vpp/docs/usecases/contiv/VPPTRACE.rst

Using vpptrace.sh for VPP Packet Tracing
========================================

VPP allows tracing of incoming packets using CLI commands ``trace add``
and ``show trace`` as explained [here](VPP_PACKET_TRACING_K8S.html), but
it is a rather cumbersome process.

The buffer for captured packets is limited in size, and once it gets
full the tracing stops. The user has to manually clear the buffer
content, and then repeat the trace command to resume the packet capture,
losing information about all packets received in the meantime.

Packet filtering exposed via the CLI command ``trace filter`` is also
quite limited in what it can do. Currently there is just one available
filter, which allows you to keep only packets that include a certain
node in the trace or exclude a certain node in the trace. It is not
possible to filter the traffic by its content (e.g., by the
source/destination IP address, protocol, etc.).

Last but not least, it is not possible to trace packets on a selected
interface like ``tcpdump``, which allows tracing via the option ``-i``.
VPP is only able to capture packets on the *RX side* of selected
*devices* (e.g., dpdk, virtio, af-packet). This means that interfaces
based on the same device cannot be traced for incoming packets
individually, but only all at the same time. In Contiv/VPP all pods are
connected with VPP via the same kind of the TAP interface, meaning that
it is not possible to capture packets incoming only from one selected
pod.

Contiv/VPP ships with a simple bash script
`vpptrace.sh <https://github.com/contiv/vpp/blob/master/scripts/vpptrace.sh>`__,
which helps alleviate the aforementioned VPP limitations. The script
automatically re-initializes buffers and traces whenever it is close to
getting full, in order to avoid packet loss as much as possible. Next it
allows you to filter packets by the content of the trace. There are two
modes of filtering: - *substring mode* (default): packet trace must
contain a given sub-string in order to be included in the output -
*regex mode*: packet trace must match a given regex in order to be
printed

The script is still limited, in that capture runs only on the RX side of
all interfaces that are built on top of selected devices. Using
filtering, however, it is possible to limit *traffic by interface*
simply by using the interface name as a substring to match against.

Usage
-----

Run the script with option ``-h`` to get the usage printed:

::

   Usage: ./vpptrace.sh  [-i <VPP-IF-TYPE>]... [-a <VPP-ADDRESS>] [-r] [-f <REGEXP> / <SUBSTRING>]
      -i <VPP-IF-TYPE> : VPP interface *type* to run the packet capture on (e.g., dpdk-input, virtio-input, etc.)
                          - available aliases:
                            - af-packet-input: afpacket, af-packet, veth
                            - virtio-input: tap (version determined from the VPP runtime config), tap2, tapv2
                            - tapcli-rx: tap (version determined from the VPP config), tap1, tapv1
                            - dpdk-input: dpdk, gbe, phys*
                          - multiple interfaces can be watched at the same time - the option can be repeated with
                            different values
                          - default = dpdk + tap
      -a <VPP-ADDRESS> : IP address or hostname of the VPP to capture packets from
                         - not supported if VPP listens on a UNIX domain socket
                         - default = 127.0.0.1
      -r               : apply filter string (passed with -f) as a regexp expression
                         - by default the filter is NOT treated as regexp
      -f               : filter string that packet must contain (without -r) or match as regexp (with -r) to be printed
                         - default is no filtering

``VPP-IF-TYPE`` is a repeated option used to select the set of devices
(e.g., virtio, dpdk, etc.) to capture the incoming traffic. Script
provides multiple aliases, which are much easier to remember than the
device names. For ``dpdk-input`` one can enter just ``dpdk``, or
anything starting with ``phys``, etc. For TAPs, the script is even smart
enough to find out the TAP version used, which allows to enter just
``tap`` as the device name.

If ``VPP-IF-TYPE`` is not specified, then the default behaviour is to
capture from both ``dpdk`` (traffic entering the node from outside) and
``tap`` (preferred interface type for pod-VPP and host-VPP
interconnection, receiving node-initiated traffic).

vpptrace.sh can capture packets even from a VPP on a different host,
provided that VPP-CLI listens on a port, and not on a UNIX domain socket
(for security reasons IPC is the default communication link, see
``/etc/vpp/contiv-vswitch.conf``). Enter the destination node IP address
via the option ``-a``\ (localhost is the default).

The capture can be filtered via the ``-f`` option. The output will
include only packets whose trace matches contain the given
expression/sub-string.

Option ``-r`` enables the regex mode for filtering.

Examples
--------

-  Capture all packets entering VPP via ``tapcli-1`` interface **AND**
   all packets leaving VPP via ``tapcli-1`` that were sent from a pod,
   or the host on the *same node* (sent from tap, not Gbe):

::

   $ vpptrace.sh -i tap -f "tapcli-1"

 - Capture all packets with source or destination IP address 10.1.1.3:

::

   $ vpptrace.sh -i tap -i dpdk -f "10.1.1.3"

   Or just:
   $ vpptrace.sh "10.1.1.3"

-  Capture all SYN-ACKs received from outside:

::

   $ vpptrace.sh -i dpdk -f "SYN-ACK"
-												docs: better docs, mv doxygen to sphinx

This patch refactors the VPP sphinx docs
in order to make it easier to consume
for external readers as well as VPP developers.

It also makes sphinx the single source
of documentation, which simplifies maintenance
and operation.

Most important updates are:

- reformat the existing documentation as rst
- split RELEASE.md and move it into separate rst files
- remove section 'events'
- remove section 'archive'
- remove section 'related projects'
- remove section 'feature by release'
- remove section 'Various links'
- make (Configuration reference, CLI docs,
  developer docs) top level items in the list
- move 'Use Cases' as part of 'About VPP'
- move 'Troubleshooting' as part of 'Getting Started'
- move test framework docs into 'Developer Documentation'
- add a 'Contributing' section for gerrit,
  docs and other contributer related infos
- deprecate doxygen and test-docs targets
- redirect the "make doxygen" target to "make docs"

Type: refactor

Change-Id: I552a5645d5b7964d547f99b1336e2ac24e7c209f
Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>

											
										
										
											2021-08-19 11:38:06 +02:00
+								Using vpptrace.sh for VPP Packet Tracing
 								========================================
 								VPP allows tracing of incoming packets using CLI commands ``trace add``
 								and ``show trace`` as explained [here](VPP_PACKET_TRACING_K8S.html), but
 								it is a rather cumbersome process.
 								The buffer for captured packets is limited in size, and once it gets
 								full the tracing stops. The user has to manually clear the buffer
 								content, and then repeat the trace command to resume the packet capture,
 								losing information about all packets received in the meantime.
 								Packet filtering exposed via the CLI command ``trace filter`` is also
 								quite limited in what it can do. Currently there is just one available
 								filter, which allows you to keep only packets that include a certain
 								node in the trace or exclude a certain node in the trace. It is not
 								possible to filter the traffic by its content (e.g., by the
 								source/destination IP address, protocol, etc.).
 								Last but not least, it is not possible to trace packets on a selected
 								interface like ``tcpdump``, which allows tracing via the option ``-i``.
 								VPP is only able to capture packets on the *RX side* of selected
 								*devices* (e.g., dpdk, virtio, af-packet). This means that interfaces
 								based on the same device cannot be traced for incoming packets
 								individually, but only all at the same time. In Contiv/VPP all pods are
 								connected with VPP via the same kind of the TAP interface, meaning that
 								it is not possible to capture packets incoming only from one selected
 								pod.
 								Contiv/VPP ships with a simple bash script
 								`vpptrace.sh <https://github.com/contiv/vpp/blob/master/scripts/vpptrace.sh>`__,
 								which helps alleviate the aforementioned VPP limitations. The script
 								automatically re-initializes buffers and traces whenever it is close to
 								getting full, in order to avoid packet loss as much as possible. Next it
 								allows you to filter packets by the content of the trace. There are two
 								modes of filtering: - *substring mode* (default): packet trace must
 								contain a given sub-string in order to be included in the output -
 								*regex mode*: packet trace must match a given regex in order to be
 								printed
 								The script is still limited, in that capture runs only on the RX side of
 								all interfaces that are built on top of selected devices. Using
 								filtering, however, it is possible to limit *traffic by interface*
 								simply by using the interface name as a substring to match against.
 								Usage
 								-----
 								Run the script with option ``-h`` to get the usage printed:
 								::
 								   Usage: ./vpptrace.sh  [-i <VPP-IF-TYPE>]... [-a <VPP-ADDRESS>] [-r] [-f <REGEXP> / <SUBSTRING>]
 								      -i <VPP-IF-TYPE> : VPP interface *type* to run the packet capture on (e.g., dpdk-input, virtio-input, etc.)
 								                          - available aliases:
 								                            - af-packet-input: afpacket, af-packet, veth
 								                            - virtio-input: tap (version determined from the VPP runtime config), tap2, tapv2
 								                            - tapcli-rx: tap (version determined from the VPP config), tap1, tapv1
 								                            - dpdk-input: dpdk, gbe, phys*
 								                          - multiple interfaces can be watched at the same time - the option can be repeated with
 								                            different values
 								                          - default = dpdk + tap
 								      -a <VPP-ADDRESS> : IP address or hostname of the VPP to capture packets from
 								                         - not supported if VPP listens on a UNIX domain socket
 								                         - default = 127.0.0.1
 								      -r               : apply filter string (passed with -f) as a regexp expression
 								                         - by default the filter is NOT treated as regexp
 								      -f               : filter string that packet must contain (without -r) or match as regexp (with -r) to be printed
 								                         - default is no filtering
 								``VPP-IF-TYPE`` is a repeated option used to select the set of devices
 								(e.g., virtio, dpdk, etc.) to capture the incoming traffic. Script
 								provides multiple aliases, which are much easier to remember than the
 								device names. For ``dpdk-input`` one can enter just ``dpdk``, or
 								anything starting with ``phys``, etc. For TAPs, the script is even smart
 								enough to find out the TAP version used, which allows to enter just
 								``tap`` as the device name.
 								If ``VPP-IF-TYPE`` is not specified, then the default behaviour is to
 								capture from both ``dpdk`` (traffic entering the node from outside) and
 								``tap`` (preferred interface type for pod-VPP and host-VPP
 								interconnection, receiving node-initiated traffic).
 								vpptrace.sh can capture packets even from a VPP on a different host,
 								provided that VPP-CLI listens on a port, and not on a UNIX domain socket
 								(for security reasons IPC is the default communication link, see
 								``/etc/vpp/contiv-vswitch.conf``). Enter the destination node IP address
 								via the option ``-a``\ (localhost is the default).
 								The capture can be filtered via the ``-f`` option. The output will
 								include only packets whose trace matches contain the given
 								expression/sub-string.
 								Option ``-r`` enables the regex mode for filtering.
 								Examples
 								--------
 								-  Capture all packets entering VPP via ``tapcli-1`` interface **AND**
 								   all packets leaving VPP via ``tapcli-1`` that were sent from a pod,
 								   or the host on the *same node* (sent from tap, not Gbe):
 								::
 								   $ vpptrace.sh -i tap -f "tapcli-1"
 								 - Capture all packets with source or destination IP address 10.1.1.3:
 								::
 								   $ vpptrace.sh -i tap -i dpdk -f "10.1.1.3"
 								   Or just:
 								   $ vpptrace.sh "10.1.1.3"
 								-  Capture all SYN-ACKs received from outside:
 								::
 								   $ vpptrace.sh -i dpdk -f "SYN-ACK"