1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
#!/bin/bash
#
# 5-tuple classified chain setup with two-directions traffic combined and default routes announced at
# intermediate hops (Ingress VRF between hops configured to statically announce a 0.0.0.0/0)
#
# This script will setup network namespaces SVM1 ("service VM1") and SVM2 so that
# traffic between net1 (to which VM1 is attached) and net2 (to which VM2 is attached)
# goes through SMV1 and SVM2 based on a 5-tuple classification:
#
# |-------|
# |-| SVM20 | \
# destination | |-------| |
# port 80 | |
# -------------> |------| | |-------| | ------------->
# VM1-------net1 | SVM1 |--|-| SVM21 | > net2-----VM2
# .1 11.0.0 <------------- |------| | |-------| | <------------- 12.0.0 .1
# | | source
# | |-------| | port 80
# |-| SVM22 | /
# |-------|
#
# Route targets....
#
# net1: :1
# net2: :2
#
# - chain for traffic from net1 to net2:
# hop12_0: first hop: net1 to SVM1
# hop12_1: second hop: SVM1 to SVM2
as=64512
hop12_0=$as:120
hop12_1=$as:121
##
## - chain for traffic from net2 to net1:
## hop21_0: first hop: net2 to SVM2
## hop21_1: second hop: SVM2 to SVM1
hop21_0=$as:210
hop21_1=$as:211
##
## - traffic from net1 to net2 redirection to chain based on a classifier:
## hop_redirect: redirect hop
redirect_hop12_0=$as:300
redirect_hop21_0=$as:400
source $(dirname $0)/generic-functions
clean_start
clean_netns_all net1vm1 svm1 svm2 net2vm2
##
## VM1: sur A
##
## [netns:net1vm1][tovpn]---[to-vm1][vrf:net1vm1]
##
r_a bagpipe-rest-attach --attach --port netns:to-vm1 --network-type ipvpn --vpn-instance-id net1vm1 --ip 11.0.0.1 --rt $as:1 --import-rt $hop12_0
## SVM1: sur B
##
## [vrf:x1][if:to-svm1-x1]---[x1][netns:svm1][h0]---[to-svm1-h0][vrf:h01]
##
##
## x1:100.0.0.0/24
## h01:30.0.0.0/24
## h02:40.0.0.0/24
## x2:200.0.0.0/24
## attach x1 and configure vrf:x1 to attract traffic destined for TCP port 80:
##
## [vrf:net1vm1]--->[vrf:redirect_hop12_0]
r_b bagpipe-rest-attach --attach --port netns:to-svm1-x1 --network-type ipvpn --vpn-instance-id x1 --ip 100.0.0.1/24 --netns svm1 --if2vpn x1 \
--import $as:1 \
--readv-from-rt $as:2 --readv-to-rt $redirect_hop12_0 \
--redirect-rt $hop12_0 --destination-port 80
## attach h0:
r_b bagpipe-rest-attach --attach --port netns:to-svm1-h0 --mac 52:54:00:99:99:99 --network-type ipvpn --vpn-instance-id h01 --ip 30.0.0.1/24 --netns svm1 --if2vpn h0 \
--import-rt $hop12_1 \
r_b bagpipe-rest-attach --attach --port to-svm1-h0 --mac 52:54:00:99:99:99 --network-type ipvpn --vpn-instance-id h01 --ip 0.0.0.0/0 --advertise-subnet --export-rt $hop21_1 --import-rt $hop12_1
r_b ./setup-cross-routing svm1 x1 100.0.0.254 h0 30.0.0.254
## SVM2x: sur A
#
## SVM22
# [vrf:h02][to-svm22-h0]---[h0][netns:svm22][x2]---[if:to-svm22-x2][vrf:x2]
## attach h0:
r_a bagpipe-rest-attach --attach --port netns:to-svm22-h0 --mac 52:54:22:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.3/24 --netns svm22 --if2vpn h0 \
--import-rt $hop21_1
r_a bagpipe-rest-attach --attach --port to-svm22-h0 --mac 52:54:22:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--export-rt $hop12_1 --import-rt $hop21_1 \
--lb-consistent-hash-order 2
## attach x2:
r_a bagpipe-rest-attach --attach --port netns:to-svm22-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.3/24 --netns svm22 --if2vpn x2 \
--import $as:2 \
--readv-from-rt $as:1 --readv-to-rt $redirect_hop21_0 \
--redirect-rt $hop21_0 --source-port 80 \
--lb-consistent-hash-order 2
r_a ./setup-cross-routing svm22 x2 200.0.0.254 h0 40.0.0.254
## SVM21
# [vrf:h02][to-svm21-h0]---[h0][netns:svm21][x2]---[if:to-svm21-x2][vrf:x2]
## attach h0:
r_a bagpipe-rest-attach --attach --port netns:to-svm21-h0 --mac 52:54:21:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.2/24 --netns svm21 --if2vpn h0 \
--import-rt $hop21_1
r_a bagpipe-rest-attach --attach --port to-svm21-h0 --mac 52:54:21:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--export-rt $hop12_1 --import-rt $hop21_1 \
--lb-consistent-hash-order 1
## attach x2:
r_a bagpipe-rest-attach --attach --port netns:to-svm21-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.2/24 --netns svm21 --if2vpn x2 \
--import $as:2 \
--readv-from-rt $as:1 --readv-to-rt $redirect_hop21_0 \
--redirect-rt $hop21_0 --source-port 80 \
--lb-consistent-hash-order 1
r_a ./setup-cross-routing svm21 x2 200.0.0.254 h0 40.0.0.254
## SVM20
# [vrf:h02][to-svm20-h0]---[h0][netns:svm20][x2]---[if:to-svm20-x2][vrf:x2]
## attach h0:
r_a bagpipe-rest-attach --attach --port netns:to-svm20-h0 --mac 52:54:20:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.1/24 --netns svm20 --if2vpn h0 \
--import-rt $hop21_1
r_a bagpipe-rest-attach --attach --port to-svm20-h0 --mac 52:54:20:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--export-rt $hop12_1 --import-rt $hop21_1 \
--lb-consistent-hash-order 0
## attach x2:
r_a bagpipe-rest-attach --attach --port netns:to-svm20-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.1/24 --netns svm20 --if2vpn x2 \
--import $as:2 \
--readv-from-rt $as:1 --readv-to-rt $redirect_hop21_0 \
--redirect-rt $hop21_0 --source-port 80 \
--lb-consistent-hash-order 0
r_a ./setup-cross-routing svm20 x2 200.0.0.254 h0 40.0.0.254
## VM2: sur B
##
r_b bagpipe-rest-attach --attach --port netns:to-vm2 --network-type ipvpn --vpn-instance-id net2vm2 --ip 12.0.0.1 --rt $as:2 --import-rt $hop21_0
#
# Test
#
wait_ready
## Attended result: 100% packet loss
r_a ip netns exec net1vm1 ping 12.0.0.1 -c 5 -W 1
## Attended result: Connection to 12.0.0.1 80 port [tcp/http] succeeded!
r_b ip netns exec net2vm2 screen -m -d "sh -c \"echo -n '\\n\\n---- SUCCESS !!! ----\\n\\n' | nc -l -p 80 -q 1\""
r_a ip netns exec net1vm1 nc -nv 12.0.0.1 80
sleep 5
r_b ip netns exec net2vm2 screen -m -d "sh -c \"echo -n '\\n\\n---- SUCCESS !!! ----\\n\\n' | nc -l -p 80 -q 1\""
r_a ip netns exec net1vm1 nc -nv 12.0.0.1 80
sleep 5
r_b ip netns exec net2vm2 screen -m -d "sh -c \"echo -n '\\n\\n---- SUCCESS !!! ----\\n\\n' | nc -l -p 80 -q 1\""
r_a ip netns exec net1vm1 nc -nv 12.0.0.1 80
r_a bagpipe-looking-glass vpns instances net1vm1 dataplane flows
r_a bagpipe-looking-glass vpns instances redirect-to-ipvpn-64512_300 dataplane flows
r_b bagpipe-looking-glass vpns instances x1 dataplane flows
r_b bagpipe-looking-glass vpns instances h01 dataplane flows
r_a bagpipe-looking-glass vpns instances h02 dataplane flows
r_a bagpipe-looking-glass vpns instances x2 dataplane flows
r_b bagpipe-looking-glass vpns instances redirect-to-ipvpn-64512_400 dataplane flows
r_b bagpipe-looking-glass vpns instances net2vm2 dataplane flows
r_b bagpipe-rest-attach --detach --port netns:to-svm1-x1 --network-type ipvpn --vpn-instance-id x1 --ip 100.0.0.1/24 --netns svm1 --if2vpn x1
r_b bagpipe-rest-attach --detach --port to-svm1-h0 --mac 52:54:00:99:99:99 --network-type ipvpn --vpn-instance-id h01 --ip 0.0.0.0/0 --advertise-subnet
r_b bagpipe-rest-attach --detach --port netns:to-svm1-h0 --mac 52:54:00:99:99:99 --network-type ipvpn --vpn-instance-id h01 --ip 30.0.0.1/24 --netns svm1 --if2vpn h0
r_a bagpipe-rest-attach --detach --port to-svm20-h0 --mac 52:54:20:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--lb-consistent-hash-order 0
r_a bagpipe-rest-attach --detach --port netns:to-svm20-h0 --mac 52:54:20:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.1/24 --netns svm20 --if2vpn h0
r_a bagpipe-rest-attach --detach --port netns:to-svm20-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.1/24 --netns svm20 --if2vpn x2 \
--lb-consistent-hash-order 0
r_a bagpipe-rest-attach --detach --port to-svm22-h0 --mac 52:54:22:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--lb-consistent-hash-order 2
r_a bagpipe-rest-attach --detach --port netns:to-svm22-h0 --mac 52:54:22:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.3/24 --netns svm20 --if2vpn h0
r_a bagpipe-rest-attach --detach --port netns:to-svm22-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.3/24 --netns svm22 --if2vpn x2 \
--lb-consistent-hash-order 2
r_a bagpipe-rest-attach --detach --port to-svm21-h0 --mac 52:54:21:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 0.0.0.0/0 --advertise-subnet \
--lb-consistent-hash-order 1
r_a bagpipe-rest-attach --detach --port netns:to-svm21-h0 --mac 52:54:21:99:99:99 --network-type ipvpn --vpn-instance-id h02 --ip 40.0.0.2/24 --netns svm21 --if2vpn h0
r_a bagpipe-rest-attach --detach --port netns:to-svm21-x2 --network-type ipvpn --vpn-instance-id x2 --ip 200.0.0.2/24 --netns svm21 --if2vpn x2 \
--lb-consistent-hash-order 1
r_a bagpipe-looking-glass vpns instances
r_b bagpipe-looking-glass vpns instances
r_both bagpipe-looking-glass logs
clean_stop
|
