Re: FW: [mpls-linux-general] Problems in configuring multiple LSPs on multiple physical paths for the same destination

[James R. L. <jl...@mi...>]

On Tue, Jul 20, 2004 at 03:28:15AM +0300, sa...@cc... wrote:
> I got your point regarding the iptables marking and then using the nffwd. 
> Thank yopu very much for elaborating on that with an example. But what if in 
> the diagram below B is the ingress and one LSP is C->D->G and the other is E-
> >F->G, i.e, 2 different LSPs on 2 different physical paths headed to the same 
> destination which is H. then I am facing the RTNETLINK problem. 
> Regards,

No your not.  I guess I need to continue the example ....  note my changes
to the drawing, and B's configuration below

> Quoting "James R. Leu" <jl...@mi...>:
> 
> > I would use iptables to set the nfmark, then use nffwd to forward down
> > the
> > different LSPs based on nfmark.
> > 
> >                        C-------------D
> >                    .2 /               \
> >                      /2.0/24           \
> >      192.168.1.0/24 /                   \        2.2.2.2
> >     A--------------B                     G----------H
> >      .1          .2 \                   /
> >                      \3.0/24           /
> >                    .2 \               /
> >                        E-------------F
> > 
> > Configuration on A
> > ------------------
> > mplsadm2 -A -O 0
> > Key: 0x2
> > mplsadm2 -A -O 0
> > Key: 0x3
> > mplsadm2 -A -O 0
> > Key: 0x4
> > mplsadm2 -O 0x2 -o nffwd:0xF:0x1:0x3:0x2:0x4
> > mplsadm2 -O 0x3 -o push:gen:16:set:eth1:ipv4:192.168.1.2
> > mplsadm2 -O 0x4 -o push:gen:17:set:eth1:ipv4:192.168.1.2
> > 
> > ip route add 2.2.2.2/32 via 192.168.1.1 spec_nh 0x8847 0x2
> > iptables -d 2.2.2.2/32 -p tcp -j MARK --set-mark 0x1
> > iptables -d 2.2.2.2/32 -p udp -j MARK --set-mark 0x2
> > 
> > iptables sets the nfmark to 0x1 for TCP packets heading to 2.2.2.2 and
> > and 0x2 for UDP packets heading to 2.2.2.2.
> > 
> > All packets heading to 2.2.2.2 use the 0x2 NHLFE.  The 0x2 NHLFE looks
> > at the nffmark.  If the nfmark is 0x1 it continues to process the packet
> > via NHLFE 0x3, if the nfmark is 0x2 it continues to process the packet
> > via NHLFE 0x4.  All other nfmarks result in the packet being dropped.

Configuration on B
------------------
mplsadm2 -L eth1:0

eth1 is connected to A

mplsadm2 -A -I gen:16:0
mplsadm2 -A -O 0
Key: 0x2
mplsadm2 -O 0x2 -o push:gen:16:set:eth2:ipv4:192.168.2.2
mplsadm2 -B -I gen:16:0 -O 0x2

LSP #1 comes in eth1 with label 16 and goes out eth2 with label 16
eth2 is connected to C

mplsadm2 -A -O 0
Key: 0x3
mplsadm2 -O 0x3 -o push:gen:17:set:eth3:ipv4:192.168.3.2
mplsadm2 -A -I gen:17:0
mplsadm2 -B -I gen:17:0 -O 0x3

LSP #2 comes in eth1 with label 17 and goes out eth3 with label 17
eth3 is connected to E

Notice I did not add any routes via 'ip route' nor do I add and filters
via 'iptables'.  On B (and C,D,E,F,G) we only label switch no IPv4 route
configuration is required.

If B was going to act as ingress LER (as opposed to LSR) here is how you
would configure the the 2.2.2.2/32 route:

    ip route add 2.2.2.2/32 nexthop via 192.168.2.2 spec_nh 0x8847 0x2 \
	nexthop via 192.168.3.2 spec_nh 0x8847 0x3

NOTE: that is one big long command that specifies multiple nexthops

-- 
James R. Leu
jl...@mi...