Skydive is “an open source real-time network topology and protocols analyzer”. It is a tool (with CLI and web interface) to help analyze and debug your network (OpenStack, OpenShift, containers, …).
The Data Plane Development Kit (DPDK) is a set of data plane libraries and network interface controller drivers for fast packet processing. http://dpdk.org/
As Skydive uses flow probes to analyze packets, thanks to gopacket. As the bandwidth used by Software Defined Networks increases, we need a solution to capture and analyze packets at high speed from switch port mirroring.
Let’s setup a demo environment
The demo setup is a switch with a 10Gbits/s port configured as port mirroring and a dedicated host running Skydive Agent with the DPDK configuration above.
Two hosts running VMs and containers will be named dpdk1 and dpdk3.
Image may be NSFW.
Clik here to view.
Skydive compilation
First we must re-compile, Skydive. This is because the DPDK flow probe has strong version dependencies between the go-yanff projects and its dependencies.
# cd $GOPATH/src/github.com/skydive-project/skydive # make WITH_DPDK=true # echo 256 | sudo tee /proc/sys/vm/nr_hugepages # sudo modprobe uio # sudo insmod ./dpdk/dpdk-17.08/x86_64-native-linuxapp-gcc-install/lib/modules/$(uname -r)/extra/dpdk/rte_kni.ko # sudo insmod ./dpdk/dpdk-17.08/x86_64-native-linuxapp-gcc-install/lib/modules/$(uname -r)/extra/dpdk/igb_uio.ko
Feel free to install the rte_kni.ko and igb_uio.ko on your system and add a hugepage sysctl rule to /etc/sysctl.d/50-dpdk.conf.
DPDK quick configuration
On fedora userspace helper :
# dnf install -y dpdk-tools # dpdk_nic_bind --status Network devices using DPDK-compatible driver ============================================ 0000:05:00.0 'Ethernet Controller 10-Gigabit X540-AT2' drv=ixgbe unused=igb_uio 0000:05:00.1 'Ethernet Controller 10-Gigabit X540-AT2' drv=ixgbe unused=igb_uio
Bind/map the DPDK driver to the first physical port
# dpdk_nic_bind -b igb_uio 0000:05:00.0
Configure your switch in port mirroring, to send a copy of flow traffic to the first physical port
Skydive configuration
In the agent yaml file, we need to enable the dpdk probe by adding these lines :
dpdk: # DPDK port listening flows from ports: - 0 # - 1 # nb workers per port workers: 4 # debug message every n seconds # debug: 1
This configures the agent to set up the DPDK flow probe to capture traffic from the first physical port card.
Flows
On a VM hosted on dpdk1, generate some ICMP traffic to a VM hosted on dpdk3
vm1: # ping vm2
Now let’s enable traffic capture on the DPDK ports
# skydive --conf /tmp/skydive.yaml client capture create --gremlin "G.V().Has('Type', 'dpdkport')"
Let’s see the captured traffic
# skydive --conf /tmp/skydive.yaml client topology query --gremlin "G.V().Has('Type', 'dpdkport').Flows()"
This expression retrieves all the flows captured by a DPDK port.
Note : These commands could be done and seen on the web interface too, on the Capture, Flows tabs
Performance
During DPDK flow probe basic performance testing, I was able to achieve higher throughput on one worker by injecting traffic with tcpreplay.
The DPDK flow probe is configured to dispatch packets between workers based on a calculated L3 hash.
Conclusion
Using the DPDK flow probe is huge step in capturing real traffic behavior on physical infrastructure and have much better performance compared to the default afpacket probe.
Project site: http://skydive.network
GitHUB: https://github.com/skydive-project/skydive
Documentation: https://skydive-project.github.io/skydive
The YouTube channel with some demo videos
Mailing list: skydive-dev@redhat.com
IRC: #skydive-project on irc.freenode.net