1## Tunnel Monitor Example
2
3This example shows how to use a BPF program to parse packets across an
4encapsulation boundary. It uses this ability to record inner+outer ip addresses
5as well as vxlan id into a hash table. The entries in that table store bytes
6and packets received/transmitted. One novel part of this program is its use of
7`bpf_tail_call` to parse two different IP headers (inner/outer) using the same
8state machine logic.
9
10Also part of this example is a simulation of a multi-host environment with an
11overlay network (using vxlan in this case), and each host contains multiple
12clients in different segments of the overlay network. The script `traffic.sh`
13can be used to simulate a subset of clients on host0 talking to various other
14clients+hosts at different traffic rates.
15
16![Overlay Diagram](vxlan.jpg)
17
18Once the simulation is running, the statistics kept by the BPF program can be
19displayed to give a visual clue as to the nature of the traffic flowing over
20the physical interface, post-encapsulation.
21
22![Chord Diagram](chord.png)
23
24To get the example running, change into the examples/tunnel_monitor directory.
25If this is the first time, run `setup.sh` to pull in the UI component and
26dependencies. You will need nodejs+npm installed on the system to run this, but
27the setup script will only install packages in the local directory.
28
29```
30[user@localhost tunnel_monitor]$ ./setup.sh
31Cloning into 'chord-transitions'...
32remote: Counting objects: 294, done.
33...
34jquery#2.1.4 bower_components/jquery
35modernizr#2.8.3 bower_components/modernizr
36fastclick#1.0.6 bower_components/fastclick
37[user@localhost tunnel_monitor]$
38```
39
40Then, start the simulation by running main.py:
41
42```
43[root@bcc-dev tunnel_monitor]# python main.py
44Launching host 1 of 9
45Launching host 2 of 9
46...
47Starting tunnel 8 of 9
48Starting tunnel 9 of 9
49HTTPServer listening on 0.0.0.0:8080
50Press enter to quit:
51```
52
53The prompt will remain until you choose to exit. In the background, the script
54has started a python SimpleHTTPServer on port 8080, which you may now try to
55connect to from your browser. There will likely be a blank canvas until traffic
56is sent through the tunnels.
57
58To simulate traffic, use the traffic.sh script to generate a distribution of
59pings between various clients and hosts. Check back on the chord diagram to
60see a visualization. Try clicking on a host IP address to see a breakdown of
61the inner IP addresses sent to/from that host.
62
63As an exercise, try modifying the traffic.sh script to cause one of the clients
64to send much more traffic than the others, and use the chord diagram to identify
65the culprit.
66