Chapter 10: VRouter
VRouter and VRouter Agent runs in COMPUTE.
Interfaces
vhost0 is a tap interface between host-os and vrouter. vhost0 is the layer-3 interface used by host operating system. As part of setup, Contrail software migrates the IP configuration from ethernet port to vhost0.
When networking stack of host-os sends packet on the vhost0 interface, they are received by vrouter module. Vrouter in turn routes the packet. When vrouter needs to send packet to networking stack of host-os, it transmits then through vhost0 interface.
pkt0 is the tap interface between vrouter and vrouter-agent.
Vrouter traps packets needing control processing such as flow-setup on this interface. Also, when agent uses the pkt0 interface to transmit control packets (ARP for example).
VRF (Virtual Routing and Forwarding)
- A VRF is created for each Virtual Network.
- Each VRF consists of 4 Routing Tables - ucindex(unicast), mcindex, l2index, u6index routing tables.
- VRF Name(default-domain:default-project:ip-fabric:__default__) for physical network/host VRF. This VRF is used for routing the data out to the internet/receives from it. Mostly it match with the routing table output .
vrfstats utility display the vrf statistics
cloud@devstack1:~$ sudo vrfstats --get 1
Vrf: 1
Discards 0, Resolves 0, Receives 0, L2 Receives 0, Vrf Translates 0, Unknown Unicast Floods 0
Ecmp Composites 0, L2 Mcast Composites 0, Fabric Composites 0, Encap Composites 0, Evpn Composites 0
Udp Tunnels 0, Udp Mpls Tunnels 0, Gre Mpls Tunnels 0, Vxlan Tunnels 0
L2 Encaps 0, Encaps 2
GROs 0, Diags 0
Arp Virtual Proxys 0, Arp Virtual Stitchs 0, Arp Virtual Floods 0, Arp Physical Stitchs 0, Arp Tor Proxys 0, Arp Physical Floods 0
cloud@devstack1:~$
Routing Tables:
There are 4 routing table types, Unicast, Multicast, L2, IPv6 unicast. These routing tables are associated with the VRF,
Let us have a closer look on the unicast routing tables.
Routing tables(Private Network - 192.168.1.0):
- 169.254.169.254 entry for linklocal (To be confirmed)
- 192.168.1.0 - discard
- 192.168.1.1 - pkt0 (pkt0 is for vrouter agent -proxy for gateway)
- 192.168.1.2 - pkt0 (pkt0 is for vrouter agent - proxy dhcp server )
- 192.168.14 -- tap interface (VM)
Public Network (external network - 172.24.4.0)
- default route (0.0.0.0/0) -- vgw (virtual gatway)
- 169.254.169.254 entry for link local (To be confirmed)
- 172.24.4.0 -- discard
- 172.24.4.1 -- pkt0
- 172.24.4.2 -- pkt0
- 172.24.4.5 -- VM tap interface (floating IP is associated with a VM)
IP Fabric (Host Routing table)
- 172.24.4.0 ---- vhost0 --- Vgw (public Network VRF)
- 169.254.0.5 --- tap interface VM ---- for metadata (we can use this to SSH login to VM as backdoor)
- 10.0.1.6 ----- local ip vhost0
- 0.0.0.0/24 ---- 10.0.1.1 (gw ip)
I have set up the Simple Virtual Gateway, hence vgw interface is created and used. some references.
Flows :
To be updated
VRouter Agent :
VRouter Introspect Port : 8085
In the VRouter introspect, we can get the following important data
| Items | URL | Remarks |
|---|---|---|
| VRF LIST | http://xxxx:8085/Snh_VrfListReq?name= | Lists the VRF, and links to Routing tables, Virtual Network associated to this VRF, |
| INTERFACE LIST | http://xxxx:8085/Snh_ItfReq?name=& | Powerful query. List the interfaces with associated VRF, LABELS, VN, VMs, FIP, SG, etc. we can get the complete list |
Ref:
https://github.com/Juniper/contrail-controller/wiki/Contrail-Vrouter-Agent---Introspect