
### **Mohammad Firas Sada**

### **San Diego Supercomputer Center**

### **July 11th, 2025**

# Introduction

Network Experiment on `node-2-6` and `node-2-7`

> **Note:** To be able to reproduce this notebook, you need to be an NRP user.  
> Please sign up at [nrp.ai](https://nrp.ai).  
> For more information, check out the [Getting Started Guide](https://nrp.ai/documentation/userdocs/start/getting-started/).  
> To reach out to our admins, visit [nrp.ai/contact](https://nrp.ai/contact/).

### Step 1: Import Required Libraries

We begin by importing the necessary Python libraries. The `kubernetes` module provides the client for interacting with the Kubernetes API, and `yaml` helps with serializing and deserializing configurations.

In [12]:
!pip install kubernetes



In [13]:
# Import required libraries
from kubernetes import client, config
from kubernetes.client import ApiException
import yaml
import json
import random
import string
import copy
from kubernetes.stream import stream

### Step 2: Define Kubernetes API Server and Token

In this step, we define the API server URL, the authentication token for the service account, and the namespace in which resources will be created.

- **KUBE_API_SERVER**: The Kubernetes API server URL.
- **KUBE_TOKEN**: The service account token used for authentication.
- **NAMESPACE**: The Kubernetes namespace where resources will be managed.


In [14]:
# Kubernetes API setup with token and server
KUBE_API_SERVER = "https://67.58.53.147:443"
KUBE_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6Illyc2M5bTg5czdZQlJYTFZjVTNNME5MRVBENEVFbWw2VHhoRXZZLWhkR3cifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzUyMjg5MzkxLCJpYXQiOjE3NTIyNDYxOTEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiNTdjOWMyZjEtZjJhMy00ZTNmLWFkMDQtYjA3MzhlNzIwMDJhIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJzZWFtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6Im15LXNhIiwidWlkIjoiZWM3YTZiNzYtYzI2NC00MjJmLTg4NjctNzk3YWFkMmYwODkxIn19LCJuYmYiOjE3NTIyNDYxOTEsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpzZWFtOm15LXNhIn0.oWMu_PnfXbTk3P_moxT83NnKypKMvUpucnNr-mzHOubdu5f1-Yebrq3UJc0QPtcq3qEEGybB8jNuogwRAJWNPI-vER1dN8B4YM_SbnGeq-fYeEgqKvv8cRFpROILojdX6kFG9SdgcQ2mdaP0rIEzXdygY1GeKdzpurSIzrXgWDBPIwy1lnNGgfLP2UIdILPwecTyyqoYsAGaBKC_xYur75rWfLxMHT_KMktUPlUjk0JhAw3izb5bZhDj5pIGmDpzLnMjxZQCykQB7k7iCCs8oEsK2cITSeu1rH9jFx9sp5zoTBWEb92b0Rhexxm5ZtyceqkHpWJQD3oUZkqdtrzBCw"
NAMESPACE = "seam"  

### Step 3: Configure the Kubernetes Client

Here, we configure the Kubernetes client with the provided API server URL and token. The `client.Configuration` object is used to set up the connection settings, such as:

- **host**: The URL of the Kubernetes API server.
- **verify_ssl**: Set to `False` to disable SSL verification (useful for testing or self-signed certificates).
- **api_key**: The authentication token for the service account.

Once configured, we initialize the `v1` and `networking_v1` API clients to interact with the core Kubernetes API and the custom networking API respectively.


In [15]:
# Configuration to use the embedded token and API server
configuration = client.Configuration()
configuration.host = KUBE_API_SERVER
configuration.verify_ssl = False
configuration.debug = False
configuration.api_key = {"authorization": f"Bearer {KUBE_TOKEN}"}
client.Configuration.set_default(configuration)

# Create the API clients
v1 = client.CoreV1Api()
networking_v1 = client.CustomObjectsApi()

print("Kubernetes API client configured successfully!")


Kubernetes API client configured successfully!


### Step 4: Create the SENSE Path

For early access to the SenseOperator, please fill out the Beta Testing form: https://tinyurl.com/seamnrp

### Step 5: Create the Multus NADs

##### Only if creating a path manually, Sense Operator creates NADs

In [16]:
vlan_tags = [4013, 4022, 3121, 4016, 4054, 4044, 4024, 4021, 3134, 4012, 3608, 3989, 4027]

In [17]:
nad = {
    "apiVersion": "k8s.cni.cncf.io/v1",
    "kind": "NetworkAttachmentDefinition",
    "metadata": {
        "name": "my-vlan-4013",  # CHANGE VLAN
        "namespace": NAMESPACE,
    },
    "spec": {
        "config": json.dumps({
            "cniVersion": "0.4.0",
            "type": "macvlan",
            "master": "vlan.4013",  # CHANGE VLAN
            "mode": "bridge",
            "ipam": {
                "type": "host-local",
                "subnet": "10.251.87.160/30",
                "rangeStart": "10.251.87.161",
                "rangeEnd": "10.251.87.162",
                "gateway": "10.251.87.159",
            },
        })
    }
}

# Create the NAD
try:
    networking_v1.create_namespaced_custom_object(
        group="k8s.cni.cncf.io",
        version="v1",
        namespace=NAMESPACE,
        plural="network-attachment-definitions",
        body=nad,
    )
    print("NetworkAttachmentDefinition 'vlan-4013' created successfully!")  # CHANGE VLAN
except ApiException as e:
    print(f"Exception when creating NAD: {e}")


Exception when creating NAD: (409)
Reason: Conflict
HTTP response headers: HTTPHeaderDict({'Audit-Id': 'a927ce80-1924-4b35-a400-e128e13ea1eb', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '5d8b88e8-3799-4126-9528-48f2d3ddf6cc', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'a3e2ebab-2463-4309-98ea-34fb239007c6', 'Date': 'Fri, 11 Jul 2025 17:07:57 GMT', 'Content-Length': '296'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"network-attachment-definitions.k8s.cni.cncf.io \"my-vlan-4013\" already exists","reason":"AlreadyExists","details":{"name":"my-vlan-4013","group":"k8s.cni.cncf.io","kind":"network-attachment-definitions"},"code":409}






In [18]:
nad = {
    "apiVersion": "k8s.cni.cncf.io/v1",
    "kind": "NetworkAttachmentDefinition",
    "metadata": {
        "name": "my-vlan-4013-2",  # CHANGE VLAN
        "namespace": NAMESPACE,
    },
    "spec": {
        "config": json.dumps({
            "cniVersion": "0.4.0",
            "type": "macvlan",
            "master": "vlan.4013",  # CHANGE VLAN
            "mode": "bridge",
            "ipam": {
                "type": "host-local",
                "subnet": "10.251.87.160/30",
                "rangeStart": "10.251.87.162",  # CHANGE RANGE
                "rangeEnd": "10.251.87.163",    # CHANGE RANGE
                "gateway": "10.251.87.161",
            },
        })
    }
}

# Create the NAD
try:
    networking_v1.create_namespaced_custom_object(
        group="k8s.cni.cncf.io",
        version="v1",
        namespace=NAMESPACE,
        plural="network-attachment-definitions",
        body=nad,
    )
    print("NetworkAttachmentDefinition 'vlan-4013' created successfully!")  # CHANGE VLAN
except ApiException as e:
    print(f"Exception when creating NAD: {e}")


Exception when creating NAD: (409)
Reason: Conflict
HTTP response headers: HTTPHeaderDict({'Audit-Id': '421e1b45-118a-492c-b4dc-78f37018bd55', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '5d8b88e8-3799-4126-9528-48f2d3ddf6cc', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'a3e2ebab-2463-4309-98ea-34fb239007c6', 'Date': 'Fri, 11 Jul 2025 17:07:57 GMT', 'Content-Length': '300'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"network-attachment-definitions.k8s.cni.cncf.io \"my-vlan-4013-2\" already exists","reason":"AlreadyExists","details":{"name":"my-vlan-4013-2","group":"k8s.cni.cncf.io","kind":"network-attachment-definitions"},"code":409}






### Step 7: Create the Experiment Pods

In [19]:
pod_node_2_6 = {
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "pod-node-2-6",
        "namespace": NAMESPACE,
        "annotations": {
            "k8s.v1.cni.cncf.io/networks": "my-vlan-4013",  # CHANGE VLAN
        },
    },
    "spec": {
        "nodeName": "node-2-6.sdsc.optiputer.net",
        "containers": [
            {
                "name": "my-container",
                "image": "ubuntu:20.04",
                "command": ["sleep", "3600"],
                "resources": {
                    "requests": {"memory": "64Mi", "cpu": "100m"},
                    "limits": {"memory": "128Mi", "cpu": "100m"},
                },
                "securityContext": {
                    "capabilities": {
                        "add": [
                            "NET_ADMIN",
                            "NET_RAW",]
                    }
                }
            }
        ],
    },
}

pod_node_2_7 = {
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "pod-node-2-7",
        "namespace": NAMESPACE,
        "annotations": {
            "k8s.v1.cni.cncf.io/networks": "my-vlan-4013-2",  # CHANGE VLAN
        },
    },
    "spec": {
        "nodeName": "node-2-7.sdsc.optiputer.net",
        "containers": [
            {
                "name": "my-container",
                "image": "ubuntu:20.04",
                "command": ["sleep", "3600"],
                "resources": {
                    "requests": {"memory": "64Mi", "cpu": "100m"},
                    "limits": {"memory": "128Mi", "cpu": "100m"},
                },
                "securityContext": {
                    "capabilities": {
                        "add": [
                            "NET_ADMIN",
                            "NET_RAW",]
                    }
                }
            }
        ],
    },
}


for pod in [pod_node_2_6, pod_node_2_7]:
    try:
        v1.create_namespaced_pod(namespace=NAMESPACE, body=pod)
        print(f"Pod '{pod['metadata']['name']}' created successfully!")
    except ApiException as e:
        print(f"Exception when creating pod {pod['metadata']['name']}: {e}")



Pod 'pod-node-2-6' created successfully!




Pod 'pod-node-2-7' created successfully!


In [20]:
import time
def wait_for_pod_ready(pod_name):
    while True:
        pod = v1.read_namespaced_pod(name=pod_name, namespace=NAMESPACE)
        if pod.status.phase == "Running":
            print(f"{pod_name} is running!")
            break
        time.sleep(2)

wait_for_pod_ready("pod-node-2-6")
wait_for_pod_ready("pod-node-2-7")



pod-node-2-6 is running!
pod-node-2-7 is running!




### Step 8: Install `ping` on the pods

In [21]:
# Install necessary tools in the pods
def install_ping_in_pod(pod_name):
    exec_command = ["/bin/bash", "-c", "apt-get update && apt-get install iputils-ping -y"]
    try:
        response = stream(
            v1.connect_get_namespaced_pod_exec,
            name=pod_name,
            namespace=NAMESPACE,
            command=exec_command,
            stderr=True,
            stdin=False,
            stdout=True,
            tty=False,
        )
        print(f"'ping' installed successfully in {pod_name}!")
        print(response)
    except ApiException as e:
        print(f"Exception when installing ping in {pod_name}: {e}")

install_ping_in_pod("pod-node-2-6")
install_ping_in_pod("pod-node-2-7")


'ping' installed successfully in pod-node-2-6!
Get:1 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [128 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [1308 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [4801 kB]
Get:7 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [33.1 kB]
Get:8 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [4432 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:12 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275

### Step 9: Ping from pods

In [24]:
# Test connectivity between the pods
def test_connectivity(source_pod, target_ip):
    exec_command = ["ping", "-c", "4", target_ip]
    try:
        response = stream(
            v1.connect_get_namespaced_pod_exec,
            name=source_pod,
            namespace=NAMESPACE,
            command=exec_command,
            stderr=True,
            stdin=False,
            stdout=True,
            tty=False,
        )
        print(f"Ping from {source_pod} to {target_ip} successful!")
        print(response)
    except ApiException as e:
        print(f"Exception when pinging {target_ip} from {source_pod}: {e}")

test_connectivity("pod-node-2-6", "10.251.87.162")  # Ping pod-node-2-7
test_connectivity("pod-node-2-7", "10.251.87.161")  # Ping pod-node-2-6


Ping from pod-node-2-6 to 10.251.87.162 successful!
PING 10.251.87.162 (10.251.87.162) 56(84) bytes of data.
64 bytes from 10.251.87.162: icmp_seq=1 ttl=64 time=0.017 ms
64 bytes from 10.251.87.162: icmp_seq=2 ttl=64 time=0.018 ms
64 bytes from 10.251.87.162: icmp_seq=3 ttl=64 time=0.033 ms
64 bytes from 10.251.87.162: icmp_seq=4 ttl=64 time=0.032 ms

--- 10.251.87.162 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3054ms
rtt min/avg/max/mdev = 0.017/0.025/0.033/0.007 ms

Ping from pod-node-2-7 to 10.251.87.161 successful!
PING 10.251.87.161 (10.251.87.161) 56(84) bytes of data.
From 10.251.87.162 icmp_seq=1 Destination Host Unreachable
From 10.251.87.162 icmp_seq=2 Destination Host Unreachable
From 10.251.87.162 icmp_seq=3 Destination Host Unreachable
From 10.251.87.162 icmp_seq=4 Destination Host Unreachable

--- 10.251.87.161 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3077ms
pipe 4

