vRouter Command Line Utilities
Overview
This section describes the shell prompt utilities available for examining the state of the vrouter kernel module in Contrail.
The most useful commands for inspecting the Contrail vrouter module are summarized in the following table.
Command |
Description |
---|---|
|
Inspect vrouter interfaces associated with the vrouter module. |
|
Display active flows in a system. |
|
Display next hop statistics for a particular VRF. |
|
Display routes in a VRF. |
|
Inspect packet drop counters in the vrouter. |
|
Display the input label map programmed into the vrouter. |
|
Display the mirror table entries. |
|
Display the vxlan table entries. |
|
Display the next hops that the vrouter knows. |
|
Display all command options available for the current command. |
The following sections describe each of the vrouter utilities in detail.
vif Command
The vrouter requires vrouter interfaces (vif
) to forward traffic. Use the vif
command
to see the interfaces that are known by the vrouter.
Having interfaces only in the OS (Linux) is not sufficient
for forwarding. The relevant interfaces must be added to vrouter.
Typically, the set up of interfaces is handled by components like nova-compute
or vrouter agent.
Example: vif --list
# vif –-list vif0/0 OS: pkt0 Type:Agent HWaddr:00:00:5e:00:01:00 IPaddr:0 Vrf:65535 Flags:L3 MTU:1514 Ref:2 RX packets:6591 bytes:648577 errors:0 TX packets:12150 bytes:1974451 errors:0 vif0/1 OS: vhost0 Type:Host HWaddr:00:25:90:c3:08:68 IPaddr:0 Vrf:0 Flags:L3 MTU:1514 Ref:3 RX packets:3446598 bytes:4478599344 errors:0 TX packets:851770 bytes:1337017154 errors:0 vif0/2 OS: p1p0p0 (Speed 1000, Duplex 1) Type:Physical HWaddr:00:25:90:c3:08:68 IPaddr:0 Vrf:0 Flags:L3 MTU:1514 Ref:22 RX packets:1643238 bytes:1391655366 errors:2812 TX packets:3523278 bytes:6806058059 errors:0 vif0/18 OS: tap3214fc7e-88 Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:0 Vrf:13 Flags:PL3L2 MTU:9160 Ref:6 RX packets:60 bytes:4873 errors:0 TX packets:21 bytes:2158 errors:0
vif Output Field |
Description |
---|---|
|
The vrouter assigned name, where 0 is the router id and X is the index allocated to the interface within the vrouter. |
|
The |
|
The type of interface and its IP address, as defined by vrouter. The values can be different from what is seen in the OS. Types defined by vrouter include:
|
|
The identifier of the Flag options identify that the following are enabled for the interface:
|
|
Packets received by vrouter from this interface. |
|
Packets transmitted out by vrouter on this interface. |
vif Options
Use vif –-help
to display
all options available for the vif command. Following os a brief description
of each option.
It is not recommended to use the following options unless you are very experienced with the system utilities.
# vif --help Usage: vif [--create <intf_name> --mac <mac>] [--add <intf_name> --mac <mac> --vrf <vrf> --type [vhost|agent|physical|virtual][--policy, --mode <mode:x>]] [--delete <intf_id>] [--get <intf_id>][--kernel] [--set <intf_id> --vlan <vlan_id> --vrf <vrf_id>] [--list] [--help]
Option |
Description |
---|---|
|
Creates a ‘Host’ interface with name |
|
Adds the existing interfaces in the host OS to vrouter, with type and flag options. |
|
Deletes the interface from vrouter. The |
|
Displays a specific interface. The |
|
Set working parameters of an interface. The only ones
supported are the |
|
Display all of the interfaces of which the vrouter is aware. |
|
Display all options available for the current command. |
flow Command
Use the flow
command to display all
active flows in a system.
Example: flow -l
Use -l
to list everything
in the flow table. The -l is the only relevant debugging option.
# flow –l Flow table Index Source:Port Destination:Port Proto(V) ------------------------------------------------------------------------------------------------- 263484 1.1.1.252:1203 1.1.1.253:0 1 (3) (Action:F, S(nh):91, Statistics:22/1848) 379480 1.1.1.253:1203 1.1.1.252:0 1 (3) (Action:F, S(nh):75, Statistics:22/1848)
Each record in the flow table listing displays the index of the record, the source ip: source port, the destination ip: destination port, the inet protocol, and the source vrf to which the flow belongs.
Each new flow has to be approved by the vrouter agent. The agent does this by setting actions for each flow. There are three main actions associated with a flow table entry: Forward (‘F’), Drop (‘D’), and Nat (‘N’).
For NAT, there are additional flags indicating the type of NAT to which the flow is subject, including: SNAT (S), DNAT (D), source port translation (Ps), and destination port translation (Pd).
S(nh) indicates the source nexthop index used for the RPF check to validate that the traffic is from a known source. If the packet must go to an ECMP destination, E:X is also displayed, where ‘X’ indicates the destination to be used through the index within the ECMP next hop.
The Statistics field indicates the Packets/Bytes that hit this flow entry.
There is a Mirror Index field if the traffic is mirrored, listing
the indices into the mirror table (which can be dumped by using mirror –-dump
).
If there is an explicit association between the forward and the reverse flows, as is the case with NAT, you will see a double arrow in each of the records with either side of the arrow displaying the flow index for that direction.
Example: flow -r
Use -r
to view all of the
flow setup rates.
# flow –r New = 2, Flow setup rate = 3 flows/sec, Flow rate = 3 flows/sec, for last 548 ms New = 2, Flow setup rate = 3 flows/sec, Flow rate = 3 flows/sec, for last 543 ms New = -2, Flow setup rate = -3 flows/sec, Flow rate = -3 flows/sec, for last 541 ms New = 2, Flow setup rate = 3 flows/sec, Flow rate = 3 flows/sec, for last 544 ms New = -2, Flow setup rate = -3 flows/sec, Flow rate = -3 flows/sec, for last 542 ms
Example: flow --help
Use --help
to display all
options available for the flow command.
# flow –-help Usage:flow [-f flow_index][-d flow_index][-i flow_index] [--mirror=mirror table index] [-l] -f <flow_index> Set forward action for flow at flow_index <flow_index> -d <flow_index> Set drop action for flow at flow_index <flow_index> -i <flow_index> Invalidate flow at flow_index <flow_index> --mirror mirror index to mirror to -l List all flows -r Start dumping flow setup rate --help Print this help
vrfstats Command
Use vrfstats
to display statistics
per next hop for a vrf
. It is typically
used to determine if packets are hitting the expected next hop.
Example: vrfstats --dump
The —dump
option displays
the statistics for all vrfs that have seen traffic. In the following
example, there was traffic only in Vrf 0
(the public vrf). Receives
shows the
number of packets that came in the fabric destined to this location. Encaps
shows the number of packets destined to the
fabric.
If there is VM traffic going out on the fabric, the respective tunnel counters will increment.
# vrfstats --dump Vrf: 0 Discards 414, Resolves 3, Receives 165334 Ecmp Composites 0, L3 Mcast Composites 0, L2 Mcast Composites 0, Fabric Composites 0, Multi Proto Composites 0 Udp Tunnels 0, Udp Mpls Tunnels 0, Gre Mpls Tunnels 0 L2 Encaps 0, Encaps 130955
Example: vrfstats --get 0
Use --get 0
to retrieve statistics
for a particular vrf
.
# vrfstats --get 0 Vrf: 0 Discards 418, Resolves 3, Receives 166929 Ecmp Composites 0, L3 Mcast Composites 0, L2 Mcast Composites 0, Fabric Composites 0, Multi Proto Composites 0 Udp Tunnels 0, Udp Mpls Tunnels 0, Gre Mpls Tunnels 0 L2 Encaps 0, Encaps 132179
Example: vrfstats --help
Usage: vrfstats --get <vrf> --dump --help --get <vrf> Displays packet statistics for the vrf <vrf> --dump Displays packet statistics for all vrfs --help Displays this help message
rt Command
Use the rt command to display all routes in a vrf.
Example: rt --dump
The following example displays inet
family routes for vrf 0
.
# rt --dump 0 Kernel IP routing table 0/0/unicast Destination PPL Flags Label Nexthop 0.0.0.0/8 0 - 5 1.0.0.0/8 0 - 5 2.0.0.0/8 0 - 5 3.0.0.0/8 0 - 5 4.0.0.0/8 0 - 5 5.0.0.0/8 0 - 5
In this example output, the first line displays the routing
table that is being dumped. In 0/0/unicast
, the first 0 is for the router id, the next 0 is for the vrf id,
and unicast identifies the unicast table. The vrouter maintains separate
tables for unicast and multicast routes. By default, if the —table
option is not specified, only the unicast
table is dumped.
Each record in the table output specifies the destination prefix length, the parent route prefix length from which this route has been expanded, the flags for the route, the MPLS label if the destination is a VM in another location, and the next hop id. To understand the second field “PPL”, it is good to keep in mind that the unicast routing table is internally implemented as an ‘mtrie’.
The Flags
field can have two values. L
indicates that the label field is valid, and H
indicates that vroute
should
proxy arp for this IP.
The Nexthop
field indicates the next
hop ID to which the route points.
Example: rt --dump --table mcst
To dump the multicast table, use the —table
option with mcst
as the argument.
# rt --dump 0 --table mcst Kernel IP routing table 0/0/multicast (Src,Group) Nexthop 0.0.0.0,255.255.255.255
dropstats Command
Use the dropstats command to see packet drop counters in vrouter.
Example: dropstats
# dropstats GARP 0 ARP notme 12904 Invalid ARPs 0 Invalid IF 0 Trap No IF 0 IF TX Discard 0 IF Drop 49 IF RX Discard 0 Flow Unusable 0 Flow No Memory 0 Flow Table Full 0 Flow NAT no rflow 0 Flow Action Drop 0 Flow Action Invalid 0 Flow Invalid Protocol 0 Flow Queue Limit Exceeded 0 Discards 34 TTL Exceeded 0 Mcast Clone Fail 0 Cloned Original 0 Invalid NH 2 Invalid Label 0 Invalid Protocol 0 Rewrite Fail 0 Invalid Mcast Source 0 Push Fails 0 Pull Fails 0 Duplicated 0 Head Alloc Fails 0 Head Space Reserve Fails 0 PCOW fails 0 Invalid Packet 0 Misc 0 Nowhere to go 0 Checksum errors 0 No Fmd 0 Ivalid VNID 0 Fragment errors 0 Invalid Source 0
dropstats ARP Block
GARP packets from VMs are dropped by vrouter, an expected behavior. In the example output, the first counter GARP indicates how many packets were dropped.
ARP requests that are not handled by vrouter are dropped, for
example, requests for a system that is not a host. These drops are
counted by ARP notme
counters.
The Invalid ARPs
counter is incremented
when the Ethernet protocol is ARP, but the ARP operation was neither
a request nor a response.
dropstats Interface Block
Invalid IF
counters are incremented
normally during transient conditions, and should not be a concern.
Trap No IF
counters are incremented
when vrouter is not able to find the interface to trap the packets
to vrouter agent, and should not happen in a working system.
IF TX Discard
and IF
RX Discard
counters are incremented when vrouter is
not in a state to transmit and receive packets, and typically happens
when vrouter goes through a reset state or when the module is unloaded.
IF Drop
counters indicate packets
that are dropped in the interface layer. The increase can typically
happen when interface settings are wrong.
dropstats Flow Block
When packets go through flow processing, the first packet in a flow is cached and the vrouter agent is notified so it can take actions on the packet according to the policies configured. If more packets arrive after the first packet but before the agent makes a decision on the first packet, then those new packets are dropped. The dropped packets are tracked by the Flow unusable counter.
The Flow No Memory
counter increments
when the flow block doesn't have enough memory to perform internal
operations.
The Flow Table Full
counter increments
when the vrouter cannot install a new flow due to lack of available
slots. A particular flow can only go in certain slots, and if all
those slots are occupied, packets are dropped. It is possible that
the flow table is not full, but the counter might increment.
The Flow NAT no rflow
counter tracks
packets that are dropped when there is no reverse flow associated
with a forward flow that had action set as NAT. For NAT, the vrouter
needs both forward and reverse flows to be set properly. If they are
not set, packets are dropped.
The Flow Action Drop
counter tracks
packets that are dropped due to policies that prohibit a flow.
The Flow Action Invalid
counter usually
does not increment in the normal course of time, and can be ignored.
The Flow Invalid Protocol
usually
does not increment in the normal course of time, and can be ignored.
The Flow Queue Limit Exceeded
usually
does not increment in the normal course of time, and can be ignored.
dropstats Miscellaneous Operational Block
The Discard
counter tracks
packets that hit a discard next hop. For various reasons interpreted
by the agent and during some transient conditions, a route can point
to a discard next hop. When packets hit that route, they are dropped.
The TTL Exceeded
counter increments
when the MPLS time-to-live goes to zero.
The Mcast Clone Fail
happens when
the vrouter is not able to replicate a packet for flooding.
The Cloned Original
is an internal
tracking counter. It is harmless and can be ignored.
The Invalid NH
counter tracks the
number of packets that hit a next hop that was not in a state to be
used (usually in transient conditions) or a next hop that was not
expected, or no next hops when there was a next hop expected. Such
increments happen rarely, and should not continuously increment.
The Invalid Label
counter tracks
packets with an MPLS label unusable by vrouter because the value is
not in the expected range.
The Invalid Protocol
typically increments
when the IP header is corrupt.
The Rewrite Fail
counter tracks the
number of times vrouter was not able to write next hop rewrite data
to the packet.
The Invalid Mcast Source
tracks the
multicast packets that came from an unknown or unexpected source and
thus were dropped.
The Duplicated
counter tracks the
number of duplicate packets that are created after dropping the original
packets. An original packet is duplicated when generic send offload
(GSO) is enabled in the vRouter or the original packet is unable to
include the header information of the vRouter agent.
The Invalid Source
counter tracks
the number of packets that came from an invalid or unexpected source
and thus were dropped.
The remaining counters are of value only to developers.
mpls Command
The mpls
utility command displays
the input label map that has been programmed in the vrouter.
Example: mpls --dump
The —dump
command dumps
the complete label map. The output is divided into two columns. The
first field is the label and the second is the next hop corresponding
to the label. When an MPLS packet with the specified label arrives
in the vrouter, it uses the next hop corresponding to the label to
forward the packet.
# mpls –dump MPLS Input Label Map Label NextHop ---------------------- 16 9 17 11
You can inspect the operation on nh 9
as follows:
# nh --get 9 Id:009 Type:Encap Fmly: AF_INET Flags:Valid, Policy, Rid:0 Ref_cnt:4 EncapFmly:0806 Oif:3 Len:14 Data:02 d0 60 aa 50 57 00 25 90 c3 08 69 08 00
The nh output shows that the next hop directs the packet
to go out on the interface with index 3 (Oif:3
) with the given rewrite data.
To check the index of 3, use the following:
# vif –get 3 vif0/3 OS: tapd060aa50-57 Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:0 Vrf:1 Flags:PL3L2 MTU:9160 Ref:6 RX packets:1056 bytes:103471 errors:0 TX packets:1041 bytes:102372 errors:0
The -get 3
output shows that
the index of 3 corresponds to a tap interface that goes to a VM.
You can also dump individual entries in the map using the —get
option, as follows:
# mpls –get 16 MPLS Input Label Map Label NextHop ----------------------- 16 9
Example: mpls -help
# mpls –help Usage: mpls --dump mpls --get <label> mpls --help --dump Dumps the mpls incoming label map --get Dumps the entry corresponding to label <label> in the label map --help Prints this help message
mirror Command
Use the mirror
command to dump the
mirror table entries.
Example: Inspect Mirroring
The following example inspects a mirror configuration
where traffic is mirrored from network vn1 (1.1.1.0/24)
to network vn2 (2.2.2.0/24)
. A ping is
run from 1.1.1.253 to 2.2.2.253, where both IPs are valid VM IPs,
then the flow table is listed:
# flow -l Flow table Index Source:Port Destination:Port Proto(V) ------------------------------------------------------------------------- 135024 2.2.2.253:1208 1.1.1.253:0 1 (1) (Action:F, S(nh):17, Statistics:208/17472 Mirror Index : 0) 387324 1.1.1.253:1208 2.2.2.253:0 1 (1) (Action:F, S(nh):8, Statistics:208/17472 Mirror Index : 0)
In the example output, Mirror Index:0
is listed, it is the index to the mirror table. The mirror table
can be dumped with the —dump
option,
as follows:
# mirror --dump Mirror Table Index NextHop Flags References ------------------------------------------------ 0 18 3
The mirror table entries point to next hops. In the example,
the index 0 points to next hop 18. The References
indicate the number of flow entries that point to this entry.
A next hop get operation on ID 18 is performed as follows:
# nh --get 18 Id:018 Type:Tunnel Fmly: AF_INET Flags:Valid, Udp, Rid:0 Ref_cnt:2 Oif:0 Len:14 Flags Valid, Udp, Data:00 00 00 00 00 00 00 25 90 c3 08 69 08 00 Vrf:-1 Sip:192.168.1.10 Dip:250.250.2.253 Sport:58818 Dport:8099
The nh --get
output shows that mirrored
packets go to a system with IP 250.250.2.253. The packets are tunneled
as a UDP datagram and sent to the destination. Vrf:-1
indicates that a lookup has to be done in the source Vrf
for the destination.
You can also get an individual mirror table entry using the —get
option, as follows:
# mirror --get 10 Mirror Table Index NextHop Flags References ----------------------------------------------- 10 1 1
Example: mirror --help
# mirror --help Usage: mirror --dump mirror --get <index> mirror --help --dump Dumps the mirror table --get Dumps the mirror entry corresponding to index <index> --help Prints this help message
vxlan Command
The vxlan command can be used to dump the vxlan table. The vxlan table maps a network ID to a next hop, similar to an MPLS table.
If a packet comes with a vxlan header and if the VNID is one of those in the table, the vrouter will use the next hop identified to forward the packet.
Example: vxlan --dump
# vxlan --dump VXLAN Table VNID NextHop --------------------- 4 16 5 16
Example: vxlan --get
You can use the —get
option to dump a specific entry, as follows:
# vxlan --get 4 VXLAN Table VNID NextHop ---------------------- 4 16
Example: vxlan --help
# vxlan --help Usage: vxlan --dump vxlan --get <vnid> vxlan --help --dump Dumps the vxlan table --get Dumps the entry corresponding to <vnid> --help Prints this help message
nh Command
The nh
command enables you to inspect
the next hops that are known by the vrouter. Next hops tell the vrouter
the next location to send a packet in the path to its final destination.
The processing of the packet differs based on the type of the next
hop. The next hop types are described in the following table.
Next Hop Type |
Description |
---|---|
|
Indicates that the packet is destined for itself and the vrouter should perform Layer 4 protocol processing. As an example, all packets destined to the host IP will hit the receive next hop in the default VRF. Similarly, all traffic destined to the VMs hosted by the server and tunneled inside a GRE will hit the receive next hop in the default VRF first, because the outer packet that carries the traffic to the VM is that of the server. |
|
Used only to determine the outgoing interface and the Layer 2 information. As an example, when two VMs on the same server communicate with each other, the routes for each of them point to an encap next hop, because the only information needed is the Layer 2 information to send the packet to the tap interface of the destination VM. A packet destined to a VM hosted on one server from a VM on a different server will also hit an encap next hop, after tunnel processing. |
|
Encapsulates VM traffic in a tunnel and sends it to the server that hosts the destination VM. There are different types of tunnel next hops, based on the type of tunnels used. Vrouter supports two main tunnel types for Layer 3 traffic: MPLSoGRE and MPLSoUDP. For Layer 2 traffic, a VXLAN tunnel is used. A typical tunnel next hop indicates the kind of tunnel, the rewrite information, the outgoing interface, and the source and destination server IPs. |
|
A catch-all next hop. If there is no route for a destination, the packet hits the discard next hop, which drops the packet. |
|
Used by the agent to lazy install Layer 2 rewrite information. |
|
Groups a set of next hops, called component next hops or sub next hops. Typically used when multi-destination distribution is needed, for example for multicast, ECMP, and so on. |
|
A VXLAN tunnel is used for Layer 2 traffic. A typical tunnel next hop indicates the kind of tunnel, the rewrite information, the outgoing interface, and the source and destination server IPs. |
Example: nh --list
Id:000 Type:Drop Fmly: AF_INET Flags:Valid, Rid:0 Ref_cnt:1781 Id:001 Type:Resolve Fmly: AF_INET Flags:Valid, Rid:0 Ref_cnt:244 Id:004 Type:Receive Fmly: AF_INET Flags:Valid, Policy, Rid:0 Ref_cnt:2 Oif:1 Id:007 Type:Encap Fmly: AF_INET Flags:Valid, Multicast, Rid:0 Ref_cnt:3 EncapFmly:0806 Oif:3 Len:14 Data:ff ff ff ff ff ff 00 25 90 c4 82 2c 08 00 Id:010 Type:Encap Fmly:AF_BRIDGE Flags:Valid, L2, Rid:0 Ref_cnt:3 EncapFmly:0000 Oif:3 Len:0 Data: Id:012 Type:Vxlan Vrf Fmly: AF_INET Flags:Valid, Rid:0 Ref_cnt:2 Vrf:1 Id:013 Type:Composite Fmly: AF_INET Flags:Valid, Fabric, Rid:0 Ref_cnt:3 Sub NH(label): 19(1027) Id:014 Type:Composite Fmly: AF_INET Flags:Valid, Multicast, L3, Rid:0 Ref_cnt:3 Sub NH(label): 13(0) 7(0) Id:015 Type:Composite Fmly:AF_BRIDGE Flags:Valid, Multicast, L2, Rid:0 Ref_cnt:3 Sub NH(label): 13(0) 10(0) Id:016 Type:Tunnel Fmly: AF_INET Flags:Valid, MPLSoGRE, Rid:0 Ref_cnt:1 Oif:2 Len:14 Flags Valid, MPLSoGRE, Data:00 25 90 aa 09 a6 00 25 90 c4 82 2c 08 00 Vrf:0 Sip:10.204.216.72 Dip:10.204.216.21 Id:019 Type:Tunnel Fmly: AF_INET Flags:Valid, MPLSoUDP, Rid:0 Ref_cnt:7 Oif:2 Len:14 Flags Valid, MPLSoUDP, Data:00 25 90 aa 09 a6 00 25 90 c4 82 2c 08 00 Vrf:0 Sip:10.204.216.72 Dip:10.204.216.21 Id:020 Type:Composite Fmly:AF_UNSPEC Flags:Valid, Multi Proto, Rid:0 Ref_cnt:2 Sub NH(label): 14(0) 15(0)
Example: nh --get
Use the --get
option to display
information for a single next hop.
# nh –get 9 Id:009 Type:Encap Fmly:AF_BRIDGE Flags:Valid, L2, Rid:0 Ref_cnt:4 EncapFmly:0000 Oif:3 Len:0 Data:
Example: nh --help
# nh –help Usage: nh --list nh --get <nh_id> nh --help --list Lists All Nexthops --get <nh_id> Displays nexthop corresponding to <nh_id> --help Displays this help message