Capturing Packets on Dataplane Interfaces¶
Dataplane interfaces do not pass traffic in a way that traditional utilities
such as tcpdump
can handle. There are ways to trace and capture packets in
the dataplane itself using vppctl
but these do not offer the familiarity and
flexibility of tcpdump
. However, there is a way to tap into these interfaces
so that packets can be captured using tcpdump
using tap
and span
interfaces.
Warning
Do not leave this in place longer than necessary, as it will likely degrade overall performance.
Note
This method does not work for loopback interfaces. Capture on the ingress and egress interface(s) instead.
First, setup a tap interface. The name can be anything that isn’t already in
use as an interface name in the shell (not in TNSR). For convenience, this
example calls it capture
with an instance ID of 30
:
tnsr(config)# interface tap capture
tnsr(config-tap)# instance 30
tnsr(config-tap)# exit
tnsr(config)# interface tap30
tnsr(config-interface)# enable
tnsr(config-interface)# exit
The tap interface creates a link between the dataplane and the host OS, but it
still needs to be fed packets to be captured. For that, configure a span between
the TNSR interface (WAN
, in this example) and the tap interface created
above:
tnsr(config)# span WAN
tnsr(config-span)# onto tap30 hw both
tnsr(config-span)# exit
Warning
This technique does not work on VLAN subinterfaces. To capture on a
subinterface, create a span to the parent interface and filter by VLAN ID in
tcpdump
.
Now start a shell prompt in the dataplane namespace and run tcpdump
on the
interface named capture
. This can be done from the dataplane shell
command in TNSR or at a shell prompt using dp-exec
:
tnsr# dataplane shell sudo tcpdump -ni capture
$ sudo dp-exec tcpdump -ni capture
The usual tcpdump
options, syntax, and filtering are possible from there.
When finished, remove the span and tap interface configuration:
tnsr(config)# no span WAN
tnsr(config)# no interface tap30
tnsr(config)# no interface tap capture