Overlay- manifests

[cse578group29]

Hello, if applying the manifests/overlay, will it create vxlan interface? The overaly/e2e is same as base. Would you please explain more details about how to create vxlan by meshnet-cni? Thank you!

[networkop]

overlay/e2e is only used for testing. It follow the structure of kustomize manifests. meshnet creates vxlan or veth interface depending on where the peer pod is located. if it's on the same node - it'll create veth, if it's on a different node - it'll create a vxlan intf

[cse578group29]

Can meshnet create vxlan for pods on different nodes when applying manifests/base? In my system, calico + meshnet/base is installed, there is no vxlan intf in the pods created (pods on different nodes can ping ), seems it communicate through calico path not the vxlan.

[networkop]

calico (or any other CNI plugin) will only plug in a single interface, eth0. meshnet, on the other hand, was created to plug in other interfaces, e.g. eth1, swp99 in addition to the default eth0. Applying meshnet manifests simply installs the CRDs and daemonset inside the cluster. You then need to tell it how to interconnect the pods and create the pods themselves. Have a look at examples in ./tests directory. For example https://github.com/networkop/meshnet-cni/blob/master/tests/2node.yml would create a kind: Topology for the two pods and towards the bottom contains the pod manifests themselves.

[cse578group29]

Thanks! By applying the 2node.yml , only 3 pods (r1,r2,r4) are created. What's r3 for in this yml file? might be some typo in this file?

• apiVersion: networkop.co.uk/v1beta1 kind: Topology metadata: name: r3 spec: links:
  • uid: 2 peer_pod: r4 local_intf: eth1 peer_intf: eth1

[networkop]

I think this is a left-over (mistake). It shouldn't be there.

[cse578group29]

Thanks for the clarification. I have applied the 3node.yml by adjusting IPs to the private ones. By using tcpdump, I can capture icmp between pod2-pod3, but can't capture any traffic between pod3-pod1 (still can ping!). Any suggestion on this issue?

[networkop]

so p2 and ping p3 but neither can ping p1? is that right? can you provide the output of kubectl get pod -A -owide?

[cse578group29]

ping p2<->p3, p2<->p1, and p1<->p3 all work, but can't capture traffic through tcpdump for p1<->p3. NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES r1 1/1 Running 0 20h 10.0.190.92 n0028 r2 1/1 Running 0 20h 10.0.247.232 n0027 r3 1/1 Running 0 20h 10.0.190.93 n00528

[networkop]

ok, got it. and can you show how you capture the traffic?

[cse578group29]

use tcpdump on p3 to capture all traffic, then ping from p3 to p2 and to p1.

Updates--- by re-creating a 5node topology, I can capture all traffic among nodes through vxlan. Still don't know why 3node has issue, but for 5nodes case, meshnet works as expectation. Thanks

[networkop]

I think if two pods end up on the same node, the veth link between them is not visible in the root network namespace (where you do the packet pacture), hence you can't see the packets. Best way to capture would be inside the pod itself.