Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
|
From: James R. L. <jl...@mi...> - 2005-03-14 19:36:01
|
On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: >=20 > Thanks for taking the time to reply, James. Are you using TCP offload cards? Did you compiling your own kernel or did you use an RPM? > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and= =20 > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls=20 > nhlfe show`. The set up commands for mpls: Try setting the advmss on the routes for you ingress/egress. How are you setting up the routes on ingress egress? >=20 > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe=20 > change key KEY_PREVIOUSLY_GENERATED ... > incoming labels on both interfaces: mpls labelspace add dev DEV=20 > labelspace 0/mpls ilm add label gen LABEL(match with incoming label)=20 > labelspace 0 > (Do I need to use xc?= =20 > But ping works Okay, all request and reply are mpls enabled -- I see the= =20 > mpls bits in ethereal and tcpdump) Are any of your devices just a LSR, ie it should only see labeled packets? If so then yes, otherwise no :-) > If I use 'telnet ulm3 22', I see the initial response: > Connected to 192.168.25.1. > Escape character is '^]'. > SSH-1.99-OpenSSH_3.6.1p2 >=20 > I have done some more testing with ethereal and tcpdump. In one of the=20 > ethereal outputs, I can see the three-way handshake is complete, =20 > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal=20 > says "Header length: 16 bytes (bogus, must be at least 20)" shown below: Can you capture the same packet on the IP only link and then the MPLS link and do a full HEX dump of it and send it to the mailing list? > [frames 2,3,4, threeway handshake, no problem] > Frame 5 (95 bytes on wire, 95 bytes captured) > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > MultiProtocol Label Switching Header > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:=20 > 192.168.25.1 (192.168.25.1) > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139=20 > (1139), Seq: 0 > Source port: ssh (22) > Destination port: 1139 (1139) > Sequence number: 0 > Header length: 16 bytes (bogus, must be at least 20) >=20 > Frame 6 (95 bytes on wire, 95 bytes captured) > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > MultiProtocol Label Switching Header > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:=20 > 192.168.25.1 (192.168.25.1) > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139=20 > (1139), Seq: 0 > Source port: ssh (22) > Destination port: 1139 (1139) > Sequence number: 0 > Header length: 16 bytes (bogus, must be at least 20) > ... >=20 >=20 > From some tcpdump output, it looks like the checksum sometimes goes bad= =20 > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. >=20 > Thanks, > morris >=20 > `tcp -xvp -i eth0` output >=20 > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6,=20 > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok]=20 > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081=20 > 0,nop,wscale 2> > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@... > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;. > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O...... > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z.......... > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6,=20 > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok]=20 > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss=20 > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r.... > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;............. > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z...... > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6,=20 > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1=20 > win 1460 <nop,nop,timestamp 89820083 153217841> > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@... > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;. > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8...... > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792= =20 > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq.......... > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum=20 > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad op= t]> > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M` > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b........... > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792= =20 > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^ > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a........... > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum=20 > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\ > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]........... > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none],= =20 > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello=20 > (1), length: 48 > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type:=20 > none (0) > Options: [External] > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority:= 1 > Designated Router 192.168.25.2, Backup Designated Router=20 > 192.168.25.1 > Neighbor List: > 192.168.88.2 > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#.... > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V............... > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........ > 0x0040: c0a8 5802 =20 >=20 >=20 >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > From: James R. Leu <jleu@mi...> > * Re: help: how to ssh to mpls machine?*=20 > <http://sourceforge.net/mailarchive/message.php?msg_id=3D11144914> =20 > 2005-03-12 17:43 >=20 >=20 >=20 >=20 > Can you ssh to the machine in question when MPLS is not enabled > in the network? What are the exact commands you issuesd on all of machin= es > in your diagram? What is the MTU of the link between ulm2 and ulm3? >=20 > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > (ssh to non-mpls machines via mpls net works) -- one more time > >=20 > > OK the previous email didn"t get through...please forgive me for=20 > reposting. > >=20 > > Hi James and all... > >=20 > > I built an mpls network using static label switched path, by using mpl= s=20 > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything=20 > > works fine except I cannot ssh to an mpls machine. > > The following figure show my network > > =20 > > ulm1--ulm2---ulm3----ulm4=20 > > =20 > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.= =20 > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot= =20 > > ssh to ulm3. ping to ulm3 is okay. > >=20 > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but= =20 > > the connection was reset after a while. > >=20 > > Is ssh to ulm3 possible? If yes how to setup? > >=20 > > I have seen question on ftp and ssh questions in the archive but can"t= =20 > > find any answers. Any help and pointer are appreciated. > >=20 > > Also, is there a more detailed manual for the mpls command in (uname -a= =20 > > =3D 2.6.9-1.6_FC2mpls_1_946)? =20 >=20 > Not written yet, but you can issue "mpls help" and it will give you > command line syntax. >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general --=20 James R. Leu jl...@mi... |
