tcpdump 檢查svc是否使用tcp keepalive

1. 確認目標Pod所在的Worker Node ``` oc get pod -owide ``` 2. 於目標Node上取得Pod network NS ``` oc debug node/<worker_node> NAME=<pod-name> NAMESPACE=<pod-namespace> pod_id=$(chroot /host crictl pods --namespace ${NAMESPACE} --name ${NAME} -q) ns_path="/host$(chroot /host bash -c "crictl inspectp $pod_id | jq '.info.runtimeSpec.linux.namespaces[]|select(.type==\"network\").path' -r")" nsenter_parameters="--net=${ns_path}" ``` 3. 檢查目標Pod Network interface eth0 ``` (reverse-i-search)`ip ': nsenter $nsenter_parameters -- chroot /host ^C a (failed reverse-i-search)`nsenter': ^Center_parameters="--net=${ns_path}" sh-4.4# nsenter $nsenter_parameters -- chroot /host ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if126: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default link/ether 0a:58:0a:80:00:71 brd ff:ff:ff:ff:ff:ff link-netns 82217c64-ef9a-4ad2-a78d-7b5256d0991a inet 10.128.0.113/23 brd 10.128.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::858:aff:fe80:71/64 scope link valid_lft forever preferred_lft forever ``` 4. 檢查要確認的svc [quickcluster@upi-0 ~]$ oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hostnames ClusterIP 172.30.31.229 <none> 9376/TCP 68m 5. 打流量同時下tcpdump過濾tcp stream 有tcp keepalive的情況 - 只會看到同一個pair ``` sh-4.4# nsenter $nsenter_parameters -- tcpdump -nn -i eth0 tcp and host 172.30.31.229 -nn -tt -c 1000 | awk '{print $3,$5}' | sed 's/\.[0-9]*$//' | sort | uniq dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 1000 packets captured 1931 packets received by filter 0 packets dropped by kernel 10.128.0.113.50748 172.30.31.229.9376: 172.30.31.229.9376 10.128.0.113.50748: ``` 沒有開tcp keepalive的話則回有多個pair ``` sh-4.4# nsenter $nsenter_parameters -- tcpdump -nn -i eth0 tcp and host 172.30.31.229 -nn -tt -c 100 | awk '{print $3,$5}' | sed 's/\.[0-9]*$//' | sort | uniq dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 100 packets captured 831 packets received by filter 0 packets dropped by kernel 10.128.0.113.46092 172.30.31.229.9376: 10.128.0.113.46098 172.30.31.229.9376: 10.128.0.113.46110 172.30.31.229.9376: 10.128.0.113.48498 172.30.31.229.9376: 10.128.0.113.48502 172.30.31.229.9376: 10.128.0.113.48518 172.30.31.229.9376: 10.128.0.113.48526 172.30.31.229.9376: 10.128.0.113.48530 172.30.31.229.9376: 10.128.0.113.48540 172.30.31.229.9376: 10.128.0.113.48548 172.30.31.229.9376: 172.30.31.229.9376 10.128.0.113.46092: 172.30.31.229.9376 10.128.0.113.46098: 172.30.31.229.9376 10.128.0.113.46110: 172.30.31.229.9376 10.128.0.113.48498: 172.30.31.229.9376 10.128.0.113.48502: 172.30.31.229.9376 10.128.0.113.48518: 172.30.31.229.9376 10.128.0.113.48526: 172.30.31.229.9376 10.128.0.113.48530: 172.30.31.229.9376 10.128.0.113.48540: 172.30.31.229.9376 10.128.0.113.48548: ```