1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
| | # SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
# for qemu/UNIX domain socket mode
#
# PASTA - Pack A Subtle Tap Abstraction
# for network namespace/tap device mode
#
# test/demo/pasta - Quick introduction to pasta
#
# Copyright (c) 2021 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>
say This is a short introduction to
em pasta
say .
nl
nl
sleep 3
say Let's fetch the source
sleep 1
tempdir TEMPDIR
host cd __TEMPDIR__
host git clone git://passt.top/passt
sleep 1
say and build it.
sleep 1
host cd passt
host make
sleep 1
nl
nl
say A quick look at the man page...
sleep 1
hostb man ./pasta.1
sleep 5
hostb /pasta
sleep 2
hostb n
sleep 2
hostb n
sleep 10
nl
say without PID, it will create a namespace.
sleep 3
passt cd __TEMPDIR__/passt
passtb ./pasta -P /tmp/pasta.pid
sleep 3
nl
nl
say For convenience, let's enter this namespace
nl
say from another terminal.
sleep 3
nsout TARGET_PID pgrep -P $(cat /tmp/pasta.pid)
sleep 1
ns nsenter -t __TARGET_PID__ -U -n --preserve-credentials
sleep 5
nl
nl
say Now, we're ready to configure networking.
sleep 2
host q
nl
nl
ns ip link show
sleep 3
say Let's configure IPv4 first...
sleep 2
ns /sbin/dhclient -4 --no-pid
sleep 2
ns ip addr show
sleep 5
nl
say SLAAC is already done, but we can also
nl
say get another address via DHCPv6.
sleep 3
ns /sbin/dhclient -6 --no-pid
sleep 3
nl
nl
say Let's try to communicate between host and namespace
sleep 2
nl
say ...there's no need to configure port forwarding,
nl
say pasta detects bound ports and forwards them.
sleep 3
nsb socat TCP6-LISTEN:31337,bind=[::1] STDOUT
sleep 2
host echo "Hello from the host" | socat -u STDIN TCP6:[::1]:31337
sleep 5
nl
nl
say Now the other way around...
nl
say we can use a loopback address
sleep 2
hostb socat TCP6-LISTEN:31337,bind=[::1] STDIO
sleep 2
ns echo "Hello from the namespace" | socat -u STDIN TCP6:[::1]:31337
sleep 5
nl
say or the address of the default gateway.
sleep 2
nsout GW ip -j -4 route show|jq -rM '.[] | select(.dst == "default").gateway'
sleep 5
hostb socat TCP4-LISTEN:31337 STDIO
sleep 2
ns echo "Hello from the namespace" | socat -u STDIN TCP4:__GW__:31337
sleep 3
nl
nl
say UDP...
sleep 2
ns host -t A passt.top
sleep 3
say seems to work too.
sleep 3
nl
nl
em pasta
say can also take packet captures.
sleep 3
passt exit
sleep 2
temp TEMP
passtb ./pasta -p __TEMP__.pcap
sleep 2
passt
passt /sbin/dhclient -4 --no-pid
sleep 2
hostb tshark -r __TEMP__.pcap
sleep 5
nl
nl
say And there are tons of totally useless
sleep 1
bsp 14
say absolutely useful features
nl
say you can find described in the man page.
sleep 5
nl
nl
say Let's have a (quick!) look at performance
nl
say more in the "Performance" section below.
sleep 3
ns exit
passt exit
passt make clean
passt CFLAGS="-g" make
sleep 2
passtb perf record -g ./pasta -P /tmp/pasta.pid
sleep 2
nsout TARGET_PID pgrep -P $(cat /tmp/pasta.pid)
sleep 1
ns nsenter -t __TARGET_PID__ -U -n --preserve-credentials
sleep 5
nl
nl
info Throughput in Gbps, latency in µs
th flow init>ns ns>init
set OPTS -P4 -l 1M -w 32M -i1 --pacing-timer 100000
tr TCP/IPv6 throughput
hostb sleep 10; iperf3 -c ::1 __OPTS__
nsout BW iperf3 -s1J | jq -rM ".end.sum_received.bits_per_second"
bw __BW__ 10.0 20.0
sleep 5
nsb sleep 10; iperf3 -c ::1 __OPTS__
hout BW iperf3 -s1J | jq -rM ".end.sum_received.bits_per_second"
bw __BW__ 10.0 20.0
tl TCP/IPv6 RR latency
nsb tcp_rr -6 --nolog
sleep 2
hout LAT tcp_rr --nolog -c -H ::1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
hostb tcp_rr -6 --nolog
sleep 2
nsout LAT tcp_rr --nolog -c -H ::1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
tl TCP/IPv6 CRR latency
nsb tcp_crr -6 --nolog
sleep 2
hout LAT tcp_crr --nolog -c -H ::1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
hostb tcp_crr -6 --nolog
sleep 2
nsout LAT tcp_crr --nolog -c -H ::1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
tr TCP/IPv4 throughput
hostb sleep 10; iperf3 -c 127.0.0.1 __OPTS__
nsout BW iperf3 -s1J | jq -rM ".end.sum_received.bits_per_second"
bw __BW__ 10.0 20.0
sleep 5
nsb sleep 10; iperf3 -c 127.0.0.1 __OPTS__
hout BW iperf3 -s1J | jq -rM ".end.sum_received.bits_per_second"
bw __BW__ 10.0 20.0
tl TCP/IPv4 RR latency
nsb tcp_rr -4 --nolog
sleep 2
hout LAT tcp_rr --nolog -c -H 127.0.0.1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
hostb tcp_rr -4 --nolog
sleep 2
nsout LAT tcp_rr --nolog -c -H 127.0.0.1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
tl TCP/IPv4 CRR latency
nsb tcp_crr -4 --nolog
sleep 2
hout LAT tcp_crr --nolog -c -H 127.0.0.1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
hostb tcp_crr -4 --nolog
sleep 2
nsout LAT tcp_crr --nolog -c -H 127.0.0.1 | sed -n 's/^throughput=\(.*\)/\1/p'
lat __LAT__ 1000 500
sleep 2
sleep 5
passt exit
sleep 2
killp PASST
killp HOST
sleep 2
ns cd __TEMPDIR__/passt
nsb perf report -g --max-stack 3
sleep 10
nl
nl
say I
em knew
say it.
em syscalls
say .
sleep 5
nl
nl
say Thanks for watching!
sleep 5
|