Re: [mpls-linux-general] How to separate tcp traffic from udp traffic using MPLS
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] How to separate tcp traffic from udp traffic using MPLS
|
From: Carlos M. K. <ba...@gm...> - 2005-12-07 17:37:56
|
** Sorry, Im not an ascii art expert, and html email doesnt help. :-)
HOST1 and HOST2 are outside of MPLS network, and they are generating
traffic through LSR1 and LSR5 (LERs), respectively.
All the transit LSRs have no default route and no IP forwarding (sysctl -=
w
net.ipv4.ip_forward=3D0). Only LERs have IP forwarding enabled.
Now Ill start to build some stress tests (I was very stressed already, no=
w
it is MPLS's turn ;-) ).
Thank you very much for your help.
On 12/7/05, James R. Leu <jl...@mi...> wrote:
>
> I've never used the FORWARD chain, but I think it will be fine. Are you
> generating traffic locally on the LER or is the traffic your working with
> being forward through the LER? That might explain the difference.
>
> On Wed, Dec 07, 2005 at 02:39:17PM -0200, Carlos Marcos Kakihara wrote:
> > It worked, but i had to use a FORWARD chain in iptables, because
> adding a
> > -j LOG alone onto OUTPUT chain produced no log in syslog. So, I guess
> that
> > packets are not matching the OUTPUT chain.
> > I also changed ip route syntax. Im using one 'ip route add' with 2
> > nexthop, without spec_nh values:
> >
> > lsr1:~# ip route add 10.28.1.0/24 nexthop via 192.168.28.2 nexthop via
> > 192.168.29.2
> > lsr1:~# iptables -A FORWARD -p icmp -d 10.28.1.0/24 -j spec_nh --spec_n=
h
> > 0x8847:0x00000002
> > lsr1:~# iptables -A FORWARD -p tcp -d 10.28.1.0/24 -j spec_nh --spec_nh
> > 0x8847:0x00000003
> >
> > Now tcpdump shows right labels in both LSPs.
> > Is it ok to use the FORWARD chain?
> >
> > Thank you.
> >
> > On 12/7/05, James R. Leu <jl...@mi...> wrote:
> > >
> > > I would get rid of the FTNs create via 'ip route'. You will still
> need to
> > > have a prefix in your table for that destination, but it only needs t=
o
> > > have
> > > one next hop and doesn't need to have a spec_nh specified.
> > >
> > > This will allow iptable to do the work. My guess is that there is
> some
> > > confusion with both iptables and 'ip route' trying to add labels to
> the
> > > same packets.
> > >
> > > On Wed, Dec 07, 2005 at 01:50:05AM -0200, Carlos Marcos Kakihara
> wrote:
> > > > Hi.
> > > > Im trying to create 2 lsp in a fish network: one for tcp and one
> for
> > > icmp
> > > > (for tests). I have used courier new font to see the picture.
> > > >
> > > > +------+ +------+
> > > > 0| LSR2 |1----0| LSR3 |1
> > > > / +------+ +------+ \
> > > > / \
> > > > / \
> > > > +-------+ +------+2 1+------+
> > > +-------+
> > > > | HOST1 |0---0| LSR1 | | LSR5 |0---0=
|
> > > HOST2 |
> > > > +-------+ +------+1 2+------+
> > > +-------+
> > > > \ /
> > > > \ /
> > > > \ +------+ /
> > > > X------0| LSR4 |1------X
> > > > +------+
> > > >
> > > > HOST1:
> > > > sis0: inet 10.28.0.2 netmask 0xffffff00 broadcast 10.28.0.255
> > > >
> > > > LSR1:
> > > > eth0:1 (alias) -> 10.28.0.1
> > > > eth1 -> 192.168.29.1
> > > > eth2 -> 192.168.28.1
> > > >
> > > > LSR2:
> > > > eth0 -> 192.168.28.2
> > > > eth1 -> 192.168.28.33
> > > >
> > > > LSR3:
> > > > eth0 -> 192.168.28.34
> > > > eth1 -> 192.168.28.65
> > > >
> > > > LSR4:
> > > > eth0 -> 192.168.29.2
> > > > eth1 -> 192.168.29.33
> > > >
> > > > LSR5:
> > > > eth0:1 (alias) -> 10.28.1.1
> > > > eth1 -> 192.168.28.66
> > > > eth2 -> 192.168.29.34
> > > >
> > > > HOST2:
> > > > # ifconfig
> > > > ed0: inet 10.28.1.2 netmask 0xffffff00 broadcast 10.28.1.255
> > > >
> > > > LSP A: LSR1 -> LSR2 -> LSR3 -> LSR5
> > > > LSP B: LSR1 -> LSR4 -> LSR5
> > > >
> > > > The numbers are the ethernet interfaces id: 0 means eth0 (or
> sis0), 1
> > > > means eth1 and 2 means eth2.
> > > > All 192.168 networks have 255.255.255.224 netmask.
> > > >
> > > > Ive tried the following:
> > > >
> > > > lsr1:~# uname -a
> > > > Linux lsr1 2.6.9-MPLSv2-LSR1 #1 Tue Nov 22 23:06:08 BRST 2005 i686
> > > GNU/Linux
> > > > lsr1:~# cat /sys/mpls/version
> > > > 1.946
> > > > lsr1:~# mpls nhlfe add key 0
> > > > Key: 0x00000002
> > > > lsr1:~# mpls nhlfe change key 0x00000002 instructions push gen 1000=
4
> > > nexthop
> > > > eth2 ipv4 192.168.28.2
> > > > lsr1:~# mpls nhlfe add key 0
> > > > Key: 0x00000003
> > > > lsr1:~# mpls nhlfe change key 0x00000003 instructions push gen 1000=
0
> > > nexthop
> > > > eth1 ipv4 192.168.29.2
> > > > lsr1:~# mpls labelspace add dev eth2 labelspace 0
> > > > lsr1:~# mpls labelspace add dev eth1 labelspace 0
> > > > lsr1:~# mpls ilm add label gen 10005
> > > > lsr1:~# mpls ilm add label gen 10001
> > > >
> > > > lsr1:~# mpls nhlfe show
> > > > NHLFE entry key 0x00000003 mtu 1496 propagate_ttl
> > > > push gen 10000 set eth1 ipv4 192.168.29.2 (0 bytes, 0 pkts=
,
> 0
> > > > dropped)
> > > > NHLFE entry key 0x00000002 mtu 1496 propagate_ttl
> > > > push gen 10004 set eth2 ipv4 192.168.28.2 (0 bytes, 0 pkts=
,
> 0
> > > > dropped)
> > > > lsr1:~# mpls ilm show
> > > > ILM entry label gen 10001 labelspace 0 proto ipv4
> > > > pop peek (0 bytes, 0 pkts, 0 dropped)
> > > > ILM entry label gen 10005 labelspace 0 proto ipv4
> > > > pop peek (0 bytes, 0 pkts, 0 dropped)
> > > > lsr1:~# mpls labelspace show
> > > > LABELSPACE entry dev eth0 labelspace -1
> > > > LABELSPACE entry dev lo labelspace -1
> > > > LABELSPACE entry dev eth1 labelspace 0
> > > > LABELSPACE entry dev eth2 labelspace 0
> > > > LABELSPACE entry dev tunl0 labelspace -1
> > > > LABELSPACE entry dev atm0 labelspace -1
> > > > LABELSPACE entry dev lec0 labelspace -1
> > > >
> > > > lsr1:~# ip route add 10.28.1.0/24 nexthop via 192.168.28.2 spec_nh
> > > 0x8847
> > > > 0x2
> > > > lsr1:~# ip route append 10.28.1.0/24 nexthop via 192.168.29.2spec_n=
h
> > > 0x8847
> > > > 0x3
> > > > lsr1:~# iptables -A OUTPUT -p tcp -d 10.28.1.0/24 -j spec_nh
> --spec_nh
> > > > 0x8847:0x3
> > > > lsr1:~# iptables -A OUTPUT -p icmp -d 10.28.1.0/24 -j spec_nh
> --spec_nh
> > > > 0x8847:0x2
> > > >
> > > > lsr1:~# ip route list
> > > > 192.168.29.0/27 dev eth1 proto kernel scope link src 192.168.29.=
1
> > > > 192.168.28.0/27 dev eth2 proto kernel scope link src 192.168.28.=
1
> > > > 10.28.1.0/24 via 192.168.28.2 dev eth2 spec_nh 0x8847 0x00000002
> > > > 10.28.1.0/24 via 192.168.29.2 dev eth1 spec_nh 0x8847 0x00000003
> > > > 10.28.0.0/24 dev eth0 proto kernel scope link src 10.28.0.1
> > > > 172.30.0.0/16 dev atm0 proto kernel scope link src 172.30.28.1
> > > > 172.29.0.0/16 dev lec0 proto kernel scope link src 172.29.28.1
> > > >
> > > > lsr1:~# iptables -L -n
> > > > Chain INPUT (policy ACCEPT)
> > > > target prot opt source destination
> > > >
> > > > Chain FORWARD (policy ACCEPT)
> > > > target prot opt source destination
> > > >
> > > > Chain OUTPUT (policy ACCEPT)
> > > > target prot opt source destination
> > > > spec_nh tcp -- 0.0.0.0/0 10.28.1.0/24 set
> spec_nh
> > > > 0x4788:0x00000003
> > > > spec_nh icmp -- 0.0.0.0/0 10.28.1.0/24 set
> spec_nh
> > > > 0x4788:0x00000002
> > > >
> > > >
> > > > At this point, I think icmp goes through LSP A and tcp goes
> through
> > > LSP B.
> > > > When I ping HOST2 (10.28.1.2) from HOST1 (10.28.0.2), tcpdump at
> LSR1
> > > shows
> > > > label 10004, indicating the use of LSP A. But when I do a ssh, the
> label
> > > > 10004 appears again, indicating that LSP B IS NOT in use.
> > > > If I flush iptables rules and delete the route through LSP A, all
> > > trafic
> > > > goes through LSP B.
> > > > Can someone see what Im doing wrong? Maybe some routes cache? Or
> ip
> > > route
> > > > syntax?
> > > >
> > > > TIA.
> > > >
> > > >
> > > > On 12/5/05, James R. Leu <jl...@mi...> wrote:
> > > > > MPLS-linux builds on the existing netfilter (iptables)
> infrastructure
> > > > > that exists in the linux kernel.
> > > > >
> > > > > After building/installing a MPLS enabled iptables you can do:
> > > > >
> > > > > iptables -A OUTPUT -p tcp -j spec_nh --spec_nh 0x8847:0x2
> > > > >
> > > > > This maps all TCP traffic to the special nexthop 0x8847:0x2, wher=
e
> > > > > 0x8847 mean MPLS and 0x2 mean NHLFE with the key of 0x2.
> > > > >
> > > > > Basically if you can build an iptables rules to do what you want
> at
> > > > > L3, then you can simply add the spec_nh target and it will map to
> > > MPLS.
> > > > >
> > > > > On Mon, Dec 05, 2005 at 07:34:28PM +0000, Carlos Veiga wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I?m studying MPLS using the project mpls-linux to mount some
> > > > testbeds networks and analyze the Traffic Engineering capabilities
> of
> > > MPLS.
> > > > Some papers results show that the TCP traffic is affected by UDP
> > > traffic
> > > > in the core of MPLS networks.
> > > > > >
> > > > > > I?m trying to separate the UDP traffic from the TCP traffic
> using
> > > > two differents LSP?s. I would like to know how can I do that using
> > > > the mpls(ip route/iptables with mpls patch) command. I?m know how
> to
> > > > create static LSP?s based on the destination IP to determine the
> path
> > > > of packets, but I don?t know how to determine the path based on
> > > > the protocol (tcp/udp).
> > > > > >
> > > > > >
> > > > > > Figure of my network topology:
> > > > > >
> > > > > >
> > > > > > LSP1(TCP) --->
> > > > > >
> > > > > > _____LSRC_____
> > > > > > / \
> > > > > > / \
> > > > > > ---LER A---LSRB LSRE----LER F
> > > > > > \ /
> > > > > > \_____LSRD_____/
> > > > > >
> > > > > >
> > > > > > LSP2(UDP) --->
> > > > > >
> > > > > >
> > > > > > Thanks for any help.
>
|
