-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add script lwaftrctl #206
Add script lwaftrctl #206
Conversation
Snippet of lwaftr virtualized performance (high peak):
|
local name = port_name(t) | ||
local NIC = name.."_NIC" | ||
local Virtio = name.."_Virtio" | ||
local vmdq = true | ||
if vmdq == nil then vmdq = true end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about this change. It's necessary that vmdq is false. Right now in master vmdq is only false if mac_address
is not set in a ports.cfg
file. Would it be possible to set a mac_address
and disable vmdq
? cc @lukego
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that will work. VMDq is the hardware feature that received packets to be dispatched across different queues based on their destination (DMAC w/ optional VLAN). I think it only makes sense to disable VMDq if you have one VM on the port that is supposed to receive all traffic. Having said that, the intel10g
module API is not a 1:1 mapping onto the hardware so it is possible that the vmdq=true
parameter has a more peculiar meaning that this.
The new configuration variables are: policy_icmpv4_incoming, policy_icmpv6_incoming, policy_icmpv4_outgoing, and policy_icmpv6_outgoing They can now only be set to ALLOW or DROP.
This allows outgoing ICMPv4 packets to be up to 576 bytes, rather than the IP header + 8 octets specified in RFC 792.
As suggested by javierguerragiraldez
The benchrun.lua accepts the number of times to execute a command, and the command itself. The command should output lines in the format: Rate: X MPPS where X is a positive number (either integer or floating point). The following calculations are made: * Minimum rate. * Maximum rate. * Average rate. * Standard error of rate. If the command outputs more than one "Rate: X MPPS" line, the statistis are done separately for each of the observed values (average of the first values, average of the second, and so on), plus an additional report with the same statistics calculated over the sums of all the observed values per each run of the command. Example usage: sudo ../tests/benchrun.lua 10 'snabb snsh apps/lwaftr/benchmark.lua ../tests/apps/lwaftr/data/binding.table \ ../tests/apps/lwaftr/data/icmp_on_fail.conf \ ../tests/apps/lwaftr/data/tcp-frominet-bound-550.pcap \ ../tests/apps/lwaftr/data/empty.pcap \ 0000:04:00.0 0000:04:00.1' Notice how the command is a single argument to the script.
This is tested with all relevant ICMPv6 types from internet IP addresses, as well as a test with implicit hairpinning. It does not update the state of the lwaftr.
LuaJIT is a dependency for Snabb, but stock Lua is not.
In particular for long-running processes it is good to provide feedback to the user so they know that things are working. This patch makes the script report the percentage done, and the current/total execution rounds, in the following format: Progress: 5% (3/10)
Closing file-like objects obtained with io.popen() is needed to ensure that the child process running at the other side of the pipe finishes its execution and the resources used by it are freed. Explicitly closing the file-like object avoid hitting the limit of opened file descriptors when the number of execution rounds is high and the GC does not kick in often enough.
This moves the benchrun.lua script with the other benchmarking tools and apps/lwaftr/end-to-end, as it is intended to be used along with them.
Some of the benchmarks do not follow the supported format when printing results (e.g. "Rate: 4.5 MPPS"). This patch relaxes the scanned format to allow different output formats, changing the format to: * The word "rate" at the beggining of the line ("Rate" is also accepted). * An options sequence of non-numeric characters. * A positive number formatted as decimal or floating point. This is the captured value. * The rest of line is discarded.
This improves the verbose TTY progress reporting, by adding the last matched result line as part of the output.
When encapsulating a IPv4 packet into IPv6, instead of removing the ethernet header of the IPv4 packet and after that append IPv6 and Ethernet headers, just prepend the necessary bits to the packet and modify the correspondent header bytes directly.
This includes: a) the smallest IPv4, and IPv4-in-IPv6 packets (54 and 94 bytes) b) 550-byte IPv4 and IPv4-in-IPv6 packets c) IPv4 packets of the same absolute size as all the IPv6 packets d) All the IPv4 packets which are encapsulated by IPv6 packets e) The 1046 and 1006 byte packets needed to average 550 bytes with the smallest
We have been seeing some latency jitter recently and we want to eliminate possible causes.
Enable busy-waiting by default in the lwaftr
This commit adds two types of NDP support: - One listens for neighbor solicitations and replies with advertisements. It is always on. - The other is implicitly on if the mac address of the next hop on the IPv6 side is not set. It sends out a request for it on start. Documentation and end-to-end tests are included.
It's been broken since the changes made right before the alpha release in October.
Removed lwstats.py
This reflects that it is not actually the MAC of a b4. It is the MAC of the next hop on the internal IPv6 network, so all B4s are reached via it.
There were two problems: a) The non-existent variable frag_status was used b) There was an assert. That is unacceptable in this context, even in unreachable code.
Changed handling of fragmentation status.
Renamed b4_mac to next_hop6_mac
This new application will generate the corresponding ICMP Echo Reply packets whenever an ICMP Echo Request packet addressed to its configured IPv4 address is detected. All other packets are forwarded to the output.
This new application will generate the corresponding ICMP Echo Reply packets whenever an ICMP Echo Request packet addressed to its configured IPv6 addresses is detected. All other packets are forwarded to the output.
This adds two ICMPEcho applications (one for ICMPv4, other for ICMPv6) which allow pinging the AFTR. The "north" ports of the application is connected to the LwAftr application, and the "south" ports (where the ICMP Echo packets are interpreted and replies generated) to the last preprocessing application, and the first postprocessing application: |-> preproc ->| |<- preproc <-| b4 | | ICMPEcho <-> LwAftr <-> ICMPEcho | | inet |<- postproc <-| (v6) (v4) |-> postproc ->|
Moving these two to the utilities module will allow reusing them to implement is_icmpv4() & is_icmpv6(), which contain an almost exact copy of the code.
Instead of duplicating the code, reuse functions is_ipv4() & is_ipv6() from the utilities module.
Instead of linking the applications manually, use the set_preprocessors() and set_postprocessors() functions to link the ports of the ICMPEcho applications. This also allows the last and first applications to be described using tables, instead of assuming that the names of the ports are always "input" and "output".
This avoids some calculations every time the these functions are called, which is good for performance as they are used in the hot path of the AFTR.
Implement applications to respond to ICMPv4 and ICMPv6 echo requests
e587f8c55 Merge pull request #225 from vavrusa/master 5ea3a881e bpf: add missing constants for linux 4.10 - 4.15 2c691e5a7 Merge pull request #224 from wingo/lseek-syscall-tweak ae38bdbd7 Make "offset" arg to lseek a signed integer 5cb3b6950 Merge pull request #221 from wingo/util-ls-fix 8e0874609 Promptly close util.ls() dir fd; fix bug with deleted entries 277517436 Merge pull request #220 from sileht/master 8e48fd094 linux/nl.lua: Use ndmsg struct instead of rtmsg for neighbors 3e482bc4e Merge pull request #215 from qsn/gettid 57520cce3 expose gettid db1a88e94 Merge pull request #214 from jsitnicki/sof-flags-linux 270a6e611 Add missing type for struct scm_timestamping for Linux e49232047 Add missing SCM_* constants for Linux timestamping API 60fcc6b48 Add constants for SOF_* flags for Linux 26ac34851 Merge pull request #210 from alexandergall/linux-if-ioctls 3e6d3e27c Merge pull request #211 from fperrad/deb d425a22b2 dummy changelog b27eca538 update .gitignore 92292aa4b debian files be257a7e1 debian files generated by lua-create-gitbuildpackage-layout 50a02b94b Add some SIOC{G,S}IF* ioctls for Linux ee90324 Merge pull request #209 from justincormack/osx_clock ee17863 Add CLOCK_ constants for OSX 178d244 Merge pull request #208 from justincormack/holes 61450f5 Add SEEK_DATA and SEEK_HOLE constants 9a7b584 Add memfd fnctl sealing support 99beaf5 more test fixes for memfd cc221e4 fix ctest for new fcntl changes, typowq 56c4c76 fix ctest for new fcntl changes 96073cc fix typo 7a73e8a Add more constants for fcntl, memfd 8d3034c Fix ppc64le syscall numbers for newer calls 62828f6 Merge pull request #206 from johnae/master c4002b6 The spook project is using ljsyscall. 0b266e8 Merge pull request #205 from lukego/close-fd-safely ad91aa9 Add more protection against fd double-close c8baf9e Merge pull request #202 from justincormack/dockerignore 66843c5 Use dockerignore to simplify Dockerfile 7b7211d Merge pull request #200 from justincormack/redo-dockerfile a779caa Docker Cloud does not start processes at priority 0, remove from test b85382d Rework Dockerfile and tests 24f7789 Merge pull request #199 from vavrusa/master 2ecf486 linux/constants: added new BPF map and prog types 00c1949 use Alpine 3.4 for docker build 0bcafc6 Merge pull request #196 from kbara/removecunused a4217a8 Merge pull request #195 from kbara/fixgetcpu ee67430 Remove unused variables from c.lua 4b2e0b2 Fix getcpu: the cpu argument was incorrectly given the node variable previously 214550a update changelog and rockspec for 0.12 release 21f3fd8 Merge pull request #192 from vavrusa/master 0da437f linux/bpf_prog_load: support custom kernel builds 9981190 fix missing vhangup f245114 Merge pull request #191 from vavrusa/linux-perf-open 93558c1 linux: added support for tracing/performance counters 0511fb8 Merge pull request #190 from vavrusa/master 1f141ca linux: added new constants (e.g. attach BPF to socket) 36274f3 linux/bpf: added strflag support 4fd3bd6 Merge pull request #189 from vavrusa/master aaa89cb linux: added support for eBPF e095295 linux: added new syscall numbers (up to __nr_bpf) 1e079c4 test calls container so just needs file to run d92625e define a docker compose test 5f14711 Merge pull request #188 from aperezdc/fix-if-nameindex 8915a83 Close socket immediately after error in if_nametoindex() 96c0286 use addons for travis, as learned at fosdem 71241e0 update changelog for unreleased changes 559b499 ignore audit arch constant 5d867d3 new architectures do not have open, will use openat 49d9ff9 test issues with new constants 7cd460e aarch64 audit constants for seccomp 6249e99 more docker examples dd00af9 rockspec fix d20033b rockspec for new release fb17244 update copyright years 9d87597 more Changelog tweaks before release 53856b0 typo 1881526 sometimes winsz is 0, eg if terminal not set up ab0c08d add error message a1c207e update Changelog for forthcoming 0.11 release ce12fb2 addDocker hub to README 602a2b3 fix osx fstatat to use 32 bit stat type, as cannot find how to call to get 64 bit one 8a0a6ad Now have arm machines with working seccomp d14bd38 Appears that setting maac address on lo often works 6e878a1 remove debug print from test 30e9b5b allow skip on EPERM for adjtimex bff3e90 Add strace in Docker image for convenient debugging e67fa31 Use alpine 3.3 for Docker 5148bc3 fix ipv6 tests 185c1a6 more failures with no ipv6 98cc9a2 more fixes for ipv4 only environments for netlink tests 248a935 fix bind errors in environments that do not support ipv6 0eacd64 clean up travis file 5fb71b6 switch to newer Ubuntu in travis 8235724 fix more constant checks not in headers 8dff4ef constants missing on travis db51b08 update Changelog 7540b04 add new rtnetlink values, so tests work under docker 22604b8 remove test that fails in some environments d431693 fix waitid test under docker 1595b7d fix swap test under docker 321fdd2 Now an alpine package available 984b533 Add Dockerfile, fix some of the tests that made unreasonable assumptions 9aeff88 recent osx has *at functions 18cd829 better handling for xattr errors b6bb892 freebsd 11 now has utimensat 7065b0d on freebsd/zfs chflags will fail, skip git-subtree-dir: lib/ljsyscall git-subtree-split: e587f8c55aad3955dddab3a4fa6c1968037b5c6e
This script eases the process of running the lwaftr from within a VM. To run lwaftr virtualized is necessary to go through the following steps:
The lwaftr is run inside the VM using the virtio_net driver.
Once the lwaftr is running, it should be possible to send packets to and from the guest. Run the "snabb-lwaftr transient" from within the host for testing purposes.
The script exposes the following commands to ease this process:
A file lwaftrctl.conf, containing all the necessary parameters, must exist within the same folder the lwaftrctl command is run. See lwaftrctl.conf.example.
It is also necessary to create user VM_USER in the VM. This user must be in the list of sudoers. It is necessary to create a script "run_lwaftr.sh" in VM_USER home. See run_lwaftr.sh.example.