All Products
Search
Document Center

Alibaba Cloud Service Mesh:Use packet inspection tasks to diagnose the traffic in an ASM instance

Last Updated:Dec 03, 2024

Service Mesh (ASM) allows you to initiate packet inspection tasks for workloads deployed in an ASM instance to obtain information about TCP packets in pods within a certain period of time and dump the TCP packets to the hosts of the nodes in a Kubernetes cluster for downloading and viewing. This topic describes how to diagnose the traffic in an ASM instance by using a packet inspection task.

Background information

Some traffic may not meet expectations due to the diversity of applications managed by ASM. For example, request headers are too large and requests do not comply with the standard HTTP protocol. Packet inspection tasks can quickly capture traffic information for workloads, helping you diagnose complex traffic issues.

Prerequisites

  1. An ASM instance of Enterprise Edition or Ultimate Edition is created, and the version of the instance is 1.21.6.72 or later. For more information, see Create an ASM instance or Update an ASM instance.

  2. A Container Service for Kubernetes (ACK) cluster is added to the ASM instance. For more information, see Add a cluster to an ASM instance.

Procedure

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Instance > Mesh Diagnosis.

  3. On the Mesh Diagnosis page, click Service Packet Inspection.

  4. On the Service Packet Inspection tab, click Create Task. In the dialog box that appears, configure Kubernetes Clusters, Namespace, Pod Name, Duration, tcpdump Parameters, and Save File Name. For more information about how to use tcpdump parameters, see tcpdump. Click OK.

  5. Wait until the Status column of the created task on the Service Packet Inspection tab changes to Complete.

  6. Find the hosts of the corresponding Kubernetes cluster and download the pcap file in the specified path based on the values of the Host of File and File Save Path columns of the created task. For more information about how to download a file, see Use Workbench to upload a file to and download a file from an instance.

Related operations

Delete a packet inspection task

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Instance > Mesh Diagnosis.

  3. On the Mesh Diagnosis page, click the Service Packet Inspection tab.

  4. On the Service Packet Inspection tab, find the task that you want to delete and click Delete in the Actions column. In the message that appears, click OK.

Common tcpdump parameters

Before you use packet inspection, you can configure the tcpdump parameters based on the properties of the traffic that you want to inspect.

  • You can use the following parameters to inspect the traffic between a sidecar proxy and an application in a client pod.

    # Replace 172.16.xx.xx with the IP address of the destination service.
    -i lo dst port 15001 or src host 172.16.xx.xx
  • You can use the following parameters to inspect the traffic between a sidecar proxy and a destination service in a client pod.

    # Replace 192.168.xx.xx with the IP address of the pod that runs the destination service.
    -i any host 192.168.xx.xx
  • You can use the following parameters to inspect the traffic between a sidecar proxy and an application in a server pod.

    -i lo host 127.0.0.6
  • You can use the following parameters to inspect the traffic between a sidecar proxy and a client pod in a server pod.

    # Replace 192.168.xx.xx with the IP address of the client pod.
    -i any host 192.168.xx.xx