Assumptions

  • You have one proxy app pushed and called appA on Diego Cell 1
  • You have one proxy app pushed and called appB on Diego Cell 2

What

So far the overlay packet has been encapsulated into an underlay packet and then it is sent to a second Diego Cell. Once the underlay packet gets to the Diego Cell it gets decapsulated by the VTEP. But how does “it” know to send these specific underlay packets to the silk-vtep interface to be decapsulated and not other packets?

Let’s figure it out by inspecting the packets with tcpdump! Tcpdump is a CLI tool that allows you to inspect all of the traffic flowing through your container.

How

🤔 Send traffic via the overlay from appA to appB

  1. In terminal 1, use watch to continuously curl appB from appA using appB’s overlay IP and app port.

📝 Look at the underlay traffic

  1. In terminal 2, ssh onto Diego Cell 2, where appB is running.
  2. The underlay packet is from Diego Cell 1 to Diego Cell 2, so use tcpdump to look at all traffic from Diego Cell 1. 
    # all traffic originating from DIEGO_CELL_1_IP (There will be traffic unrelatead to the exercise visible in the output)
tcpdump -n src DIEGO_CELL_1_IP -v

# all traffic originating from DIEGO_CELL_1_IP that is destined for DIEGO_CELL_IP_2 (A more focused capture)
tcpdump -n src DIEGO_CELL_1_IP and dst DIEGO_CELL_2_IP -v

❓ Questions

  1. What do you notice about all of the traffic? What do they have in common? Based on this information how do you think only this traffic is being decapsulated?
  2. What protocol is this traffic using? Is that surprising to you?

Expected outcome

You should see that all traffic to be decapsulated is sent to the same port. This is how some traffic is decapsulated by the VTEP but not others.

You should also notice that all of the traffic is sent via UDP. WHAT? Read here for more details on that.