Skip to content

Commit

Permalink
Merge pull request iqiyi#399 from ywc689/update_docs_for_v1.7.2
Browse files Browse the repository at this point in the history 
v1.7.2: update docs and release 1.7.2
  • Loading branch information
@mscbg
mscbg authored Feb 28, 2019
2 parents 45968ec + 9e171a1 commit 3f8ca79
Show file tree
Hide file tree
Showing 5 changed files with 246 additions and 41 deletions.
52 changes: 20 additions & 32 deletions doc/TODO.md
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,28 @@
DPVS TODO list
==============

Short-term
----------

* [x] Merge DPDK-17.05.2
* [x] Basic traffic control
* [x] Neighbour (ARP) refactor
* [x] Tunnel Interface (gre/ipip)
* [x] NAT/Tunnel forwarding mode
* [x] Consistent hashing
* [x] Get real client IP for UDP, like TCP TOA.
* [x] Keepalive.conf support SNAT
* [x] Numa/fdir auto check.
* [ ] SNAT Related
- [ ] Multi-WIPs for schedule (auto switch to new WIP if one fails).
- [ ] Fixed group of WIPs for user, share or not share with other user.
- [ ] White/black list.
- [ ] Throughput and concurrency monitoring.
- [ ] Throughput and/or concurrency limiting.
* [x] IPv6 Support.
* [x] Documents update.
* [ ] NIC without Flow-Director (FDIR)
- [x] Packet redirect to workers.
- [ ]RSS pre-calcuating.
* [ ] Merge lastest DPDK stable
* [ ] SNAT ACL
* [ ] Refactor Keepalived (porting latest stable keepalived)
* [ ] Packet Capture and Tcpdump Support
* [ ] Logging
- [ ] Packet based logging.
- [ ] Session based logging (creation, expire, statistics)
* [ ] CI, Test Automation setup.
* [ ] Performance optimization for 25G/40G NIC.
* [ ] Documents update.

Long-term
---------

* [ ] VM support
* [ ] IP fragment support, for UDP apps.
* [ ] CI, Test Automation Setup.
* [ ] Performance Optimization
- [ ] CPU Performance Tuning
- [ ] Memory Performance Tuning
- [ ] Numa-aware NIC
- [ ] Minimal Running Resource
* [ ] 25G/40G NIC Supports
* [ ] VxLAN Support
* [ ] IPv6 Tunnel Device
* [ ] VM Support
* [ ] IP Fragment Support, for UDP APPs.
* [ ] Session Sharing
* [ ] ALG (ftp, sip, ...)
* [ ] VxLAN Support
* [ ] NIC without Flow-Director (fdir)
- Packet redirect to workers.
- RSS pre-calcuating.
* [ ] IPv6 Support.
15 changes: 10 additions & 5 deletions doc/tutorial.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ DPVS Tutorial

About the concepts of *Full-NAT* (`FNAT`), `DR`, `Tunnel`, `toa`, `OSPF`/`ECMP` and `keepalived`, pls refer [LVS](www.linuxvirtualserver.org) and [Alibaba/LVS](https://github.com/alibaba/LVS/tree/master/docs).

Note `DPVS` support `FNAT`, `DR`, `Tunnel`, `SNAT` forwarding modes, and each mode can be configured as `one-arm` or `two-arm` topology, with or without `OSFP/ECMP`/`keepalived`. There're too many combinations, I cannot list all the examples here. Let's just give some popular working models used in our daily work.
Note `DPVS` supports `FNAT`, `DR`, `Tunnel`, `NAT`, `SNAT` forwarding modes, and each mode can be configured as `one-arm` or `two-arm` topology, with or without `OSFP/ECMP`/`keepalived`. There're too many combinations, I cannot list all the examples here. Let's just give some popular working models used in our daily work.

<a id='one-two-arm'/>

Expand Down Expand Up @@ -177,13 +177,17 @@ You could refer to following links to get `TOA` source code and porting to your
* [Huawai TOA](https://github.com/Huawei/TCP_option_address)
* [IPVS CA](https://github.com/yubo/ip_vs_ca)

TOA source code is included into DPVS project(in directory `kmod/toa`) since v1.7 to support IPv6 and NAT64. It is derived from the Alibaba TOA. For IPv6 applications which need client's real IP address, we suggest to use this TOA version.

Be aware that **application may need some changes** if you are using NAT64. An extra `getsockopt` should be called to obtain the client's real IPv6 address from the IPv4 socket on RS. As an example, we give a [NAT64 patch for nginx-1.14](../kmod/toa/example_nat64/nginx/nginx-1.14.0-nat64-toa.patch). By the way, if you do not need client's real IP address, application needs no changes.

<a id='fnat-ospf'/>

## Full-NAT with OSPF/ECMP (two-arm)

To work with *OSPF*, the patch in `patch/dpdk-stable-17.05.2/` must be applied to *dpdk-stable-17.05.2* and the correct `rte_kni.ko` should be installed.
To work with *OSPF*, the patch in `patch/dpdk-xxx/` must be applied to the corresponding DPDK source codes and the correct `rte_kni.ko` should be installed.

`DPVS` OSPF-cluster model looks like this, it leverage `OSPF/ECMP` for HA and high-scalability. This model is widely used in practice.
`DPVS` OSPF-cluster model looks like this, it leverages `OSPF/ECMP` for HA and high-scalability. This model is widely used in practice.

![fnat-ospf-two-arm](pics/fnat-ospf-two-arm.png)

Expand Down Expand Up @@ -646,6 +650,7 @@ Hi, I am 10.140.18.33.
client$ curl 192.168.0.89:80
Hi, I am 10.140.18.34.
```
> Since v1.7.2, a solution is made for multi-lcore NAT mode forwarding. The principle is to redirect the outbound packets to the correct lcore where its session entry reside through a global redirection table and some lockless rings. Of course, it harms performance to some degree. If you want to use it, turn on the config swtich "ipvs_defs/conn/redirect" in /etc/dpvs.conf.
<a id='snat'/>

Expand Down Expand Up @@ -770,7 +775,7 @@ host$ curl www.iqiyi.com

# IPv6 Support

DPVS support IPv6-IPv6 since 1.7-0 which means VIP/client IP/local IP/rs IP can be IPv6. You can configure IPv6 fullnat just like IPv4:
DPVS support IPv6-IPv6 since v1.7 which means VIP/client IP/local IP/rs IP can be IPv6. You can configure IPv6 fullnat just like IPv4:

```bash
#!/bin/sh -
Expand Down Expand Up @@ -952,7 +957,7 @@ ipvs_defs {
......
}
```
It should note that the redirect forwarding may harm performance to a certain degree. Keep it in `off` state unless you have no other sulotions.
It should note that the redirect forwarding may harm performance to a certain degree. Keep it in `off` state unless you have no other solutions.


<a id='virt-dev'/>
Expand Down
8 changes: 4 additions & 4 deletions src/VERSION
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
#!/bin/sh -
# program: dpvs
# commit: ff3e0b3159bb7562844b332b24178812f5612ea1
# Jun 21, 2018
# Feb 26, 2019
# Features: NAT64, connection redirect

export VERSION=1.6
export RELEASE=1
export VERSION=1.7
export RELEASE=2

echo $VERSION-$RELEASE
101 changes: 101 additions & 0 deletions test/checklist-v1.7.2.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
DPVS v1.7.2 功能测试结果
------------------------
- IPv4 协议栈测试
* [Y] DPVS IPv4 地址添加、查询、删除
* [Y] DPVS IPv4 路由添加、查询、删除
* [Y] DPVS IPv4 ARP 缓存表正常
* [Y] DPVS IPv4 地址能 ping 通

- IPv6 协议栈测试
* [Y] DPVS IPv6 地址添加、查询、删除
* [Y] DPVS IPv6 路由添加、查询、删除
* [Y] DPVS IPv6 ARP 缓存表正常
* [Y] DPVS IPv6 地址能 ping 通

- DPVS FullNAT 转发测试
* [Y] ipvsadm 业务添加、查询、修改、删除
* [Y] keepalive 业务添加、查询、修改、删除
- TCP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [Y] 6to4 转发
- TCP synproxy 功能
* [Y] 4to4 转发
* [Y] 6to6 转发
* [Y] 6to4 转发
- TOA Centos 7
* [Y] 源 IP、端口获取功能(4to4, 6to6, 6to4) -- 6to4 apache可以直接获取源IP,nginx需要patch
* [Y] toa.ko 加载测试
* [Y] toa.ko 卸载测试(有流量时)
* [Y] toa.ko 版本前向兼容测试 -- nginx兼容,apache关闭IPv6后不兼容
- TOA Centos 6
* [Y] 源 IP、端口 获取功能(4to4, 6to6, 6to4) -- 6to6无环境未测试,6to4 nginx需要patch
* [Y] toa.ko 加载测试
* [Y] toa.ko 卸载测试(有流量时)
* [Y] toa.ko 版本前向兼容测试
- UDP 协议数据转发(无 UOA 数据)
* [Y] 4to4 转发
* [Y] 6to6 转发
* [Y] 6to4 转发
- UOA Centos 7
* [Y] 源 IP、端口获取功能(4to4, 6to6, 6to4)
* [Y] uoa.ko 加载测试
* [Y] uoa.ko 卸载测试(有流量时)
* [N] uoa.ko 版本前向兼容测试 -- 不兼容 v1.6 版本 uoa.ko,无法获取源 IP、带 UOA 的 UDP 包被丢弃(4to4 未丢)
- UOA Centos 6
* [Y] 源 IP、端口获取功能(4to4, 6to4)
* [Y] uoa.ko 加载测试
* [Y] uoa.ko 卸载测试(有流量时)
* [N] uoa.ko 版本前向兼容测试 -- 不兼容 v1.6 版本 uoa.ko,无法获取源 IP、带 UOA 的 UDP 包被丢弃(4to4 未丢)
- Flow Director 测试
* [Y] Perfect 模式、一个或多个 Local IP (4to4, 6to4)
* [N] Perfect 模式、一个或多个 Local IP (6to6) -- 网卡不支持
* [Y] Signature 模式、一个 Local IP (4to4, 6to6, 6to4)
* [N] Signature 模式、多个 Local IP (4to4, 6to6, 6to4) -- 网卡不支持
* [Y] Signature 模式、多个 Local IP、打开 packet redirect (4to4, 6to6, 6to4)


- DPVS SNAT 转发测试
* [Y] ipvsadm 业务添加、查询、修改、删除
* [Y] keepalived 业务添加、查询、修改、删除
* [Y] ICMP 转发
* [Y] TCP 转发
* [Y] UDP 转发
* [Y] ICMP 隧道上网
* [Y] TCP 隧道上网
* [Y] UDP 隧道上网

- DPVS DR 转发测试
- TCP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持
- UDP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持

- DPVS Tunnel 转发测试
- TCP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持
- UDP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持

- DPVS NAT 转发测试(单核,或多核打开redirect)
- TCP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持
- UDP 协议数据转发
* [Y] 4to4 转发
* [Y] 6to6 转发
* [N] 6to4 转发 -- 原理上不支持

-------------------
Note:
* [Y]: Test Passed
* [N]: Test Failed or Not Supported
111 changes: 111 additions & 0 deletions test/checklist_setup.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
#!/bin/sh

### IP/Route ###
dpip addr add 2001::12/64 dev dpdk0 # host IP
dpip addr add 2001::1/128 dev dpdk0 # FullNAT vip
dpip addr add 2001::2/128 dev dpdk0 # DR vip
dpip addr add 2001::3/128 dev dpdk0 # Tunnel vip
dpip addr add 2002::1/64 dev dpdk0 # NAT vip

dpip addr add 192.168.88.12/24 dev dpdk0 # host IP
dpip addr add 192.168.88.1/32 dev dpdk0 # FullNAT vip
dpip addr add 192.168.88.2/32 dev dpdk0 # DR vip
dpip addr add 192.168.88.3/32 dev dpdk0 # Tunel vip
dpip addr add 172.27.88.1/24 dev dpdk0 # NAT vip

dpip addr add 2001::4/128 dev dpdk0 # NAT64 vip

### FullNAT ###
ipvsadm -A -t [2001::1]:8080 -j enable
ipvsadm -at [2001::1]:8080 -r [2001::51]:80 -b
ipvsadm -at [2001::1]:8080 -r [2001::52]:80 -b
ipvsadm -at [2001::1]:8080 -r [2001::53]:80 -b
ipvsadm -at [2001::1]:8080 -r [2001::54]:80 -b
ipvsadm -Pt [2001::1]:8080 -z 2001::1:11 -F dpdk0
ipvsadm -Pt [2001::1]:8080 -z 2001::1:12 -F dpdk0
ipvsadm -Pt [2001::1]:8080 -z 2001::1:13 -F dpdk0

ipvsadm -A -u [2001::1]:80
ipvsadm -au [2001::1]:80 -r [2001::51]:6000 -b
ipvsadm -au [2001::1]:80 -r [2001::54]:6000 -b
ipvsadm -Pu [2001::1]:80 -z 2001::1:12 -F dpdk0

ipvsadm -A -t 192.168.88.1:8080 -j enable
ipvsadm -at 192.168.88.1:8080 -r 192.168.88.151:80 -b
ipvsadm -at 192.168.88.1:8080 -r 192.168.88.152:80 -b
ipvsadm -at 192.168.88.1:8080 -r 192.168.88.153:80 -b
ipvsadm -at 192.168.88.1:8080 -r 192.168.88.154:80 -b
ipvsadm -Pt 192.168.88.1:8080 -z 192.168.88.241 -F dpdk0
ipvsadm -Pt 192.168.88.1:8080 -z 192.168.88.242 -F dpdk0
ipvsadm -Pt 192.168.88.1:8080 -z 192.168.88.243 -F dpdk0

ipvsadm -A -u 192.168.88.1:80 -j enable
ipvsadm -au 192.168.88.1:80 -r 192.168.88.151:6000 -b
ipvsadm -au 192.168.88.1:80 -r 192.168.88.154:6000 -b
ipvsadm -Pu 192.168.88.1:80 -z 192.168.88.241 -F dpdk0

### NAT64 ###
ipvsadm -A -t [2001::4]:8080 -j enable
ipvsadm -at [2001::4]:8080 -r 192.168.88.151:80 -b
ipvsadm -at [2001::4]:8080 -r 192.168.88.152:80 -b
ipvsadm -at [2001::4]:8080 -r 192.168.88.153:80 -b
ipvsadm -at [2001::4]:8080 -r 192.168.88.154:80 -b
ipvsadm -Pt [2001::4]:8080 -z 192.168.88.241 -F dpdk0
ipvsadm -Pt [2001::4]:8080 -z 192.168.88.242 -F dpdk0
ipvsadm -Pt [2001::4]:8080 -z 192.168.88.243 -F dpdk0

ipvsadm -A -u [2001::4]:80
ipvsadm -au [2001::4]:80 -r 192.168.88.151:6000 -b
ipvsadm -Pu [2001::4]:80 -z 192.168.88.241 -F dpdk0

### DR ###
ipvsadm -A -t [2001::2]:80 -s wlc
ipvsadm -at [2001::2]:80 -r [2001::51]:80 -g -w 100
ipvsadm -at [2001::2]:80 -r [2001::52]:80 -g -w 200

ipvsadm -A -u [2001::2]:6000 -s wlc
ipvsadm -au [2001::2]:6000 -r [2001::51]:6000 -g -w 50
ipvsadm -au [2001::2]:6000 -r [2001::52]:6000 -g -w 50

ipvsadm -A -t 192.168.88.2:80 -s rr
ipvsadm -at 192.168.88.2:80 -r 192.168.88.151:80 -g -w 10
ipvsadm -at 192.168.88.2:80 -r 192.168.88.152:80 -g -w 10

ipvsadm -A -u 192.168.88.2:6000 -s wrr
ipvsadm -au 192.168.88.2:6000 -r 192.168.88.151:6000 -g -w 10
ipvsadm -au 192.168.88.2:6000 -r 192.168.88.152:6000 -g -w 20

### Tunnel ###
ipvsadm -A -t [2001::3]:80
ipvsadm -at [2001::3]:80 -r [2001::51]:80 -i
ipvsadm -at [2001::3]:80 -r [2001::52]:80 -i

ipvsadm -A -u [2001::3]:6000
ipvsadm -au [2001::3]:6000 -r [2001::51]:6000 -i
ipvsadm -au [2001::3]:6000 -r [2001::52]:6000 -i

ipvsadm -A -t 192.168.88.3:80
ipvsadm -at 192.168.88.3:80 -r 192.168.88.151:80 -i
ipvsadm -at 192.168.88.3:80 -r 192.168.88.152:80 -i

ipvsadm -A -u 192.168.88.3:6000
ipvsadm -au 192.168.88.3:6000 -r 192.168.88.151:6000 -i
ipvsadm -au 192.168.88.3:6000 -r 192.168.88.152:6000 -i

### NAT ###
ipvsadm -A -t [2002::1]:8080
ipvsadm -at [2002::1]:8080 -r [2001::51]:80 -m
ipvsadm -at [2002::1]:8080 -r [2001::52]:80 -m

ipvsadm -A -u [2002::1]:80
ipvsadm -au [2002::1]:80 -r [2001::51]:6000 -m
ipvsadm -au [2002::1]:80 -r [2001::52]:6000 -m

ipvsadm -A -t 172.27.88.1:8080
ipvsadm -at 172.27.88.1:8080 -r 192.168.88.151:80 -m
ipvsadm -at 172.27.88.1:8080 -r 192.168.88.152:80 -m

ipvsadm -A -u 172.27.88.1:80
ipvsadm -au 172.27.88.1:80 -r 192.168.88.151:6000 -m
ipvsadm -au 172.27.88.1:80 -r 192.168.88.152:6000 -m

0 comments on commit 3f8ca79

Please sign in to comment.