diff --git a/_data/navigation.yml b/_data/navigation.yml index 64273ac..e256b97 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -6,7 +6,7 @@ main: - title: "Research" url: /research/ - title: "Notes" - url: /study/ + url: /notes/ - title: "Posts" url: /posts/ # - title: "Categories" @@ -35,10 +35,10 @@ study: linux: - title: Linux children: - - title: "Intro" - url: /notes/linux/ - title: "Commands" url: /notes/linux/cmd + - title: "Iptables" + url: /notes/linux/iptables/ ds: - title: Content diff --git a/_pages/00-dpu-intro.md b/_pages/00-dpu-intro.md index 99b8bc2..d7eaa26 100644 --- a/_pages/00-dpu-intro.md +++ b/_pages/00-dpu-intro.md @@ -66,13 +66,49 @@ SmartNIC/DPU refers to a new generation of network adapters. DPU is a SoC, with - IP: 198.168.100.x - netmask: 255.255.255.0 +## Accessing Network from SmartNIC [3][4] +### Preparation +- Stop ovs. +- Make sure interfaces `tmfifo_net0` are assigned with an ip address on both host and SmartNIC. + + +### Setting Host Iptables + +```console +# Turn on IPv4 forwarding +sfwu22@dpu:~$ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward + +# Configure IP forwarding rules for the internet-facing interface eno1 +sfwu22@dpu:~$ iptables -A FORWARD -o eno1 -j ACCEPT +sfwu22@dpu:~$ iptables -A FORWARD -m state --state ESTABLISHED,RELATED -i eno1 - j ACCEPT + +# Configure the NAT rule for the internet-facing interface eno1 +sfwu22@dpu:~$ iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE +``` +### DNS Server +Check the DNS server in current domain. The DNS server address can be checked and configured with: +```console +# On host/SmartNIC +sfwu22@proj88:~$ systemd-resolve --status + +# Set DNS server of SmartNIC +# For group SmartNIC +sfwu22@dpu:~$ echo "nameserver 192.168.50.254" | sudo tee /etc/resolv.conf +# For CloudLab SmartNIC +sfwu22@dpu:~$ echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf +``` +### Proxy Server +If host sits behind a proxy server, SmartNIC should be configured with the same proxy server. + +Then SmartNIC is good to go! + ## Additional Configuration - Firmware update. -- Subfunction configuration[^2]. +- Subfunction configuration[2]. -- Running examples. Examples are located in `/opt/mellanox/doca/application` in DPU. Take `url_filter ` as the example[^1]. +- Running examples. Examples are located in `/opt/mellanox/doca/application` in DPU. Take `url_filter ` as the example[1]. - Preparation 1: configure corresponding SF and start regx engine. @@ -88,5 +124,7 @@ SmartNIC/DPU refers to a new generation of network adapters. DPU is a SoC, with ## Reference -[^1]: [URL Filter :: NVIDIA DOCA SDK Documentation](https://docs.nvidia.com/doca/sdk/url-filter/index.html) -[^2]: [Scalable Function (SFs) :: NVIDIA DOCA SDK Documentation](https://docs.nvidia.com/doca/sdk/scalable-functions/index.html) +[1]: [URL Filter :: NVIDIA DOCA SDK Documentation](https://docs.nvidia.com/doca/sdk/url-filter/index.html) +[2]: [Scalable Function (SFs) :: NVIDIA DOCA SDK Documentation](https://docs.nvidia.com/doca/sdk/scalable-functions/index.html) +[3]: [NVIDIA Mellanox Bluefield-2 SmartNIC Hands-On Tutorial: “Rig for Dive” — Part I: Install Drivers and Access the SmartNIC](https://medium.com/codex/getting-your-hands-dirty-with-mellanox-bluefield-2-dpus-deployed-in-cloudlabs-clemson-facility-bcb4e689c7e6) +[4]: [Configuring NVIDIA BlueField2 SmartNIC](https://insujang.github.io/2022-01-06/configuring-nvidia-bluefield2-smartnic/) diff --git a/_pages/08-linux-commands.md b/_pages/08-linux-commands.md index fb390ae..a4008da 100644 --- a/_pages/08-linux-commands.md +++ b/_pages/08-linux-commands.md @@ -5,15 +5,20 @@ sidebar: nav: "linux" --- -Here is some useful Linux commands that are frequently used. +Here are some useful Linux commands. # Network Configuration ## ip - - ## ifconfig +``sudo ifconfig [interface] [ip addr] netmask [netmask] [up/down]`` +```console +sfwu22@proj88:~$ sudo ifconfig tmfifo_net0 192.168.100.1 netmask 255.255.255.0 up +``` + +## iptables +Check [this link](/notes/linux/iptables). # File Transmission @@ -23,14 +28,14 @@ Here is some useful Linux commands that are frequently used. On Linux platforms -``` -wget [url] +```console +sfwu22@proj88:~$ wget [url] ``` For Windows, `wget` is the alias for `Invoke-WebRequest`. One must specify url and file name to correctly download a file. -``` -wget -Uri [url] -OutFile "filename.xxx" +```console +sfwu22@proj88:~$ wget -Uri [url] -OutFile "filename.xxx" ``` @@ -41,8 +46,8 @@ wget -Uri [url] -OutFile "filename.xxx" Transmitting files from Windows to Linux. -``` -scp C:\Users\shaofeng\filename shaofeng@[target_alias/ip]:/home/shaofeng/directory +```console +sfwu22@proj88:~$ scp C:\Users\shaofeng\filename shaofeng@[target_alias/ip]:/home/shaofeng/directory ``` diff --git a/_pages/08-linux-iptables.md b/_pages/08-linux-iptables.md new file mode 100644 index 0000000..9bb112b --- /dev/null +++ b/_pages/08-linux-iptables.md @@ -0,0 +1,40 @@ +--- +permalink: /notes/linux/iptables/ +title: "Iptables" +sidebar: + nav: "linux" +--- +`iptables` is a powerful tool for managing firewall rules, NAT and other network functions. + +Note: +- Never use any command to delete all rules or a single rule without checking in ``iptable``, especially for rules relating to +**gateways, ssh protocol, packet drop**. It may make a remote server forever out of reach unless on-site resetting. +- Rules in the same table are **checked from rule number 1 to the last rule one by one**. Since the last rule in a table is usually "drop all packets", adding rules after the last rule is meaningless. + +# Commands +## View Rules +```console +# view rules in INPUT, OUTPUT, FORWARDING table +sfwu22@proj88:~$ sudo iptables -nvL --line-number +... +# view rules in nat table +sfwu22@proj88:~$ sudo iptables -t nat -nvL --line-number +``` + +## Add/Insert Rules +```console +# add rules to the end of a table +sfwu22@proj88:~$ sudo iptables -nvL --line-number +... +# insert rule into a table +sfwu22@proj88:~$ sudo iptables -t nat -nvL --line-number +``` + +## Delete Rules +```console +# delete rule number 1 from INPUT chain +sfwu22@proj88:~$ sudo iptables -D FORWARD 1 + +# delete rule number 1 from nat table POSTROUTING chain +sfwu22@proj88:~$ sudo iptables -t nat -D POSTROUTING 1 +``` \ No newline at end of file diff --git a/_pages/08-linux.md b/_pages/08-linux.md index 2539a2d..71ac6e9 100644 --- a/_pages/08-linux.md +++ b/_pages/08-linux.md @@ -1,8 +1,8 @@ --- -permalink: /notes/linux +permalink: /notes/linux/ title: "Linux Notes" sidebar: nav: "linux" --- -**Notes about ![](https://img.shields.io/badge/Linux-FCC624?style=flat-square&logo=Linux&logoColor=white) ** +**Notes about ![](https://img.shields.io/badge/Linux-FCC624?style=flat-square&logo=Linux&logoColor=white).** diff --git a/_pages/study.md b/_pages/notes.md similarity index 86% rename from _pages/study.md rename to _pages/notes.md index c32d512..c2083db 100644 --- a/_pages/study.md +++ b/_pages/notes.md @@ -1,5 +1,5 @@ --- -permalink: /study/ +permalink: /notes/ title: "Notes" sidebar: nav: "study"