[mpls-linux-general] Re:Re: help: how to ssh to mpls machine?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for taking the time to reply, James.

Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and 
ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls 
nhlfe show`. The set up commands for mpls:

outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe 
change key KEY_PREVIOUSLY_GENERATED ...
incoming labels on both interfaces:  mpls labelspace add dev DEV 
labelspace 0/mpls ilm add label gen LABEL(match with incoming label) 
labelspace 0
                                                   (Do I need to use xc? 
But ping works Okay, all request and reply are mpls enabled -- I see the 
mpls bits in ethereal and tcpdump)

If I use 'telnet ulm3 22', I see  the initial response:
Connected to 192.168.25.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p2

I have done some more testing with ethereal and tcpdump. In one of the 
ethereal outputs,  I can  see the three-way handshake is  complete,  
then ulm3  three sends  a [SYN, FIN, ACK, CWR] to ulm1. The ethereal 
says "Header length: 16 bytes (bogus, must be at least 20)" shown below:

[frames 2,3,4, threeway handshake, no problem]
Frame 5 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: 
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 
(1139), Seq: 0
    Source port: ssh (22)
    Destination port: 1139 (1139)
    Sequence number: 0
    Header length: 16 bytes (bogus, must be at least 20)

Frame 6 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: 
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 
(1139), Seq: 0
    Source port: ssh (22)
    Destination port: 1139 (1139)
    Sequence number: 0
    Header length: 16 bytes (bogus, must be at least 20)
...

 From some tcpdump output, it looks like the checksum sometimes goes bad 
-- "bad tcp checksum a792 (->59c2)!"  in the following tcpdump output.

Thanks,
morris

`tcp -xvp -i eth0` output

11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 45153, offset 0, flags [DF], proto 6, 
length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] 
3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 
0,nop,wscale 2>
        0x0000:  0001 9140 4500 003c b061 4000 4006 e307  ...@E..<.a@.@...
        0x0010:  c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0  .........r....;.
        0x0020:  0000 0000 a002 16d0 e44f 0000 0204 05b4  .........O......
        0x0030:  0402 080a 055a 8bb1 0000 0000 0103 0302  .....Z..........
11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6, 
length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] 
2832248515:2832248515(0) ack 3559799761 win 5792 <mss 
1460,sackOK,timestamp 153217841 89820081,nop,wscale 2>
        0x0000:  0007 d140 4500 003c 0000 4000 4006 9369  ...@E..<..@.@..i
        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3  ...........r....
        0x0020:  d42e 3bd1 a012 16a0 9887 0000 0204 05b4  ..;.............
        0x0030:  0402 080a 0921 eb31 055a 8bb1 0103 0302  .....!.1.Z......
11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 45155, offset 0, flags [DF], proto 6, 
length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 
win 1460 <nop,nop,timestamp 89820083 153217841>
        0x0000:  0001 9140 4500 0034 b063 4000 4006 e30d  ...@E..4.c@.@...
        0x0010:  c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1  .........r....;.
        0x0020:  a8d0 aec4 8010 05b4 d838 0000 0101 080a  .........8......
        0x0030:  055a 8bb3 0921 eb31                      .Z...!.1
11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 17910, offset 0, flags [DF], proto 6, 
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792 
(->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]>
        0x0000:  0007 d140 4500 004d 45f6 4000 4006 4d62  ...@E..ME.@.@.Mb
        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
        0x0020:  d42e 3bd1 6371 05a8 a792 0000 0101 080a  ..;.cq..........
        0x0030:  0921 eb34 055a 8bb3 5353 482d 312e 3939  .!.4.Z..SSH-1.99
        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
        0x0050:  0a
11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 17912, offset 0, flags [DF], proto 6, 
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum 
a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]>
        0x0000:  0007 d140 4500 004d 45f8 4000 4006 4d60  ...@E..ME.@.@.M`
        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
        0x0020:  d42e 3bd1 62a7 05a8 a792 0000 0101 080a  ..;.b...........
        0x0030:  0921 ebfe 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
        0x0050:  0a                                       .
11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 17914, offset 0, flags [DF], proto 6, 
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792 
(->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]>
        0x0000:  0007 d140 4500 004d 45fa 4000 4006 4d5e  ...@E..ME.@.@.M^
        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
        0x0020:  d42e 3bd1 6115 05a8 a792 0000 0101 080a  ..;.a...........
        0x0030:  0921 ed90 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
        0x0050:  0a                                       .
11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64)
        IP (tos 0x0, ttl  64, id 17916, offset 0, flags [DF], proto 6, 
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum 
a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0
        0x0000:  0007 d140 4500 004d 45fc 4000 4006 4d5c  ...@E..ME.@.@.M\
        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
        0x0020:  d42e 3bd1 5df1 05a8 a792 0000 0101 080a  ..;.]...........
        0x0030:  0921 f0b4 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
        0x0050:  0a                                       .
11:47:35.669679 IP (tos 0xc0, ttl   1, id 58574, offset 0, flags [none], 
proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello 
(1), length: 48
        Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: 
none (0)
        Options: [External]
          Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1
          Designated Router 192.168.25.2, Backup Designated Router 
192.168.25.1
          Neighbor List:
            192.168.88.2
        0x0000:  45c0 0044 e4ce 0000 0159 1a23 c0a8 1902  E..D.....Y.#....
        0x0010:  e000 0005 0201 0030 c0a8 1902 0000 0064  .......0.......d
        0x0020:  568c 0000 0000 0000 0000 0000 ffff ff00  V...............
        0x0030:  000a 0201 0000 0028 c0a8 1902 c0a8 1901  .......(........
        0x0040:  c0a8 5802   

=======================================
From: James R. Leu <jleu@mi...>
* Re: help: how to ssh to mpls machine?* 
<http://sourceforge.net/mailarchive/message.php?msg_id=11144914>  
2005-03-12 17:43

 Can you ssh to the machine in question when MPLS is not enabled
 in the network?  What are the exact commands you issuesd on all of machines
 in your diagram?  What is the MTU of the link between ulm2 and ulm3?

 On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote:
 > (ssh to non-mpls machines via mpls net works) -- one more time
 > 
 > OK the previous email didn"t get through...please forgive me for reposting.
 > 
 > Hi James and all...
 > 
 > I built an mpls network using static label switched path, by  using mpls 
 > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything 
 > works fine except I cannot ssh to an mpls machine.
 > The following figure show my network
 >                       
 >    ulm1--ulm2---ulm3----ulm4 
 >    
 > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts. 
 > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot 
 > ssh to ulm3. ping to ulm3 is okay.
 > 
 > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but 
 > the connection was reset after a while.
 > 
 > Is ssh to ulm3 possible? If yes how to setup?
 > 
 > I have seen question on ftp and ssh questions in the archive but can"t 
 > find any answers. Any help and pointer are appreciated.
 > 
 > Also, is there a more detailed manual for the mpls command in (uname -a 
 > = 2.6.9-1.6_FC2mpls_1_946)?  

 Not written yet, but you can issue "mpls help" and it will give you
 command line syntax.