Linux force packet to egress (and avoid local/kernel trafic)

Question

0 down vote favorite

I have a 20-ports switch connected to a 20-NICs PC (1-to-1) and want to load it with traffic. Of course configuring all NICs with different IPs and start my client/server (Python3) scripts (or iperf3) will generate local traffic only unless I force the traffic out through the NICs.

I found (here) the two main 'tricks' in order to achieve this:

a.) Using network namespace:

[+] It Will do exactly what I want by isolating (VM/docker-like) each NIC into a box

[+] Python3 seem to support netns (Pyroute2)

[-] Not sure how I can open a socket into a netns/python thread (10 threads x 2 (client/server) )

b.) Using a ghost IP (iptable: S/D-NAT + pre/post-routing):

[+] All NICs remain in the root network namespace (still get to collect data through psutil) and configure at global level

[+] Python TCP threaded script can run wihtout specific lib/support for netns

[-] In case of reconfiguration of my setup (IPs, VLAN,...), IPTable script must be adapted accordingly.

I would like to know if I overlook another possibility here and/or if for a.) I am getting it (all) wrong (since I can't find a decent example with a socket opened in a single Python script over different netns...)

Answer 1

I'm not sure what the trouble is with using python in a network namespace - once you've moved the interface to the namespace, and started the python interpreter in it, you can just open a normal socket. As there's only a single NIC in the namespace, everything will get routed correctly.

I don't understand your second method, and I don't see why you'd need NAT.

The third method would be to set up each NIC with a different IP, keep them all in the root namespace, and have the applications bind to a specific socket. This is part of the normal socket API; I'd have to look up how Python supports it, but I'm sure it does. Alternatively, use something like socat to generate network traffic; it has options to bind to interfaces/source addresses, and you don't need to write specific Python script.

Edit

Ah, I may have found the sticky point, and why you think you need NAT.

If you don't just want to "load the switch with traffic", but you want the destination of the traffic to be the same box as the source, then you have a problem: There are various safeguards that prevent such a routing loop, and "boomerang" packets. See here for details. And yes, NAT can be used to work around this, but there are better ways: It's really easy with namespaces, and having just the destination somewhere else (e.g. in a namespace, or on a different machine connected to the switch) is enough.

Answer 2

To really load a switch try multicasting!

Using socat or dvblast to multicast a loop of a small video in very high quality/bandwidth makes for a very good traffic generator, and multicast traffic will always egress.