Tim Rozet trozet
trozet
/ combined_filter.xml
Created
April 25, 2025 21:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <ItemFilter xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> | |
| <name>Combined Warlock and Warpath Filter</name> | |
| <filterIcon>0</filterIcon> | |
| <filterIconColor>0</filterIconColor> | |
| <description>Combined filter for Chthonic Fissure Warlock and Warpath Void Knight</description> | |
| <lastModifiedInVersion>1.0.0.4</lastModifiedInVersion> | |
| <lootFilterVersion>0</lootFilterVersion> | |
| <rules> | |
| <!-- Base rule to hide all items --> |
trozet
/ gist:ce52ac04afb0f78636af4def56947699
Created
March 18, 2025 18:53
tcpdump ovnk pod -> nodeport, ETP=local on server side
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@ovn-worker2 ~]# tcpdump -i any 'port 80 or port 30973' -nneev | |
| tcpdump: WARNING: any: That device doesn't support promiscuous mode | |
| (Promiscuous mode not supported on the "any" device) | |
| dropped privs to tcpdump | |
| tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes | |
| 18:51:34.072883 genev_sys_6081 P ifindex 8 0a:58:64:58:00:03 ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 63, id 17095, offset 0, flags [DF], proto TCP (6), length 60) | |
| 10.244.0.3.45952 > 172.18.0.2.30973: Flags [S], cksum 0x3355 (correct), seq 800905722, win 65280, options [mss 1360,sackOK,TS val 1346754696 ecr 0,nop,wscale 7], length 0 | |
| 18:51:34.073256 ovn-k8s-mp0 In ifindex 6 0a:58:0a:f4:01:01 ethertype IPv4 (0x0800), length 80: (tos 0x0, ttl 62, id 17095, offset 0, flags [DF], proto TCP (6), length 60) | |
| 10.244.0.3.45952 > 172.18.0.2.30973: Flags [S], cksum 0x3355 (correct), seq 800905722, win 65280, options [mss 1360,sackOK,TS val 1346754696 ecr 0,nop,wscale 7], length 0 | |
| 18:51:34.073271 ov |
trozet
/ gist:3319bc7369b3959e0135018c5e96ce4f
Created
March 17, 2025 21:09
reroute to other node via ovn drop
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ovn-worker ~]# ovn-trace --ct new ovn-worker 'inport == "k8s-ovn-worker" && eth.src == 0a:58:0a:f4:02:02 && eth.dst == 0a:58:0a:f4:02:01 && tcp && ip4.src==172.18.0.2 && ip4.dst==172.18.0.4 && ip.ttl==64 && tcp.dst==31470' | |
| # tcp,reg14=0x2,vlan_tci=0x0000,dl_src=0a:58:0a:f4:02:02,dl_dst=0a:58:0a:f4:02:01,nw_src=172.18.0.2,nw_dst=172.18.0.4,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,tp_src=0,tp_dst=31470,tcp_flags=0 | |
| ingress(dp="ovn-worker", inport="k8s-ovn-worker") | |
| ------------------------------------------------- | |
| 0. ls_in_check_port_sec (northd.c:9433): 1, priority 50, uuid 9c2358e2 | |
| reg0[15] = check_in_port_sec(); | |
| next; | |
| 4. ls_in_pre_acl (northd.c:6168): ip, priority 100, uuid 5c6ff985 | |
| reg0[0] = 1; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ovn-worker ~]# ovn-trace --ct est,rpl b780a060-63b0-4a7b-a6c2-17dbd58a8ab5 'inport == "tstor-ovn-worker2" && eth.src == 0a:58:64:58:00:02 && eth.dst== 0a:58:64:58:00:03 && tcp && ip4.src==10.244.1.3 && ip4.dst==10.244.2.3 && ip.ttl==64 && tcp.dst==23453' | |
| 2025-03-12T19:25:22Z|00001|ovntrace|WARN|ct.new && ip4.dst == ^NODEIP_IPv4_1 && tcp.dst == 31844: parsing expression failed | |
| 2025-03-12T19:25:22Z|00002|ovntrace|WARN|ct.new && ip4.dst == ^NODEIP_IPv4_1 && tcp.dst == 31844: parsing expression failed (Syntax error at end of input expecting constant.) | |
| 2025-03-12T19:25:22Z|00003|ovntrace|WARN|reg0[2] == 1 && ip4.dst == ^NODEIP_IPv4_1 && udp.dst == 31411: parsing expression failed | |
| 2025-03-12T19:25:22Z|00004|ovntrace|WARN|reg0[2] == 1 && ip4.dst == ^NODEIP_IPv4_1 && udp.dst == 31411: parsing expression failed (Syntax error at end of input expecting constant.) | |
| 2025-03-12T19:25:22Z|00005|ovntrace|WARN|reg0[2] == 1 && ip4.dst == ^NODEIP_IPv4_0 && tcp.dst == 31844: parsing expression failed | |
| 2025-03-12T19:25:22 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Load Balancer Service Tests with MetalLB Should ensure load balancer service works with 0 node ports when ETP=local | |
| [root@ovn-worker ~]# tcpdump -i eth0 port 80 -nnnee | |
| dropped privs to tcpdump | |
| tcpdump: verbose output suppressed, use -v[v]... for full protocol decode | |
| listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes | |
| 21:01:32.057015 8e:42:7f:b8:b0:07 > ea:0f:f1:82:32:59, ethertype IPv4 (0x0800), length 74: 172.22.0.3.46846 > 192.168.10.0.80: Flags [S], seq 808250019, win 64240, options [mss 1460,sackOK,TS val 1440740773 ecr 0,nop,wscale 7], length 0 | |
| 21:01:32.059769 ea:0f:f1:82:32:59 > 7a:92:3c:cc:69:3a, ethertype IPv4 (0x0800), length 74: 192.168.10.0.80 > 172.22.0.3.46846: Flags [S.], seq 1401975101, ack 808250020, win 64704, options [mss 1360,sackOK,TS val 2702500104 ecr 1440740773,nop,wscale 7], length 0 | |
| 21:01:33.105162 8e:42:7f:b8:b0:07 > ea:0f:f1:82:32:59, ethertype IPv4 (0x0800), length 74: 172.22.0.3.46846 > 192.168.10.0.80: Flags [S], seq 808250019, win 64240, options [mss 14 |
trozet
/ gist:f77046b60869b01e6ba312aa50aa5a52
Created
November 25, 2024 15:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ovn-worker2 ~]# ovn-trace --ct new default.l3.primary_ovn-worker2 'inport == "default.l3.primary_default_client" && eth.src == 0a:58:0a:14:02:04 && eth.dst==0a:58:0a:14:02:01 && tcp && ip4.src==10.20.2.4 && ip4.dst==10.20.1.3 && ip.ttl==64 && tcp.dst==80' | |
| # tcp,reg14=0x3,vlan_tci=0x0000,dl_src=0a:58:0a:14:02:04,dl_dst=0a:58:0a:14:02:01,nw_src=10.20.2.4,nw_dst=10.20.1.3,nw_tos=0,nw_ecn=0,nw_ttl=64,nw_frag=no,tp_src=0,tp_dst=80,tcp_flags=0 | |
| ingress(dp="default.l3.primary_ovn-worker2", inport="default.l3.primary_default_client") | |
| ---------------------------------------------------------------------------------------- | |
| 0. ls_in_check_port_sec (northd.c:9432): 1, priority 50, uuid 8816ec3d | |
| reg0[15] = check_in_port_sec(); | |
| next; | |
| 4. ls_in_pre_acl (northd.c:6167): ip, priority 100, uuid ebc0eec1 | |
| reg0[0] = 1; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Number of namespaces to create | |
| NUM_NAMESPACES=50 # Adjust this as needed | |
| # Base name for the namespaces and UserDefinedNetworks | |
| NAMESPACE_BASE="test-namespace" | |
| UDN_BASE="user-defined-network" | |
| # Record the start time of the entire script |
trozet
/ gist:a14a98f6ebbe0cbc1b32b2cb9bf252c6
Last active
November 12, 2024 18:42
ovn-detrace ipv6 lb force snat not working
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ovn-worker ~]# ovs-appctl ofproto/trace breth0 in_port=1,dl_src=02:42:ac:12:00:02,dl_dst=02:42:ac:12:00:03,udp6,udp_src=13337,udp_dst=31184,ipv6_dst=fc00:f853:ccd:e793::3,ipv6_src=fc00:f853:ccd:e793::2,nw_ttl=254,dp_hash=1 | ovn-detrace | |
| Flow: dp_hash=0x1,udp6,in_port=1,vlan_tci=0x0000,dl_src=02:42:ac:12:00:02,dl_dst=02:42:ac:12:00:03,ipv6_src=fc00:f853:ccd:e793::2,ipv6_dst=fc00:f853:ccd:e793::3,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=254,nw_frag=no,tp_src=13337,tp_dst=31184 | |
| bridge("breth0") | |
| ---------------- | |
| 0. udp6,in_port=1,tp_dst=31184, priority 110, cookie 0x8ee50357e3cdd69c | |
| output:5 | |
| bridge("br-int") | |
| ---------------- |
trozet
/ gist:e42566de8c6e9eb7af5707cf4687d24b
Created
November 11, 2024 18:38
layer 2 udn broken service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@ovn-worker ~]# ovs-appctl ofproto/trace breth0 in_port=1,dl_src=02:42:ac:12:00:04,dl_dst=02:42:ac:12:00:03,udp,udp_src=13337,udp_dst=31977,nw_dst=172.18.0.3,nw_src=172.18.0.4,nw_ttl=254 | |
| Flow: udp,in_port=1,vlan_tci=0x0000,dl_src=02:42:ac:12:00:04,dl_dst=02:42:ac:12:00:03,nw_src=172.18.0.4,nw_dst=172.18.0.3,nw_tos=0,nw_ecn=0,nw_ttl=254,nw_frag=no,tp_src=13337,tp_dst=31977 | |
| bridge("breth0") | |
| ---------------- | |
| 0. udp,in_port=1,tp_dst=31977, priority 110, cookie 0x63b27743755a3e63 | |
| output:5 | |
| bridge("br-int") | |
| ---------------- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| im pinging between node 10.0.120.167 and 10.0.24.207. On 207 I see: | |
| 000 Total IPsec connections: loaded 9, active 1 | |
| 000 | |
| 000 State Information: DDoS cookies not required, Accepting new IKE connections | |
| 000 IKE SAs: total(7), half-open(0), open(0), authenticated(7), anonymous(0) | |
| 000 IPsec SAs: total(2), authenticated(2), anonymous(0) | |
| 000 | |
| 000 #1: "ovn-opportunistic-out#10.0.0.0/16-(0--17--6081)"[1] ...10.0.29.156:500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); REKEY in 27869s; REPLACE in 28544s; newest; idle; | |
| 000 #2: "ovn-opportunistic-out#10.0.0.0/16-(0--17--6081)"[2] ...10.0.67.171:500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); REKEY in 27772s; REPLACE in 28544s; newest; idle; |
NewerOlder