Skip to content

Diagnostics

Jump to bottom
jayaramsatya edited this page Aug 16, 2016 · 15 revisions

Diagnostics:

Ping is supported to test the VM’s Dest IP reachability on given a Virtual network Trace route is supported to track the route path of VM’s Dest IP on a given Virtual network. Overlay Ping/ Trace route describes a mechanism that can be used to detect Data Plane failures and sanity of Overlay Control and Data Plane for a given Overlay Segment, and the method to trace the Underlay path that is exercised by any given Overlay Segment. All these options can be configured from Agent Introspect. Which is hosted on compute nodes

##Ping:

Ping module tests the reachability of the VM’s residing in the same compute node or Different compute node. This ping packet will be generated by the Vrouter agent, it supports TCP/ UDP protocol, can be configured from the agent introspect. And it adds the Diag Packet TLV as a payload to the packet header to track packet and identify the session it belongs to. Once after sending the Diag packet it waits for the reply to handle if the packet arrives before the timer expiry interval agent validates packet and logs the turn around time. Otherwise it will retry till it reaches max retry attempts. Retry attempts are configurable

Ping Echo Reply will be handled in the Vrouter agent it swaps the headers(IP, MAC) and send it back to source.

Trace route:

Trace route is very similar to the Ping in terms of the generating the packet, it sends first packet with TTL 2, if the TTL becomes zero in the receiving end Vrouter traps the packet to agent with TTL exception and agent sends the ICMP time exceed message to the source. If not, it handles the reply and logs the turn around time. Currently based on Time out mechanism if the Reply is not received from the destination, TTL will be incremented and with that new TTL value request will be sent.

Diag TLV added to the packet.

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Operation (Echo Requet/Reply) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DiagKey (Session identifier) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seq_no_ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp sent +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

##Overlay Ping/ traceroute:

Overlay ping/traceroute packets are sent as the UDP echo requests/replies, encapsulated with tunnel header (vxlan). These packets are never sent/received by the end hosts (BMS or VMs) but rather sent and received by the tunnel endpoint nodes that initiate/terminate the overlay tunnels. Here Vrouter agent initiates this process to send and receive the packets. Overlay ping/trace route functionality does the data plane validation as well as the validation of the MAC/IP address at the overlay tunnel endpoint node. From normal ping functionality where the destination replies to the echo request without the overlay segment context.

An overlay OAM packet can be an L2 packet or L3 packet depending upon the payload carried in the tunnel e.g. VXLAN tunnels expect the inner packet to be L2 packet, while VXLAN with generic packet encapsulation can include an L3 packet as inner packet. Currently , only L2 payload as the UDP payload will be supported. Complete headers on a VXLAN encapsulated overlay OAM packet looks like this -

  1. Outer Eth hdr - Contains the SMAC and DMAC addresses of directly connected nodes in the underlay. This keeps changing at every hop.

  2. Outer IP hdr - Contains the SIP and DIP of the VxLAN tunnel endpoints

  3. Outer UDP hdr - The source port contains the flow entropy, Destination port is fixed (to VxLAN port)

  4. VxLAN hdr - VNI identifies the overlay segment. There is a new RA flag bits defined in the VxLAN hdr

  5. Inner Eth hdr - Draft defines that the SMAC/DMAC should be set to some control MAC address (00-00-5E-90-XX-XX) that doesn't get forwarded out of the box. Alternatively SMAC can be set to non-control MAC address also but then this SMAC should not be learned on the VXLAN endpoints from the overlay OAM packets.

  6. Inner IP hdr - SIP can be set to the end host's IP or source VTEP IP and DIP can be set to the 127/8 address making sure that the overlay OAM packet doesn't get forwarded out of the switching node ports.

  7. Inner UDP header - Defines a new reserved value to be used in the destination port field in the inner UDP to identify that the incoming UDP packet is an overlay OAM packet.

  8. Inner UDP payload - This is where all of the overlay OAM specific message format and TLVs are defined.

Inner UDP Payload Format

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message Type | Reply mode | Return Code | Return Subcode| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TimeStamp Sent (seconds) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TimeStamp Sent (microseconds) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TimeStamp Received (seconds) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TimeStamp Received (microseconds) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TLVs ... | . . . . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Message Types The Message Type is one of the following:-

  1. Echo Request

  2. Echo Reply

Reply Mode Values:-

Value What it means

  1. Do not reply

  2. Reply via an IPv4/IPv6 UDP Packet

  3. Reply via Overlay Segment

TLV For VxLAN ping

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 1(VXLAN ping IPv4) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VXLAN VNI | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Sender Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Implementation details:

Vrouter agents makes the complete packet with encapsulation headers as mentioned in the above, and sends the packet to the destination with VXLAN header contains the Route alert bit set. Mainly the Agent introspect needs be provided with the remote VM Mac and VNI details to be specified, to do the bridge lookup and get the underlay details and send the packet out. Overlay Trace route is very similar to the Overlay ping except user needs to provide the max TTL to handle the Trace route requirement.

Receiving side of overlay segment, it checks the VXLAN header if the route alert bit is set it traps the packet to agent. In the agent based on this bit it handles as Overlay ping packet and responds with the VNI segment state presence in that destination compute node. Please refer to the draft for further details https://www.ietf.org/archive/id/draft-jain-nvo3-overlay-oam-03.txt

Config Parms Required for Overlay ping:

source_ip;
dest_ip;
vn_uuid ;
vm_remote_mac;
source_port; This is optional parameter.
dest_port;

Config Parms Overlay TraceRoute:

source_ip;
dest_ip;
vn_uuid ;
vm_remote_mac;
source_port; This is optional parameter.
dest_port;
max_hops

Clone this wiki locally