尝试直接启动
- 确认ptf这个docker是存在的
testbed@u1804-vm:~$ docker images | grep ptf
sonicdev-microsoft.azurecr.io:443/docker-ptf latest b8abca09d487 5 weeks ago 792MB
没有的话手动拉到本地
testbed@u1804-vm:~$ docker pull sonicdev-microsoft.azurecr.io:443/docker-ptf:latest
- 直接启动容器
testbed@u1804-vm:~$ docker run --name ptf -d sonicdev-microsoft.azurecr.io:443/docker-ptf
71702d94ba4d48fd12b9ebc35e76968bbc290047fae187091e760e54f2b98810
testbed@u1804-vm:~$
- 进入容器查看,发现除了lo外只有一个端口
testbed@u1804-vm:~$ docker exec -it ptf bash
root@71702d94ba4d:/#
root@71702d94ba4d:/#
root@71702d94ba4d:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
889: eth0@if890: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@71702d94ba4d:/#
给容器添加网卡
- 因为默认docker把创建的网络命名空间链接文件隐藏起来了,需要先获取docker的pid
testbed@u1804-vm:~$ nspid=$(docker inspect -f '{{.State.Pid}}' ptf)
testbed@u1804-vm:~$
testbed@u1804-vm:~$ echo $nspid
31242
testbed@u1804-vm:~$
- 如果服务器没有/var/run/netns这个目录,那么就手动创建一下
testbed@u1804-vm:~$ sudo mkdir -p /var/run/netns
- 建立软连接后,可以看到netns
testbed@u1804-vm:~$ ln -s /proc/${nspid}/ns/net /var/run/netns/${nspid}
testbed@u1804-vm:~$ ip netns
31242
testbed@u1804-vm:~$
- 添加一对veth,将其中一个up
testbed@u1804-vm:~$ sudo ip link add tt0 type veth peer name tt1
testbed@u1804-vm:~$ sudo ip link set dev tt1 up
- 将另一个加到容器netns
testbed@u1804-vm:~$ sudo ip link set dev tt0 name eth1 netns ${nspid}
testbed@u1804-vm:~$ sudo ip netns exec ${nspid} ip link set dev eth1 up
- 此时ptf这个docker里面会多出eth1这个网口
root@71702d94ba4d:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
889: eth0@if890: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
892: eth1@if891: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 2a:e3:41:19:2d:0b brd ff:ff:ff:ff:ff:ff link-netnsid 0
验证连通
- 将veth的一端加到和之前创建的vlab-02-1在同一个OVS bridge上
testbed@u1804-vm:~$ sudo ovs-vsctl add-port br-VM0100-1 tt1
- vlab-02上在eth1抓包
admin@sonic:~$ sudo tcpdump -i eth1 -enn
- 在ptf上启动scapy组一个ARP报文并从eth1发出
root@71702d94ba4d:/# scapy
INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
INFO: Can't import python Crypto lib. Disabled certificate manipulation tools
Welcome to Scapy (2.2.0-dev)
>>>
>>> pkt = Ether(src='11:22:33:44:55:77', dst='ff:ff:ff:ff:ff:ff')/ARP(op="who-has", pdst='1.1.1.200')/("0"*20)
>>> pkt.show()
###[ Ethernet ]###
dst= ff:ff:ff:ff:ff:ff
src= 11:22:33:44:55:77
type= 0x806
###[ ARP ]###
hwtype= 0x1
ptype= 0x800
hwlen= 6
plen= 4
op= who-has
hwsrc= 02:42:ac:11:00:02
psrc= 172.17.0.2
hwdst= 00:00:00:00:00:00
pdst= 1.1.1.200
###[ Raw ]###
load= '00000000000000000000'
>>>
>>>> sendp(pkt,iface="eth1")
.
Sent 1 packets.
>>>
- 回到vlab-02,可以看到能够抓到报文,证明添加成功!
admin@sonic:~$ sudo tcpdump -i eth1 -enn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
06:24:49.178962 11:22:33:44:55:77 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 62: Request who-has 1.1.1.200 tell 172.17.0.2, length 48
^C