Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?
|
From: James R. L. <jl...@mi...> - 2005-03-15 02:25:30
|
On Tue, Mar 15, 2005 at 09:40:31AM +0800, mu2000 wrote: > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wr= ote: >=20 > > Are you using TCP offload cards? Did you compiling your own kernel > > or did you use an RPM? >=20 > I use RPMs you put in http://mpls-linux.sourceforge.net/: kernel > iproute2 iptables quagga on Fedora Core 2 >=20 > > Try setting the advmss on the routes for you ingress/egress. > Not too sure how to do this, would appreciate some hints and/or pointers. >=20 > > How are you setting up the routes on ingress egress? > eth1 eth0 > ipnet--ulm1 -------ulm2 -- ulm3 -- ulm4 -- ipnet >=20 > ulm1 is ingress (also engress, right?), only setup mpls for eth1, the > interface card connecting to ulm2 (mpls nhlfe/ilm) and routes (mpls > msp: route NET via IP spec_nh 0x8847 KEY) for ip of eth0 interface in > ulm 2, ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet >=20 > for the egress ulm4, only setup mpls for the interface connecting to > ulm3, and routes to the other direction (route NET via IP spec_nh > 0x8847 KEY, for ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet) >=20 > The thing is, ping to ulm2/ulm3/ulm4 all works (with mpls labels) but > TCP gets stuck after three-way handshake (because of the "bad tcp > checksum a792 (->59c2)!"?). but TCP to the ip net works fine (traffic > in the mpls network all labelled) I'm going to add some numbers to the drawing above and then create the full set of commands that you will need to issue. You should be able to extrapolate from that. 1.1.1.0/24 3.3.1.0/24 3.3.2.0/24 3.3.3.0/24 2.2.2.0/24 .1 .2 .1 .2 .1 .2 .1 .2 .1 .2 e1 e2 e1 e2 e1 e2 e1 e2 e1 e2 L0 L1 L2 L3 L4 |A|--------|ulm1|--------|ulm2|--------|ulm3|--------|ulm4|--------|B| -----1000----X-----1100----X-----1200----> <----2000----X-----2100----X-----2200----- 'X' denotes label swap A ----- ip route add 2.2.2.0/24 via 1.1.1.2 advmss 1400 ulm1 ---- mpls nhlfe add key 0 instructions push gen 1000 nexthop eth1 ipv4 3.3.1.2 (key 0x2) ip route add 2.2.2.0/24 via 3.3.1.2 spec_nh 0x8847 0x2 advmss 1400 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2000 labelspace 0 ulm2 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1000 labelspace 0 mpls nhlfe add key 0 instructions push gen 1100 nexthop eth1 ipv4 3.3.2.2 (key 0x2) mpls xc add ilm_label gen 1000 ilm_labelspace 0 nhlfe key 0x2 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2100 labelspace 0 mpls nhlfe add key 0 instructions push gen 2000 nexthop eth2 ipv4 3.3.1.1 (key 0x3) mpls xc add ilm_label gen 2100 ilm_labelspace 0 nhlfe key 0x3 ulm3 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1100 labelspace 0 mpls nhlfe add key 0 instructions push gen 1200 nexthop eth1 ipv4 3.3.3.2 (key 0x2) mpls xc add ilm_label gen 1100 ilm_labelspace 0 nhlfe key 0x2 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2200 labelspace 0 mpls nhlfe add key 0 instructions push gen 2100 nexthop eth2 ipv4 3.3.2.1 (key 0x3) mpls xc add ilm_label gen 2200 ilm_labelspace 0 nhlfe key 0x3 ulm4 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1200 labelspace 0 mpls nhlfe add key 0 instructions push gen 2200 nexthop eth2 ipv4 3.3.3.1 (key 0x3) ip route add 1.1.1.0/24 via 3.3.3.1 spec_nh 0x8847 0x3 advmss 1400 B ----- ip route add 1.1.1.0/24 via 2.2.2.1 advmss 1400 If you have ethernet cards which can support jumbo frames then you can remove the advmss part and increase the MTU on L1,L2,L3 to 9000 Note that I did not add any routes IP routes to ulm2 or ulm3, and only the 1.1.1.0/24 and 2.2.2.0/24 routes to ulm4 and ulm1 (respectivly). > I'll try to capture the normal traffic and send it the list. Just make sure you don't waste time, I'd like to see that same packet as is moves from L0 to L1 or from L3 to L4. >=20 > Thanks, > morris >=20 >=20 > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wr= ote: >=20 > > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: > > > > > > Thanks for taking the time to reply, James. > >=20 > > Are you using TCP offload cards? Did you compiling your own kernel > > or did you use an RPM? > >=20 > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 = and > > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls > > > nhlfe show`. The set up commands for mpls: > >=20 > > Try setting the advmss on the routes for you ingress/egress. > > How are you setting up the routes on ingress egress? > >=20 > > > > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe > > > change key KEY_PREVIOUSLY_GENERATED ... > > > incoming labels on both interfaces: mpls labelspace add dev DEV > > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label) > > > labelspace 0 > > > (Do I need to use x= c? > > > But ping works Okay, all request and reply are mpls enabled -- I see = the > > > mpls bits in ethereal and tcpdump) > >=20 > > Are any of your devices just a LSR, ie it should only see labeled packe= ts? > > If so then yes, otherwise no :-) > >=20 > > > If I use 'telnet ulm3 22', I see the initial response: > > > Connected to 192.168.25.1. > > > Escape character is '^]'. > > > SSH-1.99-OpenSSH_3.6.1p2 > > > > > > I have done some more testing with ethereal and tcpdump. In one of the > > > ethereal outputs, I can see the three-way handshake is complete, > > > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal > > > says "Header length: 16 bytes (bogus, must be at least 20)" shown bel= ow: > >=20 > > Can you capture the same packet on the IP only link and then the > > MPLS link and do a full HEX dump of it and send it to the mailing list? > >=20 > > > [frames 2,3,4, threeway handshake, no problem] > > > Frame 5 (95 bytes on wire, 95 bytes captured) > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > MultiProtocol Label Switching Header > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > 192.168.25.1 (192.168.25.1) > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > (1139), Seq: 0 > > > Source port: ssh (22) > > > Destination port: 1139 (1139) > > > Sequence number: 0 > > > Header length: 16 bytes (bogus, must be at least 20) > > > > > > Frame 6 (95 bytes on wire, 95 bytes captured) > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > MultiProtocol Label Switching Header > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > 192.168.25.1 (192.168.25.1) > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > (1139), Seq: 0 > > > Source port: ssh (22) > > > Destination port: 1139 (1139) > > > Sequence number: 0 > > > Header length: 16 bytes (bogus, must be at least 20) > > > ... > > > > > > > > > From some tcpdump output, it looks like the checksum sometimes goes b= ad > > > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. > > > > > > Thanks, > > > morris > > > > > > `tcp -xvp -i eth0` output > > > > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6, > > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] > > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 > > > 0,nop,wscale 2> > > > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.= @... > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r..= ..;. > > > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O..= .... > > > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z......= .... > > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, > > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] > > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss > > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > > > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.= @..i > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r= .... > > > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;.........= .... > > > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z..= .... > > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6, > > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 > > > win 1460 <nop,nop,timestamp 89820083 153217841> > > > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.= @... > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r..= ..;. > > > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8..= .... > > > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a= 792 > > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > > > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.= @.Mb > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq......= .... > > > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a > > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum > > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[ba= d opt]> > > > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.= @.M` > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b.......= .... > > > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a= 792 > > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > > > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.= @.M^ > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a.......= .... > > > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum > > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > > > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.= @.M\ > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.].......= .... > > > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [non= e], > > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello > > > (1), length: 48 > > > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: > > > none (0) > > > Options: [External] > > > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Prior= ity: 1 > > > Designated Router 192.168.25.2, Backup Designated Router > > > 192.168.25.1 > > > Neighbor List: > > > 192.168.88.2 > > > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#= .... > > > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0....= ...d > > > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V...........= .... > > > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(....= .... > > > 0x0040: c0a8 5802 > > > > > > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > From: James R. Leu <jleu@mi...> > > > * Re: help: how to ssh to mpls machine?* > > > <http://sourceforge.net/mailarchive/message.php?msg_id=3D11144914> > > > 2005-03-12 17:43 > > > > > > > > > > > > > > > Can you ssh to the machine in question when MPLS is not enabled > > > in the network? What are the exact commands you issuesd on all of ma= chines > > > in your diagram? What is the MTU of the link between ulm2 and ulm3? > > > > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > > > (ssh to non-mpls machines via mpls net works) -- one more time > > > > > > > > OK the previous email didn"t get through...please forgive me for > > > reposting. > > > > > > > > Hi James and all... > > > > > > > > I built an mpls network using static label switched path, by using= mpls > > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything > > > > works fine except I cannot ssh to an mpls machine. > > > > The following figure show my network > > > > > > > > ulm1--ulm2---ulm3----ulm4 > > > > > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hos= ts. > > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but can= not > > > > ssh to ulm3. ping to ulm3 is okay. > > > > > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff b= ut > > > > the connection was reset after a while. > > > > > > > > Is ssh to ulm3 possible? If yes how to setup? > > > > > > > > I have seen question on ftp and ssh questions in the archive but ca= n"t > > > > find any answers. Any help and pointer are appreciated. > > > > > > > > Also, is there a more detailed manual for the mpls command in (unam= e -a > > > > =3D 2.6.9-1.6_FC2mpls_1_946)? > > > > > > Not written yet, but you can issue "mpls help" and it will give you > > > command line syntax. > > > > > > > > > > > > > > > ------------------------------------------------------- > > > SF email is sponsored by - The IT Product Guide > > > Read honest & candid reviews on hundreds of IT Products from real use= rs. > > > Discover which products truly live up to the hype. Start reading now. > > > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > > > _______________________________________________ > > > mpls-linux-general mailing list > > > mpl...@li... > > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > >=20 > > -- > > James R. Leu > > jl...@mi... > >=20 > >=20 > > >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general --=20 James R. Leu jl...@mi... |
