VYOS-VPP: различия между версиями
Dima (обсуждение | вклад) Нет описания правки |
Нет описания правки |
||
| Строка 116: | Строка 116: | ||
show acl-plugin acl | show acl-plugin acl | ||
<nowiki>#########################################################################################</nowiki> | |||
<nowiki>###</nowiki> пример лога vpp контейнера | |||
[INFO ] root.main: Loading configfile /etc/vpp/netplan/netplan.yaml | |||
[INFO ] vppcfg.config.valid_config: Configuration validated successfully | |||
[INFO ] root.main: Configuration is valid | |||
[INFO ] vppcfg.vppapi.connect: VPP version is 24.02-release | |||
[INFO ] vppcfg.reconciler.write: Wrote 46 lines to /etc/vpp/applynetplan.yaml | |||
[INFO ] root.main: Planning succeeded | |||
api_response => lcp_itf_pair_get [] | |||
111111111111111111 create sub data1 109 dot1q 109 exact-match | |||
111111111111111111 create sub data1 110 dot1q 110 exact-match | |||
111111111111111111 create sub data1 10 dot1q 10 exact-match | |||
create loopback interface instance 110 | |||
linux-cp/itf [debug ]: mtu_change: sw loop110 0 | |||
linux-cp/itf [debug ]: mtu_change: si loop110 hi loop110, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi loop110 | |||
loop110 | |||
linux-cp/itf [debug ]: interface_add: sw data1.109 parent data1 | |||
data1.109 | |||
linux-cp/itf [debug ]: interface_add: sw data1.110 parent data1 | |||
data1.110 | |||
linux-cp/itf [debug ]: interface_add: sw data1.10 parent data1 | |||
data1.10 | |||
bridge-domain 10 | |||
bridge-domain 109 | |||
bridge-domain 110 | |||
linux-cp/itf [debug ]: mtu_change: sw tap4 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap4 hi tap4, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.109 | |||
linux-cp/itf [info ]: pair create: {loop10, tap4, vlaneth0} | |||
linux-cp/itf [info ]: add: host:tap4 phy:loop10, host_if:vlaneth0 vif:7 ns:ngfw | |||
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw | |||
linux-cp/itf [info ]: pair create: itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw sw-flags 0 hw-flags 1 | |||
linux-cp/itf [debug ]: admin_state_change: sw tap4 1 | |||
linux-cp/itf [debug ]: mtu_change: sw tap5 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap5 hi tap5, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.110 | |||
linux-cp/itf [info ]: pair create: {loop109, tap5, vlaneth99} | |||
linux-cp/itf [info ]: add: host:tap5 phy:loop109, host_if:vlaneth99 vif:8 ns:ngfw | |||
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw | |||
linux-cp/itf [info ]: pair create: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw sw-flags 0 hw-flags 1 | |||
linux-cp/itf [debug ]: admin_state_change: sw tap5 1 | |||
linux-cp/itf [debug ]: mtu_change: sw tap6 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap6 hi tap6, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.10 | |||
linux-cp/itf [info ]: pair create: {loop110, tap6, vlaneth100} | |||
linux-cp/itf [info ]: add: host:tap6 phy:loop110, host_if:vlaneth100 vif:9 ns:ngfw | |||
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw | |||
linux-cp/itf [info ]: pair create: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw sw-flags 0 hw-flags 1 | |||
linux-cp/itf [debug ]: admin_state_change: sw tap6 1 | |||
linux-cp/itf [debug ]: mtu_change: sw data1 0 | |||
linux-cp/itf [debug ]: mtu_change: si data1 hi data1, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1 | |||
linux-cp/itf [debug ]: mtu_change: sw data1.10 0 | |||
linux-cp/itf [debug ]: mtu_change: sw data1.110 0 | |||
linux-cp/itf [debug ]: mtu_change: sw data1.109 0 | |||
linux-cp/itf [debug ]: mtu_change: sw data2 0 | |||
linux-cp/itf [debug ]: mtu_change: si data2 hi data2, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data2 | |||
linux-cp/itf [debug ]: mtu_change: sw host-http1out 0 | |||
linux-cp/itf [debug ]: mtu_change: si host-http1out hi host-http1out, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi host-http1out | |||
linux-cp/itf [debug ]: mtu_change: sw loop10 0 | |||
linux-cp/itf [debug ]: mtu_change: si loop10 hi loop10, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi loop10 | |||
linux-cp/itf [info ]: sync_state: itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500 | |||
linux-cp/itf [debug ]: mtu_change: sw tap4 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap4 hi tap4, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.109 | |||
linux-cp/itf [debug ]: mtu_change: sw loop109 0 | |||
linux-cp/itf [debug ]: mtu_change: si loop109 hi loop109, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi loop109 | |||
linux-cp/itf [info ]: sync_state: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500 | |||
linux-cp/itf [debug ]: mtu_change: sw tap5 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap5 hi tap5, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.110 | |||
linux-cp/itf [debug ]: mtu_change: sw loop110 0 | |||
linux-cp/itf [debug ]: mtu_change: si loop110 hi loop110, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi loop110 | |||
linux-cp/itf [info ]: sync_state: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500 | |||
linux-cp/itf [debug ]: mtu_change: sw tap6 0 | |||
linux-cp/itf [debug ]: mtu_change: si tap6 hi tap6, syncing children | |||
linux-cp/itf [debug ]: sync_state_hw: hi data1.10 | |||
linux-cp/itf [debug ]: ip4_addr_add: si:loop109 172.16.99.1/24 | |||
linux-cp/itf [debug ]: ip4_addr_add: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw ip4 172.16.99.1/24 | |||
linux-cp/itf [debug ]: ip4_addr_add: si:loop110 172.16.100.1/24 | |||
linux-cp/itf [debug ]: ip4_addr_add: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw ip4 172.16.100.1/24 | |||
linux-cp/itf [debug ]: admin_state_change: sw data1 1 | |||
<nowiki>###</nowiki> пример конфигурации vpp | |||
<nowiki>##</nowiki> sudo podman exec vpp vppctl show int | |||
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count | |||
data1 1 up 1500/0/0/0 tx-error 40 | |||
data1.109 7 up 1500/0/0/0 | |||
data1.110 8 up 1500/0/0/0 | |||
data1.10 9 up 1500/0/0/0 | |||
data2 2 up 1500/0/0/0 tx packets 13 | |||
tx bytes 1086 | |||
host-http1out 3 up 1500/0/0/0 rx packets 4 | |||
rx bytes 280 | |||
drops 4 | |||
ip6 4 | |||
local0 0 down 0/0/0/0 | |||
loop109 5 up 1500/0/0/0 tx packets 26 | |||
tx bytes 2172 | |||
drops 13 | |||
tx-error 1 | |||
loop10 4 up 1500/0/0/0 tx packets 26 | |||
tx bytes 2172 | |||
drops 13 | |||
tx-error 1 | |||
loop110 6 up 1500/0/0/0 tx packets 28 | |||
tx bytes 2352 | |||
drops 14 | |||
tap4 10 up 1500/0/0/0 rx packets 13 | |||
rx bytes 1046 | |||
drops 1 | |||
ip6 13 | |||
tap5 11 up 1500/0/0/0 rx packets 13 | |||
rx bytes 1046 | |||
drops 1 | |||
ip6 13 | |||
tap6 12 up 1500/0/0/0 rx packets 13 | |||
rx bytes 1046 | |||
ip6 13 | |||
Версия от 19:24, 5 июня 2025
#########################################################################################
test web server (для проверки работы vyos)
while true; do { echo -e 'HTTP/1.1 200 OK\r\nContent-Length: 13\r\n\r\nHello, World!'; } | nc -l 8081; done
надо будет еще ядро перенастраивать (но пока рано)
sudo grub-probe --device /dev/sda3
это мое !
podman cp /home/vyos/vpp.conf vpp:/config/vpp.conf
конфигурирование podman
sudo nano /etc/containers/containers.conf
dns_bind_port=54
sudo chattr +i /etc/containers/containers.conf
#########################################################################################
порядок биндинья карт
1) серевые карты VPP долюжы быть переведены в down (ip l set state eth1 down)
2) вклчаем драйвер
sudo modprobe vfio-pci
3) потом делаем бинд
так можно но не получилось т.к. с iommq проблемы
sudo echo "0000:00:12.0" > /sys/bus/pci/drivers/virtio-pci/bind
делал так:
качал dpdk c github
cd /home/vyos/dpdk-24.11/usertools
python3 dpdk-devbind.py -b vfio-pci 0000:03:00.0 --noiommu-mode
перечень карт можно увидеть
lspci | grep Eth
#########################################################################################
запуск vpp (далее сделаем через podman-compose) тут порядок в куче
ip l set dev eth1 down
ip l set dev eth2 down
modprobe vfio-pci
python3 dpdk-devbind.py -b vfio-pci 0000:03:00.0 --noiommu-mode
python3 dpdk-devbind.py -b vfio-pci 0000:03:00.1 --noiommu-mode
создание ngfw пространства имен
ip netns add ngfw
podman rm vpp -f
создание host interface
ip netns exec ngfw bash
ip link add name http1out type veth peer name http1host
ip link set dev http1out up
ip link set dev http1host up
ip addr add 10.10.10.10/24 dev http1host
ip addr show http1host
podman run -d --name vpp --network host --privileged --restart always --ulimit core=0:0 --shm-size 4g --volume /var/run/netns:/var/run/netns --volume /var/vpp/netplan:/etc/vpp/netplan --volume /var/log:/var/log --volume /var:/config/shared --env-file /config/vpp/env docker-archive:/home/vyos/vpp-image.tar
vpp:
create host-interface name http1out
set interface state host-http1out up
podman cp /home/vyos/vpp.conf vpp:/config/vpp.conf
podman restart vpp
назначаем адрес для теста (data2 в бридже loop10)
podman exec -it vpp vppctl
set interface ip address loop10 10.1.100.125/24
show int addr
#########################################################################################
########## enode on podman -----------------------------
включение разрешений для podman
set nat source rule 100 source address '10.88.0.0/16'
set nat source rule 100 translation address 'masquerade'
commit
save
для traefik нуже сервис podman api
podman system service -t 0 unix:///run/user/1000/podman/podman.sock &
vyos|vyos
sudo podman exec -it vpp vppctl
show acl-plugin acl
#########################################################################################
### пример лога vpp контейнера
[INFO ] root.main: Loading configfile /etc/vpp/netplan/netplan.yaml
[INFO ] vppcfg.config.valid_config: Configuration validated successfully
[INFO ] root.main: Configuration is valid
[INFO ] vppcfg.vppapi.connect: VPP version is 24.02-release
[INFO ] vppcfg.reconciler.write: Wrote 46 lines to /etc/vpp/applynetplan.yaml
[INFO ] root.main: Planning succeeded
api_response => lcp_itf_pair_get []
111111111111111111 create sub data1 109 dot1q 109 exact-match
111111111111111111 create sub data1 110 dot1q 110 exact-match
111111111111111111 create sub data1 10 dot1q 10 exact-match
create loopback interface instance 110
linux-cp/itf [debug ]: mtu_change: sw loop110 0
linux-cp/itf [debug ]: mtu_change: si loop110 hi loop110, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi loop110
loop110
linux-cp/itf [debug ]: interface_add: sw data1.109 parent data1
data1.109
linux-cp/itf [debug ]: interface_add: sw data1.110 parent data1
data1.110
linux-cp/itf [debug ]: interface_add: sw data1.10 parent data1
data1.10
bridge-domain 10
bridge-domain 109
bridge-domain 110
linux-cp/itf [debug ]: mtu_change: sw tap4 0
linux-cp/itf [debug ]: mtu_change: si tap4 hi tap4, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.109
linux-cp/itf [info ]: pair create: {loop10, tap4, vlaneth0}
linux-cp/itf [info ]: add: host:tap4 phy:loop10, host_if:vlaneth0 vif:7 ns:ngfw
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw
linux-cp/itf [info ]: pair create: itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw sw-flags 0 hw-flags 1
linux-cp/itf [debug ]: admin_state_change: sw tap4 1
linux-cp/itf [debug ]: mtu_change: sw tap5 0
linux-cp/itf [debug ]: mtu_change: si tap5 hi tap5, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.110
linux-cp/itf [info ]: pair create: {loop109, tap5, vlaneth99}
linux-cp/itf [info ]: add: host:tap5 phy:loop109, host_if:vlaneth99 vif:8 ns:ngfw
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw
linux-cp/itf [info ]: pair create: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw sw-flags 0 hw-flags 1
linux-cp/itf [debug ]: admin_state_change: sw tap5 1
linux-cp/itf [debug ]: mtu_change: sw tap6 0
linux-cp/itf [debug ]: mtu_change: si tap6 hi tap6, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.10
linux-cp/itf [info ]: pair create: {loop110, tap6, vlaneth100}
linux-cp/itf [info ]: add: host:tap6 phy:loop110, host_if:vlaneth100 vif:9 ns:ngfw
linux-cp/mpls-sync [debug ]: pair_add_cb: mpls enabled 0, parent itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw
linux-cp/itf [info ]: pair create: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw sw-flags 0 hw-flags 1
linux-cp/itf [debug ]: admin_state_change: sw tap6 1
linux-cp/itf [debug ]: mtu_change: sw data1 0
linux-cp/itf [debug ]: mtu_change: si data1 hi data1, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1
linux-cp/itf [debug ]: mtu_change: sw data1.10 0
linux-cp/itf [debug ]: mtu_change: sw data1.110 0
linux-cp/itf [debug ]: mtu_change: sw data1.109 0
linux-cp/itf [debug ]: mtu_change: sw data2 0
linux-cp/itf [debug ]: mtu_change: si data2 hi data2, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data2
linux-cp/itf [debug ]: mtu_change: sw host-http1out 0
linux-cp/itf [debug ]: mtu_change: si host-http1out hi host-http1out, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi host-http1out
linux-cp/itf [debug ]: mtu_change: sw loop10 0
linux-cp/itf [debug ]: mtu_change: si loop10 hi loop10, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi loop10
linux-cp/itf [info ]: sync_state: itf-pair: [0] loop10 tap4 vlaneth0 7 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500
linux-cp/itf [debug ]: mtu_change: sw tap4 0
linux-cp/itf [debug ]: mtu_change: si tap4 hi tap4, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.109
linux-cp/itf [debug ]: mtu_change: sw loop109 0
linux-cp/itf [debug ]: mtu_change: si loop109 hi loop109, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi loop109
linux-cp/itf [info ]: sync_state: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500
linux-cp/itf [debug ]: mtu_change: sw tap5 0
linux-cp/itf [debug ]: mtu_change: si tap5 hi tap5, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.110
linux-cp/itf [debug ]: mtu_change: sw loop110 0
linux-cp/itf [debug ]: mtu_change: si loop110 hi loop110, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi loop110
linux-cp/itf [info ]: sync_state: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw flags 0 sup-flags 0 mtu 1500 sup-mtu 1500
linux-cp/itf [debug ]: mtu_change: sw tap6 0
linux-cp/itf [debug ]: mtu_change: si tap6 hi tap6, syncing children
linux-cp/itf [debug ]: sync_state_hw: hi data1.10
linux-cp/itf [debug ]: ip4_addr_add: si:loop109 172.16.99.1/24
linux-cp/itf [debug ]: ip4_addr_add: itf-pair: [1] loop109 tap5 vlaneth99 8 type tap netns ngfw ip4 172.16.99.1/24
linux-cp/itf [debug ]: ip4_addr_add: si:loop110 172.16.100.1/24
linux-cp/itf [debug ]: ip4_addr_add: itf-pair: [2] loop110 tap6 vlaneth100 9 type tap netns ngfw ip4 172.16.100.1/24
linux-cp/itf [debug ]: admin_state_change: sw data1 1
### пример конфигурации vpp
## sudo podman exec vpp vppctl show int
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
data1 1 up 1500/0/0/0 tx-error 40
data1.109 7 up 1500/0/0/0
data1.110 8 up 1500/0/0/0
data1.10 9 up 1500/0/0/0
data2 2 up 1500/0/0/0 tx packets 13
tx bytes 1086
host-http1out 3 up 1500/0/0/0 rx packets 4
rx bytes 280
drops 4
ip6 4
local0 0 down 0/0/0/0
loop109 5 up 1500/0/0/0 tx packets 26
tx bytes 2172
drops 13
tx-error 1
loop10 4 up 1500/0/0/0 tx packets 26
tx bytes 2172
drops 13
tx-error 1
loop110 6 up 1500/0/0/0 tx packets 28
tx bytes 2352
drops 14
tap4 10 up 1500/0/0/0 rx packets 13
rx bytes 1046
drops 1
ip6 13
tap5 11 up 1500/0/0/0 rx packets 13
rx bytes 1046
drops 1
ip6 13
tap6 12 up 1500/0/0/0 rx packets 13
rx bytes 1046
ip6 13