Wednesday, August 27, 2014

How to take Diff or patch from review.openstack.org

1)
Open one bug or blueprint
https://review.openstack.org/#/c/115234/

2)
Clone the source code of the project from github (master branch)
For example: Copying the source code of OpenStack Heat project.
#git clone https://github.com/openstack/heat.git

3)
Goto the project directory
#cd heat

4)
Get the changes from https://review.openstack.org/#/c/115234/

4,1)
Get the patch from https://review.openstack.org/#/c/115234/ and apply
a)
Goto https://review.openstack.org/#/c/115234/ and Click on "Patch" tab and copy the link.
Then goto the project directory and append the copied link with command "patch -p0 < " and execute
Example:
#patch -p0 < 'copied_link'
#patch -p0 < `git fetch ssh://sajuptpm@review.openstack.org:29418/openstack/heat refs/changes/34/115234/8 && git format-patch -1 --stdout FETCH_HEAD`

b)
Run "git diff", so you can see the diff
#git diff

4,2)
Checkout the commit (including commit message) from https://review.openstack.org/#/c/115234/

a)
Goto https://review.openstack.org/#/c/115234/ and Click on "checkout" tab and copy the link.
Then goto the project directory and append "-b new_branch" at the end of the copied link and execute. This will create a new branch named "new_branch" and apply the commit there.
Example:
#git fetch ssh://sajuptpm@review.openstack.org:29418/openstack/heat refs/changes/34/115234/8 && git checkout FETCH_HEAD -b new_branch

b)
Confirm the commit. You can see the commit message here.
#git log -n 1

4,3)
cherry-pick the commit (including commit message) from https://review.openstack.org/#/c/115234/

a)
Goto https://review.openstack.org/#/c/115234/ and Click on "cherry-pick" tab and copy the link.

*Then goto the project directory and create a new branch
#git branch new_branch

*Then goto the new_branch
#git checkout new_branch

*Then paste the link and execute it
Example:
#git fetch ssh://sajuptpm@review.openstack.org:29418/openstack/heat refs/changes/34/115234/8 && git cherry-pick FETCH_HEAD

b)
Confirm the commit. You can see the commit message here.
#git log -n 1

Monday, August 25, 2014

Howto OpenStack upload new patch set to review.openstack.org

1)
Clone the project

#git clone https://github.com/stackforge/puppet-heat.git

2)
cd to cloned project

#cd puppet-heat/

3)
Goto
https://review.openstack.org/#/c/104795/
Click on "checkout" and copy the link
Add "-b bug_branch" at the end onf the link

#git fetch ssh://sajuptpm@review.openstack.org:29418/stackforge/puppet-heat refs/changes/95/104795/3 && git checkout FETCH_HEAD -b bug_branch

4)

Confirm that, you are in bug_branch

#git branch

5)
Rebase with master

#git rebase -i master

6)
Fix conflict


A conflict-marked area begins with <<<<<<< and ends with >>>>>>>.
These are also known as the conflict markers.
The two conflicting blocks themselves are divided by a =======.

<<<<<<< HEAD
     Changes in the 'master' branch.
=======
    Chnages in the working branch, Eg:conflict_fix_branch
>>>>>>> conflict_fix_branch


7)
Prepare the resoved files for commit

#git add name_of_modified_file(s)

8)
Continue rebase

#git rebase --continue

9)
This command will automatically commit all resolved files and move to the next commit.
So we don't need to commit the resolved files manually.
#git rebase --continue

10)
#Make or Apply your changes


11)
Commit the changes

#git commit -a --amend

12)
Prepare for push

#git review -s
* Enter your gerrit username: sajuptpm

13)
Push the changes

#git review

Friday, August 22, 2014

How To Use expect with bash script

#!/bin/bash

username="saju"
password="saju"


expect -c "
        ##Enable debug mode
        #exp_internal 1
        #set timeout 20
        spawn ssh $username@192.168.56.101
        expect "?assword:"
        send \"$password\r\"

        ##To Get console after SSH
        interact"






Howto Debug Expect Script


#!/usr/bin/expect -f

#Enable debug mode
exp_internal 1

set timeout 20

spawn ssh saju@192.168.56.101
expect "password"
send "saju\n"


##To Get console after SSH
interact











Expect Script Example for SSH


#!/usr/bin/expect -f

#Enable debug mode
#exp_internal 1

set timeout 20

spawn ssh saju@192.168.56.101
expect "password"
send "saju\n"


##To Get console after SSH
interact







How to Backwards migration with Django South

1)
Suppose you have following files in "migrations" folder


0001_initial.py
0002_add_content_type.py
0003_option_to_add_userbookstatus.py


2)
* Run following command to execute the "forwards" method in the migration script 0003_option_to_add_userbookstatus.py

* Run following command to apply the migration script 0003_option_to_add_userbookstatus.py
#./manage.py migrate your_app 0003_option_to_add_userbookstatus.py

3)
* Run following command to execute the "backwards" method in the migration script 0003_option_to_add_userbookstatus.py

* Run following command to revert/rollback the migration script 0003_option_to_add_userbookstatus.py
#./manage.py migrate your_app 0002_add_content_type.py

4)
* Run following command to execute the "backwards" method in the migration script 0002_add_content_type.py
* Run following command to revert/rollback the migration script 0002_add_content_type.py
#./manage.py migrate your_app 0001_initial.py

5)
How to migrate back to 0001_initial.py

#./manage.py migrate your_app zero
or
#./manage.py migrate your_app 0001_initial.py


http://south.readthedocs.org/en/latest/commands.html#migrate

http://stackoverflow.com/questions/5814190/backwards-migration-with-django-south

Django South KeyError: "The model 'contenttype' from the app 'contenttypes' is not available in this migration."

1)
#./manage.py migrate app_settings option_to_add_userbookstatus

Running migrations for app_settings:
 - Migrating forwards to option_to_add_userbookstatus.
 > app_settings:option_to_add_userbookstatus
==== In forwards ====
Error in migration: app_settings:option_to_add_userbookstatus
KeyError: "The model 'contenttype' from the app 'contenttypes' is not available in this migration."

2)
Fix
=====
Add following code in migration script file "option_to_add_userbookstatus.py"

    models = {

        u'contenttypes.contenttype': {
            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
        }
    }

Django ModelAdmin Action Passing multiple parameters

Django ModelAdmin Delete action Passing multiple parameters

* Override the method "action_checkbox" of "admin.ModelAdmin" to pass multiple values from the Form via POST request when submitting the Form. In this example, I am creating string like "4|130476|2012" (bookid|userid|year), which contains the items required to construct the delete query.

* Override the method "changelist_view" of "admin.ModelAdmin" to parse the original unique id from the sting "4|130476|2012" (bookid|userid|year), and pass to "changelist_view" of "admin.ModelAdmin". So other things will work fine.

* Add "delete_selected" in class variable "actions"

* Then Create a method named "deleted_selected" and write a delete query there to delete the object based on multiple values.

* In this example, I am modifying request.POST[admin.ACTION_CHECKBOX_NAME] and creating new item request.POST[admin.ACTION_CHECKBOX_NAME+"_"] in request.POST.

class StatusAdmin(admin.ModelAdmin):

     actions = ['delete_selected']

    def delete_selected(self, request, obj):
        ##* See django/contrib/admin/options.py and django/contrib/admin/helpers.py
        ##use our custom action checkbox value "4|130476|2012" (bookid|userid|year) to delete entry from "userbookstatus" table.
        _selected_action_ = request.POST.getlist(admin.ACTION_CHECKBOX_NAME + "_")
        if _selected_action_:
            del_items = [{"book_id":x.split("|")[0], "user_id":x.split("|")[1], "year":x.split("|")[2]} for x in _selected_action_[0]]
            cursor = connection.cursor()
            for del_item in del_items:
                cursor.execute("delete from userbookstatus where indexbookid='%s' and year='%s' and userid='%s'"\
                            %(del_item["book_id"], del_item["year"], del_item["user_id"]))
            transaction.commit_unless_managed()
            self.message_user(request, "Deleted %s UserBooks" % (len(del_items)))

    def action_checkbox(self, obj):
        """
        A list_display column containing a checkbox widget.
        """
        ###* See django/contrib/admin/options.py and django/contrib/admin/helpers.py
        ###Create a custom value like "4|130476|2012" (bookid|userid|year) and save it in value field of action checkbox
        return helpers.checkbox.render(helpers.ACTION_CHECKBOX_NAME, force_text(obj.pk) + "|" + force_text(obj.user.id) + "|" + str(obj.year))
   
    ##* See django/contrib/admin/options.py and django/contrib/admin/helpers.py
    ##remove title of action checkbox
    action_checkbox.short_description = mark_safe('')
    action_checkbox.allow_tags = True

    def changelist_view(self, request, extra_context=None):
        # Actions with no confirmation
        actions = self.get_actions(request)
        if (actions and request.method == 'POST' and
                'index' in request.POST and '_save' not in request.POST):
            selected = request.POST.getlist(helpers.ACTION_CHECKBOX_NAME)
            if selected:
                ##Save/backup our custom action checkbox value "4|130476|2012" (bookid|userid|year) in another temporary location of request.POST
                request.POST[admin.ACTION_CHECKBOX_NAME+"_"] = selected
                ##Restore the original value of action checkbox to request.POST, So existing code will work fine.
                request.POST[admin.ACTION_CHECKBOX_NAME] = [x.split("|")[0] for x in selected][0]
        return super(StatusAdmin, self).changelist_view(request, extra_context)




Django ModelAdmin save object without using Django ORM


* Override the "save_model" method of "admin.ModelAdmin"
* Use connection and transaction

from django.db import connection, transaction

class StatusAdmin(admin.ModelAdmin)

    def save_model(self, request, obj, form, change):
        ##SM:added
        ##we can't call obj.save() (we can't use save_model of base class) since the model class definition
        ##of "UserBookStatus" has a primary key column named "book", and in database that is not a primary key.
        cursor = connection.cursor()
        cursor.execute("insert into userbookstatus (indexbookid, year, userid, bookstatus) values (%s,%s,%s,'%s')"\
                         %(obj.book.id, obj.year, obj.user.id, obj.bookstatus))
        transaction.commit_unless_managed()      
        objs = core_m.UserBookStatus.objects.filter(user=obj.user).filter(year=obj.year).filter(book=obj.book).all()
        if objs:
            obj = objs[0]
        return obj



Django ModelAdmin add new custom column to changelist table

* Add a new item "get_userid" to list_display.
* Create a new method "get_userid" return the value you want to display in the new column in the changelist table

class StatusAdmin(admin.ModelAdmin):
    ##SM:added
    form = StatusAdminForm
    list_display = ('year', 'book', 'user', 'get_userid')


    def get_userid(self, obj):
        ##Add custom column to the table
        #http://stackoverflow.com/questions/163823/can-list-display-in-a-django-modeladmin-display-attributes-of-foreignkey-field
        return obj.user.id
    get_userid.short_description = 'User ID'



Wednesday, August 20, 2014

Django ModelAdmin add custom checkbox in the table

* Create a new method "action_checkbox2" in "ModelAdmin" class.

* Add the name of this new method in class variable "list_display" of "ModelAdmin" class.

* See django/contrib/admin/options.py and django/contrib/admin/helpers.py
class OurModelAdmin(admin.ModelAdmin):

    list_display = ('action_checkbox2', 'year', 'book', 'user')

    def action_checkbox2(self, obj):
        """
        A list_display column containing a checkbox widget.
        """
        from django.contrib.admin import helpers
        from django.utils.encoding import force_text
        return helpers.checkbox.render("_selected_action2", force_text(obj.pk))
    from django.utils.safestring import mark_safe   
    action_checkbox2.short_description = mark_safe('')
    action_checkbox2.allow_tags = True

Django ModelAdmin ActionForm action_checkbox replace id with different field

* Override the method "action_checkbox" of "ModelAdmin" class and change "obj.pk" with "obj.your_field"

* See django/contrib/admin/options.py and django/contrib/admin/helpers.py

class OurModelAdmin(admin.ModelAdmin):

    def action_checkbox(self, obj):
        """
        A list_display column containing a checkbox widget.
        """
        from django.contrib.admin import helpers
        from django.utils.encoding import force_text
        return helpers.checkbox.render(helpers.ACTION_CHECKBOX_NAME, force_text(obj.pk))




Django ModelAdmin ActionForm action_checkbox

* See django/contrib/admin/options.py and django/contrib/admin/helpers.py

#python manage.py shell
>>>
>>>
>>>
>>> from django import forms
>>>
>>> checkbox = forms.CheckboxInput({'class': 'action-select'}, lambda value: False)
>>>
>>> ACTION_CHECKBOX_NAME = '_selected_action'
>>>
>>>
>>> from django.contrib.admin import helpers
>>>
>>>
>>> from django.utils.encoding import force_text
>>>
>>> c = checkbox.render(ACTION_CHECKBOX_NAME, force_text(4444))
>>>
>>> c
u''
>>>
>>>
>>>







Monday, August 18, 2014

Debugging your Python Applications with pudb

https://pypi.python.org/pypi/pudb

1)
Install

#sudo easy_install pudb
OR
#pip install pudb




2)
To start debugging, simply insert one of the following statements into your code.


import pudb; pu.db

OR

import pudb
pu.db

OR

from pudb import set_trace; set_trace()

OR

from pudb import set_trace
set_trace()

3)
a)
This opens a window with a pop-up window


Press "Enter" to goto "Edit Preferences" pop-up window.

Press "Space" to select the settings

Press "Esc" to close the pop-up window

b)
Press "Ctrl" + "x" to goto Command Line.
Press "Ctrl" + "x" to exit from Command Line.

Press "n" to execute next line
Press "s" to step into a method/function
Press "c" to continue the execution

4)
How to Set breakpoint.

Use arrow key and select the line where you want to set the breakpoint and press "b", then you can see a red mark in that line.
Then Press "c" to continue the execution and stop at breakpoint



How to connect to OpenStack Keystone API v2.0 using keystoneclient

How to connect to OpenStack Identity API v2.0 using keystoneclient 

import keystoneclient
 

from keystoneclient.v2_0 import client
 

keystone = client.Client(username="admin", password="nova", tenant_name="admin", auth_url="http://192.168.56.101:5000/v2.0", debug=True)

print "Projects:===>", keystone.tenants.list()
print "\n"
print "Users:===>",  keystone.users.list()





















Installation of DevStack with OpenContrail Single Node Setup

1)
Create a VirtualBox VM with ubuntu 12.04 Server and 4GB RAM

2)
Remove following line and reboot if you have network issue in 12.04 Server
#sudo rm /etc/udev/rules.d/70-persistent-net.rules

3)
Edit /etc/hosts and add following line
127.0.1.1 ubuntu

4)
Update
#sudo apt-get update

5)
Install the following packages
#sudo apt-get install git-core ant build-essential pkg-config linux-headers-3.2.0-35-virtual

6)
Clone devstack
#mkdir ~/openstack
#cd ~/openstack
#git clone https://github.com/dsetia/devstack.git
#cd devstack

7)
Copy "devstack/contrail/localrc-single" and Create a "localrc" file for single node setup.
#cp contrail/localrc-single localrc

8)
Edit "localrc" and change "PHYSICAL_INTERFACE"
#vim localrc
PHYSICAL_INTERFACE=eth0

9)
Edit "localrc" and uncomment following line
#vim localrc
CONTRAIL_REPO_PROTO=https

10)
Remove /opt/stack and run "./stack.sh", if you have issue with git repo clone or ImportError.
#sudo rm -rf /opt/stack

11)
Run stack.sh script.
./stack.sh

ImportError: No module named neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_core

https://github.com/dsetia/devstack

Fix-1
====
a)
Edit "localrc" and uncomment following line, then remove "/opt/stack" and run "./unstack" and "./stack"
#vim localrc
CONTRAIL_REPO_PROTO=https


b)
#sudo rm -rf /opt/stack
#./unstack
#./stack

Fix-2
====
a)
Goto devstack folder and change Q_PLUGIN_CLASS in the "devstack/contrail/localrc-ci" file

#vim ~/devstack/contrail/localrc-ci
Q_PLUGIN_CLASS=neutron.plugins.opencontrail.contrail_plugin_core.NeutronPluginContrailCoreV2
with
Q_PLUGIN_CLASS=neutron.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2

b)
#./unstack
#./stack




Error
=====
ontrailPlugin.ini upgrade head
2014-08-12 13:49:15 Traceback (most recent call last):
2014-08-12 13:49:15   File "/usr/local/bin/neutron-db-manage", line 10, in
2014-08-12 13:49:15     sys.exit(main())
2014-08-12 13:49:15   File "/opt/stack/neutron/neutron/db/migration/cli.py", line 175, in main
2014-08-12 13:49:15     CONF.command.func(config, CONF.command.name)
2014-08-12 13:49:15   File "/opt/stack/neutron/neutron/db/migration/cli.py", line 85, in do_upgrade_downgrade
2014-08-12 13:49:15     do_alembic_command(config, cmd, revision, sql=CONF.command.sql)
2014-08-12 13:49:15   File "/opt/stack/neutron/neutron/db/migration/cli.py", line 63, in do_alembic_command
2014-08-12 13:49:15     getattr(alembic_command, cmd)(config, *args, **kwargs)
2014-08-12 13:49:15   File "/usr/local/lib/python2.7/dist-packages/alembic/command.py", line 125, in upgrade
2014-08-12 13:49:15     script.run_env()
2014-08-12 13:49:15   File "/usr/local/lib/python2.7/dist-packages/alembic/script.py", line 203, in run_env
2014-08-12 13:49:15     util.load_python_file(self.dir, 'env.py')
2014-08-12 13:49:16   File "/usr/local/lib/python2.7/dist-packages/alembic/util.py", line 215, in load_python_file
2014-08-12 13:49:16     module = load_module_py(module_id, path)
2014-08-12 13:49:16   File "/usr/local/lib/python2.7/dist-packages/alembic/compat.py", line 58, in load_module_py
2014-08-12 13:49:16     mod = imp.load_source(module_id, path, fp)
2014-08-12 13:49:16   File "/opt/stack/neutron/neutron/db/migration/alembic_migrations/env.py", line 45, in
2014-08-12 13:49:16     importutils.import_class(class_path)
2014-08-12 13:49:16   File "/opt/stack/neutron/neutron/openstack/common/importutils.py", line 27, in import_class
2014-08-12 13:49:16     __import__(mod_str)
2014-08-12 13:49:16 ImportError: No module named neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_core
2014-08-12 13:49:16 ++ failed
2014-08-12 13:49:16 ++ local r=1
2014-08-12 13:49:16 +++ jobs -p
2014-08-12 13:49:16 ++ kill
2014-08-12 13:49:16 ++ set +o xtrace
2014-08-12 13:49:16 stack.sh failed: full log in /home/saju/openstack/devstack/log/stack.log.2014-08-12-134654





Thursday, August 7, 2014

Networking How to force to send or broadcast ARP request

a)
Capture the packets from the interface "tap1" in the namespace "ns1"
Compute total ICMP echo requests, replies, loss, and percent loss using the option "-z icmp,srt"
#sudo ip netns exec ns1 tshark -i tap1 -f "icmp or arp" -z icmp,srt

b)
List ARP table in the namespace "ns1"
#sudo ip netns exec ns1 arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.1.1.5                 ether   ba:01:a4:54:24:50   C                     tap1



c)
Clear ARP table in the namespace "ns1"
#sudo ip netns exec ns1 arp -d 10.1.1.5

d)
Ping from namespace "ns1"
#sudo ip netns exec ns1 ping 10.1.1.5





Wednesday, August 6, 2014

How linux bridge broadcast ARP packets and works like a switch

1)
Create 3 namespaces, 3 veth pairs and a linux bridge


create_3_namespaces_and_1_bridge()
{
    echo "Creating namespace and bridge......"

    ###Create 3 Namespaces
    sudo ip netns add ns1
    sudo ip netns add ns2
    sudo ip netns add ns3

    ###Create Bridge
    sudo brctl addbr br-test
    sudo brctl stp br-test off
    sudo ip link set dev br-test up

    ###Create veth pairs tap1---br-tap1
    sudo ip link add tap1 type veth peer name br-tap1
    #Move tap1 to ns1
    sudo ip link set tap1 netns ns1
    #Add br-tap1 to bridge br-test
    sudo brctl addif br-test br-tap1
    #UP tap1   
    sudo ip netns exec ns1 ip link set dev tap1 up
    #UP br-tap1
    sudo ip link set dev br-tap1 up

    ###Create veth pairs tap2---br-tap2
    sudo ip link add tap2 type veth peer name br-tap2
    #Move tap2 to ns2
    sudo ip link set tap2 netns ns2
    #Add br-tap2 to bridge br-test
    sudo brctl addif br-test br-tap2
    #UP tap2
    sudo ip netns exec ns2 ip link set dev tap2 up
    #UP br-tap2
    sudo ip link set dev br-tap2 up

    ###Create veth pairs tap3---br-tap3
    sudo ip link add tap3 type veth peer name br-tap3
    #Move tap3 to ns3
    sudo ip link set tap3 netns ns3
    #Add br-tap3 to bridge br-test
    sudo brctl addif br-test br-tap3
    #UP tap3
    sudo ip netns exec ns3 ip link set dev tap3 up
    #UP br-tap3
    sudo ip link set dev br-tap3 up

    ###Assign IP
    #Assign IP to tap1  
    sudo ip netns exec ns1 ip addr add 10.1.1.4/24 dev tap1
    #Assign IP to tap2
    sudo ip netns exec ns2 ip addr add 10.1.1.5/24 dev tap2
    #Assign IP to tap3
    sudo ip netns exec ns3 ip addr add 10.1.1.6/24 dev tap3

    ###Test Ping
    sudo ip netns exec ns1 ping 10.1.1.5 -c 1

    if [ $? -eq 0 ]; then
        echo "Ping working from ns1 (10.1.1.4) to ns2 (10.1.1.5)"
        echo "Created namespace and bridge......"
    else
        echo "Failed to Create namespace and bridge......"
    fi
}

 

delete_3_namespaces_and_1_bridge()
{

    echo "Deleting namespace and bridge......"

    sudo ip netns del ns1
    sudo ip netns del ns2
    sudo ip netns del ns3
    sudo ip link set dev br-test down
    sudo brctl delbr br-test

    if [ $? -eq 0 ]; then
        echo "Deleted namespace and bridge......"
    else
        echo "Failed to delete namespace and bridge......"
    fi
}

create_3_namespaces_and_1_bridge
#delete_3_namespaces_and_1_bridge


* We don't need to add IP to the linux bridge.Bridge will act as a switch and broadcast the APR packets and make entries into the MAC table in the bridge, we can use the command "brctl showmacs " to see this table.

* When you ping from "tap1" in namespace "ns1" to "tap2" in namespace "ns2", "tap1" first send a ARP broadcast packet and and that packet will get received by bridge "br-test" via the interface "br-tap1", then the bridge will broadcast that ARP packet to all interfaces connected to that bridge, So the interface "tap2" get that packest via the interface "br-tap2", "tap1" will indentify that the destination IP is belongs to that interface and send a ARP ACK packet back to the interface "tap1". Once the "tap1" get that ARP ACK packet, that will populate the ARP table in the namespace "ns1" with IP and MAC entry. Then the ping (ICMP) packest are send from "tap1" to "tap2" based on the ARP table in the namespace "ns1", MAC table in the bridge "br-test" and ARP table in the "ns2".




2)
Capture ICMP and ARP packets from all veth interfaces


2a)
Capture ICMP and ARP packets from interface tap1 and br-tap1

#sudo ip netns exec ns1 tshark -i tap1 -f "icmp or arp"
#sudo tshark -i br-tap1 -f "icmp or arp"


2b)
Capture ICMP and ARP packets from interface tap2 and br-tap2

#sudo ip netns exec ns2 tshark -i tap2 -f "icmp or arp"
#sudo tshark -i br-tap2 -f "icmp or arp"


2c)
Capture ICMP and ARP packets from interface tap3 and br-tap3

#sudo ip netns exec ns3 tshark -i tap3 -f "icmp or arp"
#sudo tshark -i br-tap3 -f "icmp or arp"


3)
List ARP table of namespace ns1, ns2 and ns3 and Clear it


3a)
List ARP table

#sudo ip netns exec ns1 arp -n
Clear ARP table
#sudo ip netns exec ns1 arp -d


3b)
#sudo ip netns exec ns2 arp -n
#sudo ip netns exec ns2 arp -d


3c)
#sudo ip netns exec ns3 arp -n
#sudo ip netns exec ns3 arp -d


4)
Ping from ns1 (10.1.1.4) to ns2 (10.1.1.5)

#sudo ip netns exec ns1 ping 10.1.1.5

5)
5a)
5a,a)
Capture ICMP and ARP packets from interface tap1 and br-tap1

#sudo ip netns exec ns1 tshark -i tap1 -f "icmp or arp"

  1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4
  2   0.000103 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 10.1.1.5 is at ba:01:a4:54:24:50

  3   0.000106     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=1/256, ttl=64
  4   0.000158     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=1/256, ttl=64 (request in 3)
4   5   1.000704     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=2/512, ttl=64
5   6   1.000865     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=2/512, ttl=64 (request in 5)
6   7   2.003246     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=3/768, ttl=64
7   8   2.003495     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=3/768, ttl=64 (request in 7)
8   9   3.004683     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=4/1024, ttl=64
9  10   3.004873     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=4/1024, ttl=64 (request in 9)
10  11   4.006729     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=5/1280, ttl=64
11  12   4.006921     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=5/1280, ttl=64 (request in 11)
12  13   5.008408     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=6/1536, ttl=64
13  14   5.008551     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=6/1536, ttl=64 (request in 13)
 15   5.008641 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 Who has 10.1.1.4?  Tell 10.1.1.5
 16   5.008654 be:bb:98:99:fe:b1 -> ba:01:a4:54:24:50 ARP 42 10.1.1.4 is at be:bb:98:99:fe:b1

16  17   6.009508     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=7/1792, ttl=64
 18   6.009641     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=7/1792, ttl=64 (request in 17)
18  19   7.016597     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=8/2048, ttl=64
 20   7.016719     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=8/2048, ttl=64 (request in 19)

Notes:
* Interface "tap1"(be:bb:98:99:fe:b1) first Broadcast (send) an ARP packet to find MAC address associated with the IP 10.1.1.5. You can see it in line-1. You can see that, in that packet source MAC address is the MAC address of interface "tap1" and destination MAC address is None(Broadcast).
* In line-2, you can see that an ARP packet comes to Interface "tap1"(be:bb:98:99:fe:b1) from Interface "tap2"(ba:01:a4:54:24:50) and tells that the IP:10.1.1.5 is belongs to the interface "tap2"(ba:01:a4:54:24:50).You can see that, in that packet source MAC address is the MAC address of interface "tap2" and destination MAC address of interface "tap1".

* At this point, ARP table in the namespace "ns1" get populated with an entry of IP and MAC map, IP:10.1.1.5 and MAC:ba:01:a4:54:24:50. You can list ARP table in the namespace "ns1" with following command.

#sudo ip netns exec ns1 arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.1.1.5                 ether   ba:01:a4:54:24:50   C                     tap1

* In line-3, send ICMP request packet.In that packet source IP is 10.1.1.4 and destination IP is 10.1.1.5
* In line-4, receive ICMP reply packet.In that packet source IP is 10.1.1.5 and destination IP is 10.1.1.4

* In line-15, receive ARP request packet from interface "tap2"(ba:01:a4:54:24:50) and asking that, is the IP:10.1.1.4 belongs to the interface "tap1", if yes, send a ARP reply packet.In that packet source MAC is "tap2"(ba:01:a4:54:24:50) and destination MAC is "tap1"(be:bb:98:99:fe:b1)
* In line-16, send ARP reply packet and tells that the IP:10.1.1.4 is associated with interface "tap1"(be:bb:98:99:fe:b1).

* At this point, ARP table in the namespace "ns2" get populated with an entry of IP and MAC map, IP:10.1.1.4 and MAC:be:bb:98:99:fe:b1. You can list ARP table in the namespace "ns2" with following command.

#sudo ip netns exec ns2 arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.1.1.4                 ether   be:bb:98:99:fe:b1   C                     tap2

5a,b)
#sudo tshark -i br-tap1 -f "icmp or arp"

  1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4
  2   0.000077 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 10.1.1.5 is at ba:01:a4:54:24:50

  3   0.000082     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=1/256, ttl=64
  4   0.000132     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=1/256, ttl=64 (request in 3)
4   5   1.000699     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=2/512, ttl=64
  6   1.000836     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=2/512, ttl=64 (request in 5)
6   7   2.003234     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=3/768, ttl=64
  8   2.003465     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=3/768, ttl=64 (request in 7)
8   9   3.004677     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=4/1024, ttl=64
 10   3.004823     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=4/1024, ttl=64 (request in 9)
10  11   4.006724     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=5/1280, ttl=64
 12   4.006892     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=5/1280, ttl=64 (request in 11)
12  13   5.008405     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=6/1536, ttl=64
 14   5.008523     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=6/1536, ttl=64 (request in 13)
 15   5.008613 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 Who has 10.1.1.4?  Tell 10.1.1.5
 16   5.008631 be:bb:98:99:fe:b1 -> ba:01:a4:54:24:50 ARP 42 10.1.1.4 is at be:bb:98:99:fe:b1

16  17   6.009503     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=7/1792, ttl=64
 18   6.009613     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=7/1792, ttl=64 (request in 17)
18  19   7.016586     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=8/2048, ttl=64
 20   7.016691     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=8/2048, ttl=64 (request in 19)

5b)
shows a list of learned MAC addresses for bridge "br-test"

#sudo brctl showmacs br-test
port no    mac addr        is local?    ageing timer
  3    66:c3:81:40:76:8c    yes           0.00
  1    86:1f:a0:72:1c:ea    yes           0.00
  2    86:d2:d0:1b:af:9e    yes           0.00

* 1 --> br-tap1
* 2 --> br-tap2
* 3 --> br-tap3

Notes:
* Bridge "br-test" will broadcast first ARP packet (0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4) from the interface "tap1" via "br-tap1" to all other interfaces ("br-tap2" and "br-tap3") attached to the bridge. Please check packets captured from "tap2", "br-tap2" and "tap3", "br-tap3", You can see this ARP packets there.

5c)
5c,a)

Capture ICMP and ARP packets from interface tap2 and br-tap2
#sudo ip netns exec ns2 tshark -i tap2 -f "icmp or arp"

  1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4
  2   0.000037 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 10.1.1.5 is at ba:01:a4:54:24:50

  3   0.000068     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=1/256, ttl=64
  4   0.000099     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=1/256, ttl=64 (request in 3)
4   5   1.000731     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=2/512, ttl=64
5   6   1.000789     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=2/512, ttl=64 (request in 5)
6   7   2.003271     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=3/768, ttl=64
7   8   2.003321     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=3/768, ttl=64 (request in 7)
8   9   3.004730     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=4/1024, ttl=64
 10   3.004777     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=4/1024, ttl=64 (request in 9)
10  11   4.006775     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=5/1280, ttl=64
 12   4.006823     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=5/1280, ttl=64 (request in 11)
12  13   5.008434     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=6/1536, ttl=64
13  14   5.008479     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=6/1536, ttl=64 (request in 13)
 15   5.008568 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 Who has 10.1.1.4?  Tell 10.1.1.5
 16   5.008612 be:bb:98:99:fe:b1 -> ba:01:a4:54:24:50 ARP 42 10.1.1.4 is at be:bb:98:99:fe:b1

16  17   6.009529     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=7/1792, ttl=64
 18   6.009570     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=7/1792, ttl=64 (request in 17)
18  19   7.016606     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=8/2048, ttl=64
 20   7.016647     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=8/2048, ttl=64 (request in 19)

Notes:
* Line-1, interface "tap2"(ba:01:a4:54:24:50) receives a ARP packets which asks "Who has 10.1.1.5?  Tell 10.1.1.4"
* Line-2, interface "tap2"(ba:01:a4:54:24:50) sends a ARP reply packet which tells that the IP:10.1.1.5 is ours.

* Line-15, interface "tap2"(ba:01:a4:54:24:50) sends a ARP packets which asks "Who has 10.1.1.4?  Tell 10.1.1.5"
* Line-16, interface "tap2"(ba:01:a4:54:24:50) sends a ARP reply packet which tells that the IP:10.1.1.4 is belogs to the interface "tap1"(be:bb:98:99:fe:b1).

* At this point, ARP table in the namespace "ns2" get populated with an entry of IP and MAC map, IP:10.1.1.4 and MAC:be:bb:98:99:fe:b1. You can list ARP table in the namespace "ns2" with following command.

#sudo ip netns exec ns2 arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.1.1.4                 ether   be:bb:98:99:fe:b1   C                     tap2

5c,b)
#sudo tshark -i br-tap2 -f "icmp or arp"

  1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4
1   2   0.000042 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 10.1.1.5 is at ba:01:a4:54:24:50

  3   0.000071     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=1/256, ttl=64
  4   0.000105     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=1/256, ttl=64 (request in 3)
4   5   1.000724     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=2/512, ttl=64
  6   1.000797     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=2/512, ttl=64 (request in 5)
6   7   2.003267     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=3/768, ttl=64
  8   2.003329     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=3/768, ttl=64 (request in 7)
8   9   3.004703     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=4/1024, ttl=64
9  10   3.004784     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=4/1024, ttl=64 (request in 9)
10  11   4.006770     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=5/1280, ttl=64
11  12   4.006830     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=5/1280, ttl=64 (request in 11)
12  13   5.008430     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=6/1536, ttl=64
13  14   5.008486     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=6/1536, ttl=64 (request in 13)
 15   5.008578 ba:01:a4:54:24:50 -> be:bb:98:99:fe:b1 ARP 42 Who has 10.1.1.4?  Tell 10.1.1.5
 16   5.008614 be:bb:98:99:fe:b1 -> ba:01:a4:54:24:50 ARP 42 10.1.1.4 is at be:bb:98:99:fe:b1

16  17   6.009525     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=7/1792, ttl=64
 18   6.009577     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=7/1792, ttl=64 (request in 17)
18  19   7.016606     10.1.1.4 -> 10.1.1.5     ICMP 98 Echo (ping) request  id=0x4456, seq=8/2048, ttl=64
 20   7.016654     10.1.1.5 -> 10.1.1.4     ICMP 98 Echo (ping) reply    id=0x4456, seq=8/2048, ttl=64 (request in 19)

5d)
5d,a)
Capture ICMP and ARP packets from interface tap3 and br-tap3

#sudo ip netns exec ns3 tshark -i tap3 -f "icmp or arp"
1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4

Notes:
* Line-1, interface "tap3"(c2:73:bd:3a:bc:65) receives a ARP packet which asks "Who has 10.1.1.5?  Tell 10.1.1.4". and no reply packet since the IP:10.1.1.5 doesn't belongs to the interface "tap3"

5d,b)
#sudo tshark -i br-tap3 -f "icmp or arp"
1   0.000000 be:bb:98:99:fe:b1 -> Broadcast    ARP 42 Who has 10.1.1.5?  Tell 10.1.1.4

Notes:
* Line-1, interface "br-tap3"(66:c3:81:40:76:8c) receives a ARP packet which asks "Who has 10.1.1.5?  Tell 10.1.1.4". and no reply packet since the IP:10.1.1.5 doesn't belongs to the interface "br-tap3"

6)
6a)
Interface Configuration of veth pairs tap1 and br-tap1


#sudo ip netns exec ns1 ifconfig tap1
tap1      Link encap:Ethernet  HWaddr be:bb:98:99:fe:b1 
          inet addr:10.1.1.4  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::bcbb:98ff:fe99:feb1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:58 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4836 (4.8 KB)  TX bytes:3630 (3.6 KB)

#ifconfig br-tap1
br-tap1   Link encap:Ethernet  HWaddr 86:1f:a0:72:1c:ea 
          inet6 addr: fe80::841f:a0ff:fe72:1cea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3630 (3.6 KB)  TX bytes:4836 (4.8 KB)

6b)
Interface Configuration of veth pairs tap2 and br-tap2


#sudo ip netns exec ns2 ifconfig tap2
tap2      Link encap:Ethernet  HWaddr ba:01:a4:54:24:50 
          inet addr:10.1.1.5  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::b801:a4ff:fe54:2450/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4484 (4.4 KB)  TX bytes:3014 (3.0 KB)

#ifconfig br-tap2
br-tap2   Link encap:Ethernet  HWaddr 86:d2:d0:1b:af:9e 
          inet6 addr: fe80::84d2:d0ff:fe1b:af9e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3014 (3.0 KB)  TX bytes:4484 (4.4 KB)

6c)
Interface Configuration of veth pairs tap3 and br-tap3


#sudo ip netns exec ns3 ifconfig tap3
tap3      Link encap:Ethernet  HWaddr c2:73:bd:3a:bc:65 
          inet addr:10.1.1.6  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::c073:bdff:fe3a:bc65/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2566 (2.5 KB)  TX bytes:1222 (1.2 KB)

#ifconfig br-tap3
br-tap3   Link encap:Ethernet  HWaddr 66:c3:81:40:76:8c 
          inet6 addr: fe80::64c3:81ff:fe40:768c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1222 (1.2 KB)  TX bytes:2566 (2.5 KB)

6d)
Interface Configuration of bridge br-test


#ifconfig br-test

br-test   Link encap:Ethernet  HWaddr 66:c3:81:40:76:8c 
          inet6 addr: fe80::1ca2:7eff:fe1e:51a2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1476 (1.4 KB)  TX bytes:648 (648.0 B)




Monday, August 4, 2014

How to delete Linux Bridge Interface

#
# sudo brctl delbr br-test
bridge br-test is still up; can't delete it
#
#
#
# sudo ip link set dev br-test down
#
#
#
# sudo brctl delbr br-test
#
#

Howto Connect two network namespaces using linux bridge and veth pairs

1)
Add two namespaces "ns1" and "ns2"
#sudo ip netns add ns1
#sudo ip netns add ns2


2)
List all namespaces
#sudo ip netns list

3)
List all interfaces in the global namespace
#ifconfig  -a
OR
#ifconfig -a | less

4)
Create a Linux Bridge

4a)
Create the bridge br-test
#sudo brctl addbr br-test

4b)
Run following command in global naamespace to see the bridge interface
#ifconfig br-test

4c)
Disable the Spanning Tree Protocol for bridge interface "br-test"
#sudo brctl stp br-test off

*The Spanning Tree Protocol (STP) is created so that only one path exists between any pair of LAN segments. It was developed to prevent routing loops in network. Loops can happen when there is more than one route to a destination. Bridges by default are not capable of handling more than one route to a destination address.STP is used on a bridge, it is either placed into a forwarding state or a blocking state

4d)
Bring up the bridge interface "br-test".
#sudo ip link set dev br-test up

* At this point, the port/interface "br-test" is UP. You can see the status as "UP BROADCAST MULTICAST" in the output of command "#ifconfig br-test", that means UP.

5)
Create first veth/port interface pairs (Pipe) "tap1"======="br-tap1" and connect to namespace "ns1" and linux bridge "br-test".

5a)
Create veth/port interface pairs (Pipe) "tap1" and "br-tap1" in the global namespace
#sudo ip link add tap1 type veth peer name br-tap1

* Pipe: "tap1"======="br-tap1"

5b)
List all interfaces in the global namespace
#ifconfig  -a
OR
#ifconfig -a | less

* At this point the interface "tap1" and "br-tap1" don't have IP associated with it.

5c)
Move "tap1" interface from global namespace to the "ns1" namespace.
OR
Attach one side of the Pipe "tap1=======br-tap1" to "ns1" namespace.

#sudo ip link set tap1 netns ns1

* At this point run "#ifconfig -a" in global namespace an you would not able to see the "tap1" interface there.
* Run "#ifconfig -a" in "ns1" namespace to see "tap1" interface.
* Example:#sudo ip netns exec ns1 ifconfig -a

5d)
List interfaces in the linux bridge "br-test"
#brctl show br-test

* At this point you can see that there is no interfaces atatched to the linux bridge "br-test"

5e)
Move "br-tap1" interface from global namespace to the Linux Bridge "br-test".
OR
Attach other side of the Pipe "tap1=======br-tap1" to Linux Bridge "br-test".
#sudo brctl addif br-test br-tap1

5f)
List interfaces in the linux bridge "br-test"
#brctl show br-test

* At this point you can see that the interface "br-tap1" is atatched to the linux bridge "br-test"

5g)
Check the IP Address of linux bridge "br-test" and interface "br-tap1"
#sudo ifconfig br-test
#sudo ifconfig br-tap1

* You can see that, there is no IP address associated with linux bridge "br-test" and interface "br-tap1".

5h)
Check the IP Address of interface "tap1" in the namespace "ns1"
#sudo ip netns exec ns1 ifconfig -a tap1

* You can see that, there is no IP address associated with the interface "tap1"

5i)
Set interfaces "tap1" and "br-tap1" to UP
#sudo ip netns exec ns1 ip link set dev tap1 up
#sudo ip link set dev br-tap1 up

5j)
Again Check the interfaces "tap1" and "br-tap1".
#sudo ip netns exec ns1 ifconfig -a tap1
#sudo ifconfig -a br-tap1

* At this point, the ports/interfaces "br-tap1" and "tap1" are UP. You can see the status as "UP BROADCAST MULTICAST" in the output of command, that means UP. 


6)
Create second veth/port interface pairs (Pipe) "tap2"======="br-tap2" and connect to namespace "ns2" and linux bridge "br-test".

6a)
Create veth/port interface pairs (Pipe) "tap2" and "br-tap2" in the global namespace
#sudo ip link add tap2 type veth peer name br-tap2

* Pipe: "tap2"======="br-tap2"

6b)
List all interfaces in the global namespace
#ifconfig  -a
OR
#ifconfig -a | less

* At this point the interface "tap2" and "br-tap2" don't have IP associated with it.

6c)
Move "tap2" interface from global namespace to the "ns2" namespace.
OR
Attach one side of the Pipe "tap2=======br-tap2" to "ns2" namespace.

#sudo ip link set tap2 netns ns2

* At this point run "#ifconfig -a" in global namespace an you would not able to see the "tap2" interface there.
* Run "#ifconfig -a" in "ns2" namespace to see "tap2" interface.
* Example:#sudo ip netns exec ns2 ifconfig -a

6d)
List interfaces in the linux bridge "br-test"
#brctl show br-test

* At this point you can see that there is only one interface "br-tap1" is atatched to the linux bridge "br-test"

6e)
Move "br-tap2" interface from global namespace to the Linux Bridge "br-test".
OR
Attach other side of the Pipe "tap2=======br-tap2" to Linux Bridge "br-test".
#sudo brctl addif br-test br-tap2

6f)
List interfaces in the linux bridge "br-test"
#brctl show br-test
bridge name    bridge id        STP enabled    interfaces
br-test        8000.822e41140e4c    no        br-tap1
                                        br-tap2

* At this point you can see that the interfaces "br-tap1" and "br-tap2" are atatched to the linux bridge "br-test"

6g)
Check the IP Address of linux bridge "br-test" and interface "br-tap2"
#sudo ifconfig br-test
#sudo ifconfig br-tap2

* You can see that, there is no IP address associated with linux bridge "br-test" and interface "br-tap2".

6h)
Check the IP Address of interface "tap2" in the namespace "ns2"
#sudo ip netns exec ns2 ifconfig -a tap2

* You can see that, there is no IP address associated with the interface "tap2"

6i)
Set interfaces "tap2" and "br-tap2" to UP
#sudo ip netns exec ns2 ip link set dev tap2 up
#sudo ip link set dev br-tap2 up

6j)
Again Check the interfaces "tap2" and "br-tap2".
#sudo ip netns exec ns2 ifconfig -a tap2
#sudo ifconfig -a br-tap2

* At this point, the ports/interfaces "br-tap2" and "tap2" are UP. You can see the status as "UP BROADCAST MULTICAST" in the output of command, that means UP.  

7)
Assign IP address to the interfaces "tap1" in the namespace "ns1 and "tap2" in the namespace "ns2" and ping from "ns1" to "ns2".

7a)
Assign IP address to the interface "tap1" in the namespace "ns1".
#sudo ip netns exec ns1 ip addr add 10.1.1.4/24 dev tap1

7b)
Assign IP address to the interface "tap2" in the namespace "ns2".
#sudo ip netns exec ns2 ip addr add 10.1.1.5/24 dev tap2

7c)
Check the IP address of the interfaces "tap1" and "tap2"
#sudo ip netns exec ns1 ifconfig -a tap1
#sudo ip netns exec ns2 ifconfig -a tap2

7d)
Ping from "ns1" to "ns2".
#sudo ip netns exec ns1 ping 10.1.1.5

* Ping works

7d,a)
Capture Ping (ICMP) packets from interfaces "tap1", "tap1" and bridge "br-test". 

#sudo ip netns exec ns1 tshark -i tap1 icmp
#sudo ip netns exec ns2 tshark -i tap2 icmp

#sudo tshark -i br-tap1 icmp
#sudo tshark -i br-tap2 icmp

#sudo tshark -i br-test icmp

* You can see that packets are going from "tap1" to "tap2" through "br-tap1" and "br-tap2".
* You can also able to capture ICMP packets from interfaces "tap1", "tap2", "br-tap1" and "br-tap2".
* But you can't able to see/capture the ICMP packets from bridge interface "br-test", because destination IP/network 10.1.1.5 is local to the bridge, so packet will not flow outside the bridge through "br-test" and routing table. See the picture.




http://www.microhowto.info/troubleshooting/troubleshooting_ethernet_bridging_on_linux.html

7e)
Debug bridge


http://www.microhowto.info/troubleshooting/troubleshooting_ethernet_bridging_on_linux.html

In the course of its operation a bridge must attempt to determine which MAC addresses are reachable through each of its attached interfaces. It does this by inspecting the source address of each packet that arrives at the bridge and recording it in a table. In the case of the Linux bridging module it is possible to inspect the content of this table using the brctl showmacs command:

#brctl showmacs br-test
port no    mac addr        is local?    ageing timer
1    82:2e:41:14:0e:4c    yes           0.00
2    ea:9a:12:97:cb:89    yes           0.00

* Here "82:2e:41:14:0e:4c" is the MAC of "br-tap1" interface.
* Here "ea:9a:12:97:cb:89" is the MAC of "br-tap2" interface.



8)
Try to ping to differen IP/Network from namespace "ns1"


 
8a)
Ping to "173.194.36.16" (www.google.com) from namespace "ns1"
#sudo ip netns exec ns1 ping 173.194.36.16
connect: Network is unreachabl

* You will get error like "connect: Network is unreachable"

8b)
Check routing table in the namespace "ns1".
#sudo ip netns exec ns1 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tap1

* Routing table has only one entry for the network 10.1.1.x.
* So we need to define the default gateway in the routing table to ping to another network. So the packets for different networks will flow through that gateway to outside.

8c)
Check the IP of Lnux bridge "br-test"
#ifconfig br-test

8d)
Set IP Address for the bridge "br-test"
#sudo ip addr add 10.1.1.3/24 dev br-test

8e)
Check the IP of Lnux bridge "br-test"
#ifconfig br-test

8f)
Add a default gateway to flow packets which are not destined for the network 10.1.1.x to outside.
#sudo ip netns exec ns1 route add default gw 10.1.1.3 tap1

* Defalut gateway has set to the IP address of the linux bridge "br-test"

8g)
Check routing table in the namespace "ns1".
#sudo ip netns exec ns1 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.1.3        0.0.0.0         UG    0      0        0 tap1
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 tap1

* Packets which are not destined for the network 10.1.1.x will flow through the default gateway "10.1.1.3" (linux bridge) to outside.

8h)
Ping to 173.194.36.16 from namespace "ns1"
#sudo ip netns exec ns1 ping 173.194.36.16
PING 173.194.36.16 (173.194.36.16) 56(84) bytes of data.

* Ping will not work.
* But, if you capture the packets from the interface "tap1", "br-tap1" and "br-test", you can see that request packets are flowing from "tap1" to "br-test" via "br-tap1".
* That means reply packets are not routing properly. So we need to add SNAT in global namespace for packet which has source IP:10.1.1.4 or 10.1.1.x. OR we need to add MASQURIDE rule for interface "eth0"(virtualBox NAT).



8h,a)
Capture the packets from the interface "tap1", "br-tap1" and "br-test".

#sudo ip netns exec ns1 tshark -i tap1 icmp
1   0.000000     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=1/256, ttl=64
2   1.008723     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=2/512, ttl=64
3   2.016698     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=3/768, ttl=64

* Note: Here, You can see only the request packets.

#sudo tshark -i br-tap1 icmp
1   0.000000     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=1/256, ttl=64
2   1.008766     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=2/512, ttl=64
3   2.016713     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=3/768, ttl=64

* Note: Here, You can see only the request packets.

#sudo tshark -i br-test icmp
1   0.000000     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=1/256, ttl=64
2   1.008766     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=2/512, ttl=64
3   2.016713     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a07, seq=3/768, ttl=64

* Note: Here, You can see only the request packets.

8h,b)
Check routing table in the golbal namespace
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 br-test
192.168.56.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

* You can see that, global namespace has 3 interfaces "eth0"(virtualBox NAT), "eth1"(VirtualBox HostOnly) and Linux bridge "br-test".
* According to this routing table, request packets from the interface "br-test"(10.1.1.0) will go through the gateway 10.0.2.2 of interface "eth0"(virtualBox NAT).

#So try to capture the packets from the interface "eth0"(virtualBox NAT)
#sudo tshark -i eth0 icmp
1   0.000000     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a32, seq=1/256, ttl=63
2   1.009619     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a32, seq=2/512, ttl=63
3   2.017055     10.1.1.4 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a32, seq=3/768, ttl=63

* Note: Here, You can see only the request packets.

#Capture packets from the "wlan0" WIFI interface in the laptop.
#sudo tshark -i wlan0 icmp
1   0.000000 100.112.28.126 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a40, seq=1/256, ttl=62
    0.041521 173.194.36.16 -> 100.112.28.126 ICMP 98 Echo (ping) reply    id=0x1a40, seq=1/256, ttl=56 (request in 1)
2   1.007943 100.112.28.126 -> 173.194.36.16 ICMP 98 Echo (ping) request  id=0x1a40, seq=2/512, ttl=62
    1.065012 173.194.36.16 -> 100.112.28.126 ICMP 98 Echo (ping) reply    id=0x1a40, seq=2/512, ttl=56 (request in 3)

* Note: Here, you can see both the request and reply packets.


Links
=======

http://www.microhowto.info/troubleshooting/troubleshooting_ethernet_bridging_on_linux.html

http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge

http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO-3.html