openshift 4.3 multicast

本文测试 openshift pod 之间组播的功能

video:

  • https://youtu.be/4UriNYHRbHk
  • https://www.bilibili.com/video/BV1wk4y1k7sS/

参考资料:

https://docs.openshift.com/container-platform/4.3/networking/openshift_sdn/using-multicast.html

https://pktgen-dpdk.readthedocs.io/en/latest/getting_started.html

https://access.redhat.com/solutions/406553

https://wenku.baidu.com/view/9a7c3c3dbdd126fff705cc1755270722182e5943.html?rec_flag=default

# 在相应的 project 上激活组播功能
oc annotate netnamespace demo \
    netnamespace.network.openshift.io/multicast-enabled=true

# 创建两个组播服务端pod,再创建一个组播测试pod
cat << EOF > demo.yaml
---
kind: Pod
apiVersion: v1
metadata:
  name: demo1
spec:
  nodeSelector:
    kubernetes.io/hostname: 'infra1.hsc.redhat.ren'
  restartPolicy: Always
  containers:
    - name: demo1
      image: >- 
        registry.redhat.ren:5443/docker.io/wangzheng422/centos:centos7-test
      env:
        - name: key
          value: value
      command: ["iperf", "-s", "-u ","-B", "224.0.0.1", "-p" ]
      args: [ "6666" ]
      imagePullPolicy: Always
---
kind: Pod
apiVersion: v1
metadata:
  name: demo2
spec:
  nodeSelector:
    kubernetes.io/hostname: 'infra1.hsc.redhat.ren'
  restartPolicy: Always
  containers:
    - name: demo1
      image: >- 
        registry.redhat.ren:5443/docker.io/wangzheng422/centos:centos7-test
      env:
        - name: key
          value: value
      command: ["iperf", "-s", "-u ","-B", "224.0.0.1", "-p" ]
      args: [ "6666" ]
      imagePullPolicy: Always
---
kind: Pod
apiVersion: v1
metadata:
  name: iperf
spec:
  nodeSelector:
    kubernetes.io/hostname: 'infra0.hsc.redhat.ren'
  restartPolicy: Always
  containers:
    - name: iperf
      image: >- 
        registry.redhat.ren:5443/docker.io/wangzheng422/centos:centos7-test
      env:
        - name: key
          value: value
      command: ["/bin/bash", "-c", "--" ]
      args: [ "trap : TERM INT; sleep infinity & wait" ]
      imagePullPolicy: Always      
EOF
oc apply -n demo -f demo.yaml

oc project demo

# 查看 pod 运行正常,pod 分布正常
oc get pod -o wide

# 查看组播服务 pod demo1 的组播地址
oc exec -it demo1 -- ipmaddr show dev eth0
# 3:      eth0
#         link  33:33:00:00:00:01
#         link  01:00:5e:00:00:01
#         link  33:33:ff:07:a8:2e
#         inet  224.0.0.1
#         inet6 ff02::1:ff07:a82e
#         inet6 ff02::1
#         inet6 ff01::1

# 查看组播服务 pod demo2 的组播地址
oc exec -it demo2 -- ipmaddr show dev eth0
# 3:      eth0
#         link  33:33:00:00:00:01
#         link  01:00:5e:00:00:01
#         link  33:33:ff:5c:ba:66
#         inet  224.0.0.1
#         inet6 ff02::1:ff5c:ba66
#         inet6 ff02::1
#         inet6 ff01::1

# 在测试 pod iperf 上,创建目标是 224.0.0.1 的组播流量
oc exec -it iperf -- iperf -c 224.0.0.1 -u -p 6666 -t 30 -i 1

# 在服务端 pod demo1 上,监听端口,能看到目标 224.0.0.1 的组播流量
oc exec -it demo1 -- tcpdump -i eth0 -nn
# 在服务端 pod demo2 上,监听端口,能看到目标 224.0.0.1 的组播流量
oc exec -it demo2 -- tcpdump -i eth0 -nn

# 在测试 pod iperf 上,创建目标是 225.0.0.2 的组播流量
oc exec -it iperf -- iperf -c 225.0.0.2 -u -p 6666 -t 30 -i 1

# 在服务端 pod demo1 上,监听端口,能看到目标 225.0.0.2 的组播流量
oc exec -it demo1 -- tcpdump -i eth0 -nn
# 在服务端 pod demo2 上,监听端口,能看到目标 225.0.0.2 的组播流量
oc exec -it demo2 -- tcpdump -i eth0 -nn


# 恢复环境
oc delete -f demo.yaml

pkgen

oc annotate netnamespace demo \
    netnamespace.network.openshift.io/multicast-enabled=true

# do below before create pod
modprobe pktgen

ps aux | grep pktgen

ls /proc/net/pktgen/

# create pod
oc project demo
oc get sa
oc create serviceaccount -n demo demo-app
oc adm policy add-scc-to-user privileged -z demo-app

cat << EOF > demo1.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
  annotations:
  name: demo1
  namespace: demo
  labels:
    app: demo1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: demo1
  template:
    metadata:
      labels:
        app: demo1
    spec:
      nodeSelector:
        kubernetes.io/hostname: 'worker-0'
      restartPolicy: Always
      containers:
        - name: demo1
          image: >-
            registry.redhat.ren:5443/docker.io/wangzheng422/centos:centos7-test
          env:
            - name: key
              value: value
          command: [ "/bin/bash", "-c", "--" ]
          args: [ "while true; do sleep 300000; done;" ]
          imagePullPolicy: Always
          securityContext:
            privileged: true
      serviceAccount: demo-app
EOF
oc apply -f demo1.yaml

ipmaddr show dev eth0
# 3:      eth0
#         link  33:33:00:00:00:01
#         link  01:00:5e:00:00:01
#         link  33:33:ff:ff:9d:55
#         inet  224.0.0.1
#         inet6 ff02::1:ffff:9d55
#         inet6 ff02::1
#         inet6 ff01::1

export IF=if581

echo "rem_device_all" > /proc/net/pktgen/kpktgend_0
echo "add_device eth0@${IF}" > /proc/net/pktgen/kpktgend_0
echo "max_before_softirq 100000" > /proc/net/pktgen/kpktgend_0

echo "count 100" > /proc/net/pktgen/eth0@${IF}
echo "clone_skb 1000000" > /proc/net/pktgen/eth0@${IF}
echo "pkt_size 1300" > /proc/net/pktgen/eth0@${IF}
echo "delay 0" > /proc/net/pktgen/eth0@${IF}
echo "dst 224.0.0.2" > /proc/net/pktgen/eth0@${IF}
echo "dst_mac 01:00:5e:00:00:02" > /proc/net/pktgen/eth0@${IF}

echo start > /proc/net/pktgen/pgctrl

cat /proc/net/pktgen/eth0@${IF}

# oc rsh <another pod>
tcpdump -i eth0 -nn