicmd_ping>`_
284 #. `show ip arp <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_ethernet.html#clicmd_show_ip_arp>`_
285 #. `show ip fib <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_fib.html#clicmd_show_ip_fib>`_
290 .. figure:: /_images/Create_Interface_Topology.jpg
291 :alt: Figure: Create Interface Topology
293 Figure: Create Interface Topology
298 The initial state here is presumed to be the final state from the
299 exercise `VPP Basics <VPP/Progressive_VPP_Tutorial#Exercise:_vpp_basics>`__
301 Action: Create veth interfaces on host
302 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
304 In Linux, there is a type of interface call 'veth'. Think of a 'veth'
305 interface as being an interface that has two ends to it (rather than
308 Create a veth interface with one end named **vpp1out** and the other
313 sudo ip link add name vpp1out type veth peer name vpp1host
319 sudo ip link set dev vpp1out up
320 sudo ip link set dev vpp1host up
326 sudo ip addr add 10.10.1.1/24 dev vpp1host
332 sudo ip addr show vpp1host
338 10: vpp1host@vpp1out: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
339 link/ether 5e:97:e3:41:aa:b8 brd ff:ff:ff:ff:ff:ff
340 inet 10.10.1.1/24 scope global vpp1host
341 valid_lft forever preferred_lft forever
342 inet6 fe80::5c97:e3ff:fe41:aab8/64 scope link
343 valid_lft forever preferred_lft forever
345 Action: Create vpp host- interface
346 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
348 Create a host interface attached to **vpp1out**.
352 sudo vppctl -s /run/vpp/cli-vpp1.sock create host-interface name vpp1out
360 Confirm the interface:
364 sudo vppctl -s /run/vpp/cli-vpp1.sock show hardware
370 Name Idx Link Hardware
371 host-vpp1out 1 up host-vpp1out
372 Ethernet address 02:fe:48:ec:d5:a7
373 Linux PACKET socket interface
377 Turn up the interface:
381 sudo vppctl -s /run/vpp/cli-vpp1.sock set int state host-vpp1out up
383 Confirm the interface is up:
387 sudo vppctl -s /run/vpp/cli-vpp1.sock show int
391 Name Idx State Counter Count
395 Assign ip address 10.10.1.2/24
399 sudo vppctl -s /run/vpp/cli-vpp1.sock set int ip address host-vpp1out 10.10.1.2/24
401 Confirm the ip address is assigned:
405 sudo vppctl -s /run/vpp/cli-vpp1.sock show int addr
418 sudo vppctl -s /run/vpp/cli-vpp1.sock trace add af-packet-input 10
420 Action: Ping from host to vpp
421 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
429 PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.
430 64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.557 ms
432 --- 10.10.1.2 ping statistics ---
433 1 packets transmitted, 1 received, 0% packet loss, time 0ms
434 rtt min/avg/max/mdev = 0.557/0.557/0.557/0.000 ms
436 Action: Examine Trace of ping from host to vpp
437 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
441 sudo vppctl -s /run/vpp/cli-vpp1.sock show trace
445 ------------------- Start of thread 0 vpp_main -------------------
448 00:09:30:397798: af-packet-input
449 af_packet: hw_if_index 1 next-index 4
451 status 0x20000001 len 42 snaplen 42 mac 66 net 80
452 sec 0x588fd3ac nsec 0x375abde7 vlan 0 vlan_tpid 0
453 00:09:30:397906: ethernet-input
454 ARP: fa:13:55:ac:d9:50 -> ff:ff:ff:ff:ff:ff
455 00:09:30:397912: arp-input
456 request, type ethernet/IP4, address size 6/4
457 fa:13:55:ac:d9:50/10.10.1.1 -> 00:00:00:00:00:00/10.10.1.2
458 00:09:30:398191: host-vpp1out-output
460 ARP: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50
461 reply, type ethernet/IP4, address size 6/4
462 02:fe:48:ec:d5:a7/10.10.1.2 -> fa:13:55:ac:d9:50/10.10.1.1
466 00:09:30:398227: af-packet-input
467 af_packet: hw_if_index 1 next-index 4
469 status 0x20000001 len 98 snaplen 98 mac 66 net 80
470 sec 0x588fd3ac nsec 0x37615060 vlan 0 vlan_tpid 0
471 00:09:30:398295: ethernet-input
472 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
473 00:09:30:398298: ip4-input
474 ICMP: 10.10.1.1 -> 10.10.1.2
475 tos 0x00, ttl 64, length 84, checksum 0x9b46
476 fragment id 0x894c, flags DONT_FRAGMENT
477 ICMP echo_request checksum 0x83c
478 00:09:30:398300: ip4-lookup
479 fib 0 dpo-idx 5 flow hash: 0x00000000
480 ICMP: 10.10.1.1 -> 10.10.1.2
481 tos 0x00, ttl 64, length 84, checksum 0x9b46
482 fragment id 0x894c, flags DONT_FRAGMENT
483 ICMP echo_request checksum 0x83c
484 00:09:30:398303: ip4-local
485 ICMP: 10.10.1.1 -> 10.10.1.2
486 tos 0x00, ttl 64, length 84, checksum 0x9b46
487 fragment id 0x894c, flags DONT_FRAGMENT
488 ICMP echo_request checksum 0x83c
489 00:09:30:398305: ip4-icmp-input
490 ICMP: 10.10.1.1 -> 10.10.1.2
491 tos 0x00, ttl 64, length 84, checksum 0x9b46
492 fragment id 0x894c, flags DONT_FRAGMENT
493 ICMP echo_request checksum 0x83c
494 00:09:30:398307: ip4-icmp-echo-request
495 ICMP: 10.10.1.1 -> 10.10.1.2
496 tos 0x00, ttl 64, length 84, checksum 0x9b46
497 fragment id 0x894c, flags DONT_FRAGMENT
498 ICMP echo_request checksum 0x83c
499 00:09:30:398317: ip4-load-balance
500 fib 0 dpo-idx 10 flow hash: 0x0000000e
501 ICMP: 10.10.1.2 -> 10.10.1.1
502 tos 0x00, ttl 64, length 84, checksum 0xbef3
503 fragment id 0x659f, flags DONT_FRAGMENT
504 ICMP echo_reply checksum 0x103c
505 00:09:30:398318: ip4-rewrite
506 tx_sw_if_index 1 dpo-idx 2 : ipv4 via 10.10.1.1 host-vpp1out: IP4: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50 flow hash: 0x00000000
507 IP4: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50
508 ICMP: 10.10.1.2 -> 10.10.1.1
509 tos 0x00, ttl 64, length 84, checksum 0xbef3
510 fragment id 0x659f, flags DONT_FRAGMENT
511 ICMP echo_reply checksum 0x103c
512 00:09:30:398320: host-vpp1out-output
514 IP4: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50
515 ICMP: 10.10.1.2 -> 10.10.1.1
516 tos 0x00, ttl 64, length 84, checksum 0xbef3
517 fragment id 0x659f, flags DONT_FRAGMENT
518 ICMP echo_reply checksum 0x103c
520 Action: Clear trace buffer
521 ~~~~~~~~~~~~~~~~~~~~~~~~~~
525 sudo vppctl -s /run/vpp/cli-vpp1.sock clear trace
527 Action: ping from vpp to host
528 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
532 sudo vppctl -s /run/vpp/cli-vpp1.sock ping 10.10.1.1
536 64 bytes from 10.10.1.1: icmp_seq=1 ttl=64 time=.0865 ms
537 64 bytes from 10.10.1.1: icmp_seq=2 ttl=64 time=.0914 ms
538 64 bytes from 10.10.1.1: icmp_seq=3 ttl=64 time=.0943 ms
539 64 bytes from 10.10.1.1: icmp_seq=4 ttl=64 time=.0959 ms
540 64 bytes from 10.10.1.1: icmp_seq=5 ttl=64 time=.0858 ms
542 Statistics: 5 sent, 5 received, 0% packet loss
544 Action: Examine Trace of ping from vpp to host
545 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
549 sudo vppctl -s /run/vpp/cli-vpp1.sock show trace
553 ------------------- Start of thread 0 vpp_main -------------------
556 00:12:47:155326: af-packet-input
557 af_packet: hw_if_index 1 next-index 4
559 status 0x20000001 len 98 snaplen 98 mac 66 net 80
560 sec 0x588fd471 nsec 0x161c61ad vlan 0 vlan_tpid 0
561 00:12:47:155331: ethernet-input
562 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
563 00:12:47:155334: ip4-input
564 ICMP: 10.10.1.1 -> 10.10.1.2
565 tos 0x00, ttl 64, length 84, checksum 0x2604
567 ICMP echo_reply checksum 0x1a83
568 00:12:47:155335: ip4-lookup
569 fib 0 dpo-idx 5 flow hash: 0x00000000
570 ICMP: 10.10.1.1 -> 10.10.1.2
571 tos 0x00, ttl 64, length 84, checksum 0x2604
573 ICMP echo_reply checksum 0x1a83
574 00:12:47:155336: ip4-local
575 ICMP: 10.10.1.1 -> 10.10.1.2
576 tos 0x00, ttl 64, length 84, checksum 0x2604
578 ICMP echo_reply checksum 0x1a83
579 00:12:47:155339: ip4-icmp-input
580 ICMP: 10.10.1.1 -> 10.10.1.2
581 tos 0x00, ttl 64, length 84, checksum 0x2604
583 ICMP echo_reply checksum 0x1a83
584 00:12:47:155342: ip4-icmp-echo-reply
585 ICMP echo id 17572 seq 1
586 00:12:47:155349: error-drop
587 ip4-icmp-input: unknown type
591 00:12:48:155330: af-packet-input
592 af_packet: hw_if_index 1 next-index 4
594 status 0x20000001 len 98 snaplen 98 mac 66 net 80
595 sec 0x588fd472 nsec 0x1603e95b vlan 0 vlan_tpid 0
596 00:12:48:155337: ethernet-input
597 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
598 00:12:48:155341: ip4-input
599 ICMP: 10.10.1.1 -> 10.10.1.2
600 tos 0x00, ttl 64, length 84, checksum 0x2565
602 ICMP echo_reply checksum 0x7405
603 00:12:48:155343: ip4-lookup
604 fib 0 dpo-idx 5 flow hash: 0x00000000
605 ICMP: 10.10.1.1 -> 10.10.1.2
606 tos 0x00, ttl 64, length 84, checksum 0x2565
608 ICMP echo_reply checksum 0x7405
609 00:12:48:155344: ip4-local
610 ICMP: 10.10.1.1 -> 10.10.1.2
611 tos 0x00, ttl 64, length 84, checksum 0x2565
613 ICMP echo_reply checksum 0x7405
614 00:12:48:155346: ip4-icmp-input
615 ICMP: 10.10.1.1 -> 10.10.1.2
616 tos 0x00, ttl 64, length 84, checksum 0x2565
618 ICMP echo_reply checksum 0x7405
619 00:12:48:155348: ip4-icmp-echo-reply
620 ICMP echo id 17572 seq 2
621 00:12:48:155351: error-drop
622 ip4-icmp-input: unknown type
626 00:12:49:155331: af-packet-input
627 af_packet: hw_if_index 1 next-index 4
629 status 0x20000001 len 98 snaplen 98 mac 66 net 80
630 sec 0x588fd473 nsec 0x15eb77ef vlan 0 vlan_tpid 0
631 00:12:49:155337: ethernet-input
632 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
633 00:12:49:155341: ip4-input
634 ICMP: 10.10.1.1 -> 10.10.1.2
635 tos 0x00, ttl 64, length 84, checksum 0x249e
637 ICMP echo_reply checksum 0xf446
638 00:12:49:155343: ip4-lookup
639 fib 0 dpo-idx 5 flow hash: 0x00000000
640 ICMP: 10.10.1.1 -> 10.10.1.2
641 tos 0x00, ttl 64, length 84, checksum 0x249e
643 ICMP echo_reply checksum 0xf446
644 00:12:49:155345: ip4-local
645 ICMP: 10.10.1.1 -> 10.10.1.2
646 tos 0x00, ttl 64, length 84, checksum 0x249e
648 ICMP echo_reply checksum 0xf446
649 00:12:49:155349: ip4-icmp-input
650 ICMP: 10.10.1.1 -> 10.10.1.2
651 tos 0x00, ttl 64, length 84, checksum 0x249e
653 ICMP echo_reply checksum 0xf446
654 00:12:49:155350: ip4-icmp-echo-reply
655 ICMP echo id 17572 seq 3
656 00:12:49:155354: error-drop
657 ip4-icmp-input: unknown type
661 00:12:50:155335: af-packet-input
662 af_packet: hw_if_index 1 next-index 4
664 status 0x20000001 len 98 snaplen 98 mac 66 net 80
665 sec 0x588fd474 nsec 0x15d2ffb6 vlan 0 vlan_tpid 0
666 00:12:50:155341: ethernet-input
667 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
668 00:12:50:155346: ip4-input
669 ICMP: 10.10.1.1 -> 10.10.1.2
670 tos 0x00, ttl 64, length 84, checksum 0x2437
672 ICMP echo_reply checksum 0x5b6e
673 00:12:50:155347: ip4-lookup
674 fib 0 dpo-idx 5 flow hash: 0x00000000
675 ICMP: 10.10.1.1 -> 10.10.1.2
676 tos 0x00, ttl 64, length 84, checksum 0x2437
678 ICMP echo_reply checksum 0x5b6e
679 00:12:50:155350: ip4-local
680 ICMP: 10.10.1.1 -> 10.10.1.2
681 tos 0x00, ttl 64, length 84, checksum 0x2437
683 ICMP echo_reply checksum 0x5b6e
684 00:12:50:155351: ip4-icmp-input
685 ICMP: 10.10.1.1 -> 10.10.1.2
686 tos 0x00, ttl 64, length 84, checksum 0x2437
688 ICMP echo_reply checksum 0x5b6e
689 00:12:50:155353: ip4-icmp-echo-reply
690 ICMP echo id 17572 seq 4
691 00:12:50:155356: error-drop
692 ip4-icmp-input: unknown type
696 00:12:51:155324: af-packet-input
697 af_packet: hw_if_index 1 next-index 4
699 status 0x20000001 len 98 snaplen 98 mac 66 net 80
700 sec 0x588fd475 nsec 0x15ba8726 vlan 0 vlan_tpid 0
701 00:12:51:155331: ethernet-input
702 IP4: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
703 00:12:51:155335: ip4-input
704 ICMP: 10.10.1.1 -> 10.10.1.2
705 tos 0x00, ttl 64, length 84, checksum 0x23cc
707 ICMP echo_reply checksum 0xedb3
708 00:12:51:155337: ip4-lookup
709 fib 0 dpo-idx 5 flow hash: 0x00000000
710 ICMP: 10.10.1.1 -> 10.10.1.2
711 tos 0x00, ttl 64, length 84, checksum 0x23cc
713 ICMP echo_reply checksum 0xedb3
714 00:12:51:155338: ip4-local
715 ICMP: 10.10.1.1 -> 10.10.1.2
716 tos 0x00, ttl 64, length 84, checksum 0x23cc
718 ICMP echo_reply checksum 0xedb3
719 00:12:51:155341: ip4-icmp-input
720 ICMP: 10.10.1.1 -> 10.10.1.2
721 tos 0x00, ttl 64, length 84, checksum 0x23cc
723 ICMP echo_reply checksum 0xedb3
724 00:12:51:155343: ip4-icmp-echo-reply
725 ICMP echo id 17572 seq 5
726 00:12:51:155346: error-drop
727 ip4-icmp-input: unknown type
731 00:12:52:175185: af-packet-input
732 af_packet: hw_if_index 1 next-index 4
734 status 0x20000001 len 42 snaplen 42 mac 66 net 80
735 sec 0x588fd476 nsec 0x16d05dd0 vlan 0 vlan_tpid 0
736 00:12:52:175195: ethernet-input
737 ARP: fa:13:55:ac:d9:50 -> 02:fe:48:ec:d5:a7
738 00:12:52:175200: arp-input
739 request, type ethernet/IP4, address size 6/4
740 fa:13:55:ac:d9:50/10.10.1.1 -> 00:00:00:00:00:00/10.10.1.2
741 00:12:52:175214: host-vpp1out-output
743 ARP: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50
744 reply, type ethernet/IP4, address size 6/4
745 02:fe:48:ec:d5:a7/10.10.1.2 -> fa:13:55:ac:d9:50/10.10.1.1
747 After examinging the trace, clear it again.
749 Action: Examine arp tables
750 ~~~~~~~~~~~~~~~~~~~~~~~~~~
754 sudo vppctl -s /run/vpp/cli-vpp1.sock show ip arp
758 Time IP4 Flags Ethernet Interface
759 570.4092 10.10.1.1 D fa:13:55:ac:d9:50 host-vpp1out
761 Action: Examine routing table
762 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
766 sudo vppctl -s /run/vpp/cli-vpp1.sock show ip fib
770 ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
773 [@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
774 [0] [@0]: dpo-drop ip4
777 [@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
778 [0] [@0]: dpo-drop ip4
781 [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:9 to:[5:420] via:[1:84]]
782 [0] [@5]: ipv4 via 10.10.1.1 host-vpp1out: IP4: 02:fe:48:ec:d5:a7 -> fa:13:55:ac:d9:50
785 [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:7 to:[0:0]]
786 [0] [@4]: ipv4-glean: host-vpp1out
789 [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:8 to:[6:504]]
790 [0] [@2]: dpo-receive: 10.10.1.2 on host-vpp1out
793 [@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
794 [0] [@0]: dpo-drop ip4
797 [@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
798 [0] [@0]: dpo-drop ip4
801 [@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
802 [0] [@0]: dpo-drop ip4
804 Exercise: Connecting two vpp instances
805 --------------------------------------
810 ^^^^^^^^^^^^^^^^^^^^^^^^^^
812 memif is a very high performance, direct memory interface type which can
813 be used between vpp instances to form a topology. It uses a file socket
814 for a control channel to set up that shared memory.
816 .. _skills-to-be-learned-1:
819 ^^^^^^^^^^^^^^^^^^^^^^^^^^
821 You will learn the following new skill in this exercise:
823 #. Create a memif interface between two vpp instances
825 You should be able to perform this exercise with the following skills
826 learned in previous exercises:
828 #. Run a second vpp instance
829 #. Add an ip address to a vpp interface
837 .. figure:: /_images/Connecting_two_vpp_instances_with_memif.png
838 :alt: Connect two vpp topolgy
840 Connect two vpp topolgy
847 The initial state here is presumed to be the final state from the
849 Interface <VPP/Progressive_VPP_Tutorial#Exercise:_Create_an_Interface>`__
851 .. _action-running-a-second-vpp-instances-1:
853 Action: Running a second vpp instances
854 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
856 You should already have a vpp instance running named: vpp1.
858 Run a second vpp instance named: vpp2.
860 .. _action-create-memif-interface-on-vpp1-1:
862 Action: Create memif interface on vpp1
863 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
865 Create a memif interface on vpp1:
869 sudo vppctl -s /run/vpp/cli-vpp1.sock create memif id 0 master
871 This will create an interface on vpp1 memif0/0 using /run/vpp/memif as
872 its socket file. The role of vpp1 for this memif inteface is 'master'.
874 Use your previously used skills to:
876 #. Set the memif0/0 state to up.
877 #. Assign IP address 10.10.2.1/24 to memif0/0
878 #. Examine memif0/0 via show commands
880 .. _action-create-memif-interface-on-vpp2-1:
882 Action: Create memif interface on vpp2
883 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
885 We want vpp2 to pick up the 'slave' role using the same
886 run/vpp/memif-vpp1vpp2 socket file
890 sudo vppctl -s /run/vpp/cli-vpp2.sock create memif id 0 slave
892 This will create an interface on vpp2 memif0/0 using /run/vpp/memif as
893 its socket file. The role of vpp1 for this memif inteface is 'slave'.
895 Use your previously used skills to:
897 #. Set the memif0/0 state to up.
898 #. Assign IP address 10.10.2.2/24 to memif0/0
899 #. Examine memif0/0 via show commands
901 .. _action-ping-from-vpp1-to-vpp2-1:
903 Action: Ping from vpp1 to vpp2
904 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
906 Ping 10.10.2.2 from vpp1
908 Ping 10.10.2.1 from vpp2
914 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
916 In this exercise you will learn these new skills:
918 #. Add route to Linux Host routing table
919 #. Add route to vpp routing table
921 And revisit the old ones:
923 #. Examine vpp routing table
924 #. Enable trace on vpp1 and vpp2
925 #. ping from host to vpp
926 #. Examine and clear trace on vpp1 and vpp2
927 #. ping from vpp to host
928 #. Examine and clear trace on vpp1 and vpp2
930 vpp command learned in this exercise
931 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
934 add <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_ip.html#clicmd_ip_route>`__
937 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
939 .. figure:: /_images/Connecting_two_vpp_instances_with_memif.png
940 :alt: Connect two vpp topology
942 Connect two vpp topology
945 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
947 The initial state here is presumed to be the final state from the
948 exercise `Connecting two vpp
949 instances <VPP/Progressive_VPP_Tutorial#Connecting_two_vpp_instances>`__
951 Action: Setup host route
952 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
956 sudo ip route add 10.10.2.0/24 via 10.10.1.2
961 default via 10.0.2.2 dev enp0s3
962 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
963 10.10.1.0/24 dev vpp1host proto kernel scope link src 10.10.1.1
964 10.10.2.0/24 via 10.10.1.2 dev vpp1host
966 Setup return route on vpp2
967 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
971 sudo vppctl -s /run/vpp/cli-vpp2.sock ip route add 10.10.1.0/24 via 10.10.2.1
973 Ping from host through vpp1 to vpp2
974 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
976 #. Setup a trace on vpp1 and vpp2
977 #. Ping 10.10.2.2 from the host
978 #. Examine the trace on vpp1 and vpp2
979 #. Clear the trace on vpp1 and vpp2
985 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
987 #. Associate an interface with a bridge domain
988 #. Create a loopback interaface
989 #. Create a BVI (Bridge Virtual Interface) for a bridge domain
990 #. Examine a bridge domain
992 vpp command learned in this exercise
993 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
996 bridge <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_l2.html#clicmd_show_bridge-domain>`__
998 detail <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_l2.html#clicmd_show_bridge-domain>`__
1000 bridge <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_l2.html#clicmd_set_interface_l2_bridge>`__
1002 verbose <https://docs.fd.io/vpp/17.04/clicmd_src_vnet_l2.html#clicmd_show_l2fib>`__
1005 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1007 .. figure:: /_images/Switching_Topology.jpg
1008 :alt: Switching Topology
1013 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1015 Unlike previous exercises, for this one you want to start tabula rasa.
1017 Note: You will lose all your existing config in your vpp instances!
1019 To clear existing config from previous exercises run:
1023 ps -ef | grep vpp | awk '{print $2}'| xargs sudo kill
1024 sudo ip link del dev vpp1host
1025 sudo ip link del dev vpp1vpp2
1027 Action: Run vpp instances
1028 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1030 #. Run a vpp instance named **vpp1**
1031 #. Run a vpp instance named **vpp2**
1033 Action: Connect vpp1 to host
1034 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1036 #. Create a veth with one end named vpp1host and the other named
1038 #. Connect vpp1out to vpp1
1039 #. Add ip address 10.10.1.1/24 on vpp1host
1041 Action: Connect vpp1 to vpp2
1042 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1044 #. Create a veth with one end named vpp1vpp2 and the other named
1046 #. Connect vpp1vpp2 to vpp1.
1047 #. Connect vpp2vpp1 to vpp2.
1049 Action: Configure Bridge Domain on vpp1
1050 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1052 Check to see what bridge domains already exist, and select the first
1053 bridge domain number not in use:
1057 sudo vppctl -s /run/vpp/cli-vpp1.sock show bridge-domain
1061 ID Index Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
1062 0 0 off off off off off local0
1064 In the example above, there is bridge domain ID '0' already. Even though
1065 sometimes we might get feedback as below:
1069 no bridge-domains in use
1071 the bridge domain ID '0' still exists, where no operations are
1072 supported. For instance, if we try to add host-vpp1out and host-vpp1vpp2
1073 to bridge domain ID 0, we will get nothing setup.
1077 sudo vppctl -s /run/vpp/cli-vpp1.sock set int l2 bridge host-vpp1out 0
1078 sudo vppctl -s /run/vpp/cli-vpp1.sock set int l2 bridge host-vpp1vpp2 0
1079 sudo vppctl -s /run/vpp/cli-vpp1.sock show bridge-domain 0 detail
1083 show bridge-domain: No operations on the default bridge domain are supported
1085 So we will create bridge domain 1 instead of playing with the default
1088 Add host-vpp1out to bridge domain ID 1
1092 sudo vppctl -s /run/vpp/cli-vpp1.sock set int l2 bridge host-vpp1out 1
1094 Add host-vpp1vpp2 to bridge domain ID1
1098 sudo vppctl -s /run/vpp/cli-vpp1.sock set int l2 bridge host-vpp1vpp2 1
1100 Examine bridge domain 1:
1104 sudo vppctl -s /run/vpp/cli-vpp1.sock show bridge-domain 1 detail
1108 BD-ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term BVI-Intf
1109 1 1 0 off on on on on off N/A
1111 Interface If-idx ISN SHG BVI TxFlood VLAN-Tag-Rewrite
1112 host-vpp1out 1 1 0 - * none
1113 host-vpp1vpp2 2 1 0 - * none
1115 Action: Configure loopback interface on vpp2
1116 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1120 sudo vppctl -s /run/vpp/cli-vpp2.sock create loopback interface
1126 Add the ip address 10.10.1.2/24 to vpp2 interface loop0. Set the state
1127 of interface loop0 on vpp2 to 'up'
1129 Action: Configure bridge domain on vpp2
1130 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1132 Check to see the first available bridge domain ID (it will be 1 in this
1135 Add interface loop0 as a bridge virtual interface (bvi) to bridge domain
1140 sudo vppctl -s /run/vpp/cli-vpp2.sock set int l2 bridge loop0 1 bvi
1142 Add interface vpp2vpp1 to bridge domain 1
1146 sudo vppctl -s /run/vpp/cli-vpp2.sock set int l2 bridge host-vpp2vpp1 1
1148 Examine the bridge domain and interfaces.
1150 Action: Ping from host to vpp and vpp to host
1151 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1153 #. Add trace on vpp1 and vpp2
1154 #. ping from host to 10.10.1.2
1155 #. Examine and clear trace on vpp1 and vpp2
1156 #. ping from vpp2 to 10.10.1.1
1157 #. Examine and clear trace on vpp1 and vpp2
1159 Action: Examine l2 fib
1160 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1164 sudo vppctl -s /run/vpp/cli-vpp1.sock show l2fib verbose
1168 Mac Address BD Idx Interface Index static filter bvi Mac Age (min)
1169 de:ad:00:00:00:00 1 host-vpp1vpp2 2 0 0 0 disabled
1170 c2:f6:88:31:7b:8e 1 host-vpp1out 1 0 0 0 disabled
1175 sudo vppctl -s /run/vpp/cli-vpp2.sock show l2fib verbose
1179 Mac Address BD Idx Interface Index static filter bvi Mac Age (min)
1180 de:ad:00:00:00:00 1 loop0 2 1 0 1 disabled
1181 c2:f6:88:31:7b:8e 1 host-vpp2vpp1 1 0 0 0 disabled
1187 Skills to be Learned
1188 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1190 #. Abusing networks namespaces for fun and profit
1191 #. Configuring snat address
1192 #. Configuring snat inside and outside interfaces
1194 vpp command learned in this exercise
1195 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1197 #. `snat add interface
1198 address <https://docs.fd.io/vpp/17.04/clicmd_src_plugins_snat.html#clicmd_snat_add_interface_address>`__
1200 snat <https://docs.fd.io/vpp/17.04/clicmd_src_plugins_snat.html#clicmd_set_interface_snat>`__
1203 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1205 .. figure:: /_images/SNAT_Topology.jpg
1211 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1213 Unlike previous exercises, for this one you want to start tabula rasa.
1215 Note: You will lose all your existing config in your vpp instances!
1217 To clear existing config from previous exercises run:
1221 ps -ef | grep vpp | awk '{print $2}'| xargs sudo kill
1222 sudo ip link del dev vpp1host
1223 sudo ip link del dev vpp1vpp2
1225 Action: Install vpp-plugins
1226 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1228 Snat is supported by a plugin, so vpp-plugins need to be installed
1232 sudo apt-get install vpp-plugins
1234 Action: Create vpp instance
1235 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1237 Create one vpp instance named vpp1.
1239 Confirm snat plugin is present:
1243 sudo vppctl -s /run/vpp/cli-vpp1.sock show plugins
1247 Plugin path is: /usr/lib/vpp_plugins
1252 4.flowperpkt_plugin.so
1254 6.libsixrd_plugin.so
1257 Action: Create veth interfaces
1258 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1260 #. Create a veth interface with one end named vpp1outside and the other
1261 named vpp1outsidehost
1262 #. Assign IP address 10.10.1.1/24 to vpp1outsidehost
1263 #. Create a veth interface with one end named vpp1inside and the other
1264 named vpp1insidehost
1265 #. Assign IP address 10.10.2.1/24 to vpp1outsidehost
1267 Because we'd like to be able to route \*via\* our vpp instance to an
1268 interface on the same host, we are going to put vpp1insidehost into a
1271 Create a new network namespace 'inside'
1275 sudo ip netns add inside
1277 Move interface vpp1inside into the 'inside' namespace:
1281 sudo ip link set dev vpp1insidehost up netns inside
1283 Assign an ip address to vpp1insidehost
1287 sudo ip netns exec inside ip addr add 10.10.2.1/24 dev vpp1insidehost
1289 Create a route inside the netns:
1293 sudo ip netns exec inside ip route add 10.10.1.0/24 via 10.10.2.2
1295 Action: Configure vpp outside interface
1296 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1298 #. Create a vpp host interface connected to vpp1outside
1299 #. Assign ip address 10.10.1.2/24
1300 #. Create a vpp host interface connected to vpp1inside
1301 #. Assign ip address 10.10.2.2/24
1303 Action: Configure snat
1304 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1306 Configure snat to use the address of host-vpp1outside
1310 sudo vppctl -s /run/vpp/cli-vpp1.sock snat add interface address host-vpp1outside
1312 Configure snat inside and outside interfaces
1316 sudo vppctl -s /run/vpp/cli-vpp1.sock set interface snat in host-vpp1inside out host-vpp1outside
1318 Action: Prepare to Observe Snat
1319 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1321 Observing snat in this configuration is interesting. To do so, vagrant
1322 ssh a second time into your VM and run:
1326 sudo tcpdump -s 0 -i vpp1outsidehost
1328 Also enable tracing on vpp1
1330 Action: Ping via snat
1331 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1335 sudo ip netns exec inside ping -c 1 10.10.1.1
1337 Action: Confirm snat
1338 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1340 Examine the tcpdump output and vpp1 trace to confirm snat occurred.