Is there some guide for container sfc scenario?

[Won]

Hi all,

I want to test the SFC of the container using NSM.

I configured the NSM for the test and succeeded in the imp and vpn tests in the Quick Guide.

Is it possible to test inter container sfc through NSM?

If so, would there be some guide to test it?

Thanks,

Won

[Nikolay Nikolaev]

Hey Won,

the VPN example by itself is an SFC of sorts as it already includes a "chain" of several containers.

I can point you to our `networkservicemesh/examples` repo and more specifically this: https://github.com/networkservicemesh/examples/tree/master/examples/packet-filtering. This specific code is something we're using in the CNCF CNF Testbed initiative: https://github.com/cncf/cnf-testbed/blob/master/docs/Deploy_K8s_CNF_Testbed.md#run-nsm-packet-filtering-example

There are two major concepts you need to understand before you try to implement your own service composition (we deliberately avoid 'chaining' as it is loaded with meanings already):

 - Endpoints expose themselves as services and label themselves. Say you have Endpoint1 implement service: Foo, Label: Bar and Endpoint2 implements service: Foo, Label: Baz.

 - The client may request the service optionally labelling its request. Say Client requesting service: Foo with label Bar

 - then if you want service composition your container with Endpoint1 will have to implement Client2 which will request service: Foo with Label:Baz.

Then your composed service will look like:

 [Client]---Bar--->[Endpoint1 | Client1 ]---Baz--->[Endpoint2]

Note that Enpoint1 and Client1 are implemented in the same container. So expect from you deployment files you also need to add a NetworkService file where you define your "routing":

---

apiVersion: networkservicemesh.io/v1alpha1

kind: NetworkService

metadata:

name: Foo

spec:

payload: IP

matches:

- match:

sourceSelector:

app: Bar

route:

- destination:

destinationSelector:

app: Bar

- match:

sourceSelector:

app: Baz

route:

- destination:

destinationSelector:

app: Baz

`sourceSelector` matches the Client requests labels and the `destinationSelector` matches Emndpoint service self labeling. You can browse `networkservicemesh/examples` to get a betetr feeling of how this works.

Hope this helps.

Ans we definitely need this process better documented :)

Nikolay

[Won]

Thank you for your answer.

I have a problem performing test examples.

The first problem is, I succeeded in deploy ICMP examples, but an error occurs in the ping test.

alpine-nsc pods and icmp-responder pods are running without error.

root@ubuntu:~/networkservicemesh# kubectl exec -it -n nsm-system alpine-nsc-d956564ff-h4gf8 -- ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue state UP

    link/ether a2:e2:34:d0:98:3f brd ff:ff:ff:ff:ff:ff

    inet 10.32.0.8/12 brd 10.47.255.255 scope global eth0

       valid_lft forever preferred_lft forever

28: nsm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000

    link/ether 42:4d:47:41:d4:37 brd ff:ff:ff:ff:ff:ff

    inet 10.20.1.5/30 brd 10.20.1.7 scope global nsm0

       valid_lft forever preferred_lft forever

alpine-nsc pod get nsm interface(10.20.1.*) but ping test fail

make k8s-check

===== >>>>> PROCESSING alpine-nsc-d956564ff-h4gf8  <<<<< ===========

PING 10.20.1.6 (10.20.1.6): 56 data bytes

--- 10.20.1.6 ping statistics ---

1 packets transmitted, 0 packets received, 100% packet loss

command terminated with exit code 1

NSC alpine-nsc-d956564ff-h4gf8 with IP 10.20.1.5/30 pinging icmp-responder-nse TargetIP: 10.20.1.6 unsuccessful

+++++++==ERROR==ERROR=============================================================================+++++

NSC alpine-nsc-d956564ff-h4gf8 failed to connect to an icmp-responder NetworkService

NAME                         READY   STATUS    RESTARTS   AGE   IP          NODE          NOMINATED NODE   READINESS GATES

alpine-nsc-d956564ff-h4gf8   1/1     Running   0          6h    10.32.0.8   kube-master   <none>           <none>

POD alpine-nsc-d956564ff-h4gf8 Network dump -------------------------------

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

24: eth0@if25: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1376 qdisc noqueue state UP

    link/ether a2:e2:34:d0:98:3f brd ff:ff:ff:ff:ff:ff

    inet 10.32.0.8/12 brd 10.47.255.255 scope global eth0

       valid_lft forever preferred_lft forever

28: nsm0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000

    link/ether 42:4d:47:41:d4:37 brd ff:ff:ff:ff:ff:ff

    inet 10.20.1.5/30 brd 10.20.1.7 scope global nsm0

       valid_lft forever preferred_lft forever

default via 10.32.0.1 dev eth0

10.20.1.4/30 dev nsm0 scope link  src 10.20.1.5

10.32.0.0/12 dev eth0 scope link  src 10.32.0.8
.
.
.

I don't know why I fail.

The second problem is that there is a problem with deploying the vpn example. I've tried it on several servers, but all had same problems deploying the vpn-gateway-nscpads on the kube-master node.

root@ubuntu:~/networkservicemesh# kubectl get po -n nsm-system

NAME                                          READY   STATUS                  RESTARTS   AGE

alpine-nsc-d956564ff-h4gf8                    1/1     Running                 0          6h32m

alpine-nsc-d956564ff-h6qlk                    1/1     Running                 0          6h32m

alpine-nsc-d956564ff-m495r                    1/1     Running                 0          6h32m

alpine-nsc-d956564ff-xr6hn                    1/1     Running                 0          6h32m

crossconnect-monitor-6d6645cb88-t4hbn         1/1     Running                 0          23h

icmp-responder-nse-5fb99856bb-5kzhv           1/1     Running                 0          6h32m

icmp-responder-nse-5fb99856bb-nhxss           1/1     Running                 0          6h32m

jaeger-f5d6744c5-68nms                        1/1     Running                 0          5h34m

jaeger-f5d6744c5-9cxrm                        1/1     Running                 0          23h

nsm-admission-webhook-76d67797bb-lc2t9        1/1     Running                 0          23h

nsm-vppagent-dataplane-9m64s                  1/1     Running                 0          23h

nsm-vppagent-dataplane-r9dj4                  1/1     Running                 0          23h

nsmgr-8pjb5                                   3/3     Running                 0          23h

nsmgr-t2h7n                                   3/3     Running                 0          23h

proxy-nsmgr-5cnvx                             2/2     Running                 0          23h

proxy-nsmgr-ctq7v                             2/2     Running                 0          23h

skydive-agent-msn2c                           1/1     Running                 0          23h

skydive-agent-zvfht                           1/1     Running                 0          23h

skydive-analyzer-778fc98897-wvms8             1/1     Running                 0          23h

vpn-gateway-nsc-5dffb9b4c7-t8bv2              0/1     Init:CrashLoopBackOff   53         6h17m

vpn-gateway-nse-c954d86bc-46v5b               2/2     Running                 0          6h17m

vppagent-firewall-nse-6c94875c84-d8jqp        1/1     Running                 0          6h17m

vppagent-icmp-responder-nse-f449dccd8-g59s2   1/1     Running                 0          6h32m

vppagent-icmp-responder-nse-f449dccd8-zmzr8   1/1     Running                 0          6h32m

vppagent-nsc-68d66b8747-5w2hz                 1/1     Running                 0          6h32m

vppagent-nsc-68d66b8747-nqk5j                 1/1     Running                 0          6h32m

vppagent-passthrough-nse-1-645d44d9cc-fgqzp   1/1     Running                 0          6h17m

vppagent-passthrough-nse-2-5d64f5c987-6fgrt   1/1     Running                 0          6h17m

vppagent-passthrough-nse-3-7cbbc9b89-25msf    1/1     Running                 0          6h17m

and following logs are vpn-gateway container logs

vagrant@kube-master:~$ docker ps -a |grep vpn

5e9b8d1c97ce        a3bbc77d9b51               "/bin/nsm-init"          57 seconds ago      Up 56 seconds                                  k8s_nsm-init-container_vpn-gateway-nsc-5dffb9b4c7-t8bv2_nsm-system_da5c3640-0a6f-4301-9b58-51d52f0dfda0_54

ba1b41847ef3        a3bbc77d9b51               "/bin/nsm-init"          8 minutes ago       Exited (1) 6 minutes ago                       k8s_nsm-init-container_vpn-gateway-nsc-5dffb9b4c7-t8bv2_nsm-system_da5c3640-0a6f-4301-9b58-51d52f0dfda0_53

382565fdd406        k8s.gcr.io/pause:3.1       "/pause"                 6 hours ago         Up 6 hours                                     k8s_POD_vpn-gateway-nsc-5dffb9b4c7-t8bv2_nsm-system_da5c3640-0a6f-4301-9b58-51d52f0dfda0_0

vagrant@kube-master:~$ docker logs ba1b41847ef3

time="2019-08-14T08:11:37Z" level=info msg="Starting nsm-init..."

time="2019-08-14T08:11:37Z" level=info msg="Version: 2d9caf0"

2019/08/14 08:11:37 Initializing logging reporter

time="2019-08-14T08:11:37Z" level=info msg="nsmServerSocket: /var/lib/networkservicemesh/nsm.server.io.sock"

time="2019-08-14T08:11:37Z" level=info msg="nsmClientSocket: /var/lib/networkservicemesh/nsm.client.io.sock"

time="2019-08-14T08:11:37Z" level=info msg="workspace: /var/lib/networkservicemesh/"

time="2019-08-14T08:11:37Z" level=info msg="ADVERTISE_NSE_NAME not found."

time="2019-08-14T08:11:37Z" level=info msg="ADVERTISE_NSE_LABELS not found."

time="2019-08-14T08:11:37Z" level=info msg="OUTGOING_NSC_LABELS not found."

time="2019-08-14T08:11:37Z" level=info msg="TRACER_ENABLED not found."

time="2019-08-14T08:11:37Z" level=info msg="MECHANISM_TYPE not found."

time="2019-08-14T08:11:37Z" level=info msg="IP_ADDRESS not found."

time="2019-08-14T08:11:37Z" level=info msg="ROUTES not found."

time="2019-08-14T08:11:37Z" level=info msg="nsm: connection to nsm server on socket: /var/lib/networkservicemesh/nsm.server.io.sock succeeded."

time="2019-08-14T08:11:37Z" level=info msg="Initiating an outgoing connection."

time="2019-08-14T08:11:37Z" level=info msg="Sending outgoing request connection:<network_service:\"secure-intranet-connectivity\" context:<ip_context:<src_ip_required:true dst_ip_required:true > > labels:<key:\"\" value:\"\" > > mechanism_preferences:<type:KERNEL_INTERFACE parameters:<key:\"description\" value:\"Primary interface\" > parameters:<key:\"name\" value:\"nsm0\" > parameters:<key:\"netnsInode\" value:\"4026533221\" > parameters:<key:\"socketfile\" value:\"nsm0/memif.sock\" > > "

2019/08/14 08:11:47 Reporting span 2dafa8130922eec4:2dafa8130922eec4:0:1

time="2019-08-14T08:11:47Z" level=error msg="failure to request connection with error: rpc error: code = DeadlineExceeded desc = context deadline exceeded"

time="2019-08-14T08:11:52Z" level=info msg="Sending outgoing request connection:<network_service:\"secure-intranet-connectivity\" context:<ip_context:<src_ip_required:true dst_ip_required:true > > labels:<key:\"\" value:\"\" > > mechanism_preferences:<type:KERNEL_INTERFACE parameters:<key:\"description\" value:\"Primary interface\" > parameters:<key:\"name\" value:\"nsm0\" > parameters:<key:\"netnsInode\" value:\"4026533221\" > parameters:<key:\"socketfile\" value:\"nsm0/memif.sock\" > > "

2019/08/14 08:12:02 Reporting span 13b8e8640a84408c:13b8e8640a84408c:0:1

time="2019-08-14T08:12:02Z" level=error msg="failure to request connection with error: rpc error: code = DeadlineExceeded desc = context deadline exceeded"

2019/08/14 08:12:03 ERROR: error when flushing the buffer: write udp 127.0.0.1:35133->127.0.0.1:6831: write: connection refused

time="2019-08-14T08:12:07Z" level=info msg="Sending outgoing request connection:<network_service:\"secure-intranet-connectivity\" context:<ip_context:<src_ip_required:true dst_ip_required:true > > labels:<key:\"\" value:\"\" > > mechanism_preferences:<type:KERNEL_INTERFACE parameters:<key:\"description\" value:\"Primary interface\" > parameters:<key:\"name\" value:\"nsm0\" > parameters:<key:\"netnsInode\" value:\"4026533221\" > parameters:<key:\"socketfile\" value:\"nsm0/memif.sock\" > > "

2019/08/14 08:12:17 Reporting span 3a3060fc6b345b7c:3a3060fc6b345b7c:0:1
.
.
.

I tried hard and tried to find the cause, but there was no progress.

Any help would be very appreciated. 

Thanks in advance :)

Won

2019년 8월 10일 토요일 오후 5시 28분 29초 UTC+9, Nikolay Nikolaev 님의 말:

[Nikolay Nikolaev]

Hello Won, can you please report this in the issue tracker on github, describing the steps you used to deply, k8s and NSM versions and attcha logs. We can follow up with this there.

 

Nikolay

--
You received this message because you are subscribed to the Google Groups "networkservicemesh" group.
To unsubscribe from this group and stop receiving emails from it, send an email to networkservicem...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/networkservicemesh/733bc72e-2770-461e-8a52-f7110f972a15%40googlegroups.com.