1 ## Tunnel Monitor Example 2 3 This example shows how to use a BPF program to parse packets across an 4 encapsulation boundary. It uses this ability to record inner+outer ip addresses 5 as well as vxlan id into a hash table. The entries in that table store bytes 6 and packets received/transmitted. One novel part of this program is its use of 7 `bpf_tail_call` to parse two different IP headers (inner/outer) using the same 8 state machine logic. 9 10 Also part of this example is a simulation of a multi-host environment with an 11 overlay network (using vxlan in this case), and each host contains multiple 12 clients in different segments of the overlay network. The script `traffic.sh` 13 can be used to simulate a subset of clients on host0 talking to various other 14 clients+hosts at different traffic rates. 15 16 ![Overlay Diagram](vxlan.jpg) 17 18 Once the simulation is running, the statistics kept by the BPF program can be 19 displayed to give a visual clue as to the nature of the traffic flowing over 20 the physical interface, post-encapsulation. 21 22 ![Chord Diagram](chord.png) 23 24 To get the example running, change into the examples/tunnel_monitor directory. 25 If this is the first time, run `setup.sh` to pull in the UI component and 26 dependencies. You will need nodejs+npm installed on the system to run this, but 27 the setup script will only install packages in the local directory. 28 29 ``` 30 [user@localhost tunnel_monitor]$ ./setup.sh 31 Cloning into 'chord-transitions'... 32 remote: Counting objects: 294, done. 33 ... 34 jquery#2.1.4 bower_components/jquery 35 modernizr#2.8.3 bower_components/modernizr 36 fastclick#1.0.6 bower_components/fastclick 37 [user@localhost tunnel_monitor]$ 38 ``` 39 40 Then, start the simulation by running main.py: 41 42 ``` 43 [root@bcc-dev tunnel_monitor]# python main.py 44 Launching host 1 of 9 45 Launching host 2 of 9 46 ... 47 Starting tunnel 8 of 9 48 Starting tunnel 9 of 9 49 HTTPServer listening on 0.0.0.0:8080 50 Press enter to quit: 51 ``` 52 53 The prompt will remain until you choose to exit. In the background, the script 54 has started a python SimpleHTTPServer on port 8080, which you may now try to 55 connect to from your browser. There will likely be a blank canvas until traffic 56 is sent through the tunnels. 57 58 To simulate traffic, use the traffic.sh script to generate a distribution of 59 pings between various clients and hosts. Check back on the chord diagram to 60 see a visualization. Try clicking on a host IP address to see a breakdown of 61 the inner IP addresses sent to/from that host. 62 63 As an exercise, try modifying the traffic.sh script to cause one of the clients 64 to send much more traffic than the others, and use the chord diagram to identify 65 the culprit. 66