Thread: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
mpls-linux-general
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 10:04:59
Attachments:
strace.txt
|
Hello, I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER. I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case. In that case the steps are: 1- mapping DSCP on EXP bits of mpls header 2- mapping EXP on the tcindex (scheduling strategy) In the script by Adrian Popa there are the following commands: var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26` iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1 the iptables command answers to me: iptables: Invalid argument I've attached also the result of the command: strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02 (0x02 is the previously generated key) I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables... Could you please help me? Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible? Thanks in advance, Luca |
|
From: Adrian P. <adr...@gm...> - 2008-04-22 10:41:15
|
Hello Luca, I have a question about your iptables install: did you install the iptables that came with mpls-linux? I may be wrong, but I seem to remember that you had to load a module for mpls target support for iptables, but I don't remember its name (this if it isn't compiled statically in the kernel). Do a lsmod and post the output. I don't remember the syntax of the mpls command, (do a mpls -h) but if there is an option DSCP-to-TCINDEX, than you can map DSCP directly to TCINDEX, without the need to use EXP. But please note that you would be able to use the scheduling strategy only on the input LER, since the mapping is done only here. Good luck, Adrian On Tue, Apr 22, 2008 at 12:08 PM, luc...@li... <luc...@li...> wrote: > Hello, > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at > the source and using scheduling strategies at the LER. > I tried to follow the mpls-linux labs for congestion, in which I found > something similar to my case. > In that case the steps are: > 1- mapping DSCP on EXP bits of mpls header > 2- mapping EXP on the tcindex (scheduling strategy) > > In the script by Adrian Popa there are the following commands: > > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc > 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26` > > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe > $var_best1 > > the iptables command answers to me: > iptables: Invalid argument > > I've attached also the result of the command: > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls > --nhlfe 0x02 > > (0x02 is the previously generated key) > > I don't understand where's the problem: I've followed the example and it > seems that the problem is in in the -j target of iptables... > Could you please help me? > > > Actually what I'd like to do is quite simpler: it would be enough to > simply give a different mpls label to every class and then associate each > label (flow) with a scheduling strategy, without marking exp bits...is it > possible? > Thanks in advance, > Luca > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > |
|
From: Adrian P. <adr...@gm...> - 2008-04-22 10:57:22
|
Silly me...
>From the output you provided I can clearly see that it loads the module:
open("/lib/iptables/*libipt_mpls.so*", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
So the module is not the problem... But I can't tell what the problem would
be...
Hmm... Quick question: is selinux enabled? Do a dmesg | grep -i selinux
Cheers,
Adrian
On Tue, Apr 22, 2008 at 12:08 PM, luc...@li... <luc...@li...>
wrote:
> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at
> the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
>
> In the script by Adrian Popa there are the following commands:
>
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc
> 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
>
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe
> $var_best1
>
> the iptables command answers to me:
> iptables: Invalid argument
>
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
>
> (0x02 is the previously generated key)
>
> I don't understand where's the problem: I've followed the example and it
> seems that the problem is in in the -j target of iptables...
> Could you please help me?
>
>
> Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> Thanks in advance,
> Luca
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>
|
|
From: James R. L. <jl...@mi...> - 2008-04-22 13:07:50
|
If I remember correctly the MPLS target should only be used
in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
>
> In the script by Adrian Popa there are the following commands:
>
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
>
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
>
> the iptables command answers to me:
> iptables: Invalid argument
>
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
>
> (0x02 is the previously generated key)
>
> I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> Could you please help me?
>
>
> Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> Thanks in advance,
> Luca
>
>
> execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> brk(0) = 0x9b60000
> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> close(3) = 0
> open("/lib/libdl.so.2", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> close(3) = 0
> open("/lib/libselinux.so.1", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> close(3) = 0
> open("/lib/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> close(3) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> mprotect(0x87d000, 4096, PROT_READ) = 0
> mprotect(0x872000, 8192, PROT_READ) = 0
> mprotect(0x71b000, 4096, PROT_READ) = 0
> munmap(0xb7fe2000, 85989) = 0
> brk(0) = 0x9b60000
> brk(0x9b81000) = 0x9b81000
> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "\n# This file controls the state "..., 4096) = 500
> read(3, "", 4096) = 0
> close(3) = 0
> munmap(0xb7ff6000, 4096) = 0
> statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> read(3, "", 1024) = 0
> close(3) = 0
> munmap(0xb7ff6000, 4096) = 0
> open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> close(3) = 0
> open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> close(3) = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> ) = 27
> exit_group(1) = ?
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
--
James R. Leu
jl...@mi...
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X