diff --git a/modules/nw-network-flows-create.adoc b/modules/nw-network-flows-create.adoc
index 0b95c1d4de..dc492d3524 100644
--- a/modules/nw-network-flows-create.adoc
+++ b/modules/nw-network-flows-create.adoc
@@ -65,7 +65,7 @@ $ for pod in $(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-node -o js
do ;
echo;
echo $pod;
- oc -n openshift-ovn-kubernetes exec -c ovnkube-node $pod \
+ oc -n openshift-ovn-kubernetes exec -c ovnkube-controller $pod \
-- bash -c 'for type in ipfix sflow netflow ; do ovs-vsctl find $type ; done';
done
----
diff --git a/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc b/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
index 322df391a7..4aa0f80c2a 100644
--- a/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
+++ b/modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc
@@ -19,14 +19,14 @@ The `ovnkube-trace` tool traces packet simulations for arbitrary UDP or TCP traf
+
[source,terminal]
----
-$ POD=$(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-master -o name | head -1 | awk -F '/' '{print $NF}')
+$ POD=$(oc get pods -n openshift-ovn-kubernetes -l app=ovnkube-control-plane -o name | head -1 | awk -F '/' '{print $NF}')
----
-. Run the following command on your local host to copy the binary from the `ovnkube-master` pods:
+. Run the following command on your local host to copy the binary from the `ovnkube-control-plane` pods:
+
[source,terminal]
----
-$ oc cp -n openshift-ovn-kubernetes $POD:/usr/bin/ovnkube-trace ovnkube-trace
+$ oc cp -n openshift-ovn-kubernetes $POD:/usr/bin/ovnkube-trace -c ovnkube-cluster-manager ovnkube-trace
----
. Make `ovnkube-trace` executable by running the following command:
@@ -47,8 +47,9 @@ $ ./ovnkube-trace -help
+
[source,terminal]
----
-I0111 15:05:27.973305 204872 ovs.go:90] Maximum command line arguments set to: 191102
Usage of ./ovnkube-trace:
+ -addr-family string
+ Address family (ip4 or ip6) to be used for tracing (default "ip4")
-dst string
dest: destination pod name
-dst-ip string
diff --git a/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc b/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
index 32892372ed..bcfdaff076 100644
--- a/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
+++ b/modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc
@@ -24,7 +24,7 @@ This example illustrates how to test the DNS resolution from a deployed pod to t
+
[source,terminal]
----
-$ oc run web --namespace=default --image=nginx --labels="app=web" --expose --port=80
+$ oc run web --namespace=default --image=quay.io/openshifttest/nginx --labels="app=web" --expose --port=80
----
. List the pods running in the `openshift-dns` namespace:
@@ -39,21 +39,21 @@ oc get pods -n openshift-dns
[source,terminal]
----
NAME READY STATUS RESTARTS AGE
-dns-default-467qw 2/2 Running 0 49m
-dns-default-6prvx 2/2 Running 0 53m
-dns-default-fkqr8 2/2 Running 0 53m
-dns-default-qv2rg 2/2 Running 0 49m
-dns-default-s29vr 2/2 Running 0 49m
-dns-default-vdsbn 2/2 Running 0 53m
-node-resolver-6thtt 1/1 Running 0 53m
-node-resolver-7ksdn 1/1 Running 0 49m
-node-resolver-8sthh 1/1 Running 0 53m
-node-resolver-c5ksw 1/1 Running 0 50m
-node-resolver-gbvdp 1/1 Running 0 53m
-node-resolver-sxhkd 1/1 Running 0 50m
+dns-default-8s42x 2/2 Running 0 5h8m
+dns-default-mdw6r 2/2 Running 0 4h58m
+dns-default-p8t5h 2/2 Running 0 4h58m
+dns-default-rl6nk 2/2 Running 0 5h8m
+dns-default-xbgqx 2/2 Running 0 5h8m
+dns-default-zv8f6 2/2 Running 0 4h58m
+node-resolver-62jjb 1/1 Running 0 5h8m
+node-resolver-8z4cj 1/1 Running 0 4h59m
+node-resolver-bq244 1/1 Running 0 5h8m
+node-resolver-hc58n 1/1 Running 0 4h59m
+node-resolver-lm6z4 1/1 Running 0 5h8m
+node-resolver-zfx5k 1/1 Running 0 5h
----
-. Run the following `ovn-kube-trace` command to verify DNS resolution is working:
+. Run the following `ovnkube-trace` command to verify DNS resolution is working:
+
[source,terminal]
----
@@ -61,7 +61,7 @@ $ ./ovnkube-trace \
-src-namespace default \ <1>
-src web \ <2>
-dst-namespace openshift-dns \ <3>
- -dst dns-default-467qw \ <4>
+ -dst dns-default-p8t5h \ <4>
-udp -dst-port 53 \ <5>
-loglevel 0 <6>
----
@@ -71,24 +71,37 @@ $ ./ovnkube-trace \
<3> Namespace of destination pod
<4> Destination pod name
<5> Use the `udp` transport protocol. Port 53 is the port the DNS service uses.
-<6> Set the log level to 1 (0 is minimal and 5 is debug)
+<6> Set the log level to 0 (0 is minimal and 5 is debug)
+
-.Expected output
+.Example output if the `src&dst` pod lands on the same node:
[source,terminal]
----
-I0116 10:19:35.601303 17900 ovs.go:90] Maximum command line arguments set to: 191102
-ovn-trace source pod to destination pod indicates success from web to dns-default-467qw
-ovn-trace destination pod to source pod indicates success from dns-default-467qw to web
-ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-467qw
-ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-467qw to web
-ovn-detrace source pod to destination pod indicates success from web to dns-default-467qw
-ovn-detrace destination pod to source pod indicates success from dns-default-467qw to web
+ovn-trace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovn-trace destination pod to source pod indicates success from dns-default-p8t5h to web
+ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-p8t5h to web
+ovn-detrace source pod to destination pod indicates success from web to dns-default-p8t5h
+ovn-detrace destination pod to source pod indicates success from dns-default-p8t5h to web
+----
++
+.Example output if the `src&dst` pod lands on a different node:
+[source,terminal]
+----
+ovn-trace source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-trace (remote) source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-trace destination pod to source pod indicates success from dns-default-8s42x to web
+ovn-trace (remote) destination pod to source pod indicates success from dns-default-8s42x to web
+ovs-appctl ofproto/trace source pod to destination pod indicates success from web to dns-default-8s42x
+ovs-appctl ofproto/trace destination pod to source pod indicates success from dns-default-8s42x to web
+ovn-detrace source pod to destination pod indicates success from web to dns-default-8s42x
+ovn-detrace destination pod to source pod indicates success from dns-default-8s42x to web
+
----
+
The ouput indicates success from the deployed pod to the DNS port and also indicates that it is
successful going back in the other direction. So you know bi-directional traffic is supported on UDP port 53 if my web pod wants to do dns resolution from core DNS.
-If for example that did not work and you wanted to get the `ovn-trace`, the `ovs-appctl ofproto/trace` and `ovn-detrace`, and more debug type information increase the log level to 2 and run the command again as follows:
+If for example that did not work and you wanted to get the `ovn-trace`, the `ovs-appctl` of `proto/trace` and `ovn-detrace`, and more debug type information increase the log level to 2 and run the command again as follows:
[source,terminal]
----
@@ -140,7 +153,7 @@ networkpolicy.networking.k8s.io/deny-by-default created
+
[source,terminal]
----
-$ oc run web --namespace=default --image=nginx --labels="app=web" --expose --port=80
+$ oc run web --namespace=default --image=quay.io/openshifttest/nginx --labels="app=web" --expose --port=80
----
. Run the following command to create the `prod` namespace:
@@ -179,14 +192,11 @@ $ ./ovnkube-trace \
-loglevel 0
----
+
-.Expected output
-
+.Example output
[source,terminal]
----
-I0116 14:20:47.380775 50822 ovs.go:90] Maximum command line arguments set to: 191102
ovn-trace source pod to destination pod indicates failure from test-6459 to web
----
-
. Increase the log level to 2 to expose the reason for the failure by running the following command:
+
[source,terminal]
@@ -200,21 +210,29 @@ $ ./ovnkube-trace \
-loglevel 2
----
+
-.Expected output
-
+.Example output
[source,terminal]
----
-ct_lb_mark /* default (use --ct to customize) */
+...
------------------------------------------------
- 3. ls_out_acl_hint (northd.c:6092): !ct.new && ct.est && !ct.rpl && ct_mark.blocked == 0, priority 4, uuid 32d45ad4
+ 3. ls_out_acl_hint (northd.c:7454): !ct.new && ct.est && !ct.rpl && ct_mark.blocked == 0, priority 4, uuid 12efc456
reg0[8] = 1;
reg0[10] = 1;
next;
- 4. ls_out_acl (northd.c:6435): reg0[10] == 1 && (outport == @a16982411286042166782_ingressDefaultDeny), priority 2000, uuid f730a887 <1>
- ct_commit { ct_mark.blocked = 1; };
+ 5. ls_out_acl_action (northd.c:7835): reg8[30..31] == 0, priority 500, uuid 69372c5d
+ reg8[30..31] = 1;
+ next(4);
+ 5. ls_out_acl_action (northd.c:7835): reg8[30..31] == 1, priority 500, uuid 2fa0af89
+ reg8[30..31] = 2;
+ next(4);
+ 4. ls_out_acl_eval (northd.c:7691): reg8[30..31] == 2 && reg0[10] == 1 && (outport == @a16982411286042166782_ingressDefaultDeny), priority 2000, uuid 447d0dab
+ reg8[17] = 1;
+ ct_commit { ct_mark.blocked = 1; }; <1>
+ next;
+...
----
+
-<1> Ingress traffic is blocked due to the default deny policy being in place
+<1> Ingress traffic is blocked due to the default deny policy being in place.
. Create a policy that allows traffic from all pods in a particular namespaces with a label `purpose=production`. Save the YAML in the `web-allow-prod.yaml` file:
+
@@ -261,7 +279,6 @@ $ ./ovnkube-trace \
.Expected output
[source,terminal]
----
-I0116 14:25:44.055207 51695 ovs.go:90] Maximum command line arguments set to: 191102
ovn-trace source pod to destination pod indicates success from test-6459 to web
ovn-trace destination pod to source pod indicates success from web to test-6459
ovs-appctl ofproto/trace source pod to destination pod indicates success from test-6459 to web
@@ -270,7 +287,7 @@ ovn-detrace source pod to destination pod indicates success from test-6459 to we
ovn-detrace destination pod to source pod indicates success from web to test-6459
----
-. In the open shell run the following command:
+. Run the following command in the shell that was opened in step six to connect nginx to the web-server:
+
[source,terminal]
----
@@ -286,9 +303,11 @@ ovn-detrace destination pod to source pod indicates success from web to test-645
Welcome to nginx!
diff --git a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
index ac549e09b2..63ac150661 100644
--- a/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
+++ b/networking/ovn_kubernetes_network_provider/ovn-kubernetes-tracing-using-ovntrace.adoc
@@ -10,11 +10,6 @@ OVN and OVS traffic flows can be simulated in a single utility called `ovnkube-t
You can execute the `ovnkube-trace` binary from a dedicated container. For releases after {product-title} 4.7, you can also copy the binary to a local host and execute it from that host.
-[NOTE]
-====
-The binaries in the Quay images do not currently work for Dual IP stack or IPv6 only environments. For those environments, you must build from source.
-====
-
include::modules/nw-ovn-kubernetes-install-ovnkube-trace-local.adoc[leveloffset=+1]
include::modules/nw-ovn-kubernetes-running-ovnkube-trace.adoc[leveloffset=+1]