Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
|
From: mu2000 <mu...@gm...> - 2005-03-15 01:40:43
|
On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote: > Are you using TCP offload cards? Did you compiling your own kernel > or did you use an RPM? I use RPMs you put in http://mpls-linux.sourceforge.net/: kernel iproute2 iptables quagga on Fedora Core 2 > Try setting the advmss on the routes for you ingress/egress. Not too sure how to do this, would appreciate some hints and/or pointers. > How are you setting up the routes on ingress egress? eth1 eth0 ipnet--ulm1 -------ulm2 -- ulm3 -- ulm4 -- ipnet ulm1 is ingress (also engress, right?), only setup mpls for eth1, the interface card connecting to ulm2 (mpls nhlfe/ilm) and routes (mpls msp: route NET via IP spec_nh 0x8847 KEY) for ip of eth0 interface in ulm 2, ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet for the egress ulm4, only setup mpls for the interface connecting to ulm3, and routes to the other direction (route NET via IP spec_nh 0x8847 KEY, for ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet) The thing is, ping to ulm2/ulm3/ulm4 all works (with mpls labels) but TCP gets stuck after three-way handshake (because of the "bad tcp checksum a792 (->59c2)!"?). but TCP to the ip net works fine (traffic in the mpls network all labelled) I'll try to capture the normal traffic and send it the list. Thanks, morris On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote: > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: > > > > Thanks for taking the time to reply, James. > > Are you using TCP offload cards? Did you compiling your own kernel > or did you use an RPM? > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls > > nhlfe show`. The set up commands for mpls: > > Try setting the advmss on the routes for you ingress/egress. > How are you setting up the routes on ingress egress? > > > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe > > change key KEY_PREVIOUSLY_GENERATED ... > > incoming labels on both interfaces: mpls labelspace add dev DEV > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label) > > labelspace 0 > > (Do I need to use xc? > > But ping works Okay, all request and reply are mpls enabled -- I see the > > mpls bits in ethereal and tcpdump) > > Are any of your devices just a LSR, ie it should only see labeled packets? > If so then yes, otherwise no :-) > > > If I use 'telnet ulm3 22', I see the initial response: > > Connected to 192.168.25.1. > > Escape character is '^]'. > > SSH-1.99-OpenSSH_3.6.1p2 > > > > I have done some more testing with ethereal and tcpdump. In one of the > > ethereal outputs, I can see the three-way handshake is complete, > > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal > > says "Header length: 16 bytes (bogus, must be at least 20)" shown below: > > Can you capture the same packet on the IP only link and then the > MPLS link and do a full HEX dump of it and send it to the mailing list? > > > [frames 2,3,4, threeway handshake, no problem] > > Frame 5 (95 bytes on wire, 95 bytes captured) > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > MultiProtocol Label Switching Header > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > 192.168.25.1 (192.168.25.1) > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > (1139), Seq: 0 > > Source port: ssh (22) > > Destination port: 1139 (1139) > > Sequence number: 0 > > Header length: 16 bytes (bogus, must be at least 20) > > > > Frame 6 (95 bytes on wire, 95 bytes captured) > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > MultiProtocol Label Switching Header > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > 192.168.25.1 (192.168.25.1) > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > (1139), Seq: 0 > > Source port: ssh (22) > > Destination port: 1139 (1139) > > Sequence number: 0 > > Header length: 16 bytes (bogus, must be at least 20) > > ... > > > > > > From some tcpdump output, it looks like the checksum sometimes goes bad > > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. > > > > Thanks, > > morris > > > > `tcp -xvp -i eth0` output > > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6, > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 > > 0,nop,wscale 2> > > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@... > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;. > > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O...... > > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z.......... > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r.... > > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;............. > > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z...... > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6, > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 > > win 1460 <nop,nop,timestamp 89820083 153217841> > > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@... > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;. > > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8...... > > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792 > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq.......... > > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M` > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b........... > > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792 > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^ > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a........... > > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\ > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]........... > > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none], > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello > > (1), length: 48 > > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: > > none (0) > > Options: [External] > > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1 > > Designated Router 192.168.25.2, Backup Designated Router > > 192.168.25.1 > > Neighbor List: > > 192.168.88.2 > > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#.... > > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d > > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V............... > > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........ > > 0x0040: c0a8 5802 > > > > > > > > > > ======================================= > > From: James R. Leu <jleu@mi...> > > * Re: help: how to ssh to mpls machine?* > > <http://sourceforge.net/mailarchive/message.php?msg_id=11144914> > > 2005-03-12 17:43 > > > > > > > > > > Can you ssh to the machine in question when MPLS is not enabled > > in the network? What are the exact commands you issuesd on all of machines > > in your diagram? What is the MTU of the link between ulm2 and ulm3? > > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > > (ssh to non-mpls machines via mpls net works) -- one more time > > > > > > OK the previous email didn"t get through...please forgive me for > > reposting. > > > > > > Hi James and all... > > > > > > I built an mpls network using static label switched path, by using mpls > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything > > > works fine except I cannot ssh to an mpls machine. > > > The following figure show my network > > > > > > ulm1--ulm2---ulm3----ulm4 > > > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts. > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot > > > ssh to ulm3. ping to ulm3 is okay. > > > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but > > > the connection was reset after a while. > > > > > > Is ssh to ulm3 possible? If yes how to setup? > > > > > > I have seen question on ftp and ssh questions in the archive but can"t > > > find any answers. Any help and pointer are appreciated. > > > > > > Also, is there a more detailed manual for the mpls command in (uname -a > > > = 2.6.9-1.6_FC2mpls_1_946)? > > > > Not written yet, but you can issue "mpls help" and it will give you > > command line syntax. > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > mpls-linux-general mailing list > > mpl...@li... > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > -- > James R. Leu > jl...@mi... > > > |
