You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/posts/2025-01-28-cli_use_cases.md
+68Lines changed: 68 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -211,6 +211,74 @@ Once you are done, simply press `CTRL + C` to exit. Your capture will be copied
211
211
212
212
That's the end of the first scenario about connectivity checks !
213
213
214
+
## User Defined Network (Tech Preview)
215
+
216
+
As tech preview, you can enrich flows to get User Defined Network (UDNs) informations. To do so, you will need to use the `--enable_udn_mapping` option.
217
+
218
+
To configure your UDNs, [refer to the official documentation](https://docs.openshift.com/container-platform/4.17/networking/multiple_networks/primary_networks/about-user-defined-networks.html).
219
+
220
+
Our primary UDN in this example is defined as:
221
+
```yaml
222
+
apiVersion: k8s.ovn.org/v1
223
+
kind: UserDefinedNetwork
224
+
metadata:
225
+
name: primary-udn
226
+
namespace: user-defined-network
227
+
spec:
228
+
layer2:
229
+
role: Primary
230
+
subnets:
231
+
- 10.0.0.0/24
232
+
topology: Layer2
233
+
```
234
+
235
+
Once everything is configured, you can inspect your pods YAML and look for the `k8s.v1.cni.cncf.io/network-status` annotation:
236
+
```yaml
237
+
kind: Pod
238
+
apiVersion: v1
239
+
metadata:
240
+
name: pod-a
241
+
namespace: user-defined-network
242
+
...
243
+
annotations:
244
+
...
245
+
k8s.v1.cni.cncf.io/network-status: |-
246
+
[{
247
+
"name": "ovn-kubernetes",
248
+
"interface": "eth0",
249
+
"ips": [
250
+
"10.131.0.35"
251
+
],
252
+
"mac": "0a:58:0a:83:00:23",
253
+
"dns": {}
254
+
},{
255
+
"name": "ovn-kubernetes",
256
+
"interface": "ovn-udn1",
257
+
"ips": [
258
+
"10.0.0.4"
259
+
],
260
+
"mac": "0a:58:0a:00:00:04",
261
+
"default": true,
262
+
"dns": {}
263
+
}]
264
+
...
265
+
```
266
+
267
+
Note that `eth0` is the default pod network and `ovn-udn1`is the User Defined Network. We are going to filter on its IP: `10.0.0.4`.
268
+
As this IP is not unique across the cluster, we can add a filter on the port `8080` which will be used in this example and the node annotation `kubernetes.io/hostname=ci-ln-cfqkhfb-72292-6l8l5-worker-c-lrr4q` matching the node running this pod.
Once this is running, it will hang for flows to come. In this scenario, we simply run a curl between two pods under the same UDN.
276
+
You can cycle to **UDN mapping** display once you get your flows to see which UDN is involved.
277
+
278
+
})
279
+
280
+
You can retreive the namespace `user-defined-network` and the name `primary-udn` from the UDN labels column.
281
+
214
282
## Identify unknown traffic content
215
283
216
284
In this next scenario, we are going to dig into unknown packets using unencrypted traffic on `TCP` protocol on port `80`. We usually avoid such usage on production cluster and would like to understand who's involved in these.
0 commit comments