CLI를 통해 클라우드 네이티브 라우터 모니터링
이 주제에는 클라우드 네이티브 라우터 컨트롤러(cRPD) CLI에 액세스하고 운영 명령을 실행하는 지침이 포함되어 있습니다.
클라우드 네이티브 라우터 컨트롤러(cRPD) CLI 액세스
실행 중인 cRPD 컨테이너의 셸에 액세스하여 클라우드 네이티브 라우터 컨트롤러의 CLI(명령줄 인터페이스)에 액세스할 수 있습니다.
아래 명령은 예제로 제공됩니다. 사용자 환경에서 cRPD Pod 이름을 바꿔야 합니다. 명령 출력은 환경에 따라 다를 수 있습니다.
클러스터에서 실행 중인 K8s Pod 나열
kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE contrail-deploy contrail-k8s-deployer-7b5dd699b9-nd7xf 1/1 Running 0 41m contrail contrail-vrouter-masters-dfxgm 3/3 Running 0 41m jcnr kube-crpd-worker-ds-8tnf7 1/1 Running 0 41m jcnr syslog-ng-54749b7b77-v24hq 1/1 Running 0 41m kube-system calico-kube-controllers-57b9767bdb-5wbj6 1/1 Running 2 (92d ago) 129d kube-system calico-node-j4m5b 1/1 Running 2 (92d ago) 129d kube-system coredns-8474476ff8-fpw78 1/1 Running 2 (92d ago) 129d kube-system dns-autoscaler-7f76f4dd6-q5vdp 1/1 Running 2 (92d ago) 129d kube-system kube-apiserver-5a5s5-node2 1/1 Running 3 (92d ago) 129d kube-system kube-controller-manager-5a5s5-node2 1/1 Running 4 (92d ago) 129d kube-system kube-multus-ds-amd64-4zm5k 1/1 Running 2 (92d ago) 129d kube-system kube-proxy-l6xm8 1/1 Running 2 (92d ago) 129d kube-system kube-scheduler-5a5s5-node2 1/1 Running 4 (92d ago) 129d kube-system nodelocaldns-6kwg5 1/1 Running 2 (92d ago) 129d
cRPD Pod의 이름을 복사합니다(kube-crpd-worker-ds-8tnf7
이 예시 출력). Pod 이름을 사용하여 실행 중인 컨테이너의 셸에 연결합니다.
cRPD CLI에 연결합니다
kubectl exec
명령을 실행하여 실행 중인 컨테이너의 셸에 액세스합니다.
kubectl exec -n <namespace> -it <pod name> --container <container name> -- bash
여기서 <namespace> 는 파드가 실행 중인 네임스페이스를 식별하고, <파드 이름> 은 파드의 이름을 구체적으로 나타내며, <컨테이너 이름> 은 컨테이너의 이름을 지정한다(파드에 둘 이상의 컨테이너가 있는 경우 지정되어야 함).
cRPD Pod에는 실행 중인 컨테이너가 하나만 있습니다. 다음은 예제 명령입니다.
kubectl exec -n jcnr -it kube-crpd-worker-ds-8tnf7 -- bash
위 명령의 결과는 다음과 유사해야 합니다.
Defaulted container "kube-crpd-worker" out of: kube-crpd-worker, jcnr-crpd-config (init), install-cni (init)
===>
Containerized Routing Protocols Daemon (CRPD)
Copyright (C) 2020-2022, Juniper Networks, Inc. All rights reserved.
<===
root@jcnr-01:/#
이제 cRPD의 쉘에 연결했습니다. 다른 Junos 기반 셸과 마찬가지로, 물리적 Junos OS 디바이스의 콘솔에 연결된 것과 동일한 방식으로 클라우드 네이티브 라우터의 운영 모드에 액세스할 수 있습니다.
root@jcnr-01:/# cli root@jcnr-cni>
예제 표시 명령
다음은 실행할 수 있는 몇 가지 예제 show 명령입니다.
show interfaces terse Interface@link Oper State Addresses __crpd-brd1 UNKNOWN fe80::acbf:beff:fe8a:e046/64 cali1b684d67bd4@if3 UP fe80::ecee:eeff:feee:eeee/64 cali34cf41e29bb@if3 UP fe80::ecee:eeff:feee:eeee/64 docker0 DOWN 172.17.0.1/16 eno1 UP 10.102.70.146/24 fe80::a94:efff:fe79:dcae/64 eno2 UP eno3 UP 10.1.1.1/24 fe80::a94:efff:fe79:dcac/64 eno3v1 UP eno4 DOWN enp0s20f0u1u6 UNKNOWN ens2f0 DOWN ens2f1 DOWN erspan0@NONE DOWN eth0 UNKNOWN 169.254.143.126/32 fe80::b4db:eeff:fe78:9f43/64 gre0@NONE UNKNOWN gretap0@NONE DOWN ip6tnl0@NONE UNKNOWN fe80::74b6:2cff:fea7:d850/64 irb DOWN kube-ipvs0 DOWN 10.233.0.1/32 10.233.0.3/32 10.233.35.229/32 lo UNKNOWN 127.0.0.1/8 ::1/128 lsi UNKNOWN fe80::cc59:6dff:fe9c:4db3/64 nodelocaldns DOWN 169.254.25.10/32 sit0@NONE UNKNOWN ::169.254.143.126/96 ::10.233.91.64/96 ::172.17.0.1/96 ::10.102.70.146/96 ::10.1.1.1/96 ::127.0.0.1/96 tunl0@NONE UNKNOWN vxlan.calico UNKNOWN 10.233.91.64/32 fe80::64c6:34ff:fecd:3522/64
show configuration routing-instances vswitch { instance-type virtual-switch; bridge-domains { bd100 { vlan-id 100; } bd200 { vlan-id 200; } bd300 { vlan-id 300; } bd700 { vlan-id 700; interface enp59s0f1v0; } bd701 { vlan-id 701; } bd702 { vlan-id 702; } bd703 { vlan-id 703; } bd704 { vlan-id 704; } bd705 { vlan-id 705; } } interface bond0; }
show bridge ? Possible completions: mac-table Show media access control table statistics Show bridge statistics information
show bridge mac-table ? Possible completions: <[Enter]> Execute this command count Number of MAC address mac-address MAC address in the format XX:XX:XX:XX:XX:XX vlan-id Display MAC address learned on a specified VLAN or 'all-vlan' | Pipe through a command
show bridge mac-table Routing Instance : default-domain:default-project:ip-fabric:__default__ Bridging domain VLAN id : 3002 MAC MAC Logical address flags interface 00:00:5E:00:53:01 D bond0
show bridge statistics ? Possible completions: <[Enter]> Execute this command vlan-id Display statistics for a particular vlan (1..4094) | Pipe through a command
show bridge statistics Bridge domain vlan-id: 100 Local interface: bond0 Broadcast packets Tx : 0 Rx : 0 Multicast packets Tx : 0 Rx : 0 Unicast packets Tx : 0 Rx : 0 Broadcast bytes Tx : 0 Rx : 0 Multicast bytes Tx : 0 Rx : 0 Unicast bytes Tx : 0 Rx : 0 Flooded packets : 0 Flooded bytes : 0 Local interface: ens1f0v1 Broadcast packets Tx : 0 Rx : 0 Multicast packets Tx : 0 Rx : 0 Unicast packets Tx : 0 Rx : 0 Broadcast bytes Tx : 0 Rx : 0 Multicast bytes Tx : 0 Rx : 0 Unicast bytes Tx : 0 Rx : 0 Flooded packets : 0 Flooded bytes : 0 Local interface: ens1f3v1 Broadcast packets Tx : 0 Rx : 0 Multicast packets Tx : 0 Rx : 0 Unicast packets Tx : 0 Rx : 0 Broadcast bytes Tx : 0 Rx : 0 Multicast bytes Tx : 0 Rx : 0 Unicast bytes Tx : 0 Rx : 0 Flooded packets : 0
show firewall filter filter1 Filter : filter1 vlan-id : 3001 Term Packet t1 0
show configuration firewall:firewall family { bridge { filter filter1 { term t1 { from { destination-mac-address 10:30:30:30:30:31; source-mac-address 10:30:30:30:30:30; ether-type oam; } then { discard; } } } } }
show route 172.68.20.2/32 table nad1.inet nad1.inet.0: 11 destinations, 15 routes (11 active, 0 holddown, 0 hidden) @ = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both 172.68.20.2/32 @[BGP/170] 00:00:23, localpref 100, from 1.1.1.220 AS path: I, validation-state: unverified > via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.1.220), Push 48 [BGP/170] 00:13:18, localpref 100, from 1.1.24.24 AS path: I, validation-state: unverified > via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.24.24), Push 16 #[Multipath/255] 00:00:23, metric2 2 via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.1.220), Push 48 > via Tunnel Composite, UDP (src 1.1.1.35 dest 1.1.24.24), Push 16
show interfaces routing enp216s0f0 Interface State Addresses enp216s0f0 Up MPLS enabled ISO enabled INET 192.168.123.3 INET6 2001:192:168:123::3 INET6 fe80::42a6:b7ff:fe2c:a448
show dynamic-tunnels database *- Signal Tunnels #- PFE-down Table: inet.3 Destination-network: 1.1.1.220/32 Destination-network: 1.1.24.24/32 Tunnel to: 1.1.24.24/32 Reference count: 4 Next-hop type: UDP (forwarding-nexthop) Source address: 1.1.1.35 Next hop: v6 mapped, tunnel-composite, 0x557917afc91c, nhid 0 VPN Label: Push 16, Reference count: 2 Ingress Route: [OSPF] 1.1.24.24/32, via metric 2 Traffic Statistics: Packets 0, Bytes 0 State: Up Aggregate Traffic Statistics:
지우기 명령 예
다음은 clear 명령의 몇 가지 예입니다.
clear bridge mac-table ? Possible completions: <[Enter]> Execute this command mac-address Clear specific MAC address vlan-id Clear mac-table for a specified vlan-id (1..4094) | Pipe through a command
clear bridge statistics ? Possible completions: <[Enter]> Execute this command vlan-id Clear L2 interface statistics for a specified vlan-id (1..4094) | Pipe through a command