 Hello everyone. My name is Sylvain Boubault. I'm working for Red Hat and I'm going to introduce my colleague, which is another Sylvain, but also from Red Hat, Sylvain Afchan. And today we're going to talk about Skydive, which is a software that was created two years ago at Red Hat, and it's a real-time network topology and protocols analyzer. So the reason behind Skydive is that that's one of the primary use cases. It's troubleshooting and troubleshooting the network is particularly hard, so by nature it's distributed, so you have to SSH a lot to many machines. And when using SD, you can have a multiple SDN. So for example, you could have an open stack running with the neutral SDN, and then on top of this you could have a flannel network, and then troubleshooting is getting really, really, really hard. And the toolbox that is available to you is, well, if you use a proprietary SDN, you can have other tools, but the basic toolbox is the IP route utils, so the IP address and Nats and S bridge, stuff like that. You also have the open V switch tools, so OVS, VSTL, OFTL to show the flows and stuff like that. You also have, of course, TCP dump and wire shark to do the packet analysis. So one of the goals of Skydive, so we have to deal with many SDNs, so we did not want to be tied to a single SDN, so we wanted to be SDN agnostic to be able to use Skydive with flannel, and such like that. Another goal is we have to be able to do real-time analysis, so on a running platform like production, but also some use cases is post-mortem analysis, so for example, if you had an issue, so the reflex is to delete the instance and to try again, and then you're not able to troubleshoot anymore, so we do Skydive record everything so that you can do the analysis later, and it has to be lightweight because it's supposed to be running on your production machines, and really easy to deploy, because when the problem occurs, you have to be able to deploy Skydive really fast, so we came up with this software which is in distributed architecture, so to answer the easy to deploy question, it's the one binary, so for all the different parts of Skydive, so a single binary, you just copy it and then you can run it. We also have a all-in-one mode, so you just start and you have everything, so it's composed of only two components, which the agent, the Skydive agent, it's supposed to be running on all your compute nodes, and it's responsible to capture the network topology and also to capture the network flows, and then it forwards everything to another component, which is the Skydive analyzer, and its role is to aggregate all this topology information, do some more analysis and also to serve the API, so as this presentation is released short, we are going to do a large demo, and we start with a very quick overview of Skydive, so in our environment, we have one Skydive analyzer and two Skydive agents, and so how does it look like, so that's the web interface, everything is accessible using the command line, but let's use this, so here you have one agent and another one, they are both connected, you see all the network interfaces, so the local host, the ETH1, and they are both connected to a top of rock switch, so you can click on every node and get the information about the interfaces, so the MAC address, the MTU and all the relevant informations, and you can also have the interface matrix, so the number of packets dropped and received and stuff like that, so let's go back here, and now let's create some network objects and see how Skydive reacts, so if we create an interface, so Skydive is listening to the netlink events, so sorry, for the lag, so we see that the interface just appeared, where is it, so here it is, and then we can also add an interface on this interface and we can see that Skydive was able to see the new interface, so we really do not do any polling, we do this, we try to subscribe to all the topology mechanisms, so for OVSDB we listen for events, for netlink, for Docker, we try to avoid the polling as much as possible, and then so now we're trying to generate and to capture some packets, so to do this, we can do this, we can select an interface, so I'm going to select the ETH1 of every machine, and you can select a pass, and then you can specify your BPF filter to select only certain packets, sorry, I'm going to do this again because I want to enable some options here, let's ask for 10 packets, and then Skydive bundles a packet traffic generator, and so you can choose, you can generate traffic, so you can generate ICMP, TCP, DOM and stuff like that, okay, and then I'm going to just generate ICMP packets from there to there, and then we can see that here at the bottom right, you can see that I can see the ICMP V4 packets that was just generated, and here you can also, with this button, you just can open this with a wire shark and get access to the full data, okay, so that was for the very simple demo, now a little more complex, we are going to create a Docker container, so here, sorry, we can see that Docker creates a network name space for every container, and so we can see it here, and an interesting thing, stop moving, okay, and so that's the network name space and the physical interface, but we can see that there is a picture here, just say that it's a Docker container, so Skydive, when it saw this network name space, it asked Docker if he knows about this name space, and so you can have, it's right there, but you can have the, sorry, so you can see here the name space, but you can also click in the container and get the container ID and the container name and the container PID, so yeah, that was for the demo, so we have other container connectors, so we have connectors for OpenStack Neutron, for OpenContrail, Kubernetes connector is on the way, and yeah, I don't know what, okay, yeah, can you hear me, so yeah, perfect, right, so I'm the other Sylvain, and I'm going to continue to add complexity for the demo, so we are going to deploy, to use a Docker swarm in order to deploy an NTR application, so basically a data store with a MySQL container and two WordPress containers, so I'm going to do that, so first I'm going to initialize Docker swarm, okay, which is done now, and we will see that, we have some lags, okay, so we can see that Skydive already detected what Docker swarm did, so we have much more network namespaces created, I'm not going to see what this container are doing, but I'm going to continue to create what I explained before, meaning the WordPress and the MySQL, so we're going to do that, we're going to start by create a Docker swarm network used in order to interconnect our two services, the MySQL and the WordPress, we start the container, the service, the MySQL service, so it's starting, and we should have the MySQL container appearing very soon, I hope, yeah, just here, it's too huge for my laptop with the three VMs, so we have much more containers, network namespaces involved in the in the deployment, so we have here, we know that this is the MySQL instance, we can click on it as explained by Sylvain just before, and we have much more details about the service, we have the Docker labels just here, and we can see we have probably one namespace related to the Docker network, so I'm going to continue to start the WordPress, the first one, on the the agent one, which is done, so it should be there soon, so now we have everything connected, so we can see that we have the other container just there in this namespace, sorry for the click, and just here, and it seems that these two namespaces are interconnected by this one, this namespace, and this one as well, with this pass, in order to check what is the namespace used by the the network, okay, I'm going to do this pass, so this one is probably the one used for the for the network that I created just before, so I'm going to start to capture between this point and this point in order to confirm that we have some packets, I'm going to do that very quickly because we are short in time, not this interface, but this one, this one, I'm going just to capture the traffic for my SQL, okay, we have now a capture, and I can go to the interface of the WordPress in order to generate a bit of traffic, so this is not the good port, sorry for that, okay, so we should have some traffic there now, just here, and if we expand the flow, we can see that we have a my SQL traffic just there, so I am not going to continue, but I just going to explain what we have just after, with the other container scheduled on the other node, on the other host, we are able to follow packets passing from one host to the other one, and using the overlay, so the VxLan interface, and we are able to follow packets within a tunnel, so and we do support multiple tunneling encapsulations, so we do support VxLan, GRE, GNEV, so and you can have a mix between them, so it means that if you have for example an open stack deployment and on top of it, you have a container deployment with another SDN on top of that, you can follow the packets leaving the first level of the encapsulation and going to the other one, so I did capture some traffic and I'm going to skip this one, so we did everything with the web UI, but as Sylvain said just before, everything is doable with the command line, so you can create the topology, you can create the flows and the packets, you can create captures, you can do packet injection, and we have an alerting mechanism that I'm not going to show you right now, but I can explain, you can write alert rules for flows and topology, meaning that if there is a change in terms of flows or traffic or in terms of interfaces and stuff like this, you can get informed that something changed, so you can write for example rules for bandwidth or up-down interface, or if there is no more certain kind of container. For the roadmap, we are working on a BPF probe in order to capture the flow in a lightweight manner, a DPTK1, so we have POC for both of them, and we are working on a layer 3 topology because currently we have a kind of layer 2 topology and we are working on in order to add layer 3 and application topology 2, it's an open source tool and you can reach out to us on IRC or on the mailing list, thank you. If you have questions, basically this is a single binary and statically linked, so you can just copy the binary somewhere and you can start it as an all-in-one service and it comes with everything, so with one binary you have the client, you have the analyzer, if you want to to have a distributed environment, but you can just have one, sorry, okay, okay, okay, but you can you can come, thank you.