Learn more about Replicated to operationalize your application
/

Network Namespace Connectivity

Collects and analyzes if traffic between two different network namespaces is possible.

Network Namespace Connectivity Collector

To collect information about network namespace connectivity, use the NetworkNamespaceConnectivity collector. This collector creates two distinct network namespaces and verifies if TCP and UDP traffic can traverse between them.

Parameters

In addition to the shared collector properties, the networkNamespaceConnectivity collector accepts the following parameters:

fromCIDR (Required)

The CIDR to be used on the first network namespace.

toCIDR (Required)

The CIDR to be used on the second network namespace.

port (Optional)

The port to use for the UDP and TCP connections. Defaults to 8080.

timeout (Optional)

The time to wait for the UDP and TCP connections to be established. This parameter is expressed with a string following the Go duration format. Defaults to 5s.

Example Collector Definition

apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
  name: namespace-connectivity
spec:
  hostCollectors:
  - networkNamespaceConnectivity:
      collectorName: check-network-connectivity
      fromCIDR: 10.0.0.0/24
      toCIDR: 10.0.1.0/24
      port: 9090
      timeout: 10s

Included Resources

The results of the NetworkNamespaceConnectivity collector are stored in the host-collectors/system directory of the support bundle.

check-network-connectivity.json

Example of the resulting JSON file:

{
  "from_namespace": "10.0.0.0/24",
  "to_namespace": "10.0.1.0/24",
  "errors": {
    "from_namespace_creation": "",
    "to_namespace_creation": "",
    "udp_client": "error reading from udp socket: read udp 10.0.0.1:60767->10.0.1.1:8888: i/o timeout",
    "udp_server": "error reading from udp socket: read udp 10.0.1.1:8888: i/o timeout",
    "tcp_client": "error dialing tcp: dial tcp 10.0.1.1:8888: i/o timeout",
    "tcp_server": "error accepting connection: accept tcp 10.0.1.1:8888: i/o timeout"
  },
  "output": {
    "logs": [
      "[2024-11-07T13:29:26Z] creating network namespace \"from\" with cidr \"10.0.0.0/24\"",
      "[2024-11-07T13:29:26Z] network namespace \"from\" address range: \"10.0.0.1\" - \"10.0.0.254\"",
      "[2024-11-07T13:29:26Z] creating interface pair \"from-in\" and \"from-out\"",
      "[2024-11-07T13:29:26Z] attaching interface \"from-in\" to namespace \"from\"",
      "[2024-11-07T13:29:26Z] setting default gateway \"10.0.0.254\" for namespace \"from\"",
      "[2024-11-07T13:29:26Z] creating network namespace \"to\" with cidr \"10.0.1.0/24\"",
      "[2024-11-07T13:29:26Z] network namespace \"to\" address range: \"10.0.1.1\" - \"10.0.1.254\"",
      "[2024-11-07T13:29:26Z] creating interface pair \"to-in\" and \"to-out\"",
      "[2024-11-07T13:29:26Z] attaching interface \"to-in\" to namespace \"to\"",
      "[2024-11-07T13:29:26Z] setting default gateway \"10.0.1.254\" for namespace \"to\"",
      "[2024-11-07T13:29:26Z] starting udp echo server on namespace \"to\"(\"10.0.1.1:8888\")",
      "[2024-11-07T13:29:26Z] starting tcp echo server on namespace \"to\"(\"10.0.1.1:8888\")",
      "[2024-11-07T13:29:26Z] reaching to \"10.0.1.1\" from \"10.0.0.1\" with udp",
      "[2024-11-07T13:29:31Z] reaching to \"10.0.1.1\" from \"10.0.0.1\" with tcp",
      "[2024-11-07T13:29:36Z] network namespace connectivity test finished"
    ]
  },
  "success": false
}

Network Namespace Connectivity Analyzer

The NetworkNamespaceConnectivity analyzer supports two outcomes, one for pass and one for fail. An example is provided below.

Message Templating

To make the outcome message more informative, you can include certain values gathered by the NetworkNamespaceConnectivity collector as templates. The templates are enclosed in double curly braces with a dot separator. The following templates are available:

TemplateDescription
{{ .ErrorMessage }}Show all error messages found during the collection
{{ .FromNamespace }}The CIDR provided in the collector fromCIDR property
{{ .ToNamespace }}The CIDR provided in the collector toCIDR property

Example Analyzer Definition

apiVersion: troubleshoot.sh/v1beta2
kind: SupportBundle
metadata:
  name: namespace-connectivity
spec:
  hostCollectors:
  - networkNamespaceConnectivity:
      collectorName: check-network-connectivity
      fromCIDR: 10.0.0.0/24
      toCIDR: 10.0.1.0/24
      port: 9090
      timeout: 10s
  hostAnalyzers:
  - networkNamespaceConnectivity:
      collectorName: check-network-connectivity
      outcomes:
      - pass:
          message: "Communication between {{ .FromNamespace }} and {{ .ToNamespace }} is working"
      - fail:
          message: "{{ .ErrorMessage }}"
Edit on GitHub