Re: [mpls-linux-general] Re:Re: help: how to ssh to mpls machine?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks a lot for the detailed setup example.

The problem still remains though, namely,

A ssh to ulm1, ulm2 ulm3, etc. is Okay. But ulm1 cannot ssh to ulm2,
ulm1 cannot ssh to ulm2, ulm2 cannot ssh to ulm3, etc.

The same problem occurs whether I have setup the LSP from ulm4 to ulm1 or not.

ssh among the A, ulm1, ulm2, ulm3, ulm4 and B has no problem without mpls.

Not really crucial to my mpls network. But I still would like to know
why this happens. Any hint appreciated. Also the throughput of the
mpls network is really slow (a few k in a 10M ethernet, a few M in a
100M ethernet, with mpls debug in all PC turned off), tested with
netperf and meansured traffic (tg (a traffic generator) and
tcpdump/tcptrace).

Thanks a lot for the nice work in any case.

morris

On Mon, 14 Mar 2005 20:26:17 -0600, James R. Leu <jl...@mi...> wrote:

> 
> I'm going to add some numbers to the drawing above and then create the
> full set of commands that you will need to issue.  You should be able to
> extrapolate from that.
> 
>   1.1.1.0/24    3.3.1.0/24    3.3.2.0/24    3.3.3.0/24    2.2.2.0/24
>    .1    .2      .1    .2      .1    .2      .1    .2      .1    .2
>    e1    e2      e1    e2      e1    e2      e1    e2      e1    e2
>       L0            L1           L2             L3           L4
> |A|--------|ulm1|--------|ulm2|--------|ulm3|--------|ulm4|--------|B|
>               -----1000----X-----1100----X-----1200---->
>               <----2000----X-----2100----X-----2200-----
> 
> 'X' denotes label swap
> 
>   A
> -----
> ip route add 2.2.2.0/24 via 1.1.1.2 advmss 1400
> 
> ulm1
> ----
> mpls nhlfe add key 0 instructions push gen 1000 nexthop eth1 ipv4 3.3.1.2
> (key 0x2)
> ip route add 2.2.2.0/24 via 3.3.1.2 spec_nh 0x8847 0x2 advmss 1400
> 
> mpls labelspace add dev eth1 labelspace 0
> mpls ilm add label gen 2000 labelspace 0
> 
> ulm2
> ----
> mpls labelspace add dev eth2 labelspace 0
> mpls ilm add label gen 1000 labelspace 0
> mpls nhlfe add key 0 instructions push gen 1100 nexthop eth1 ipv4 3.3.2.2
> (key 0x2)
> mpls xc add ilm_label gen 1000 ilm_labelspace 0 nhlfe key 0x2
> 
> mpls labelspace add dev eth1 labelspace 0
> mpls ilm add label gen 2100 labelspace 0
> mpls nhlfe add key 0 instructions push gen 2000 nexthop eth2 ipv4 3.3.1.1
> (key 0x3)
> mpls xc add ilm_label gen 2100 ilm_labelspace 0 nhlfe key 0x3
> 
> ulm3
> ----
> mpls labelspace add dev eth2 labelspace 0
> mpls ilm add label gen 1100 labelspace 0
> mpls nhlfe add key 0 instructions push gen 1200 nexthop eth1 ipv4 3.3.3.2
> (key 0x2)
> mpls xc add ilm_label gen 1100 ilm_labelspace 0 nhlfe key 0x2
> 
> mpls labelspace add dev eth1 labelspace 0
> mpls ilm add label gen 2200 labelspace 0
> mpls nhlfe add key 0 instructions push gen 2100 nexthop eth2 ipv4 3.3.2.1
> (key 0x3)
> mpls xc add ilm_label gen 2200 ilm_labelspace 0 nhlfe key 0x3
> 
> ulm4
> ----
> mpls labelspace add dev eth2 labelspace 0
> mpls ilm add label gen 1200 labelspace 0
> 
> mpls nhlfe add key 0 instructions push gen 2200 nexthop eth2 ipv4 3.3.3.1
> (key 0x3)
> ip route add 1.1.1.0/24 via 3.3.3.1 spec_nh 0x8847 0x3 advmss 1400
> 
>   B
> -----
> ip route add 1.1.1.0/24 via 2.2.2.1 advmss 1400
> 
> If you have ethernet cards which can support jumbo frames then you can
> remove the advmss part and increase the MTU on L1,L2,L3 to 9000
> 
> Note that I did not add any routes IP routes to ulm2 or ulm3, and only
> the 1.1.1.0/24 and 2.2.2.0/24 routes to ulm4 and ulm1 (respectivly).
> 
> > I'll try to capture the normal traffic and send it the list.
> 
> Just make sure you don't waste time, I'd like to see that same packet as
> is moves from L0 to L1 or from L3 to L4.
> 
> >
> > Thanks,
> > morris
> >
> >
> > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote:
> >
> > > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote:
> > > >
> > > > Thanks for taking the time to reply, James.
> > >
> > > Are you using TCP offload cards? Did you compiling your own kernel
> > > or did you use an RPM?
> > >
> > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and
> > > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls
> > > > nhlfe show`. The set up commands for mpls:
> > >
> > > Try setting the advmss on the routes for you ingress/egress.
> > > How are you setting up the routes on ingress egress?
> > >
> > > >
> > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe
> > > > change key KEY_PREVIOUSLY_GENERATED ...
> > > > incoming labels on both interfaces:  mpls labelspace add dev DEV
> > > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label)
> > > > labelspace 0
> > > >                                                   (Do I need to use xc?
> > > > But ping works Okay, all request and reply are mpls enabled -- I see the
> > > > mpls bits in ethereal and tcpdump)
> > >
> > > Are any of your devices just a LSR, ie it should only see labeled packets?
> > > If so then yes, otherwise no :-)
> > >
> > > > If I use 'telnet ulm3 22', I see  the initial response:
> > > > Connected to 192.168.25.1.
> > > > Escape character is '^]'.
> > > > SSH-1.99-OpenSSH_3.6.1p2
> > > >
> > > > I have done some more testing with ethereal and tcpdump. In one of the
> > > > ethereal outputs,  I can  see the three-way handshake is  complete,
> > > > then ulm3  three sends  a [SYN, FIN, ACK, CWR] to ulm1. The ethereal
> > > > says "Header length: 16 bytes (bogus, must be at least 20)" shown below:
> > >
> > > Can you capture the same packet on the IP only link and then the
> > > MPLS link and do a full HEX dump of it and send it to the mailing list?
> > >
> > > > [frames 2,3,4, threeway handshake, no problem]
> > > > Frame 5 (95 bytes on wire, 95 bytes captured)
> > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
> > > > MultiProtocol Label Switching Header
> > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
> > > > 192.168.25.1 (192.168.25.1)
> > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
> > > > (1139), Seq: 0
> > > >    Source port: ssh (22)
> > > >    Destination port: 1139 (1139)
> > > >    Sequence number: 0
> > > >    Header length: 16 bytes (bogus, must be at least 20)
> > > >
> > > > Frame 6 (95 bytes on wire, 95 bytes captured)
> > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
> > > > MultiProtocol Label Switching Header
> > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
> > > > 192.168.25.1 (192.168.25.1)
> > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
> > > > (1139), Seq: 0
> > > >    Source port: ssh (22)
> > > >    Destination port: 1139 (1139)
> > > >    Sequence number: 0
> > > >    Header length: 16 bytes (bogus, must be at least 20)
> > > > ...
> > > >
> > > >
> > > > From some tcpdump output, it looks like the checksum sometimes goes bad
> > > > -- "bad tcp checksum a792 (->59c2)!"  in the following tcpdump output.
> > > >
> > > > Thanks,
> > > > morris
> > > >
> > > > `tcp -xvp -i eth0` output
> > > >
> > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 45153, offset 0, flags [DF], proto 6,
> > > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok]
> > > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081
> > > > 0,nop,wscale 2>
> > > >        0x0000:  0001 9140 4500 003c b061 4000 4006 e307  ...@E..<.a@.@...
> > > >        0x0010:  c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0  .........r....;.
> > > >        0x0020:  0000 0000 a002 16d0 e44f 0000 0204 05b4  .........O......
> > > >        0x0030:  0402 080a 055a 8bb1 0000 0000 0103 0302  .....Z..........
> > > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 6,
> > > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok]
> > > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss
> > > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2>
> > > >        0x0000:  0007 d140 4500 003c 0000 4000 4006 9369  ...@E..<..@.@..i
> > > >        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3  ...........r....
> > > >        0x0020:  d42e 3bd1 a012 16a0 9887 0000 0204 05b4  ..;.............
> > > >        0x0030:  0402 080a 0921 eb31 055a 8bb1 0103 0302  .....!.1.Z......
> > > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 45155, offset 0, flags [DF], proto 6,
> > > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1
> > > > win 1460 <nop,nop,timestamp 89820083 153217841>
> > > >        0x0000:  0001 9140 4500 0034 b063 4000 4006 e30d  ...@E..4.c@.@...
> > > >        0x0010:  c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1  .........r....;.
> > > >        0x0020:  a8d0 aec4 8010 05b4 d838 0000 0101 080a  .........8......
> > > >        0x0030:  055a 8bb3 0921 eb31                      .Z...!.1
> > > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 17910, offset 0, flags [DF], proto 6,
> > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792
> > > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]>
> > > >        0x0000:  0007 d140 4500 004d 45f6 4000 4006 4d62  ...@E..ME.@.@.Mb
> > > >        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
> > > >        0x0020:  d42e 3bd1 6371 05a8 a792 0000 0101 080a  ..;.cq..........
> > > >        0x0030:  0921 eb34 055a 8bb3 5353 482d 312e 3939  .!.4.Z..SSH-1.99
> > > >        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
> > > >        0x0050:  0a
> > > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 17912, offset 0, flags [DF], proto 6,
> > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum
> > > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]>
> > > >        0x0000:  0007 d140 4500 004d 45f8 4000 4006 4d60  ...@E..ME.@.@.M`
> > > >        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
> > > >        0x0020:  d42e 3bd1 62a7 05a8 a792 0000 0101 080a  ..;.b...........
> > > >        0x0030:  0921 ebfe 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
> > > >        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
> > > >        0x0050:  0a                                       .
> > > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 17914, offset 0, flags [DF], proto 6,
> > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792
> > > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]>
> > > >        0x0000:  0007 d140 4500 004d 45fa 4000 4006 4d5e  ...@E..ME.@.@.M^
> > > >        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
> > > >        0x0020:  d42e 3bd1 6115 05a8 a792 0000 0101 080a  ..;.a...........
> > > >        0x0030:  0921 ed90 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
> > > >        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
> > > >        0x0050:  0a                                       .
> > > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64)
> > > >        IP (tos 0x0, ttl  64, id 17916, offset 0, flags [DF], proto 6,
> > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum
> > > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0
> > > >        0x0000:  0007 d140 4500 004d 45fc 4000 4006 4d5c  ...@E..ME.@.@.M\
> > > >        0x0010:  c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4  ...........r....
> > > >        0x0020:  d42e 3bd1 5df1 05a8 a792 0000 0101 080a  ..;.]...........
> > > >        0x0030:  0921 f0b4 055a 8bb3 5353 482d 312e 3939  .!...Z..SSH-1.99
> > > >        0x0040:  2d4f 7065 6e53 5348 5f33 2e36 2e31 7032  -OpenSSH_3.6.1p2
> > > >        0x0050:  0a                                       .
> > > > 11:47:35.669679 IP (tos 0xc0, ttl   1, id 58574, offset 0, flags [none],
> > > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello
> > > > (1), length: 48
> > > >        Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type:
> > > > none (0)
> > > >        Options: [External]
> > > >          Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1
> > > >          Designated Router 192.168.25.2, Backup Designated Router
> > > > 192.168.25.1
> > > >          Neighbor List:
> > > >            192.168.88.2
> > > >        0x0000:  45c0 0044 e4ce 0000 0159 1a23 c0a8 1902  E..D.....Y.#....
> > > >        0x0010:  e000 0005 0201 0030 c0a8 1902 0000 0064  .......0.......d
> > > >        0x0020:  568c 0000 0000 0000 0000 0000 ffff ff00  V...............
> > > >        0x0030:  000a 0201 0000 0028 c0a8 1902 c0a8 1901  .......(........
> > > >        0x0040:  c0a8 5802
> > > >
> > > >
> > > >
> > > >
> > > > =======================================
> > > > From: James R. Leu <jleu@mi...>
> > > > * Re: help: how to ssh to mpls machine?*
> > > > <http://sourceforge.net/mailarchive/message.php?msg_id=11144914>
> > > > 2005-03-12 17:43
> > > >
> > > >
> > > >
> > > >
> > > > Can you ssh to the machine in question when MPLS is not enabled
> > > > in the network?  What are the exact commands you issuesd on all of machines
> > > > in your diagram?  What is the MTU of the link between ulm2 and ulm3?
> > > >
> > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote:
> > > > > (ssh to non-mpls machines via mpls net works) -- one more time
> > > > >
> > > > > OK the previous email didn"t get through...please forgive me for
> > > > reposting.
> > > > >
> > > > > Hi James and all...
> > > > >
> > > > > I built an mpls network using static label switched path, by  using mpls
> > > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything
> > > > > works fine except I cannot ssh to an mpls machine.
> > > > > The following figure show my network
> > > > >
> > > > >    ulm1--ulm2---ulm3----ulm4
> > > > >
> > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.
> > > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot
> > > > > ssh to ulm3. ping to ulm3 is okay.
> > > > >
> > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but
> > > > > the connection was reset after a while.
> > > > >
> > > > > Is ssh to ulm3 possible? If yes how to setup?
> > > > >
> > > > > I have seen question on ftp and ssh questions in the archive but can"t
> > > > > find any answers. Any help and pointer are appreciated.
> > > > >
> > > > > Also, is there a more detailed manual for the mpls command in (uname -a
> > > > > = 2.6.9-1.6_FC2mpls_1_946)?
> > > >
> > > > Not written yet, but you can issue "mpls help" and it will give you
> > > > command line syntax.
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > > Discover which products truly live up to the hype. Start reading now.
> > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > mpls-linux-general mailing list
> > > > mpl...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> > >
> > > --
> > > James R. Leu
> > > jl...@mi...
> > >
> > >
> > >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> 
> --
> James R. Leu
> jl...@mi...
> 
> 
>