mpls-linux-general

[mpls-linux-general] next samples

[<bla...@in...>]

consider below :
                       B-------------C
                      /               \
                     /                 \
     192.168.0.0/24 /                   \    192.168.1.0/24
   Host1-----------A                     D----------Host2
      .1         .2 \                   /  .1        .2
                     \                 /
                      \               /
                       E-------------F

traffic for ftp (port 21) via A-B-C-D. and others via A-E-F-D.
please.. help me for LSR A configuration.

can i use iptables for this command: ip route add 192.168.1.0/24 dev eth0
spec_nh 0x8847 0x2

Re: [mpls-linux-general] next samples

[James R. L. <jl...@mi...>]

On Mon, Sep 06, 2004 at 03:14:12AM +0700, bla...@in... wrote:
> consider below :
>                        B-------------C
>                       /               \
>                      /                 \
>      192.168.0.0/24 /                   \    192.168.1.0/24
>    Host1-----------A                     D----------Host2
>       .1         .2 \                   /  .1        .2
>                      \                 /
>                       \               /
>                        E-------------F
> 
> traffic for ftp (port 21) via A-B-C-D. and others via A-E-F-D.
> please.. help me for LSR A configuration.
> 
> can i use iptables for this command: ip route add 192.168.1.0/24 dev eth0
> spec_nh 0x8847 0x2

Lets assume you've created two LSPs both starting on host1:
1: has NHLFE index 0x2 and goes host1, A, B, C, D, Host2
2: has NHLFE index 0x3 and goes host1, A, E, F, D, Host2

(ie host1 and host2 act as LERs ABCDEF act as LSRs)

On host1:

Create another NHLFE which uses nffwd and forwards to NHFLE 0x2 or 0x3
based on nfmark:

mplsadm2 -A -O 0
Key: 0x4
mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2

(mask the nfmark on each packet with 0x1, packets with nfmark of 0x0 forward
on NHLFE 0x3 packets with nfmark 0x1 forwards on NHLFE 0x2)

Now bind FEC 192.168.1.0/24 to NHLFE 0x4

    ip route add 192.168.1.0/24 dev eth0 spec_nh 0x8847 0x4

Now use iptables to mark the nfmark based on traffic type

    iptables -t mangle -A POSTROUTING -p tcp --dport 21 -j MARK --set-mark 1

Because of the FEC binding (ip route command) all packets destined to
host2 will be sent on NHLFE 0x4.  As packets leave the IPv4 stack, if they
match the iptables rule, they will have there nfmark set to 1 otherwise
they have the default nfmark or 0.

In NHLFE 0x4 we look at the nfmark, if the packets are not marked
(nfmark = 0) then they will be forwarded on NHLFE 0x3 if they have a 
nfmark = 1 are fowarded on NHLFE 0x2.

-- 
James R. Leu
jl...@mi...

Re: [mpls-linux-general] next samples

[<bla...@in...>]

here my configuration on A and D. i change port 21 to ssh (port 22)
A:
- eth0 from host1
- eth1 to B
- eth2 to E
ifconfig lo 127.0.0.1
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
ifconfig eth1 10.120.0.2 netmask 255.255.255.0
mplsadm2 -A -O 0
mplsadm2 -O 0x2 -o push:gen:64:set:eth1:ipv4:10.120.0.3
mplsadm2 -A -I gen:65:0 -i pop:peek
mplsadm2 -L eth1:0
ifconfig eth2 10.120.3.2 netmask 255.255.255.0
mplsadm2 -A -O 0
mplsadm2 -O 0x3 -o push:gen:69:set:eth2:ipv4:10.120.3.3
mplsadm2 -A -I gen:70:0 -i pop:peek
mplsadm2 -L eth2:0
mplsadm2 -AO 0
mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
ip route add 192.168.1.0/24 dev eth1 spec_nh 0x8847 0x4
iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 1
echo "1" > /proc/sys/net/ipv4/ip_forward
B:
- eth0 from C
- eth1 from F
- eth2 to host2
ifconfig lo 127.0.0.1
ifconfig eth2 192.168.1.1 netmask 255.255.255.0
ifconfig eth0 10.120.2.3 netmask 255.255.255.0
mplsadm2 -A -O 0
mplsadm2 -O 0x2 -o push:gen:69:set:eth0:ipv4:10.120.2.2
mplsadm2 -A -I gen:68:0 -i pop:peek
mplsadm2 -L eth0:0
ifconfig eth1 10.120.5.3 netmask 255.255.255.0
mplsadm2 -A -O 0
mplsadm2 -O 0x3 -o push:gen:74:set:eth1:ipv4:10.120.5.2
mplsadm2 -A -I gen:73:0 -i pop:peek
mplsadm2 -L eth1:0
mplsadm2 -AO 0
mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
ip route add 192.168.0.0/24 dev eth0 spec_nh 0x8847 0x4
iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 1
echo "1" > /proc/sys/net/ipv4/ip_forward
------------------------------------------
ssh --> A-B-C-D
others --> A-E-F-D
the traffic flow already correct.
but there is a problem,
when i tried to ping 192.168.1.2(host2) from host1, it seem stopped at
D,and not continue to host2.
when i tried the others operation, packet seem to be dropped at eggress.

> On Mon, Sep 06, 2004 at 03:14:12AM +0700, bla...@in... wrote:
>> consider below :
>>                        B-------------C
>>                       /               \
>>                      /                 \
>>      192.168.0.0/24 /                   \    192.168.1.0/24
>>    Host1-----------A                     D----------Host2
>>       .1         .2 \                   /  .1        .2
>>                      \                 /
>>                       \               /
>>                        E-------------F
>>
>> traffic for ftp (port 21) via A-B-C-D. and others via A-E-F-D.
>> please.. help me for LSR A configuration.
>>
>> can i use iptables for this command: ip route add 192.168.1.0/24 dev
>> eth0
>> spec_nh 0x8847 0x2
>
> Lets assume you've created two LSPs both starting on host1:
> 1: has NHLFE index 0x2 and goes host1, A, B, C, D, Host2
> 2: has NHLFE index 0x3 and goes host1, A, E, F, D, Host2
>
> (ie host1 and host2 act as LERs ABCDEF act as LSRs)
>
> On host1:
>
> Create another NHLFE which uses nffwd and forwards to NHFLE 0x2 or 0x3
> based on nfmark:
>
> mplsadm2 -A -O 0
> Key: 0x4
> mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
>
> (mask the nfmark on each packet with 0x1, packets with nfmark of 0x0
> forward
> on NHLFE 0x3 packets with nfmark 0x1 forwards on NHLFE 0x2)
>
> Now bind FEC 192.168.1.0/24 to NHLFE 0x4
>
>     ip route add 192.168.1.0/24 dev eth0 spec_nh 0x8847 0x4
>
> Now use iptables to mark the nfmark based on traffic type
>
>     iptables -t mangle -A POSTROUTING -p tcp --dport 21 -j MARK --set-mark
> 1
>
> Because of the FEC binding (ip route command) all packets destined to
> host2 will be sent on NHLFE 0x4.  As packets leave the IPv4 stack, if they
> match the iptables rule, they will have there nfmark set to 1 otherwise
> they have the default nfmark or 0.
>
> In NHLFE 0x4 we look at the nfmark, if the packets are not marked
> (nfmark = 0) then they will be forwarded on NHLFE 0x3 if they have a
> nfmark = 1 are fowarded on NHLFE 0x2.
>
> --
> James R. Leu
> jl...@mi...
>

[mpls-linux-general] iptables log

[<bla...@in...>]

on my previouse question, i asked about my iptables did not work. when i
run dmesg, nothing happens and when i debug my mplsadm2, nothing happens.

iptables -A OUTPUT -d 192.168.1.0/24 -j spec_nh --spec_nh 0x8847:0x2
i tried to see th logs of iptables.
iptables -A OUTPUT -j LOG

and i look at syslog, nothings to be wrong. but the packet still stopped.

when i changed iptables with ip route command. it's work.
is there something wrong with my iptables or anything else?

Re: [mpls-linux-general] next samples

[James R. L. <jl...@mi...>]

OK.  So in other words host1 host2 are not LERs?  You should have said that
to start.  A and D are the LERs.  What routes do you have configured
on host1 and host2?

On Tue, Sep 07, 2004 at 03:33:32PM +0700, bla...@in... wrote:
> here my configuration on A and D. i change port 21 to ssh (port 22)
> A:
> - eth0 from host1
> - eth1 to B
> - eth2 to E
> ifconfig lo 127.0.0.1
> ifconfig eth0 192.168.0.1 netmask 255.255.255.0
> ifconfig eth1 10.120.0.2 netmask 255.255.255.0
> mplsadm2 -A -O 0
> mplsadm2 -O 0x2 -o push:gen:64:set:eth1:ipv4:10.120.0.3
> mplsadm2 -A -I gen:65:0 -i pop:peek
> mplsadm2 -L eth1:0
> ifconfig eth2 10.120.3.2 netmask 255.255.255.0
> mplsadm2 -A -O 0
> mplsadm2 -O 0x3 -o push:gen:69:set:eth2:ipv4:10.120.3.3
> mplsadm2 -A -I gen:70:0 -i pop:peek
> mplsadm2 -L eth2:0
> mplsadm2 -AO 0
> mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
> ip route add 192.168.1.0/24 dev eth1 spec_nh 0x8847 0x4
> iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> B:
> - eth0 from C
> - eth1 from F
> - eth2 to host2
> ifconfig lo 127.0.0.1
> ifconfig eth2 192.168.1.1 netmask 255.255.255.0
> ifconfig eth0 10.120.2.3 netmask 255.255.255.0
> mplsadm2 -A -O 0
> mplsadm2 -O 0x2 -o push:gen:69:set:eth0:ipv4:10.120.2.2
> mplsadm2 -A -I gen:68:0 -i pop:peek
> mplsadm2 -L eth0:0
> ifconfig eth1 10.120.5.3 netmask 255.255.255.0
> mplsadm2 -A -O 0
> mplsadm2 -O 0x3 -o push:gen:74:set:eth1:ipv4:10.120.5.2
> mplsadm2 -A -I gen:73:0 -i pop:peek
> mplsadm2 -L eth1:0
> mplsadm2 -AO 0
> mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
> ip route add 192.168.0.0/24 dev eth0 spec_nh 0x8847 0x4
> iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 1
> echo "1" > /proc/sys/net/ipv4/ip_forward
> ------------------------------------------
> ssh --> A-B-C-D
> others --> A-E-F-D
> the traffic flow already correct.
> but there is a problem,
> when i tried to ping 192.168.1.2(host2) from host1, it seem stopped at
> D,and not continue to host2.
> when i tried the others operation, packet seem to be dropped at eggress.
> 
> > On Mon, Sep 06, 2004 at 03:14:12AM +0700, bla...@in... wrote:
> >> consider below :
> >>                        B-------------C
> >>                       /               \
> >>                      /                 \
> >>      192.168.0.0/24 /                   \    192.168.1.0/24
> >>    Host1-----------A                     D----------Host2
> >>       .1         .2 \                   /  .1        .2
> >>                      \                 /
> >>                       \               /
> >>                        E-------------F
> >>
> >> traffic for ftp (port 21) via A-B-C-D. and others via A-E-F-D.
> >> please.. help me for LSR A configuration.
> >>
> >> can i use iptables for this command: ip route add 192.168.1.0/24 dev
> >> eth0
> >> spec_nh 0x8847 0x2
> >
> > Lets assume you've created two LSPs both starting on host1:
> > 1: has NHLFE index 0x2 and goes host1, A, B, C, D, Host2
> > 2: has NHLFE index 0x3 and goes host1, A, E, F, D, Host2
> >
> > (ie host1 and host2 act as LERs ABCDEF act as LSRs)
> >
> > On host1:
> >
> > Create another NHLFE which uses nffwd and forwards to NHFLE 0x2 or 0x3
> > based on nfmark:
> >
> > mplsadm2 -A -O 0
> > Key: 0x4
> > mplsadm2 -O 0x4 -o nffwd:0xf:0x0:0x3:0x1:0x2
> >
> > (mask the nfmark on each packet with 0x1, packets with nfmark of 0x0
> > forward
> > on NHLFE 0x3 packets with nfmark 0x1 forwards on NHLFE 0x2)
> >
> > Now bind FEC 192.168.1.0/24 to NHLFE 0x4
> >
> >     ip route add 192.168.1.0/24 dev eth0 spec_nh 0x8847 0x4
> >
> > Now use iptables to mark the nfmark based on traffic type
> >
> >     iptables -t mangle -A POSTROUTING -p tcp --dport 21 -j MARK --set-mark
> > 1
> >
> > Because of the FEC binding (ip route command) all packets destined to
> > host2 will be sent on NHLFE 0x4.  As packets leave the IPv4 stack, if they
> > match the iptables rule, they will have there nfmark set to 1 otherwise
> > they have the default nfmark or 0.
> >
> > In NHLFE 0x4 we look at the nfmark, if the packets are not marked
> > (nfmark = 0) then they will be forwarded on NHLFE 0x3 if they have a
> > nfmark = 1 are fowarded on NHLFE 0x2.
> >
> > --
> > James R. Leu
> > jl...@mi...
> >
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

-- 
James R. Leu
jl...@mi...

Re: [mpls-linux-general] next samples

[<bla...@in...>]

i've got this when i run dmesg on LER D:

MPLS mpls_skb_dump: from eth1 with len 88 (1708)headroom=30 tailroom=1418
00000000000000000000000000000000*fefd0a780503fefd0a7805028847{#|0004913d45000054000240003f01b952c0a80002c0a801020800057d9c000200413f2386000404b608090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363700}
MPLS DEBUG net/mpls/mpls_input.c:60:mpls_input: enter
MPLS DEBUG net/mpls/mpls_input.c:74:mpls_input:
labelspace=0,label=73,exp=0,B.O.S=1,TTL=61
MPLS DEBUG include/net/mpls.h:662:mpls_ilm_hold: gen:73:0-0x00049001-get 2
MPLS DEBUG net/mpls/mpls_input.c:95:mpls_input: opcode POP
MPLS DEBUG net/mpls/mpls_input.c:95:mpls_input: opcode PEEK
MPLS DEBUG include/net/mpls.h:673:mpls_ilm_release: gen:73:0-0x00049001-put 2
MPLS DEBUG net/mpls/mpls_opcode.c:59:mpls_finish: enter
MPLS DEBUG net/mpls/mpls_opcode.c:72:mpls_finish: exit
MPLS DEBUG net/mpls/mpls_input.c:168:mpls_input: delivering
MPLS DEBUG net/mpls/mpls_input.c:272:mpls_skb_recv: exit(1)

[mpls-linux-general] -- debian --

[Arturo N. <jua...@ic...>]

Hello:

	Does anyone have debian packages from the code ?

Thanks,

Best Regards,
-- 
---------------------------------------------------------------------
J. Arturo Nunez                       |
Intelligent Systems and Networks      |
Electrical and Electronic Engineering | " Audentes Fortuna Juvat "
Imperial College                      | 
London UK      	                      |
+44 (20) 7594 6218 (O)		      |                  Virgil
---------------------------------------------------------------------