Re: [mpls-linux-general] How to separate tcp traffic from udp traffic using MPLS
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] How to separate tcp traffic from udp traffic using MPLS
|
From: Carlos M. K. <ba...@gm...> - 2005-12-07 03:50:13
|
Hi.
Im trying to create 2 lsp in a fish network: one for tcp and one for icmp
(for tests). I have used courier new font to see the picture.
+------+ +------+
0| LSR2 |1----0| LSR3 |1
/ +------+ +------+ \
/ \
/ \
+-------+ +------+2 1+------+ +-------=
+
| HOST1 |0---0| LSR1 | | LSR5 |0---0| HOST2 =
|
+-------+ +------+1 2+------+ +-------=
+
\ /
\ /
\ +------+ /
X------0| LSR4 |1------X
+------+
HOST1:
sis0: inet 10.28.0.2 netmask 0xffffff00 broadcast 10.28.0.255
LSR1:
eth0:1 (alias) -> 10.28.0.1
eth1 -> 192.168.29.1
eth2 -> 192.168.28.1
LSR2:
eth0 -> 192.168.28.2
eth1 -> 192.168.28.33
LSR3:
eth0 -> 192.168.28.34
eth1 -> 192.168.28.65
LSR4:
eth0 -> 192.168.29.2
eth1 -> 192.168.29.33
LSR5:
eth0:1 (alias) -> 10.28.1.1
eth1 -> 192.168.28.66
eth2 -> 192.168.29.34
HOST2:
# ifconfig
ed0: inet 10.28.1.2 netmask 0xffffff00 broadcast 10.28.1.255
LSP A: LSR1 -> LSR2 -> LSR3 -> LSR5
LSP B: LSR1 -> LSR4 -> LSR5
The numbers are the ethernet interfaces id: 0 means eth0 (or sis0), 1
means eth1 and 2 means eth2.
All 192.168 networks have 255.255.255.224 netmask.
Ive tried the following:
lsr1:~# uname -a
Linux lsr1 2.6.9-MPLSv2-LSR1 #1 Tue Nov 22 23:06:08 BRST 2005 i686 GNU/Linu=
x
lsr1:~# cat /sys/mpls/version
1.946
lsr1:~# mpls nhlfe add key 0
Key: 0x00000002
lsr1:~# mpls nhlfe change key 0x00000002 instructions push gen 10004 nextho=
p
eth2 ipv4 192.168.28.2
lsr1:~# mpls nhlfe add key 0
Key: 0x00000003
lsr1:~# mpls nhlfe change key 0x00000003 instructions push gen 10000 nextho=
p
eth1 ipv4 192.168.29.2
lsr1:~# mpls labelspace add dev eth2 labelspace 0
lsr1:~# mpls labelspace add dev eth1 labelspace 0
lsr1:~# mpls ilm add label gen 10005
lsr1:~# mpls ilm add label gen 10001
lsr1:~# mpls nhlfe show
NHLFE entry key 0x00000003 mtu 1496 propagate_ttl
push gen 10000 set eth1 ipv4 192.168.29.2 (0 bytes, 0 pkts, 0
dropped)
NHLFE entry key 0x00000002 mtu 1496 propagate_ttl
push gen 10004 set eth2 ipv4 192.168.28.2 (0 bytes, 0 pkts, 0
dropped)
lsr1:~# mpls ilm show
ILM entry label gen 10001 labelspace 0 proto ipv4
pop peek (0 bytes, 0 pkts, 0 dropped)
ILM entry label gen 10005 labelspace 0 proto ipv4
pop peek (0 bytes, 0 pkts, 0 dropped)
lsr1:~# mpls labelspace show
LABELSPACE entry dev eth0 labelspace -1
LABELSPACE entry dev lo labelspace -1
LABELSPACE entry dev eth1 labelspace 0
LABELSPACE entry dev eth2 labelspace 0
LABELSPACE entry dev tunl0 labelspace -1
LABELSPACE entry dev atm0 labelspace -1
LABELSPACE entry dev lec0 labelspace -1
lsr1:~# ip route add 10.28.1.0/24 nexthop via 192.168.28.2 spec_nh 0x8847
0x2
lsr1:~# ip route append 10.28.1.0/24 nexthop via 192.168.29.2 spec_nh 0x884=
7
0x3
lsr1:~# iptables -A OUTPUT -p tcp -d 10.28.1.0/24 -j spec_nh --spec_nh
0x8847:0x3
lsr1:~# iptables -A OUTPUT -p icmp -d 10.28.1.0/24 -j spec_nh --spec_nh
0x8847:0x2
lsr1:~# ip route list
192.168.29.0/27 dev eth1 proto kernel scope link src 192.168.29.1
192.168.28.0/27 dev eth2 proto kernel scope link src 192.168.28.1
10.28.1.0/24 via 192.168.28.2 dev eth2 spec_nh 0x8847 0x00000002
10.28.1.0/24 via 192.168.29.2 dev eth1 spec_nh 0x8847 0x00000003
10.28.0.0/24 dev eth0 proto kernel scope link src 10.28.0.1
172.30.0.0/16 dev atm0 proto kernel scope link src 172.30.28.1
172.29.0.0/16 dev lec0 proto kernel scope link src 172.29.28.1
lsr1:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
spec_nh tcp -- 0.0.0.0/0 10.28.1.0/24 set spec_nh
0x4788:0x00000003
spec_nh icmp -- 0.0.0.0/0 10.28.1.0/24 set spec_nh
0x4788:0x00000002
At this point, I think icmp goes through LSP A and tcp goes through LSP B=
.
When I ping HOST2 (10.28.1.2) from HOST1 (10.28.0.2), tcpdump at LSR1 shows
label 10004, indicating the use of LSP A. But when I do a ssh, the label
10004 appears again, indicating that LSP B IS NOT in use.
If I flush iptables rules and delete the route through LSP A, all trafic
goes through LSP B.
Can someone see what Im doing wrong? Maybe some routes cache? Or ip route
syntax?
TIA.
On 12/5/05, James R. Leu <jl...@mi...> wrote:
> MPLS-linux builds on the existing netfilter (iptables) infrastructure
> that exists in the linux kernel.
>
> After building/installing a MPLS enabled iptables you can do:
>
> iptables -A OUTPUT -p tcp -j spec_nh --spec_nh 0x8847:0x2
>
> This maps all TCP traffic to the special nexthop 0x8847:0x2, where
> 0x8847 mean MPLS and 0x2 mean NHLFE with the key of 0x2.
>
> Basically if you can build an iptables rules to do what you want at
> L3, then you can simply add the spec_nh target and it will map to MPLS.
>
> On Mon, Dec 05, 2005 at 07:34:28PM +0000, Carlos Veiga wrote:
> > Hello,
> >
> > I?m studying MPLS using the project mpls-linux to mount some
testbeds networks and analyze the Traffic Engineering capabilities of MPLS=
.
Some papers results show that the TCP traffic is affected by UDP traffic
in the core of MPLS networks.
> >
> > I?m trying to separate the UDP traffic from the TCP traffic using
two differents LSP?s. I would like to know how can I do that using
the mpls(ip route/iptables with mpls patch) command. I?m know how to
create static LSP?s based on the destination IP to determine the path
of packets, but I don?t know how to determine the path based on
the protocol (tcp/udp).
> >
> >
> > Figure of my network topology:
> >
> >
> > LSP1(TCP) --->
> >
> > _____LSRC_____
> > / \
> > / \
> > ---LER A---LSRB LSRE----LER F
> > \ /
> > \_____LSRD_____/
> >
> >
> > LSP2(UDP) --->
> >
> >
> > Thanks for any help.
> >
> >
> > ---------------------------------
> > Yahoo! doce lar. Fa?a do Yahoo! sua homepage.
> --
> James R. Leu
> jl...@mi...
|
