Re: [mpls-linux-general] DNAT & MPLS
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] DNAT & MPLS
|
From: James R. L. <jl...@mi...> - 2003-07-10 14:17:01
|
On Thu, Jul 10, 2003 at 03:39:47PM +0200, Antonio Mancuso wrote:
> This solution can definitely work, but I need a iptables match module for MPLS.
> I think I need something like:
Why?
1. By the time iptables gets the packet, the MPLS header has been removed.
2. You already have a mechanism for exact matches based on the incoming
label, its called the ILM (incoming label map) and is inherent to any
MPLS implementation (including mine).
>
> iptables -t mangle -A PREROUTING -d <public IP> -m MPLS <incoming label> -j MARK --set-mark 10
> iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private IP>
If "set NF" is implemented you would be able to do:
mplsadm2 -A -I gen:255:0
mplsadm2 -I gen:255:0 -i set_nf:MARK:pop:peek
iptables -t nat -A PREROUTING -d <public IP> -m MARK 10 -j DNAT --to <private
IP>
> and this will solve my problem, but I think if I can have a matching module for MPLS label
> I can use something like this:
>
> iptables -t nat -A PREROUTING -d <public IP> -m MPLS <incoming label> -j DNAT --to <private IP>
>
> So what I am missing is how to mark a packet based on the MPLS label.
>
> Thnx,
> Antonio
>
>
>
>
>
> On Wednesday 09 July 2003, alle 16:59, James R. Leu wrote:
> > What if you could mark the packet based on incoming label (nfmark or tcindex)?
> > Would that help?
> >
> > On Wed, Jul 09, 2003 at 02:46:30PM +0200, Antonio Mancuso wrote:
> > > Hello,
> > > I ma doing some testing with Linux + MPLS (/proc/net/mpls_version = 01010702)
> > > My test network is made by a front-end dispatcher (public IP address) that receive MPLS traffic
> > > and many back-end servers (private IP address).
> > >
> > > I'd like to dispatch the incoming traffic directed to the public IP address
> > > based on the MPLS label it carries.
> > >
> > > Simple Net:
> > >
> > > client ---> dispatcher (130.192.a.b) -->n back-end (192.168.c.x)
> > >
> > > let's assume a client send IP traffic to 130.192.a.b (dispatcher) with a MPLS label = 255
> > > I'd like to set an iptables rule on the dispatcher as:
> > >
> > > iptables -t nat -A PREROUTING -d 130.192.a.b -j DNAT --to 192.168.c.x
> > >
> > > this works fine for IP. How can I modify it to match the MPLS label (255)?
> > > Is there a way to match an incoming packet based on the MPLS it carries?
> > >
> > > Thanks a lot and excuse my English :)))
> > >
> > > Antonio
> > >
> > > -------------------------------------------------------
> > > This SF.Net email sponsored by: Parasoft
> > > Error proof Web apps, automate testing & more.
> > > Download & eval WebKing and get a free book.
> > > www.parasoft.com/bulletproofapps
> > > _______________________________________________
> > > mpls-linux-general mailing list
> > > mpl...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> >
> > --
> > James R. Leu
--
James R. Leu
|
