Re: [mpls-linux-general] How to separate tcp traffic from udp traffic using MPLS

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I would get rid of the FTNs create via 'ip route'.  You will still need to
have a prefix in your table for that destination, but it only needs to have
one next hop and doesn't need to have a spec_nh specified.

This will allow iptable to do the work.  My guess is that there is some
confusion with both iptables and 'ip route' trying to add labels to the
same packets.

On Wed, Dec 07, 2005 at 01:50:05AM -0200, Carlos Marcos Kakihara wrote:
>   Hi.
>   Im trying to create 2 lsp in a fish network: one for tcp and one for ic=
mp
> (for tests). I have used courier new font to see the picture.
>=20
>                            +------+      +------+
>                           0| LSR2 |1----0| LSR3 |1
>                          / +------+      +------+ \
>                         /                          \
>                        /                            \
> +-------+     +------+2                              1+------+     +-----=
--+
> | HOST1 |0---0| LSR1 |                                | LSR5 |0---0| HOST=
2 |
> +-------+     +------+1                              2+------+     +-----=
--+
>                        \                            /
>                         \                          /
>                          \        +------+        /
>                           X------0| LSR4 |1------X
>                                   +------+
>=20
> HOST1:
> sis0: inet 10.28.0.2 netmask 0xffffff00 broadcast 10.28.0.255
>=20
> LSR1:
> eth0:1 (alias) -> 10.28.0.1
> eth1           -> 192.168.29.1
> eth2           -> 192.168.28.1
>=20
> LSR2:
> eth0           -> 192.168.28.2
> eth1           -> 192.168.28.33
>=20
> LSR3:
> eth0           -> 192.168.28.34
> eth1           -> 192.168.28.65
>=20
> LSR4:
> eth0           -> 192.168.29.2
> eth1           -> 192.168.29.33
>=20
> LSR5:
> eth0:1 (alias) -> 10.28.1.1
> eth1           -> 192.168.28.66
> eth2           -> 192.168.29.34
>=20
> HOST2:
> # ifconfig
> ed0: inet 10.28.1.2 netmask 0xffffff00 broadcast 10.28.1.255
>=20
> LSP A: LSR1 -> LSR2 -> LSR3 -> LSR5
> LSP B: LSR1 -> LSR4 -> LSR5
>=20
>   The numbers are the ethernet interfaces id: 0 means eth0 (or sis0), 1
> means eth1 and 2 means eth2.
>   All 192.168 networks have 255.255.255.224 netmask.
>=20
>   Ive tried the following:
>=20
> lsr1:~# uname -a
> Linux lsr1 2.6.9-MPLSv2-LSR1 #1 Tue Nov 22 23:06:08 BRST 2005 i686 GNU/Li=
nux
> lsr1:~# cat /sys/mpls/version
> 1.946
> lsr1:~# mpls nhlfe add key 0
> Key: 0x00000002
> lsr1:~# mpls nhlfe change key 0x00000002 instructions push gen 10004 next=
hop
> eth2 ipv4 192.168.28.2
> lsr1:~# mpls nhlfe add key 0
> Key: 0x00000003
> lsr1:~# mpls nhlfe change key 0x00000003 instructions push gen 10000 next=
hop
> eth1 ipv4 192.168.29.2
> lsr1:~# mpls labelspace add dev eth2 labelspace 0
> lsr1:~# mpls labelspace add dev eth1 labelspace 0
> lsr1:~# mpls ilm add label gen 10005
> lsr1:~# mpls ilm add label gen 10001
>=20
> lsr1:~# mpls nhlfe show
> NHLFE entry key 0x00000003 mtu 1496 propagate_ttl
>         push gen 10000 set eth1 ipv4 192.168.29.2  (0 bytes, 0 pkts, 0
> dropped)
> NHLFE entry key 0x00000002 mtu 1496 propagate_ttl
>         push gen 10004 set eth2 ipv4 192.168.28.2  (0 bytes, 0 pkts, 0
> dropped)
> lsr1:~# mpls ilm show
> ILM entry label gen 10001 labelspace 0 proto ipv4
>         pop peek  (0 bytes, 0 pkts, 0 dropped)
> ILM entry label gen 10005 labelspace 0 proto ipv4
>         pop peek  (0 bytes, 0 pkts, 0 dropped)
> lsr1:~# mpls labelspace show
> LABELSPACE entry dev eth0 labelspace -1
> LABELSPACE entry dev lo labelspace -1
> LABELSPACE entry dev eth1 labelspace 0
> LABELSPACE entry dev eth2 labelspace 0
> LABELSPACE entry dev tunl0 labelspace -1
> LABELSPACE entry dev atm0 labelspace -1
> LABELSPACE entry dev lec0 labelspace -1
>=20
> lsr1:~# ip route add 10.28.1.0/24 nexthop via 192.168.28.2 spec_nh 0x8847
> 0x2
> lsr1:~# ip route append 10.28.1.0/24 nexthop via 192.168.29.2 spec_nh 0x8=
847
> 0x3
> lsr1:~# iptables -A OUTPUT -p tcp -d 10.28.1.0/24 -j spec_nh --spec_nh
> 0x8847:0x3
> lsr1:~# iptables -A OUTPUT -p icmp -d 10.28.1.0/24 -j spec_nh --spec_nh
> 0x8847:0x2
>=20
> lsr1:~# ip route list
> 192.168.29.0/27 dev eth1  proto kernel  scope link  src 192.168.29.1
> 192.168.28.0/27 dev eth2  proto kernel  scope link  src 192.168.28.1
> 10.28.1.0/24 via 192.168.28.2 dev eth2 spec_nh 0x8847 0x00000002
> 10.28.1.0/24 via 192.168.29.2 dev eth1 spec_nh 0x8847 0x00000003
> 10.28.0.0/24 dev eth0  proto kernel  scope link  src 10.28.0.1
> 172.30.0.0/16 dev atm0  proto kernel  scope link  src 172.30.28.1
> 172.29.0.0/16 dev lec0  proto kernel  scope link  src 172.29.28.1
>=20
> lsr1:~# iptables -L -n
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>=20
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>=20
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> spec_nh    tcp  --  0.0.0.0/0            10.28.1.0/24        set spec_nh
> 0x4788:0x00000003
> spec_nh    icmp --  0.0.0.0/0            10.28.1.0/24        set spec_nh
> 0x4788:0x00000002
>=20
>=20
>   At this point, I think icmp goes through LSP A and tcp goes through LSP=
 B.
> When I ping HOST2 (10.28.1.2) from HOST1 (10.28.0.2), tcpdump at LSR1 sho=
ws
> label 10004, indicating the use of LSP A. But when I do a ssh, the label
> 10004 appears again, indicating that LSP B IS NOT in use.
>   If I flush iptables rules and delete the route through LSP A, all trafic
> goes through LSP B.
>   Can someone see what Im doing wrong? Maybe some routes cache? Or ip rou=
te
> syntax?
>=20
> TIA.
>=20
>=20
> On 12/5/05, James R. Leu <jl...@mi...> wrote:
> > MPLS-linux builds on the existing netfilter (iptables) infrastructure
> > that exists in the linux kernel.
> >
> > After building/installing a MPLS enabled iptables you can do:
> >
> >    iptables -A OUTPUT -p tcp -j spec_nh --spec_nh 0x8847:0x2
> >
> > This maps all TCP traffic to the special nexthop 0x8847:0x2, where
> > 0x8847 mean MPLS and 0x2 mean NHLFE with the key of 0x2.
> >
> > Basically if you can build an iptables rules to do what you want at
> > L3, then you can simply add the spec_nh target and it will map to MPLS.
> >
> > On Mon, Dec 05, 2005 at 07:34:28PM +0000, Carlos Veiga wrote:
> > > Hello,
> > >
> > >   I?m studying MPLS using the project mpls-linux to mount some
> testbeds  networks and analyze the Traffic Engineering capabilities of MP=
LS.
> Some  papers results show that the TCP traffic is affected by UDP traffic
> in  the core of MPLS networks.
> > >
> > >   I?m trying to separate the UDP traffic from the TCP traffic using
> two  differents LSP?s. I would like to know how can I do that using
> the  mpls(ip route/iptables with mpls patch) command. I?m know how to
> create  static LSP?s based on the destination IP to determine the path
> of  packets, but I don?t know how to determine the path based on
> the  protocol (tcp/udp).
> > >
> > >
> > >   Figure of my network topology:
> > >
> > >
> > >                              LSP1(TCP) --->
> > >
> > >                         _____LSRC_____
> > >                         /                           \
> > >                        /                             \
> > >   ---LER  A---LSRB                        LSRE----LER F
> > >                         \                             /
> > >                          \_____LSRD_____/
> > >
> > >
> > >                               LSP2(UDP) --->
> > >
> > >
> > >   Thanks for any help.
> > >
> > >
> > > ---------------------------------
> > >  Yahoo! doce lar. Fa?a do Yahoo! sua homepage.
> > --
> > James R. Leu
> > jl...@mi...

--=20
James R. Leu
jl...@mi...