diff --git a/examples/afxdp/README.md b/examples/afxdp/README.md new file mode 100644 index 000000000000..a70786cb6f96 --- /dev/null +++ b/examples/afxdp/README.md @@ -0,0 +1,78 @@ +# AF_XDP forwarder-vpp management interface + +Contains a setup for NSM that includes `nsmgr`, `forwarder-vpp`, `registry-k8s`. This setup can be used to check mechanisms combination.\ +\ +Unlike the [basic setup](../basic), which uses `AF_PACKET` management interface by default, we set `AF_XDP` here. + +_**Note:** this is experimental feature. It may not work on some clusters._ + +The diagram below shows the movement of traffic inside forwarder-vpp: + +![NSM kernel2kernel Diagram](./diagram.svg "NSM Kernel2Kernel Scheme") + +Packets arriving at the network interface are processed by the eBPF program, which decides how to redirect the traffic. +If the packet belongs to the NSM interface it forwards it to the VPP, otherwise it goes to the Linux network stack. +## Requires + +- [spire](../spire/single_cluster) + +## Includes + +- [Memif to Memif Connection](../use-cases/Memif2Memif) +- [Kernel to Kernel Connection](../use-cases/Kernel2Kernel) +- [Kernel to Memif Connection](../use-cases/Kernel2Memif) +- [Memif to Kernel Connection](../use-cases/Memif2Kernel) +- [Kernel to Ethernet to Kernel Connection](../use-cases/Kernel2Ethernet2Kernel) +- [Memif to Ethernet to Memif Connection](../use-cases/Memif2Ethernet2Memif) +- [Kernel to Ethernet to Memif Connection](../use-cases/Kernel2Ethernet2Memif) +- [Memif to Ethernet to Kernel Connection](../use-cases/Memif2Ethernet2Kernel) +- [Kernel to IP to Kernel Connection](../use-cases/Kernel2IP2Kernel) +- [Memif to IP to Memif Connection](../use-cases/Memif2IP2Memif) +- [Kernel to IP to Memif Connection](../use-cases/Kernel2IP2Memif) +- [Memif to IP to Kernel Connection](../use-cases/Memif2IP2Kernel) +- [Simple OPA example](../features/opa) +- [Kernel2Kernel IPv6 example](../features/ipv6/Kernel2Kernel_ipv6) +- [Memif2Memif IPv6 example](../features/ipv6/Memif2Memif_ipv6) +- [Kernel2Wireguard2Kernel IPv6 example](../features/ipv6/Kernel2Wireguard2Kernel_ipv6) +- [Kernel2Wireguard2Memif IPv6 example](../features/ipv6/Kernel2Wireguard2Memif_ipv6) +- [Memif2Wireguard2Kernel IPv6 example](../features/ipv6/Memif2Wireguard2Kernel_ipv6) +- [Memif2Wireguard2Memif IPv6 example](../features/ipv6/Memif2Wireguard2Memif_ipv6) +- [Kernel2Kernel dual stack example](../features/dual-stack/Kernel2Kernel_dual_stack) +- [Kernel2Wireguard2Kernel dual stack example](../features/dual-stack/Kernel2Wireguard2Kernel_dual_stack) +- [Admission webhook](../features/webhook) +- [DNS](../features/dns) +- [Topology aware scale from zero](../features/scale-from-zero) +- [NSE composition](../features/nse-composition) +- [Exclude prefixes](../features/exclude-prefixes) +- [Exclude prefixes client](../features/exclude-prefixes-client) +- [Policy based routing](../features/policy-based-routing) +- [Mutually aware NSEs](../features/mutually-aware-nses) +- [vL3-basic](../features/vl3-basic) +- [vL3 DNS](../features/vl3-dns) +- [vL3-scale-from-zero](../features/vl3-scale-from-zero) +- [Inject clients in namespace via NSM annotation](../features/annotated-namespace) + +## Run + +Apply NSM resources for basic tests: + +```bash +kubectl apply -k https://github.com/networkservicemesh/deployments-k8s/examples/afxdp?ref=335c3ef067cf7a8921a98d0cab3ef7e4220f3bcd +``` + +Wait for admission-webhook-k8s: + +```bash +WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') +kubectl wait --for=condition=ready --timeout=1m pod ${WH} -n nsm-system +``` + +## Cleanup + +To free resources follow the next commands: + +```bash +WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') +kubectl delete mutatingwebhookconfiguration ${WH} +kubectl delete ns nsm-system +``` diff --git a/examples/afxdp/diagram.svg b/examples/afxdp/diagram.svg new file mode 100644 index 000000000000..998dae3b9842 --- /dev/null +++ b/examples/afxdp/diagram.svg @@ -0,0 +1,4 @@ + + + +
Iface
Iface
Linux network stack
Linux network stack
    Driver
    Driver
Any app
Any app
VPP
VPP
XDP (eBPF program)
XDP (eBPF program)
XDP_PASS
XDP_PASS
XDP_REDIRECT
XDP_REDIRECT
AF_XDP
AF_XDP
AF_PACKET
AF_PACKET
Packets
Packets
Text is not SVG - cannot display
\ No newline at end of file diff --git a/examples/afxdp/forwarder-vpp.yaml b/examples/afxdp/forwarder-vpp.yaml new file mode 100644 index 000000000000..e34a42f1b162 --- /dev/null +++ b/examples/afxdp/forwarder-vpp.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: forwarder-vpp +spec: + template: + spec: + containers: + - name: forwarder-vpp + env: + - name: NSM_VPP_INIT + value: AF_XDP diff --git a/examples/afxdp/kustomization.yaml b/examples/afxdp/kustomization.yaml new file mode 100644 index 000000000000..6b809e45a3a4 --- /dev/null +++ b/examples/afxdp/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: nsm-system + +resources: +- nsm-system-namespace.yaml +- ../../apps/nsmgr +- ../../apps/forwarder-vpp +- ../../apps/registry-k8s +- ../../apps/admission-webhook-k8s + +patchesStrategicMerge: +- forwarder-vpp.yaml diff --git a/examples/afxdp/nsm-system-namespace.yaml b/examples/afxdp/nsm-system-namespace.yaml new file mode 100644 index 000000000000..e952c71a0b30 --- /dev/null +++ b/examples/afxdp/nsm-system-namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nsm-system