
### **Mohammad Firas Sada**

### **San Diego Supercomputer Center**

### **July 11th, 2025**


# Introduction

Network Experiment on `node-2-6` Using Multus

> **Note:** To be able to reproduce this notebook, you need to be an NRP user.  
> Please sign up at [nrp.ai](https://nrp.ai).  
> For more information, check out the [Getting Started Guide](https://nrp.ai/documentation/userdocs/start/getting-started/).  
> To reach out to our admins, visit [nrp.ai/contact](https://nrp.ai/contact/).


### Step 1: Import Required Libraries

We begin by importing the necessary Python libraries. The `kubernetes` module provides the client for interacting with the Kubernetes API, and `yaml` helps with serializing and deserializing configurations.

In [1]:
!pip install kubernetes



In [2]:
# Import required libraries
from kubernetes import client, config
from kubernetes.client import ApiException
import yaml
import json
import random
import string
import copy
from kubernetes.stream import stream

### Step 2: Define Kubernetes API Server and Token

In this step, we define the API server URL, the authentication token for the service account, and the namespace in which resources will be created.

- **KUBE_API_SERVER**: The Kubernetes API server URL.
- **KUBE_TOKEN**: The service account token used for authentication.
- **NAMESPACE**: The Kubernetes namespace where resources will be managed.


In [3]:
# Kubernetes API setup with token and server
KUBE_API_SERVER = "https://67.58.53.147:443"
KUBE_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6Illyc2M5bTg5czdZQlJYTFZjVTNNME5MRVBENEVFbWw2VHhoRXZZLWhkR3cifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzUyMjg5MzkxLCJpYXQiOjE3NTIyNDYxOTEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiNTdjOWMyZjEtZjJhMy00ZTNmLWFkMDQtYjA3MzhlNzIwMDJhIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJzZWFtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6Im15LXNhIiwidWlkIjoiZWM3YTZiNzYtYzI2NC00MjJmLTg4NjctNzk3YWFkMmYwODkxIn19LCJuYmYiOjE3NTIyNDYxOTEsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpzZWFtOm15LXNhIn0.oWMu_PnfXbTk3P_moxT83NnKypKMvUpucnNr-mzHOubdu5f1-Yebrq3UJc0QPtcq3qEEGybB8jNuogwRAJWNPI-vER1dN8B4YM_SbnGeq-fYeEgqKvv8cRFpROILojdX6kFG9SdgcQ2mdaP0rIEzXdygY1GeKdzpurSIzrXgWDBPIwy1lnNGgfLP2UIdILPwecTyyqoYsAGaBKC_xYur75rWfLxMHT_KMktUPlUjk0JhAw3izb5bZhDj5pIGmDpzLnMjxZQCykQB7k7iCCs8oEsK2cITSeu1rH9jFx9sp5zoTBWEb92b0Rhexxm5ZtyceqkHpWJQD3oUZkqdtrzBCw"
NAMESPACE = "seam"  

### Step 3: Configure the Kubernetes Client

Here, we configure the Kubernetes client with the provided API server URL and token. The `client.Configuration` object is used to set up the connection settings, such as:

- **host**: The URL of the Kubernetes API server.
- **verify_ssl**: Set to `False` to disable SSL verification (useful for testing or self-signed certificates).
- **api_key**: The authentication token for the service account.

Once configured, we initialize the `v1` and `networking_v1` API clients to interact with the core Kubernetes API and the custom networking API respectively.


In [4]:
# Configuration to use the embedded token and API server
configuration = client.Configuration()
configuration.host = KUBE_API_SERVER
configuration.verify_ssl = False
configuration.debug = False
configuration.api_key = {"authorization": f"Bearer {KUBE_TOKEN}"}
client.Configuration.set_default(configuration)

# Create the API clients
v1 = client.CoreV1Api()
networking_v1 = client.CustomObjectsApi()

print("Kubernetes API client configured successfully!")


Kubernetes API client configured successfully!


### Step 4: Create the Multus NADs

In [5]:
random_suffix = ''.join(random.choices(string.ascii_lowercase + string.digits, k=6))
nad_name = f"bridge-net-{random_suffix}"

print(f"Creating NetworkAttachmentDefinition with name: {nad_name}")

Creating NetworkAttachmentDefinition with name: bridge-net-ilvid7


In [6]:
nad_manifest = {
    "apiVersion": "k8s.cni.cncf.io/v1",
    "kind": "NetworkAttachmentDefinition",
    "metadata": {
        "name": nad_name,
        "namespace": NAMESPACE
    },
    "spec": {
        "config": json.dumps({
            "cniVersion": "0.3.1",
            "type": "bridge",
            "bridge": "br0",
            "isGateway": True,
            "ipam": {
                "type": "host-local",
                "subnet": "192.168.1.0/24",
                "rangeStart": "192.168.1.100",
                "rangeEnd": "192.168.1.200",
                "routes": [{"dst": "0.0.0.0/0"}],
                "gateway": "192.168.1.1"
            }
        })
    }
}

In [7]:
try:
    networking_v1.create_namespaced_custom_object(
        group="k8s.cni.cncf.io",
        version="v1",
        namespace=NAMESPACE,
        plural="network-attachment-definitions",
        body=nad_manifest
    )
    print("Multus NetworkAttachmentDefinition created successfully!")
except Exception as e:
    print(f"Error creating NAD: {e}")


Multus NetworkAttachmentDefinition created successfully!




### Step 5: Create the Experiment Pods

In [8]:
pod_names = [f"ping-pod-{random_suffix}-1",f"ping-pod-{random_suffix}-2"]

print(f"Creating Pods with names: {pod_names}")

Creating Pods with names: ['ping-pod-ilvid7-1', 'ping-pod-ilvid7-2']


In [10]:
pod_manifest_template = {
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "namespace": NAMESPACE,
        "annotations": {
            "k8s.v1.cni.cncf.io/networks": nad_name
        }
    },
    "spec": {
        "serviceAccountName": "my-sa",
        "nodeSelector": {"kubernetes.io/hostname": "node-2-6.sdsc.optiputer.net"},
        "containers": [{
            "name": "ping-container",
            "image": "busybox",
            "command": ["sh", "-c", "sleep 3600"],
            "securityContext": {
                "privileged": True
            }
        }]
    }
}

In [11]:
for pod_name in pod_names:
    pod_manifest = pod_manifest_template.copy()
    pod_manifest["metadata"]["name"] = pod_name
    try:
        v1.create_namespaced_pod(namespace=NAMESPACE, body=pod_manifest)
        print(f"Pod {pod_name} created successfully!")
    except Exception as e:
        print(f"Error creating {pod_name}: {e}")



Pod ping-pod-ilvid7-1 created successfully!




Pod ping-pod-ilvid7-2 created successfully!


In [12]:
import time
def wait_for_pod_ready(pod_name):
    while True:
        pod = v1.read_namespaced_pod(name=pod_name, namespace=NAMESPACE)
        if pod.status.phase == "Running":
            print(f"{pod_name} is running!")
            break
        time.sleep(2)

for pod_name in pod_names:
    wait_for_pod_ready(pod_name)



ping-pod-ilvid7-1 is running!
ping-pod-ilvid7-2 is running!




In [13]:
def get_pod_ip(pod_name):
    pod = v1.read_namespaced_pod(name=pod_name, namespace=NAMESPACE)
    return pod.status.pod_ip
    
ip_a = get_pod_ip(pod_names[0])
ip_b = get_pod_ip(pod_names[1])

print(f"Pod A IP: {ip_a} \nPod B IP: {ip_b}")



Pod A IP: 10.244.57.196 
Pod B IP: 10.244.57.222


### Step 6: Ping from pods

In [14]:
def test_connectivity(source_pod, target_ip):
    exec_command = ["ping", "-c", "10", target_ip]
    try:
        response = stream(
            v1.connect_get_namespaced_pod_exec,
            name=source_pod,
            namespace=NAMESPACE,
            command=exec_command,
            stderr=True,
            stdin=False,
            stdout=True,
            tty=False,
        )
        print(f"Ping from {source_pod} to {target_ip} successful!")
        print(response)
    except ApiException as e:
        print(f"Exception when pinging {target_ip} from {source_pod}: {e}")

In [15]:
test_connectivity(pod_names[0], ip_b)  # Ping pod B from pod A

Ping from ping-pod-ilvid7-1 to 10.244.57.222 successful!
PING 10.244.57.222 (10.244.57.222): 56 data bytes
64 bytes from 10.244.57.222: seq=0 ttl=64 time=0.513 ms
64 bytes from 10.244.57.222: seq=1 ttl=64 time=0.102 ms
64 bytes from 10.244.57.222: seq=2 ttl=64 time=0.107 ms
64 bytes from 10.244.57.222: seq=3 ttl=64 time=0.114 ms
64 bytes from 10.244.57.222: seq=4 ttl=64 time=0.101 ms
64 bytes from 10.244.57.222: seq=5 ttl=64 time=0.110 ms
64 bytes from 10.244.57.222: seq=6 ttl=64 time=0.111 ms
64 bytes from 10.244.57.222: seq=7 ttl=64 time=0.085 ms
64 bytes from 10.244.57.222: seq=8 ttl=64 time=0.099 ms
64 bytes from 10.244.57.222: seq=9 ttl=64 time=0.135 ms

--- 10.244.57.222 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0.085/0.147/0.513 ms



In [16]:
test_connectivity(pod_names[1], ip_a)  # Ping pod B from pod A

Ping from ping-pod-ilvid7-2 to 10.244.57.196 successful!
PING 10.244.57.196 (10.244.57.196): 56 data bytes
64 bytes from 10.244.57.196: seq=0 ttl=64 time=0.332 ms
64 bytes from 10.244.57.196: seq=1 ttl=64 time=0.125 ms
64 bytes from 10.244.57.196: seq=2 ttl=64 time=0.153 ms
64 bytes from 10.244.57.196: seq=3 ttl=64 time=0.105 ms
64 bytes from 10.244.57.196: seq=4 ttl=64 time=0.111 ms
64 bytes from 10.244.57.196: seq=5 ttl=64 time=0.111 ms
64 bytes from 10.244.57.196: seq=6 ttl=64 time=0.113 ms
64 bytes from 10.244.57.196: seq=7 ttl=64 time=0.169 ms
64 bytes from 10.244.57.196: seq=8 ttl=64 time=0.121 ms
64 bytes from 10.244.57.196: seq=9 ttl=64 time=0.171 ms

--- 10.244.57.196 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0.105/0.151/0.332 ms

