mpls-linux-general — Mailing list for general discussion about MPLS for Linux

Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?

[刘磊 <orp...@ms...>]

Thank You. I have do that you said. BUT I'm in HOST B, LER2. My ip address is 192.168.99.4/24 and 10.0.0.2.

-bash-3.2# dmesg
MPLS: version 1.958
MPLS: protocol driver interface - 
MPLS: IPv4 over MPLS support
-bash-3.2#
-bash-3.2# lsmod
Module                  Size  Used by    Not tainted
mpls4                   3904  0
mpls                   67240  1 mpls4
pcnet32                27332  0
e100                   28620  0
e1000                 105024  0
e1000e                 80932  0
-bash-3.2#
-bash-3.2# ip r
10.0.0.1 via 172.16.0.2 dev eth1 mpls 0x3
172.16.0.0/24 dev eth1  proto kernel  scope link  src 172.16.0.3
192.168.99.0/24 dev eth2  proto kernel  scope link  src 192.168.99.3
-bash-3.2#
-bash-3.2# mpls nhlfe show
NHLFE entry key 0x00000003 mtu 1496 propagate_ttl
        push gen 2000 set eth1 ipv4 172.16.0.2  (0 bytes, 0 pkts)
NHLFE entry key 0x00000002 mtu 1500 propagate_ttl
        set eth2 ipv4 192.168.1.4  (0 bytes, 0 pkts)

And after I had a ping in 10.0.0.2
-bash-3.2# ip r
10.0.0.1 via 172.16.0.2 dev eth1 mpls 0x3
172.16.0.0/24 dev eth1  proto kernel  scope link  src 172.16.0.3
192.168.99.0/24 dev eth2  proto kernel  scope link  src 192.168.99.3
-bash-3.2# mpls nhlfe show
NHLFE entry key 0x00000003 mtu 1496 propagate_ttl
        push gen 2000 set eth1 ipv4 172.16.0.2  (0 bytes, 0 pkts)
NHLFE entry key 0x00000002 mtu 1500 propagate_ttl
        set eth2 ipv4 192.168.1.4  (0 bytes, 0 pkts)
-bash-3.2#
-bash-3.2# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:C0:5C:12:C4:0D
          inet addr:172.16.0.3  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:214 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:17444 (17.0 KiB)  TX bytes:4298 (4.1 KiB)
          Base address:0xc400 Memory:ff780000-ff7a0000

eth2      Link encap:Ethernet  HWaddr 00:C0:5C:12:C4:0E
          inet addr:192.168.99.3  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1025 errors:0 dropped:0 overruns:0 frame:0
          TX packets:263 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:77966 (76.1 KiB)  TX bytes:49836 (48.6 KiB)
          Base address:0xc000 Memory:ff740000-ff760000

And tcpdump in LER2's eth1 (to LER1's 172.16.0.2)

00:20:18.333708 IP 10.0.0.2> 10.0.0.1: ICMP echo request, id 59752, seq 27, length 64
        0x0000:  4500 0054 0000 4000 3f01 27a7 0a00 0002
        0x0010:  0a00 0001 0800 df87 e968 001b 5f05 0f48
        0x0020:  c9a3 0c00 0809 0a0b 0c0d 0e0f 1011 1213
        0x0030:  1415 1617 1819
00:20:19.321941 arp who-has 172.16.0.2 tell 172.16.0.3
        0x0000:  0001 0800 0604 0001 00c0 5c12 c40d ac10
        0x0010:  0003 0000 0000 0000 ac10 0002
00:20:19.322301 arp reply 172.16.0.2 is-at 00:0c:29:ef:a2:98
        0x0000:  0001 0800 0604 0002 000c 29ef a298 ac10
        0x0010:  0002 00c0 5c12 c40d ac10 0003 0000 0000
        0x0020:  0000 0000 0000 0000 0000 0000 0000
00:20:19.333624 IP 10.0.0.2> 10.0.0.1: ICMP echo request, id 59752, seq 28, length 64
        0x0000:  4500 0054 0000 4000 3f01 27a7 0a00 0002
        0x0010:  0a00 0001 0800 de86 e968 001c 6005 0f48
        0x0020:  c9a3 0c00 0809 0a0b 0c0d 0e0f 1011 1213
        0x0030:  1415 1617 1819

There was no MPLS-DATA in the packet, and the packet forward to 172.16.0.2 in original IP packet.
________________________________
> Date: Wed, 23 Apr 2008 11:37:57 +0300
> From: adr...@gm...
> To: orp...@ms...
> Subject: Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?
> CC: mpl...@li...
> 
> Ok, concentrate on LER1;
> It will encapsulate in MPLS only packets that go to 10.0.0.2/32. The rest of the traffic will be plain IP.
> 
> Try again and look for error messages after each command. Make sure you're running the mpls-enabled kernel (dmesg | grep mpls) and also that you have the mpls4 module loaded (lsmod | grep mpls).
> 
> After starting a ping to 10.0.0.2 issue these commands on ler1:
> mpls nhlfe show
> ip route show
> 
> If all is setup correctly, tcpdump will show the MPLS header between Ethernet and IP.
> 
> You only need iptables if you want to create more specific rules to use for MPLS. Something like you want only FTP traffic to go through MPLS or you want traffic from source X to go through MPLS, etc. You can use iproute to specify that you want traffic going to destination X to go through MPLS.
> 
> Cheers,
> Adrian
> 
> 2008/4/23 刘磊 <orp...@ms...>:
> 
> Hello
> Thank You first.
> I had tried "IPv4 over MPLS: two LER example for mpls-linux-1.95x", same as the example.
> BUT, I had not find  in the packets(above the ether layer, and below the IP layer) out from LER1's eth2 by tcpdump.
> Does it's MUST with iptables to do this?
> 
> ________________________________
>> Date: Wed, 23 Apr 2008 09:25:18 +0300
>> From: adr...@gm...
>> To: orp...@ms...
>> Subject: Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?
>> CC: mpl...@li...
>>
>> Hello,
>>
>> The mpls command allows you to create labels and the route/iptables commands allow you to map certain IP flows to created labels.
>> Please, better explain your problem (which example you used), and what was the problem so that we can better help.
>>
>> For a small overview of what mpls-linux does and how to use it, look here:
>> http://mpls-linux.sourceforge.net/
>> http://www.elcom.pub.ro/~adrian.popa/mpls-linux/mpls-linux-docs/
>>
>> Cheers,
>> Adrian
>>
>> 2008/4/23 刘磊 <orp...@ms...>:
>>
>> Hi all:
>> I'm a new bie.
>> And I had some problem in MPLS-Linux.
>> Does mpls-linux support for add label to normal IP packet?
>> I'm failed with "Links to examples", because the LER1 doesn't add label to the normal IP packets.
>> Which function will do that in the source code?
>> _________________________________________________________________
>> 新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
>> http://im.live.cn/emoticons/?ID=18
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>> Don't miss this year's exciting event. There's still time to save $100.
>> Use priority code J8TL2D2.
>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
>> _______________________________________________
>> mpls-linux-general mailing list
>> mpl...@li...
>> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> 
> _________________________________________________________________
> 多个邮箱同步管理，live mail客户端万人抢用中
> http://get.live.cn/product/mail.html
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

_________________________________________________________________
用手机MSN聊天写邮件看空间，无限沟通，分享精彩！
http://mobile.msn.com.cn/

Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?

[Adrian P. <adr...@gm...>]

Ok, concentrate on LER1;
It will encapsulate in MPLS only packets that go to 10.0.0.2/32. The rest of
the traffic will be plain IP.

Try again and look for error messages after each command. Make sure you're
running the mpls-enabled kernel (dmesg | grep mpls) and also that you have
the mpls4 module loaded (lsmod | grep mpls).

After starting a ping to 10.0.0.2 issue these commands on ler1:
mpls nhlfe show
ip route show

If all is setup correctly, tcpdump will show the MPLS header between
Ethernet and IP.

You only need iptables if you want to create more specific rules to use for
MPLS. Something like you want only FTP traffic to go through MPLS or you
want traffic from source X to go through MPLS, etc. You can use iproute to
specify that you want traffic going to destination X to go through MPLS.

Cheers,
Adrian

2008/4/23 刘磊 <orp...@ms...>:

>
> Hello
> Thank You first.
> I had tried "IPv4 over MPLS: two LER example for mpls-linux-1.95x", same
> as the example.
> BUT, I had not find  in the packets(above the ether layer, and below the
> IP layer) out from LER1's eth2 by tcpdump.
> Does it's MUST with iptables to do this?
>
> ________________________________
> > Date: Wed, 23 Apr 2008 09:25:18 +0300
> > From: adr...@gm...
> > To: orp...@ms...
> > Subject: Re: [mpls-linux-general] Does mpls-linux support for add label
> to normal IP packet?
> > CC: mpl...@li...
>  >
> > Hello,
> >
> > The mpls command allows you to create labels and the route/iptables
> commands allow you to map certain IP flows to created labels.
> > Please, better explain your problem (which example you used), and what
> was the problem so that we can better help.
> >
> > For a small overview of what mpls-linux does and how to use it, look
> here:
> > http://mpls-linux.sourceforge.net/
> > http://www.elcom.pub.ro/~adrian.popa/mpls-linux/mpls-linux-docs/
> >
> > Cheers,
> > Adrian
> >
> > 2008/4/23 刘磊 <orp...@ms...>:
> >
> > Hi all:
> > I'm a new bie.
> > And I had some problem in MPLS-Linux.
> > Does mpls-linux support for add label to normal IP packet?
> > I'm failed with "Links to examples", because the LER1 doesn't add label
> to the normal IP packets.
> > Which function will do that in the source code?
> > _________________________________________________________________
> > 新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
> > http://im.live.cn/emoticons/?ID=18
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
> _________________________________________________________________
> 多个邮箱同步管理，live mail客户端万人抢用中
> http://get.live.cn/product/mail.html
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>

Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?

[刘磊 <orp...@ms...>]

Hello
Thank You first.
I had tried "IPv4 over MPLS: two LER example for mpls-linux-1.95x", same as the example.
BUT, I had not find  in the packets(above the ether layer, and below the IP layer) out from LER1's eth2 by tcpdump.
Does it's MUST with iptables to do this?

________________________________
> Date: Wed, 23 Apr 2008 09:25:18 +0300
> From: adr...@gm...
> To: orp...@ms...
> Subject: Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?
> CC: mpl...@li...
> 
> Hello,
> 
> The mpls command allows you to create labels and the route/iptables commands allow you to map certain IP flows to created labels.
> Please, better explain your problem (which example you used), and what was the problem so that we can better help.
> 
> For a small overview of what mpls-linux does and how to use it, look here:
> http://mpls-linux.sourceforge.net/
> http://www.elcom.pub.ro/~adrian.popa/mpls-linux/mpls-linux-docs/
> 
> Cheers,
> Adrian
> 
> 2008/4/23 刘磊 <orp...@ms...>:
> 
> Hi all:
> I'm a new bie.
> And I had some problem in MPLS-Linux.
> Does mpls-linux support for add label to normal IP packet?
> I'm failed with "Links to examples", because the LER1 doesn't add label to the normal IP packets.
> Which function will do that in the source code?
> _________________________________________________________________
> 新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
> http://im.live.cn/emoticons/?ID=18
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

_________________________________________________________________
多个邮箱同步管理，live mail客户端万人抢用中
http://get.live.cn/product/mail.html

Re: [mpls-linux-general] Does mpls-linux support for add label to normal IP packet?

[Adrian P. <adr...@gm...>]

Hello,

The mpls command allows you to create labels and the route/iptables commands
allow you to map certain IP flows to created labels.
Please, better explain your problem (which example you used), and what was
the problem so that we can better help.

For a small overview of what mpls-linux does and how to use it, look here:
http://mpls-linux.sourceforge.net/
http://www.elcom.pub.ro/~adrian.popa/mpls-linux/mpls-linux-docs/

Cheers,
Adrian

2008/4/23 刘磊 <orp...@ms...>:

>
> Hi all:
> I'm a new bie.
> And I had some problem in MPLS-Linux.
> Does mpls-linux support for add label to normal IP packet?
> I'm failed with "Links to examples", because the LER1 doesn't add label to
> the normal IP packets.
> Which function will do that in the source code?
> _________________________________________________________________
> 新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
> http://im.live.cn/emoticons/?ID=18
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>

Re: [mpls-linux-general] problems with classes and iptables

[Adrian P. <adr...@gm...>]

You may be using a newer version than I used (I used 1.950). Things may have
changed. Indeed all the scripts worked on my setup (the scripts are copied
directly from the test-bed).

Good luck,
Adrian

On Tue, Apr 22, 2008 at 6:00 PM, luc...@li... <luc...@li...>
wrote:

> I tried to launch the same command on the mangle table, and it seems to
> work.
>
> [root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp
> --dscp 26 -j mpls --nhlfe 0x02
>
> [root@z10n ~]# iptables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> mpls       all  --  172.16.30.0/24       anywhere            DSCP match
> 0x1a nhlfe 0x2
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
>
>
> Now I'll try if it works, but it seems that the problem was putting the
> rule on the mangle table instead of the (default) filter table.
> Thanks a lot, I'll keep you posted.
> Luca
>
>
> ---------- Initial Header -----------
>
> >From      : "James R. Leu" jl...@mi...
> To          : "luc...@li..." luc...@li...
> Cc          : "mpls-linux-general"
> mpl...@li...
> Date      : Tue, 22 Apr 2008 08:07:36 -0500
> Subject : Re: [mpls-linux-general] problems with classes and iptables
>
>
>
>
>
>
>
> > If I remember correctly the MPLS target should only be used
> > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle'
> table.
> >
> > On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > > Hello,
> > > I'm trying to differentiate traffic flows in MPLS by marking DSCP
> field at the source and using scheduling strategies at the LER.
> > > I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> > > In that case the steps are:
> > > 1- mapping DSCP on EXP bits of mpls header
> > > 2- mapping EXP on the tcindex (scheduling strategy)
> > >
> > > In the script by Adrian Popa there are the following commands:
> > >
> > > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3
> exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c
> 17-26`
> > >
> > > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe $var_best1
> > >
> > > the iptables command answers to me:
> > > iptables: Invalid argument
> > >
> > > I've attached also the result of the command:
> > > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
> > >
> > > (0x02 is the previously generated key)
> > >
> > > I don't understand where's the problem: I've followed the example and
> it seems that the problem is in in the -j target of iptables...
> > > Could you please help me?
> > >
> > >
> > > Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> > > Thanks in advance,
> > > Luca
> > >
> > >
> >
> > > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "
> 172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe",
> "0x02"], [/* 50 vars */]) = 0
> > > brk(0)                                  = 0x9b60000
> > > access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
> directory)
> > > open("/etc/ld.so.cache", O_RDONLY)      = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > > close(3)                                = 0
> > > open("/lib/libdl.so.2", O_RDONLY)       = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe1000
> > > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 3, 0) = 0x87a000
> > > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > > close(3)                                = 0
> > > open("/lib/libselinux.so.1", O_RDONLY)  = 3
> > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > > close(3)                                = 0
> > > open("/lib/libc.so.6", O_RDONLY)        = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512)
> = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > > close(3)                                = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe0000
> > > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710,
> limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
> seg_not_present:0, useable:1}) = 0
> > > mprotect(0x87d000, 4096, PROT_READ)     = 0
> > > mprotect(0x872000, 8192, PROT_READ)     = 0
> > > mprotect(0x71b000, 4096, PROT_READ)     = 0
> > > munmap(0xb7fe2000, 85989)               = 0
> > > brk(0)                                  = 0x9b60000
> > > brk(0x9b81000)                          = 0x9b81000
> > > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "\n# This file controls the state "..., 4096) = 500
> > > read(3, "", 4096)                       = 0
> > > close(3)                                = 0
> > > munmap(0xb7ff6000, 4096)                = 0
> > > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096,
> f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120,
> f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255,
> f_frsize=4096}) = 0
> > > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > > read(3, "", 1024)                       = 0
> > > close(3)                                = 0
> > > munmap(0xb7ff6000, 4096)                = 0
> > > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) =
> 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x111000
> > > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > > close(3)                                = 0
> > > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x113000
> > > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > > close(3)                                = 0
> > > socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> > > getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"...,
> [84]) = 0
> > > getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > > setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1
> EINVAL (Invalid argument)
> > > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > > ) = 27
> > > exit_group(1)                           = ?
> > >
> >
> > >
> -------------------------------------------------------------------------
> > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > > Don't miss this year's exciting event. There's still time to save
> $100.
> > > Use priority code J8TL2D2.
> > >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > > _______________________________________________
> > > mpls-linux-general mailing list
> > > mpl...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> >
> >
> > --
> > James R. Leu
> > jl...@mi...
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>

[mpls-linux-general] Does mpls-linux support for add label to normal IP packet?

[刘磊 <orp...@ms...>]

Hi all:
I'm a new bie.
And I had some problem in MPLS-Linux.
Does mpls-linux support for add label to normal IP packet?
I'm failed with "Links to examples", because the LER1 doesn't add label to the normal IP packets.
Which function will do that in the source code?
_________________________________________________________________
新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
http://im.live.cn/emoticons/?ID=18

Re: [mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

I tried to launch the same command on the mangle table, and it seems to work.

[root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02

[root@z10n ~]# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
mpls       all  --  172.16.30.0/24       anywhere            DSCP match 0x1a nhlfe 0x2

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination


Now I'll try if it works, but it seems that the problem was putting the rule on the mangle table instead of the (default) filter table.
Thanks a lot, I'll keep you posted.
Luca


---------- Initial Header -----------

>From      : "James R. Leu" jl...@mi...
To          : "luc...@li..." luc...@li...
Cc          : "mpls-linux-general" mpl...@li...
Date      : Tue, 22 Apr 2008 08:07:36 -0500
Subject : Re: [mpls-linux-general] problems with classes and iptables







> If I remember correctly the MPLS target should only be used
> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
> 
> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > Hello,
> > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> > I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> > In that case the steps are:
> > 1- mapping DSCP on EXP bits of mpls header
> > 2- mapping EXP on the tcindex (scheduling strategy)
> > 
> > In the script by Adrian Popa there are the following commands:
> > 
> > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> > 
> > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> > 
> > the iptables command answers to me:
> > iptables: Invalid argument
> > 
> > I've attached also the result of the command:
> > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> > 
> > (0x02 is the previously generated key)
> > 
> > I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> > Could you please help me?
> > 
> > 
> > Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> > Thanks in advance,
> > Luca
> > 
> > 
> 
> > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> > brk(0)                                  = 0x9b60000
> > access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> > open("/etc/ld.so.cache", O_RDONLY)      = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > close(3)                                = 0
> > open("/lib/libdl.so.2", O_RDONLY)       = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > close(3)                                = 0
> > open("/lib/libselinux.so.1", O_RDONLY)  = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > close(3)                                = 0
> > open("/lib/libc.so.6", O_RDONLY)        = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > close(3)                                = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> > mprotect(0x87d000, 4096, PROT_READ)     = 0
> > mprotect(0x872000, 8192, PROT_READ)     = 0
> > mprotect(0x71b000, 4096, PROT_READ)     = 0
> > munmap(0xb7fe2000, 85989)               = 0
> > brk(0)                                  = 0x9b60000
> > brk(0x9b81000)                          = 0x9b81000
> > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "\n# This file controls the state "..., 4096) = 500
> > read(3, "", 4096)                       = 0
> > close(3)                                = 0
> > munmap(0xb7ff6000, 4096)                = 0
> > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > read(3, "", 1024)                       = 0
> > close(3)                                = 0
> > munmap(0xb7ff6000, 4096)                = 0
> > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > close(3)                                = 0
> > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > close(3)                                = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > exit_group(1)                           = ?
> > 
> 
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> > Don't miss this year's exciting event. There's still time to save $100. 
> > Use priority code J8TL2D2. 
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> 
> 
> -- 
> James R. Leu
> jl...@mi...
> 

Re: [mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

I don't know if I'm using the correct syntax, but I'm following the examples by Adrian Popa and I can't run one of the commands on the scripts. 
I think he ran all his scripts and they work fine, most probably it's something wrong on my configuration!
Any idea about it?

Anyway, is there any reference where I can find information about this commands(MPLS target and so on)?



---------- Initial Header -----------

>From      : "James R. Leu" jl...@mi...
To          : "luc...@li..." luc...@li...
Cc          : "mpls-linux-general" mpl...@li...
Date      : Tue, 22 Apr 2008 08:07:36 -0500
Subject : Re: [mpls-linux-general] problems with classes and iptables







> If I remember correctly the MPLS target should only be used
> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
> 
> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > Hello,
> > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> > I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> > In that case the steps are:
> > 1- mapping DSCP on EXP bits of mpls header
> > 2- mapping EXP on the tcindex (scheduling strategy)
> > 
> > In the script by Adrian Popa there are the following commands:
> > 
> > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> > 
> > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> > 
> > the iptables command answers to me:
> > iptables: Invalid argument
> > 
> > I've attached also the result of the command:
> > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> > 
> > (0x02 is the previously generated key)
> > 
> > I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> > Could you please help me?
> > 
> > 
> > Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> > Thanks in advance,
> > Luca
> > 
> > 
> 
> > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> > brk(0)                                  = 0x9b60000
> > access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> > open("/etc/ld.so.cache", O_RDONLY)      = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > close(3)                                = 0
> > open("/lib/libdl.so.2", O_RDONLY)       = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > close(3)                                = 0
> > open("/lib/libselinux.so.1", O_RDONLY)  = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > close(3)                                = 0
> > open("/lib/libc.so.6", O_RDONLY)        = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > close(3)                                = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> > mprotect(0x87d000, 4096, PROT_READ)     = 0
> > mprotect(0x872000, 8192, PROT_READ)     = 0
> > mprotect(0x71b000, 4096, PROT_READ)     = 0
> > munmap(0xb7fe2000, 85989)               = 0
> > brk(0)                                  = 0x9b60000
> > brk(0x9b81000)                          = 0x9b81000
> > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "\n# This file controls the state "..., 4096) = 500
> > read(3, "", 4096)                       = 0
> > close(3)                                = 0
> > munmap(0xb7ff6000, 4096)                = 0
> > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > read(3, "", 1024)                       = 0
> > close(3)                                = 0
> > munmap(0xb7ff6000, 4096)                = 0
> > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > close(3)                                = 0
> > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > close(3)                                = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > exit_group(1)                           = ?
> > 
> 
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> > Don't miss this year's exciting event. There's still time to save $100. 
> > Use priority code J8TL2D2. 
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> 
> 
> -- 
> James R. Leu
> jl...@mi...
> 

Re: [mpls-linux-general] problems with classes and iptables

[James R. L. <jl...@mi...>]

In more recent kernels ipt_mpls has been changed to xt_mpls.  xt_mpls
works with IPv4 and IPv6 netfilter rules.

On Tue, Apr 22, 2008 at 03:02:10PM +0200, luc...@li... wrote:
> Yes, the lsmod is issued after the command.
> After that, I've tried to do:
> 
> modprobe ipt_mpls
> 
> but the iptables still doesn't work, and the lsmod gives always the same output.
> (I wonder if the modprobe loaded something, but with "modprobe libipt_mpls" it outputs:
> FATAL: Module libipt_mpls not found)
> 
> About DSCP-->TCINDEX, my idea was to analyze the interaction of MPLS and L3 scheduling also inside the MPLS cloud, where I would like not to look at IP header!
> Luca
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

-- 
James R. Leu
jl...@mi...

Re: [mpls-linux-general] problems with classes and iptables

[James R. L. <jl...@mi...>]

If I remember correctly the MPLS target should only be used
in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.

On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
> 
> In the script by Adrian Popa there are the following commands:
> 
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> 
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> 
> the iptables command answers to me:
> iptables: Invalid argument
> 
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> 
> (0x02 is the previously generated key)
> 
> I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> Could you please help me?
> 
> 
> Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> Thanks in advance,
> Luca
> 
> 

> execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> brk(0)                                  = 0x9b60000
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> close(3)                                = 0
> open("/lib/libdl.so.2", O_RDONLY)       = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> close(3)                                = 0
> open("/lib/libselinux.so.1", O_RDONLY)  = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> close(3)                                = 0
> open("/lib/libc.so.6", O_RDONLY)        = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> close(3)                                = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> mprotect(0x87d000, 4096, PROT_READ)     = 0
> mprotect(0x872000, 8192, PROT_READ)     = 0
> mprotect(0x71b000, 4096, PROT_READ)     = 0
> munmap(0xb7fe2000, 85989)               = 0
> brk(0)                                  = 0x9b60000
> brk(0x9b81000)                          = 0x9b81000
> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "\n# This file controls the state "..., 4096) = 500
> read(3, "", 4096)                       = 0
> close(3)                                = 0
> munmap(0xb7ff6000, 4096)                = 0
> statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> read(3, "", 1024)                       = 0
> close(3)                                = 0
> munmap(0xb7ff6000, 4096)                = 0
> open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> close(3)                                = 0
> open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> close(3)                                = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> ) = 27
> exit_group(1)                           = ?
> 

> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general


-- 
James R. Leu
jl...@mi...

Re: [mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

Yes, the lsmod is issued after the command.
After that, I've tried to do:

modprobe ipt_mpls

but the iptables still doesn't work, and the lsmod gives always the same output.
(I wonder if the modprobe loaded something, but with "modprobe libipt_mpls" it outputs:
FATAL: Module libipt_mpls not found)

About DSCP-->TCINDEX, my idea was to analyze the interaction of MPLS and L3 scheduling also inside the MPLS cloud, where I would like not to look at IP header!
Luca

Re: [mpls-linux-general] problems with classes and iptables

[Adrian P. <adr...@gm...>]

Hmm, strange... Is the lsmod issued after you tried to use iptables? I don't
see your libipt_mpls module. Maybe try to load it before issuing the
iptables command (something like modprobe libipt_mpls or modprobe ipt_mpls).

As for the necessity of DSCP to TCINDEX mapping - it wouldn't be useless
because in the edge of the network, you have to do L3 header analysis. In
the rest of the network you shouldn't do that and base your decisions on the
MPLS header (including EXP bits). But if you only need to enforce bandwidth
at the edge of the network - it can be done by mapping DSCP to TCINDEX.

I've thought a bit about it and I think the tc command has such a mapping,
but I don't know the actual syntax...

Cheers!
Adrian

On Tue, Apr 22, 2008 at 2:55 PM, luc...@li... <luc...@li...>
wrote:

> SELinux seems to be disabled...
>
> dmesg | grep -i selinux
>
> SELinux:  Initializing.
> SELinux:  Starting in permissive mode
> selinux_register_security:  Registering secondary module capability
> SELinux:  Registering netfilter hooks
> SELinux:  Disabled at runtime.
> SELinux:  Unregistering netfilter hooks
> audit(1208846620.480:2): selinux=0 auid=4294967295
>
> And here is my lsmod:
>
> lsmod
> Module                  Size  Used by
> xt_mpls                 6081  0
> xt_dscp                 5953  0
> fuse                   38613  2
> rfcomm                 36953  0
> l2cap                  25665  9 rfcomm
> bluetooth              49317  4 rfcomm,l2cap
> sunrpc                140765  1
> nf_conntrack_ftp       10977  0
> nf_conntrack_ipv4      11717  0
> xt_state                6081  0
> nf_conntrack           51977  3
> nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
> nfnetlink               8281  2 nf_conntrack_ipv4,nf_conntrack
> xt_tcpudp               6977  0
> ipt_REJECT              7617  0
> iptable_filter          6465  1
> ip_tables              14213  1 iptable_filter
> ip6table_filter         6337  0
> ip6_tables             15109  1 ip6table_filter
> x_tables               14277  7
> xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables
> loop                   16581  0
> dm_multipath           18249  0
> radeon                117345  2
> drm                    67029  3 radeon
> ipv6                  246629  12
> mpls4                   8257  0
> snd_ali5451            21453  3
> snd_ac97_codec         92389  1 snd_ali5451
> ac97_bus                6081  1 snd_ac97_codec
> snd_seq_dummy           6853  0
> snd_seq_oss            29889  0
> snd_seq_midi_event      9793  1 snd_seq_oss
> snd_seq                44849  5
> snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
> snd_seq_device         10061  3 snd_seq_dummy,snd_seq_oss,snd_seq
> snd_pcm_oss            37569  0
> snd_mixer_oss          16705  2 snd_pcm_oss
> battery                14025  2
> snd_pcm                63813  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
> parport_pc             27109  0
> ac                      8133  0
> 8139cp                 21697  0
> parport                32393  1 parport_pc
> button                 10449  0
> i2c_ali15x3            10693  0
> alim1535_wdt            8537  0
> firewire_ohci          19137  0
> snd_timer              20549  2 snd_seq,snd_pcm
> floppy                 53125  0
> firewire_core          36737  1 firewire_ohci
> i2c_ali1535            10053  0
> joydev                 12673  0
> serio_raw               9029  0
> 8139too                24513  0
> snd                    43461  13
> snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
> pcspkr                  6593  0
> mii                     8385  2 8139cp,8139too
> i2c_core               21825  2 i2c_ali15x3,i2c_ali1535
> soundcore               9632  2 snd
> crc_itu_t               6081  1 firewire_core
> snd_page_alloc         11337  1 snd_pcm
> sg                     31965  0
> sr_mod                 17509  0
> cdrom                  33889  1 sr_mod
> dm_snapshot            17893  0
> dm_zero                 5953  0
> dm_mirror              21697  0
> dm_mod                 46465  9 dm_multipath,dm_snapshot,dm_zero,dm_mirror
> ata_generic             8901  0
> pata_ali               11457  3
> libata                100529  2 ata_generic,pata_ali
> sd_mod                 27329  4
> scsi_mod              120525  4 sg,sr_mod,libata,sd_mod
> ext3                  111177  2
> jbd                    52585  1 ext3
> mbcache                10305  1 ext3
> uhci_hcd               23633  0
> ohci_hcd               21573  0
> ehci_hcd               31949  0
>
>
> Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls
> command, but I think it wouldn't be useful, because in that way you would
> "bypass" MPLS and work only with the L3 header, am I wrong?
>
> I think I actually need this damned iptables to work!!!
>
>
>
>

Re: [mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

SELinux seems to be disabled...

dmesg | grep -i selinux

SELinux:  Initializing.
SELinux:  Starting in permissive mode
selinux_register_security:  Registering secondary module capability
SELinux:  Registering netfilter hooks
SELinux:  Disabled at runtime.
SELinux:  Unregistering netfilter hooks
audit(1208846620.480:2): selinux=0 auid=4294967295

And here is my lsmod:

lsmod
Module                  Size  Used by
xt_mpls                 6081  0
xt_dscp                 5953  0
fuse                   38613  2
rfcomm                 36953  0
l2cap                  25665  9 rfcomm
bluetooth              49317  4 rfcomm,l2cap
sunrpc                140765  1
nf_conntrack_ftp       10977  0
nf_conntrack_ipv4      11717  0
xt_state                6081  0
nf_conntrack           51977  3 nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
nfnetlink               8281  2 nf_conntrack_ipv4,nf_conntrack
xt_tcpudp               6977  0
ipt_REJECT              7617  0
iptable_filter          6465  1
ip_tables              14213  1 iptable_filter
ip6table_filter         6337  0
ip6_tables             15109  1 ip6table_filter
x_tables               14277  7 xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables
loop                   16581  0
dm_multipath           18249  0
radeon                117345  2
drm                    67029  3 radeon
ipv6                  246629  12
mpls4                   8257  0
snd_ali5451            21453  3
snd_ac97_codec         92389  1 snd_ali5451
ac97_bus                6081  1 snd_ac97_codec
snd_seq_dummy           6853  0
snd_seq_oss            29889  0
snd_seq_midi_event      9793  1 snd_seq_oss
snd_seq                44849  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device         10061  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            37569  0
snd_mixer_oss          16705  2 snd_pcm_oss
battery                14025  2
snd_pcm                63813  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
parport_pc             27109  0
ac                      8133  0
8139cp                 21697  0
parport                32393  1 parport_pc
button                 10449  0
i2c_ali15x3            10693  0
alim1535_wdt            8537  0
firewire_ohci          19137  0
snd_timer              20549  2 snd_seq,snd_pcm
floppy                 53125  0
firewire_core          36737  1 firewire_ohci
i2c_ali1535            10053  0
joydev                 12673  0
serio_raw               9029  0
8139too                24513  0
snd                    43461  13 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
pcspkr                  6593  0
mii                     8385  2 8139cp,8139too
i2c_core               21825  2 i2c_ali15x3,i2c_ali1535
soundcore               9632  2 snd
crc_itu_t               6081  1 firewire_core
snd_page_alloc         11337  1 snd_pcm
sg                     31965  0
sr_mod                 17509  0
cdrom                  33889  1 sr_mod
dm_snapshot            17893  0
dm_zero                 5953  0
dm_mirror              21697  0
dm_mod                 46465  9 dm_multipath,dm_snapshot,dm_zero,dm_mirror
ata_generic             8901  0
pata_ali               11457  3
libata                100529  2 ata_generic,pata_ali
sd_mod                 27329  4
scsi_mod              120525  4 sg,sr_mod,libata,sd_mod
ext3                  111177  2
jbd                    52585  1 ext3
mbcache                10305  1 ext3
uhci_hcd               23633  0
ohci_hcd               21573  0
ehci_hcd               31949  0


Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls command, but I think it wouldn't be useful, because in that way you would "bypass" MPLS and work only with the L3 header, am I wrong?

I think I actually need this damned iptables to work!!!

Re: [mpls-linux-general] problems with classes and iptables

[Adrian P. <adr...@gm...>]

Silly me...

>From the output you provided I can clearly see that it loads the module:

open("/lib/iptables/*libipt_mpls.so*", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
So the module is not the problem... But I can't tell what the problem would
be...
Hmm... Quick question: is selinux enabled? Do a dmesg | grep -i selinux

Cheers,
Adrian
On Tue, Apr 22, 2008 at 12:08 PM, luc...@li... <luc...@li...>
wrote:

> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at
> the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
>
> In the script by Adrian Popa there are the following commands:
>
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc
> 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
>
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe
> $var_best1
>
> the iptables command answers to me:
> iptables: Invalid argument
>
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
>
> (0x02 is the previously generated key)
>
> I don't understand where's the problem: I've followed the example and it
> seems that the problem is in in the -j target of iptables...
> Could you please help me?
>
>
> Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> Thanks in advance,
> Luca
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>

Re: [mpls-linux-general] problems with classes and iptables

[Adrian P. <adr...@gm...>]

Hello Luca,

I have a question about your iptables install: did you install the iptables
that came with mpls-linux?

I may be wrong, but I seem to remember that you had to load a module for
mpls target support for iptables, but I don't remember its name (this if it
isn't compiled statically in the kernel). Do a lsmod and post the output.

I don't remember the syntax of the mpls command, (do a mpls -h) but if there
is an option DSCP-to-TCINDEX, than you can map DSCP directly to TCINDEX,
without the need to use EXP. But please note that you would be able to use
the scheduling strategy only on the input LER, since the mapping is done
only here.

Good luck,
Adrian


On Tue, Apr 22, 2008 at 12:08 PM, luc...@li... <luc...@li...>
wrote:

> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at
> the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
>
> In the script by Adrian Popa there are the following commands:
>
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc
> 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
>
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe
> $var_best1
>
> the iptables command answers to me:
> iptables: Invalid argument
>
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
>
> (0x02 is the previously generated key)
>
> I don't understand where's the problem: I've followed the example and it
> seems that the problem is in in the -j target of iptables...
> Could you please help me?
>
>
> Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> Thanks in advance,
> Luca
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>

[mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

Hello, 
I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
In that case the steps are:
1- mapping DSCP on EXP bits of mpls header
2- mapping EXP on the tcindex (scheduling strategy)

In the script by Adrian Popa there are the following commands:

var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`

iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1

the iptables command answers to me:
iptables: Invalid argument

I've attached also the result of the command:
strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02

(0x02 is the previously generated key)

I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
Could you please help me?


Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
Thanks in advance,
Luca

[mpls-linux-general] Give her the biggest bang

[Gardner <okk...@MY...>]

Fantastic time guaranteed for you and your partner once you get this http://www.hueiartt.com/

[mpls-linux-general] Take this and be d;ck almighty

[Hanno <Hanno-flea-lug@H.RD.HONDA.CO.JP>]

You aint no tiny cocktail sausage, you can be the fat bratwurst with our concoction. http://www.meenault.com/

[mpls-linux-general] please help me...

[deni y. <den...@ya...>]

dear sir,
  i'm deni yulianti and student of telecommunication engineering in private college in indonesia and i'm doing my final project right now. the tittle of my final project is "burden traffic aggregation on multiprotocol label switching (MPLS) networking”. i using linux fedora core 5 as operating system. i use software traffic generator mtools, mpls-linux and matlab.. i don't know what type of mtools suit with fedora core 5 and how to install and configuration in order to result traffic aggregation. With this software (traffic generator mtools, I’ll set shape parameter value (alpha), bursty time value , idle time value , number of source that i use. and i'll count hurst value in client side with matlab.. i'm really know the script in server in order to result traffic aggregation with using traffic generator mtools and tupe of traffic generator mtools tahat very suitable in fedora core 5 operating system.. please help me....this's my email address : den...@ya....
  thank you very much for your attention.
   
  sincerely yours,
   
   
  deni yulianti

       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.

[mpls-linux-general] A new poke

[Jokela <Jan...@DO...>]

Be the awesome bed hero you have always wanted to be within a few months http://www.feaihj.com/

[mpls-linux-general] Ladies love up-sized rods

[Kutzner <hci...@BF...>]

Pound her hard and good like she always wanted but you never could. http://www.umbageug.com/

[mpls-linux-general] Fantastic results guaranteed

[comstock <Cod...@FI...>]

Give her the best action every night http://www.yowerti.com/

[mpls-linux-general] Maximizing your potential

[Chenchen <Che...@BI...>]

Every woman needs a man who measures up with a massive rod. http://www.opeoteae.com/

[mpls-linux-general] Destroy her with your massive cannon

[brigitte <bri...@LA...>]

You should not be ashamed of your natural size http://www.Downsteren.com/

[mpls-linux-general] Unleash your titan

[Daphney <Dap...@LA...>]

Give her the best time of your life, while you have the best time of yours http://www.Neddlase.com/