Bug 1475440 - [DOCS] Packet Flow Docs can't be right, as TCP dumps on br0 don't show packets.
Summary: [DOCS] Packet Flow Docs can't be right, as TCP dumps on br0 don't show packets.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: ---
Assignee: brice
QA Contact: Meng Bo
Vikram Goyal
URL:
Whiteboard: 3.7-release-plan
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-26 17:09 UTC by Eric Rich
Modified: 2021-08-30 13:20 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-11 00:26:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3128381 0 None None None 2017-07-26 19:39:55 UTC

Description Eric Rich 2017-07-26 17:09:32 UTC
Document URL: https://docs.openshift.com/container-platform/3.5/architecture/additional_concepts/sdn.html#sdn-packet-flow

Section Number and Name: Packet Flow

Describe the issue: If a TCP dump is taken on br0 and a pod tries to talk to another pod (no packets are captured). 

Suggestions for improvement: We need to update the packet flows to accurately show how traffic moves from one interface to another so that troubleshooting on the correct interfaces can be done when there are performance and networking related issues.  

Additional information:

Comment 1 Ryan Howe 2017-07-26 17:13:45 UTC
This diagram is more up to date. Expect for the references vxlan0  

https://docs.openshift.com/container-platform/3.5/admin_guide/sdn_troubleshooting.html#the-interfaces-on-a-node

Comment 2 Ryan Howe 2017-07-26 19:39:55 UTC
Create the following KCS: 

How to capture all OpenShift Pod traffic on a node's openvswitch br0 interface. 
https://access.redhat.com/solutions/3128381


There are other ways to capture tcp data but this is one way using the mirror feature of ovs.

Comment 3 Dan Winship 2017-08-14 13:35:04 UTC
(In reply to Eric Rich from comment #0)
> Describe the issue: If a TCP dump is taken on br0 and a pod tries to talk to
> another pod (no packets are captured). 

I think that's just an artifact of how Open vSwitch works; it must not be possible to use tcpdump on an Open vSwitch bridge. The documentation is correct about the logical flow of traffic.

(In reply to Ryan Howe from comment #1)
> This diagram is more up to date. Expect for the references vxlan0  
> 
> https://docs.openshift.com/container-platform/3.5/admin_guide/
> sdn_troubleshooting.html#the-interfaces-on-a-node

There aren't really any differences between the two docs.

I guess the use of "vxlan0" (in both docs) is not quite accurate; it's referred to by that name in the OVS rules, but the actual network interface ends up being called "vxlan_sys_4789".

Comment 4 brice 2017-08-15 04:01:56 UTC
Thanks for that, Dan. I've made a PR:

https://github.com/openshift/openshift-docs/pull/5018

Eric, as the reporter, would you say this fulfills this BZ? Is there something missing or is this not what you intended? Thanks.

Comment 5 openshift-github-bot 2017-08-25 00:41:50 UTC
Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/a40c4975f4cf43fb2b8672a9a7495c65e97c0d5b
Merge pull request #5018 from bfallonf/packetflow_1475440

Bug 1475440 Corrected vxlan naming info


Note You need to log in before you can comment on or make changes to this bug.