Thread: [mpls-linux-general] help: how to ssh to mpls machine?
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
mpls-linux-general
|
From: mu w <mu...@gm...> - 2005-03-12 16:39:44
|
(ssh to non-mpls machines via mpls net works) -- one more time
OK the previous email didn't get through...please forgive me for reposting.
Hi James and all...
I built an mpls network using static label switched path, by using mpls
nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything
works fine except I cannot ssh to an mpls machine.
The following figure show my network
ulm1--ulm2---ulm3----ulm4
ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.
ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot
ssh to ulm3. ping to ulm3 is okay.
Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but
the connection was reset after a while.
Is ssh to ulm3 possible? If yes how to setup?
I have seen question on ftp and ssh questions in the archive but can't
find any answers. Any help and pointer are appreciated.
Also, is there a more detailed manual for the mpls command in (uname -a
= 2.6.9-1.6_FC2mpls_1_946)?
|
|
From: James R. L. <jl...@mi...> - 2005-03-13 01:43:01
|
Can you ssh to the machine in question when MPLS is not enabled in the network? What are the exact commands you issuesd on all of machines in your diagram? What is the MTU of the link between ulm2 and ulm3? On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > (ssh to non-mpls machines via mpls net works) -- one more time >=20 > OK the previous email didn't get through...please forgive me for repostin= g. >=20 > Hi James and all... >=20 > I built an mpls network using static label switched path, by using mpls= =20 > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything=20 > works fine except I cannot ssh to an mpls machine. > The following figure show my network > =20 > ulm1--ulm2---ulm3----ulm4=20 > =20 > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.=20 > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot=20 > ssh to ulm3. ping to ulm3 is okay. >=20 > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but=20 > the connection was reset after a while. >=20 > Is ssh to ulm3 possible? If yes how to setup? >=20 > I have seen question on ftp and ssh questions in the archive but can't=20 > find any answers. Any help and pointer are appreciated. >=20 > Also, is there a more detailed manual for the mpls command in (uname -a= =20 > =3D 2.6.9-1.6_FC2mpls_1_946)? =20 Not written yet, but you can issue 'mpls help' and it will give you command line syntax. > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general --=20 James R. Leu jl...@mi... |
|
From: mu w <mu...@gm...> - 2005-03-13 04:21:30
|
Thanks for taking the time to reply, James.
Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and
ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls
nhlfe show`. The set up commands for mpls:
outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe
change key KEY_PREVIOUSLY_GENERATED ...
incoming labels on both interfaces: mpls labelspace add dev DEV
labelspace 0/mpls ilm add label gen LABEL(match with incoming label)
labelspace 0
(Do I need to use xc?
But ping works Okay, all request and reply are mpls enabled -- I see the
mpls bits in ethereal and tcpdump)
If I use 'telnet ulm3 22', I see the initial response:
Connected to 192.168.25.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p2
I have done some more testing with ethereal and tcpdump. In one of the
ethereal outputs, I can see the three-way handshake is complete,
then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal
says "Header length: 16 bytes (bogus, must be at least 20)" shown below:
[frames 2,3,4, threeway handshake, no problem]
Frame 5 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
(1139), Seq: 0
Source port: ssh (22)
Destination port: 1139 (1139)
Sequence number: 0
Header length: 16 bytes (bogus, must be at least 20)
Frame 6 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
(1139), Seq: 0
Source port: ssh (22)
Destination port: 1139 (1139)
Sequence number: 0
Header length: 16 bytes (bogus, must be at least 20)
...
From some tcpdump output, it looks like the checksum sometimes goes bad
-- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output.
Thanks,
morris
`tcp -xvp -i eth0` output
11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6,
length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok]
3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081
0,nop,wscale 2>
0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@...
0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;.
0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O......
0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z..........
11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6,
length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok]
2832248515:2832248515(0) ack 3559799761 win 5792 <mss
1460,sackOK,timestamp 153217841 89820081,nop,wscale 2>
0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r....
0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;.............
0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z......
11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6,
length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1
win 1460 <nop,nop,timestamp 89820083 153217841>
0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@...
0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;.
0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8......
0x0030: 055a 8bb3 0921 eb31 .Z...!.1
11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792
(->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]>
0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq..........
0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a
11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum
a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]>
0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M`
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b...........
0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792
(->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]>
0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a...........
0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum
a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0
0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]...........
0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none],
proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello
(1), length: 48
Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type:
none (0)
Options: [External]
Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1
Designated Router 192.168.25.2, Backup Designated Router
192.168.25.1
Neighbor List:
192.168.88.2
0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#....
0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d
0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V...............
0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........
0x0040: c0a8 5802
=======================================
From: James R. Leu <jleu@mi...>
* Re: help: how to ssh to mpls machine?*
<http://sourceforge.net/mailarchive/message.php?msg_id=11144914>
2005-03-12 17:43
Can you ssh to the machine in question when MPLS is not enabled
in the network? What are the exact commands you issuesd on all of machines
in your diagram? What is the MTU of the link between ulm2 and ulm3?
On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote:
> (ssh to non-mpls machines via mpls net works) -- one more time
>
> OK the previous email didn"t get through...please forgive me for reposting.
>
> Hi James and all...
>
> I built an mpls network using static label switched path, by using mpls
> nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything
> works fine except I cannot ssh to an mpls machine.
> The following figure show my network
>
> ulm1--ulm2---ulm3----ulm4
>
> ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.
> ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot
> ssh to ulm3. ping to ulm3 is okay.
>
> Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but
> the connection was reset after a while.
>
> Is ssh to ulm3 possible? If yes how to setup?
>
> I have seen question on ftp and ssh questions in the archive but can"t
> find any answers. Any help and pointer are appreciated.
>
> Also, is there a more detailed manual for the mpls command in (uname -a
> = 2.6.9-1.6_FC2mpls_1_946)?
Not written yet, but you can issue "mpls help" and it will give you
command line syntax.
|
|
From: mu w <mu...@gm...> - 2005-03-13 04:49:57
|
Thanks for taking the time to reply, James.
Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and
ulm3 are 1500 (showed by `ip link or ip add`) and 1496 shown by `mpls
nhlfe show`. The set up commands for mpls:
in ulm2 and ulm3 ---
outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe
change key KEY_PREVIOUSLY_GENERATED ...
incoming labels on both interfaces: mpls labelspace add dev DEV
labelspace 0/mpls ilm add label gen LABEL(match with incoming label)
labelspace 0
(Do I need to use xc?
But ping works Okay, all request and reply are mpls enabled -- I see the
mpls bits in ethereal and tcpdump)
in ulm1 and ulm4 --
outgoing label and incoming label setup on the interface connected to
the ulm2 and ulm3...
If I use 'telnet ulm3 22', I see the initial response:
Connected to 192.168.25.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p2
I have done some more testing with ethereal and tcpdump. In one of the
ethereal outputs, I can see the three-way handshake is complete,
then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal
says "Header length: 16 bytes (bogus, must be at least 20)" shown below:
[frames 2,3,4, threeway handshake, no problem]
Frame 5 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
(1139), Seq: 0
Source port: ssh (22)
Destination port: 1139 (1139)
Sequence number: 0
Header length: 16 bytes (bogus, must be at least 20)
Frame 6 (95 bytes on wire, 95 bytes captured)
Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40
MultiProtocol Label Switching Header
Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:
192.168.25.1 (192.168.25.1)
Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139
(1139), Seq: 0
Source port: ssh (22)
Destination port: 1139 (1139)
Sequence number: 0
Header length: 16 bytes (bogus, must be at least 20)
...
From some tcpdump output, it looks like the checksum sometimes goes bad
-- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output.
Thanks,
morris
`tcp -xvp -i eth0` output
11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6,
length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok]
3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081
0,nop,wscale 2>
0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@...
0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;.
0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O......
0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z..........
11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6,
length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok]
2832248515:2832248515(0) ack 3559799761 win 5792 <mss
1460,sackOK,timestamp 153217841 89820081,nop,wscale 2>
0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r....
0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;.............
0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z......
11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6,
length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1
win 1460 <nop,nop,timestamp 89820083 153217841>
0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@...
0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;.
0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8......
0x0030: 055a 8bb3 0921 eb31 .Z...!.1
11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792
(->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]>
0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq..........
0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a
11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum
a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad
opt]>
0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M`
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b...........
0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792
(->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]>
0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a...........
0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64)
IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6,
length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum
a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0
0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\
0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r....
0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]...........
0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99
0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2
0x0050: 0a .
11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none],
proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello
(1), length: 48
Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type:
none (0)
Options: [External]
Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1
Designated Router 192.168.25.2, Backup Designated Router
192.168.25.1
Neighbor List:
192.168.88.2
0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#....
0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d
0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V...............
0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........
0x0040: c0a8 5802
....
=======================================
From: James R. Leu <jleu@mi...>
* Re: help: how to ssh to mpls machine?*
<http://sourceforge.net/mailarchive/message.php?msg_id=11144914>
2005-03-12 17:43
Can you ssh to the machine in question when MPLS is not enabled
in the network? What are the exact commands you issuesd on all of machines
in your diagram? What is the MTU of the link between ulm2 and ulm3?
On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote:
> (ssh to non-mpls machines via mpls net works) -- one more time
> > OK the previous email didn"t get through...please forgive me for
reposting.
> > Hi James and all...
> > I built an mpls network using static label switched path, by using
mpls > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946).
Everything > works fine except I cannot ssh to an mpls machine.
> The following figure show my network
> > ulm1--ulm2---ulm3----ulm4 > > ulm2 and
ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts. > ulm1 can
ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot > ssh to
ulm3. ping to ulm3 is okay.
> > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff
but > the connection was reset after a while.
> > Is ssh to ulm3 possible? If yes how to setup?
> > I have seen question on ftp and ssh questions in the archive but
can"t > find any answers. Any help and pointer are appreciated.
> > Also, is there a more detailed manual for the mpls command in
(uname -a > = 2.6.9-1.6_FC2mpls_1_946)?
Not written yet, but you can issue "mpls help" and it will give you
command line syntax.
>
|
|
From: James R. L. <jl...@mi...> - 2005-03-14 19:36:01
|
On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: >=20 > Thanks for taking the time to reply, James. Are you using TCP offload cards? Did you compiling your own kernel or did you use an RPM? > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and= =20 > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls=20 > nhlfe show`. The set up commands for mpls: Try setting the advmss on the routes for you ingress/egress. How are you setting up the routes on ingress egress? >=20 > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe=20 > change key KEY_PREVIOUSLY_GENERATED ... > incoming labels on both interfaces: mpls labelspace add dev DEV=20 > labelspace 0/mpls ilm add label gen LABEL(match with incoming label)=20 > labelspace 0 > (Do I need to use xc?= =20 > But ping works Okay, all request and reply are mpls enabled -- I see the= =20 > mpls bits in ethereal and tcpdump) Are any of your devices just a LSR, ie it should only see labeled packets? If so then yes, otherwise no :-) > If I use 'telnet ulm3 22', I see the initial response: > Connected to 192.168.25.1. > Escape character is '^]'. > SSH-1.99-OpenSSH_3.6.1p2 >=20 > I have done some more testing with ethereal and tcpdump. In one of the=20 > ethereal outputs, I can see the three-way handshake is complete, =20 > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal=20 > says "Header length: 16 bytes (bogus, must be at least 20)" shown below: Can you capture the same packet on the IP only link and then the MPLS link and do a full HEX dump of it and send it to the mailing list? > [frames 2,3,4, threeway handshake, no problem] > Frame 5 (95 bytes on wire, 95 bytes captured) > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > MultiProtocol Label Switching Header > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:=20 > 192.168.25.1 (192.168.25.1) > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139=20 > (1139), Seq: 0 > Source port: ssh (22) > Destination port: 1139 (1139) > Sequence number: 0 > Header length: 16 bytes (bogus, must be at least 20) >=20 > Frame 6 (95 bytes on wire, 95 bytes captured) > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > MultiProtocol Label Switching Header > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr:=20 > 192.168.25.1 (192.168.25.1) > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139=20 > (1139), Seq: 0 > Source port: ssh (22) > Destination port: 1139 (1139) > Sequence number: 0 > Header length: 16 bytes (bogus, must be at least 20) > ... >=20 >=20 > From some tcpdump output, it looks like the checksum sometimes goes bad= =20 > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. >=20 > Thanks, > morris >=20 > `tcp -xvp -i eth0` output >=20 > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6,=20 > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok]=20 > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081=20 > 0,nop,wscale 2> > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@... > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;. > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O...... > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z.......... > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6,=20 > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok]=20 > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss=20 > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r.... > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;............. > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z...... > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6,=20 > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1=20 > win 1460 <nop,nop,timestamp 89820083 153217841> > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@... > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;. > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8...... > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792= =20 > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq.......... > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum=20 > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad op= t]> > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M` > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b........... > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792= =20 > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^ > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a........... > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6,=20 > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum=20 > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\ > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]........... > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > 0x0050: 0a . > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none],= =20 > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello=20 > (1), length: 48 > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type:=20 > none (0) > Options: [External] > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority:= 1 > Designated Router 192.168.25.2, Backup Designated Router=20 > 192.168.25.1 > Neighbor List: > 192.168.88.2 > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#.... > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V............... > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........ > 0x0040: c0a8 5802 =20 >=20 >=20 >=20 >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > From: James R. Leu <jleu@mi...> > * Re: help: how to ssh to mpls machine?*=20 > <http://sourceforge.net/mailarchive/message.php?msg_id=3D11144914> =20 > 2005-03-12 17:43 >=20 >=20 >=20 >=20 > Can you ssh to the machine in question when MPLS is not enabled > in the network? What are the exact commands you issuesd on all of machin= es > in your diagram? What is the MTU of the link between ulm2 and ulm3? >=20 > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > (ssh to non-mpls machines via mpls net works) -- one more time > >=20 > > OK the previous email didn"t get through...please forgive me for=20 > reposting. > >=20 > > Hi James and all... > >=20 > > I built an mpls network using static label switched path, by using mpl= s=20 > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything=20 > > works fine except I cannot ssh to an mpls machine. > > The following figure show my network > > =20 > > ulm1--ulm2---ulm3----ulm4=20 > > =20 > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts.= =20 > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot= =20 > > ssh to ulm3. ping to ulm3 is okay. > >=20 > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but= =20 > > the connection was reset after a while. > >=20 > > Is ssh to ulm3 possible? If yes how to setup? > >=20 > > I have seen question on ftp and ssh questions in the archive but can"t= =20 > > find any answers. Any help and pointer are appreciated. > >=20 > > Also, is there a more detailed manual for the mpls command in (uname -a= =20 > > =3D 2.6.9-1.6_FC2mpls_1_946)? =20 >=20 > Not written yet, but you can issue "mpls help" and it will give you > command line syntax. >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general --=20 James R. Leu jl...@mi... |
|
From: mu2000 <mu...@gm...> - 2005-03-15 01:40:43
|
On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote: > Are you using TCP offload cards? Did you compiling your own kernel > or did you use an RPM? I use RPMs you put in http://mpls-linux.sourceforge.net/: kernel iproute2 iptables quagga on Fedora Core 2 > Try setting the advmss on the routes for you ingress/egress. Not too sure how to do this, would appreciate some hints and/or pointers. > How are you setting up the routes on ingress egress? eth1 eth0 ipnet--ulm1 -------ulm2 -- ulm3 -- ulm4 -- ipnet ulm1 is ingress (also engress, right?), only setup mpls for eth1, the interface card connecting to ulm2 (mpls nhlfe/ilm) and routes (mpls msp: route NET via IP spec_nh 0x8847 KEY) for ip of eth0 interface in ulm 2, ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet for the egress ulm4, only setup mpls for the interface connecting to ulm3, and routes to the other direction (route NET via IP spec_nh 0x8847 KEY, for ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet) The thing is, ping to ulm2/ulm3/ulm4 all works (with mpls labels) but TCP gets stuck after three-way handshake (because of the "bad tcp checksum a792 (->59c2)!"?). but TCP to the ip net works fine (traffic in the mpls network all labelled) I'll try to capture the normal traffic and send it the list. Thanks, morris On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote: > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: > > > > Thanks for taking the time to reply, James. > > Are you using TCP offload cards? Did you compiling your own kernel > or did you use an RPM? > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls > > nhlfe show`. The set up commands for mpls: > > Try setting the advmss on the routes for you ingress/egress. > How are you setting up the routes on ingress egress? > > > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe > > change key KEY_PREVIOUSLY_GENERATED ... > > incoming labels on both interfaces: mpls labelspace add dev DEV > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label) > > labelspace 0 > > (Do I need to use xc? > > But ping works Okay, all request and reply are mpls enabled -- I see the > > mpls bits in ethereal and tcpdump) > > Are any of your devices just a LSR, ie it should only see labeled packets? > If so then yes, otherwise no :-) > > > If I use 'telnet ulm3 22', I see the initial response: > > Connected to 192.168.25.1. > > Escape character is '^]'. > > SSH-1.99-OpenSSH_3.6.1p2 > > > > I have done some more testing with ethereal and tcpdump. In one of the > > ethereal outputs, I can see the three-way handshake is complete, > > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal > > says "Header length: 16 bytes (bogus, must be at least 20)" shown below: > > Can you capture the same packet on the IP only link and then the > MPLS link and do a full HEX dump of it and send it to the mailing list? > > > [frames 2,3,4, threeway handshake, no problem] > > Frame 5 (95 bytes on wire, 95 bytes captured) > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > MultiProtocol Label Switching Header > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > 192.168.25.1 (192.168.25.1) > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > (1139), Seq: 0 > > Source port: ssh (22) > > Destination port: 1139 (1139) > > Sequence number: 0 > > Header length: 16 bytes (bogus, must be at least 20) > > > > Frame 6 (95 bytes on wire, 95 bytes captured) > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > MultiProtocol Label Switching Header > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > 192.168.25.1 (192.168.25.1) > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > (1139), Seq: 0 > > Source port: ssh (22) > > Destination port: 1139 (1139) > > Sequence number: 0 > > Header length: 16 bytes (bogus, must be at least 20) > > ... > > > > > > From some tcpdump output, it looks like the checksum sometimes goes bad > > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. > > > > Thanks, > > morris > > > > `tcp -xvp -i eth0` output > > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6, > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 > > 0,nop,wscale 2> > > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@... > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;. > > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O...... > > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z.......... > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r.... > > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;............. > > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z...... > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6, > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 > > win 1460 <nop,nop,timestamp 89820083 153217841> > > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@... > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;. > > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8...... > > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792 > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq.......... > > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M` > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b........... > > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792 > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^ > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a........... > > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6, > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\ > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]........... > > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > 0x0050: 0a . > > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none], > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello > > (1), length: 48 > > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: > > none (0) > > Options: [External] > > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1 > > Designated Router 192.168.25.2, Backup Designated Router > > 192.168.25.1 > > Neighbor List: > > 192.168.88.2 > > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#.... > > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d > > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V............... > > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........ > > 0x0040: c0a8 5802 > > > > > > > > > > ======================================= > > From: James R. Leu <jleu@mi...> > > * Re: help: how to ssh to mpls machine?* > > <http://sourceforge.net/mailarchive/message.php?msg_id=11144914> > > 2005-03-12 17:43 > > > > > > > > > > Can you ssh to the machine in question when MPLS is not enabled > > in the network? What are the exact commands you issuesd on all of machines > > in your diagram? What is the MTU of the link between ulm2 and ulm3? > > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > > (ssh to non-mpls machines via mpls net works) -- one more time > > > > > > OK the previous email didn"t get through...please forgive me for > > reposting. > > > > > > Hi James and all... > > > > > > I built an mpls network using static label switched path, by using mpls > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything > > > works fine except I cannot ssh to an mpls machine. > > > The following figure show my network > > > > > > ulm1--ulm2---ulm3----ulm4 > > > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts. > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot > > > ssh to ulm3. ping to ulm3 is okay. > > > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but > > > the connection was reset after a while. > > > > > > Is ssh to ulm3 possible? If yes how to setup? > > > > > > I have seen question on ftp and ssh questions in the archive but can"t > > > find any answers. Any help and pointer are appreciated. > > > > > > Also, is there a more detailed manual for the mpls command in (uname -a > > > = 2.6.9-1.6_FC2mpls_1_946)? > > > > Not written yet, but you can issue "mpls help" and it will give you > > command line syntax. > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > mpls-linux-general mailing list > > mpl...@li... > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > -- > James R. Leu > jl...@mi... > > > |
|
From: James R. L. <jl...@mi...> - 2005-03-15 02:25:30
|
On Tue, Mar 15, 2005 at 09:40:31AM +0800, mu2000 wrote: > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wr= ote: >=20 > > Are you using TCP offload cards? Did you compiling your own kernel > > or did you use an RPM? >=20 > I use RPMs you put in http://mpls-linux.sourceforge.net/: kernel > iproute2 iptables quagga on Fedora Core 2 >=20 > > Try setting the advmss on the routes for you ingress/egress. > Not too sure how to do this, would appreciate some hints and/or pointers. >=20 > > How are you setting up the routes on ingress egress? > eth1 eth0 > ipnet--ulm1 -------ulm2 -- ulm3 -- ulm4 -- ipnet >=20 > ulm1 is ingress (also engress, right?), only setup mpls for eth1, the > interface card connecting to ulm2 (mpls nhlfe/ilm) and routes (mpls > msp: route NET via IP spec_nh 0x8847 KEY) for ip of eth0 interface in > ulm 2, ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet >=20 > for the egress ulm4, only setup mpls for the interface connecting to > ulm3, and routes to the other direction (route NET via IP spec_nh > 0x8847 KEY, for ulm2/ulm3 subnet, ulm3/ulm4 subnet and ipnet) >=20 > The thing is, ping to ulm2/ulm3/ulm4 all works (with mpls labels) but > TCP gets stuck after three-way handshake (because of the "bad tcp > checksum a792 (->59c2)!"?). but TCP to the ip net works fine (traffic > in the mpls network all labelled) I'm going to add some numbers to the drawing above and then create the full set of commands that you will need to issue. You should be able to extrapolate from that. 1.1.1.0/24 3.3.1.0/24 3.3.2.0/24 3.3.3.0/24 2.2.2.0/24 .1 .2 .1 .2 .1 .2 .1 .2 .1 .2 e1 e2 e1 e2 e1 e2 e1 e2 e1 e2 L0 L1 L2 L3 L4 |A|--------|ulm1|--------|ulm2|--------|ulm3|--------|ulm4|--------|B| -----1000----X-----1100----X-----1200----> <----2000----X-----2100----X-----2200----- 'X' denotes label swap A ----- ip route add 2.2.2.0/24 via 1.1.1.2 advmss 1400 ulm1 ---- mpls nhlfe add key 0 instructions push gen 1000 nexthop eth1 ipv4 3.3.1.2 (key 0x2) ip route add 2.2.2.0/24 via 3.3.1.2 spec_nh 0x8847 0x2 advmss 1400 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2000 labelspace 0 ulm2 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1000 labelspace 0 mpls nhlfe add key 0 instructions push gen 1100 nexthop eth1 ipv4 3.3.2.2 (key 0x2) mpls xc add ilm_label gen 1000 ilm_labelspace 0 nhlfe key 0x2 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2100 labelspace 0 mpls nhlfe add key 0 instructions push gen 2000 nexthop eth2 ipv4 3.3.1.1 (key 0x3) mpls xc add ilm_label gen 2100 ilm_labelspace 0 nhlfe key 0x3 ulm3 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1100 labelspace 0 mpls nhlfe add key 0 instructions push gen 1200 nexthop eth1 ipv4 3.3.3.2 (key 0x2) mpls xc add ilm_label gen 1100 ilm_labelspace 0 nhlfe key 0x2 mpls labelspace add dev eth1 labelspace 0 mpls ilm add label gen 2200 labelspace 0 mpls nhlfe add key 0 instructions push gen 2100 nexthop eth2 ipv4 3.3.2.1 (key 0x3) mpls xc add ilm_label gen 2200 ilm_labelspace 0 nhlfe key 0x3 ulm4 ---- mpls labelspace add dev eth2 labelspace 0 mpls ilm add label gen 1200 labelspace 0 mpls nhlfe add key 0 instructions push gen 2200 nexthop eth2 ipv4 3.3.3.1 (key 0x3) ip route add 1.1.1.0/24 via 3.3.3.1 spec_nh 0x8847 0x3 advmss 1400 B ----- ip route add 1.1.1.0/24 via 2.2.2.1 advmss 1400 If you have ethernet cards which can support jumbo frames then you can remove the advmss part and increase the MTU on L1,L2,L3 to 9000 Note that I did not add any routes IP routes to ulm2 or ulm3, and only the 1.1.1.0/24 and 2.2.2.0/24 routes to ulm4 and ulm1 (respectivly). > I'll try to capture the normal traffic and send it the list. Just make sure you don't waste time, I'd like to see that same packet as is moves from L0 to L1 or from L3 to L4. >=20 > Thanks, > morris >=20 >=20 > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wr= ote: >=20 > > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: > > > > > > Thanks for taking the time to reply, James. > >=20 > > Are you using TCP offload cards? Did you compiling your own kernel > > or did you use an RPM? > >=20 > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 = and > > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls > > > nhlfe show`. The set up commands for mpls: > >=20 > > Try setting the advmss on the routes for you ingress/egress. > > How are you setting up the routes on ingress egress? > >=20 > > > > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe > > > change key KEY_PREVIOUSLY_GENERATED ... > > > incoming labels on both interfaces: mpls labelspace add dev DEV > > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label) > > > labelspace 0 > > > (Do I need to use x= c? > > > But ping works Okay, all request and reply are mpls enabled -- I see = the > > > mpls bits in ethereal and tcpdump) > >=20 > > Are any of your devices just a LSR, ie it should only see labeled packe= ts? > > If so then yes, otherwise no :-) > >=20 > > > If I use 'telnet ulm3 22', I see the initial response: > > > Connected to 192.168.25.1. > > > Escape character is '^]'. > > > SSH-1.99-OpenSSH_3.6.1p2 > > > > > > I have done some more testing with ethereal and tcpdump. In one of the > > > ethereal outputs, I can see the three-way handshake is complete, > > > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal > > > says "Header length: 16 bytes (bogus, must be at least 20)" shown bel= ow: > >=20 > > Can you capture the same packet on the IP only link and then the > > MPLS link and do a full HEX dump of it and send it to the mailing list? > >=20 > > > [frames 2,3,4, threeway handshake, no problem] > > > Frame 5 (95 bytes on wire, 95 bytes captured) > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > MultiProtocol Label Switching Header > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > 192.168.25.1 (192.168.25.1) > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > (1139), Seq: 0 > > > Source port: ssh (22) > > > Destination port: 1139 (1139) > > > Sequence number: 0 > > > Header length: 16 bytes (bogus, must be at least 20) > > > > > > Frame 6 (95 bytes on wire, 95 bytes captured) > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > MultiProtocol Label Switching Header > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > 192.168.25.1 (192.168.25.1) > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > (1139), Seq: 0 > > > Source port: ssh (22) > > > Destination port: 1139 (1139) > > > Sequence number: 0 > > > Header length: 16 bytes (bogus, must be at least 20) > > > ... > > > > > > > > > From some tcpdump output, it looks like the checksum sometimes goes b= ad > > > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. > > > > > > Thanks, > > > morris > > > > > > `tcp -xvp -i eth0` output > > > > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6, > > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] > > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 > > > 0,nop,wscale 2> > > > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.= @... > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r..= ..;. > > > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O..= .... > > > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z......= .... > > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, > > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] > > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss > > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > > > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.= @..i > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r= .... > > > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;.........= .... > > > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z..= .... > > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6, > > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 > > > win 1460 <nop,nop,timestamp 89820083 153217841> > > > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.= @... > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r..= ..;. > > > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8..= .... > > > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a= 792 > > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > > > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.= @.Mb > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq......= .... > > > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a > > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum > > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[ba= d opt]> > > > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.= @.M` > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b.......= .... > > > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a= 792 > > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > > > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.= @.M^ > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a.......= .... > > > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > > > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6, > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum > > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > > > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.= @.M\ > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r= .... > > > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.].......= .... > > > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-= 1.99 > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6= .1p2 > > > 0x0050: 0a . > > > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [non= e], > > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello > > > (1), length: 48 > > > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: > > > none (0) > > > Options: [External] > > > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Prior= ity: 1 > > > Designated Router 192.168.25.2, Backup Designated Router > > > 192.168.25.1 > > > Neighbor List: > > > 192.168.88.2 > > > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#= .... > > > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0....= ...d > > > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V...........= .... > > > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(....= .... > > > 0x0040: c0a8 5802 > > > > > > > > > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > From: James R. Leu <jleu@mi...> > > > * Re: help: how to ssh to mpls machine?* > > > <http://sourceforge.net/mailarchive/message.php?msg_id=3D11144914> > > > 2005-03-12 17:43 > > > > > > > > > > > > > > > Can you ssh to the machine in question when MPLS is not enabled > > > in the network? What are the exact commands you issuesd on all of ma= chines > > > in your diagram? What is the MTU of the link between ulm2 and ulm3? > > > > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > > > (ssh to non-mpls machines via mpls net works) -- one more time > > > > > > > > OK the previous email didn"t get through...please forgive me for > > > reposting. > > > > > > > > Hi James and all... > > > > > > > > I built an mpls network using static label switched path, by using= mpls > > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything > > > > works fine except I cannot ssh to an mpls machine. > > > > The following figure show my network > > > > > > > > ulm1--ulm2---ulm3----ulm4 > > > > > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hos= ts. > > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but can= not > > > > ssh to ulm3. ping to ulm3 is okay. > > > > > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff b= ut > > > > the connection was reset after a while. > > > > > > > > Is ssh to ulm3 possible? If yes how to setup? > > > > > > > > I have seen question on ftp and ssh questions in the archive but ca= n"t > > > > find any answers. Any help and pointer are appreciated. > > > > > > > > Also, is there a more detailed manual for the mpls command in (unam= e -a > > > > =3D 2.6.9-1.6_FC2mpls_1_946)? > > > > > > Not written yet, but you can issue "mpls help" and it will give you > > > command line syntax. > > > > > > > > > > > > > > > ------------------------------------------------------- > > > SF email is sponsored by - The IT Product Guide > > > Read honest & candid reviews on hundreds of IT Products from real use= rs. > > > Discover which products truly live up to the hype. Start reading now. > > > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > > > _______________________________________________ > > > mpls-linux-general mailing list > > > mpl...@li... > > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > >=20 > > -- > > James R. Leu > > jl...@mi... > >=20 > >=20 > > >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&alloc_id=3D14396&op=3Dclick > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general --=20 James R. Leu jl...@mi... |
|
From: mu2000 <mu...@gm...> - 2005-03-28 12:24:22
|
Thanks a lot for the detailed setup example. The problem still remains though, namely, A ssh to ulm1, ulm2 ulm3, etc. is Okay. But ulm1 cannot ssh to ulm2, ulm1 cannot ssh to ulm2, ulm2 cannot ssh to ulm3, etc. The same problem occurs whether I have setup the LSP from ulm4 to ulm1 or not. ssh among the A, ulm1, ulm2, ulm3, ulm4 and B has no problem without mpls. Not really crucial to my mpls network. But I still would like to know why this happens. Any hint appreciated. Also the throughput of the mpls network is really slow (a few k in a 10M ethernet, a few M in a 100M ethernet, with mpls debug in all PC turned off), tested with netperf and meansured traffic (tg (a traffic generator) and tcpdump/tcptrace). Thanks a lot for the nice work in any case. morris On Mon, 14 Mar 2005 20:26:17 -0600, James R. Leu <jl...@mi...> wrote: > > I'm going to add some numbers to the drawing above and then create the > full set of commands that you will need to issue. You should be able to > extrapolate from that. > > 1.1.1.0/24 3.3.1.0/24 3.3.2.0/24 3.3.3.0/24 2.2.2.0/24 > .1 .2 .1 .2 .1 .2 .1 .2 .1 .2 > e1 e2 e1 e2 e1 e2 e1 e2 e1 e2 > L0 L1 L2 L3 L4 > |A|--------|ulm1|--------|ulm2|--------|ulm3|--------|ulm4|--------|B| > -----1000----X-----1100----X-----1200----> > <----2000----X-----2100----X-----2200----- > > 'X' denotes label swap > > A > ----- > ip route add 2.2.2.0/24 via 1.1.1.2 advmss 1400 > > ulm1 > ---- > mpls nhlfe add key 0 instructions push gen 1000 nexthop eth1 ipv4 3.3.1.2 > (key 0x2) > ip route add 2.2.2.0/24 via 3.3.1.2 spec_nh 0x8847 0x2 advmss 1400 > > mpls labelspace add dev eth1 labelspace 0 > mpls ilm add label gen 2000 labelspace 0 > > ulm2 > ---- > mpls labelspace add dev eth2 labelspace 0 > mpls ilm add label gen 1000 labelspace 0 > mpls nhlfe add key 0 instructions push gen 1100 nexthop eth1 ipv4 3.3.2.2 > (key 0x2) > mpls xc add ilm_label gen 1000 ilm_labelspace 0 nhlfe key 0x2 > > mpls labelspace add dev eth1 labelspace 0 > mpls ilm add label gen 2100 labelspace 0 > mpls nhlfe add key 0 instructions push gen 2000 nexthop eth2 ipv4 3.3.1.1 > (key 0x3) > mpls xc add ilm_label gen 2100 ilm_labelspace 0 nhlfe key 0x3 > > ulm3 > ---- > mpls labelspace add dev eth2 labelspace 0 > mpls ilm add label gen 1100 labelspace 0 > mpls nhlfe add key 0 instructions push gen 1200 nexthop eth1 ipv4 3.3.3.2 > (key 0x2) > mpls xc add ilm_label gen 1100 ilm_labelspace 0 nhlfe key 0x2 > > mpls labelspace add dev eth1 labelspace 0 > mpls ilm add label gen 2200 labelspace 0 > mpls nhlfe add key 0 instructions push gen 2100 nexthop eth2 ipv4 3.3.2.1 > (key 0x3) > mpls xc add ilm_label gen 2200 ilm_labelspace 0 nhlfe key 0x3 > > ulm4 > ---- > mpls labelspace add dev eth2 labelspace 0 > mpls ilm add label gen 1200 labelspace 0 > > mpls nhlfe add key 0 instructions push gen 2200 nexthop eth2 ipv4 3.3.3.1 > (key 0x3) > ip route add 1.1.1.0/24 via 3.3.3.1 spec_nh 0x8847 0x3 advmss 1400 > > B > ----- > ip route add 1.1.1.0/24 via 2.2.2.1 advmss 1400 > > If you have ethernet cards which can support jumbo frames then you can > remove the advmss part and increase the MTU on L1,L2,L3 to 9000 > > Note that I did not add any routes IP routes to ulm2 or ulm3, and only > the 1.1.1.0/24 and 2.2.2.0/24 routes to ulm4 and ulm1 (respectivly). > > > I'll try to capture the normal traffic and send it the list. > > Just make sure you don't waste time, I'd like to see that same packet as > is moves from L0 to L1 or from L3 to L4. > > > > > Thanks, > > morris > > > > > > On Mon, 14 Mar 2005 13:36:46 -0600, James R. Leu <jl...@mi...> wrote: > > > > > On Sun, Mar 13, 2005 at 12:21:17PM +0800, mu w wrote: > > > > > > > > Thanks for taking the time to reply, James. > > > > > > Are you using TCP offload cards? Did you compiling your own kernel > > > or did you use an RPM? > > > > > > > Yes I can ssh to ulm3 when MPLS is not enabled. The MTU between ulm2 and > > > > ulm3 are 1500 (showed by `ip link or ip add`) and 1494 shown by `mpls > > > > nhlfe show`. The set up commands for mpls: > > > > > > Try setting the advmss on the routes for you ingress/egress. > > > How are you setting up the routes on ingress egress? > > > > > > > > > > > outgoing labels on bother interfaces: mpls nhlfe add key/ mpls nhlfe > > > > change key KEY_PREVIOUSLY_GENERATED ... > > > > incoming labels on both interfaces: mpls labelspace add dev DEV > > > > labelspace 0/mpls ilm add label gen LABEL(match with incoming label) > > > > labelspace 0 > > > > (Do I need to use xc? > > > > But ping works Okay, all request and reply are mpls enabled -- I see the > > > > mpls bits in ethereal and tcpdump) > > > > > > Are any of your devices just a LSR, ie it should only see labeled packets? > > > If so then yes, otherwise no :-) > > > > > > > If I use 'telnet ulm3 22', I see the initial response: > > > > Connected to 192.168.25.1. > > > > Escape character is '^]'. > > > > SSH-1.99-OpenSSH_3.6.1p2 > > > > > > > > I have done some more testing with ethereal and tcpdump. In one of the > > > > ethereal outputs, I can see the three-way handshake is complete, > > > > then ulm3 three sends a [SYN, FIN, ACK, CWR] to ulm1. The ethereal > > > > says "Header length: 16 bytes (bogus, must be at least 20)" shown below: > > > > > > Can you capture the same packet on the IP only link and then the > > > MPLS link and do a full HEX dump of it and send it to the mailing list? > > > > > > > [frames 2,3,4, threeway handshake, no problem] > > > > Frame 5 (95 bytes on wire, 95 bytes captured) > > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > > MultiProtocol Label Switching Header > > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > > 192.168.25.1 (192.168.25.1) > > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > > (1139), Seq: 0 > > > > Source port: ssh (22) > > > > Destination port: 1139 (1139) > > > > Sequence number: 0 > > > > Header length: 16 bytes (bogus, must be at least 20) > > > > > > > > Frame 6 (95 bytes on wire, 95 bytes captured) > > > > Ethernet II, Src: 00:02:44:6a:ff:f8, Dst: 00:50:04:c3:7a:40 > > > > MultiProtocol Label Switching Header > > > > Internet Protocol, Src Addr: 192.168.13.2 (192.168.13.2), Dst Addr: > > > > 192.168.25.1 (192.168.25.1) > > > > Transmission Control Protocol, Src Port: ssh (22), Dst Port: 1139 > > > > (1139), Seq: 0 > > > > Source port: ssh (22) > > > > Destination port: 1139 (1139) > > > > Sequence number: 0 > > > > Header length: 16 bytes (bogus, must be at least 20) > > > > ... > > > > > > > > > > > > From some tcpdump output, it looks like the checksum sometimes goes bad > > > > -- "bad tcp checksum a792 (->59c2)!" in the following tcpdump output. > > > > > > > > Thanks, > > > > morris > > > > > > > > `tcp -xvp -i eth0` output > > > > > > > > 11:47:32.828060 MPLS (label 25, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 45153, offset 0, flags [DF], proto 6, > > > > length: 60) 192.168.25.1.1138 > 192.168.13.1.ssh: S [tcp sum ok] > > > > 3559799760:3559799760(0) win 5840 <mss 1460,sackOK,timestamp 89820081 > > > > 0,nop,wscale 2> > > > > 0x0000: 0001 9140 4500 003c b061 4000 4006 e307 ...@E..<.a@.@... > > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd0 .........r....;. > > > > 0x0020: 0000 0000 a002 16d0 e44f 0000 0204 05b4 .........O...... > > > > 0x0030: 0402 080a 055a 8bb1 0000 0000 0103 0302 .....Z.......... > > > > 11:47:32.828813 MPLS (label 125, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 6, > > > > length: 60) 192.168.13.1.ssh > 192.168.25.1.1138: S [tcp sum ok] > > > > 2832248515:2832248515(0) ack 3559799761 win 5792 <mss > > > > 1460,sackOK,timestamp 153217841 89820081,nop,wscale 2> > > > > 0x0000: 0007 d140 4500 003c 0000 4000 4006 9369 ...@E..<..@.@..i > > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec3 ...........r.... > > > > 0x0020: d42e 3bd1 a012 16a0 9887 0000 0204 05b4 ..;............. > > > > 0x0030: 0402 080a 0921 eb31 055a 8bb1 0103 0302 .....!.1.Z...... > > > > 11:47:32.829452 MPLS (label 25, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 45155, offset 0, flags [DF], proto 6, > > > > length: 52) 192.168.25.1.1138 > 192.168.13.1.ssh: . [tcp sum ok] ack 1 > > > > win 1460 <nop,nop,timestamp 89820083 153217841> > > > > 0x0000: 0001 9140 4500 0034 b063 4000 4006 e30d ...@E..4.c@.@... > > > > 0x0010: c0a8 1901 c0a8 0d01 0472 0016 d42e 3bd1 .........r....;. > > > > 0x0020: a8d0 aec4 8010 05b4 d838 0000 0101 080a .........8...... > > > > 0x0030: 055a 8bb3 0921 eb31 .Z...!.1 > > > > 11:47:32.832443 MPLS (label 125, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 17910, offset 0, flags [DF], proto 6, > > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FE [bad tcp cksum a792 > > > > (->59c2)!] 1:34(33) ack 1 win 1448 urg 0 <nop,nop,[bad opt]> > > > > 0x0000: 0007 d140 4500 004d 45f6 4000 4006 4d62 ...@E..ME.@.@.Mb > > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > > > 0x0020: d42e 3bd1 6371 05a8 a792 0000 0101 080a ..;.cq.......... > > > > 0x0030: 0921 eb34 055a 8bb3 5353 482d 312e 3939 .!.4.Z..SSH-1.99 > > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > > > 0x0050: 0a > > > > 11:47:33.033583 MPLS (label 125, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 17912, offset 0, flags [DF], proto 6, > > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: SFRW [bad tcp cksum > > > > a792 (->59c2)!] 2832248516:2832248549(33) win 1448 urg 0 <nop,nop,[bad opt]> > > > > 0x0000: 0007 d140 4500 004d 45f8 4000 4006 4d60 ...@E..ME.@.@.M` > > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > > > 0x0020: d42e 3bd1 62a7 05a8 a792 0000 0101 080a ..;.b........... > > > > 0x0030: 0921 ebfe 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > > > 0x0050: 0a . > > > > 11:47:33.435402 MPLS (label 125, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 17914, offset 0, flags [DF], proto 6, > > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FR [bad tcp cksum a792 > > > > (->59c2)!] 1:34(33) ack 1 win 1448 <nop,nop,[bad opt]> > > > > 0x0000: 0007 d140 4500 004d 45fa 4000 4006 4d5e ...@E..ME.@.@.M^ > > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > > > 0x0020: d42e 3bd1 6115 05a8 a792 0000 0101 080a ..;.a........... > > > > 0x0030: 0921 ed90 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > > > 0x0050: 0a . > > > > 11:47:34.239254 MPLS (label 125, exp 0, [S], ttl 64) > > > > IP (tos 0x0, ttl 64, id 17916, offset 0, flags [DF], proto 6, > > > > length: 77) 192.168.13.1.ssh > 192.168.25.1.1138: FWE [bad tcp cksum > > > > a792 (->59c2)!] 1:38(37) ack 1 win 1448 urg 0 > > > > 0x0000: 0007 d140 4500 004d 45fc 4000 4006 4d5c ...@E..ME.@.@.M\ > > > > 0x0010: c0a8 0d01 c0a8 1901 0016 0472 a8d0 aec4 ...........r.... > > > > 0x0020: d42e 3bd1 5df1 05a8 a792 0000 0101 080a ..;.]........... > > > > 0x0030: 0921 f0b4 055a 8bb3 5353 482d 312e 3939 .!...Z..SSH-1.99 > > > > 0x0040: 2d4f 7065 6e53 5348 5f33 2e36 2e31 7032 -OpenSSH_3.6.1p2 > > > > 0x0050: 0a . > > > > 11:47:35.669679 IP (tos 0xc0, ttl 1, id 58574, offset 0, flags [none], > > > > proto 89, length: 68) 192.168.25.2 > OSPF-ALL.MCAST.NET: OSPFv2, Hello > > > > (1), length: 48 > > > > Router-ID: 192.168.25.2, Area 0.0.0.100, Authentication Type: > > > > none (0) > > > > Options: [External] > > > > Hello Timer: 10s, Dead Timer 40s, Mask: 255.255.255.0, Priority: 1 > > > > Designated Router 192.168.25.2, Backup Designated Router > > > > 192.168.25.1 > > > > Neighbor List: > > > > 192.168.88.2 > > > > 0x0000: 45c0 0044 e4ce 0000 0159 1a23 c0a8 1902 E..D.....Y.#.... > > > > 0x0010: e000 0005 0201 0030 c0a8 1902 0000 0064 .......0.......d > > > > 0x0020: 568c 0000 0000 0000 0000 0000 ffff ff00 V............... > > > > 0x0030: 000a 0201 0000 0028 c0a8 1902 c0a8 1901 .......(........ > > > > 0x0040: c0a8 5802 > > > > > > > > > > > > > > > > > > > > ======================================= > > > > From: James R. Leu <jleu@mi...> > > > > * Re: help: how to ssh to mpls machine?* > > > > <http://sourceforge.net/mailarchive/message.php?msg_id=11144914> > > > > 2005-03-12 17:43 > > > > > > > > > > > > > > > > > > > > Can you ssh to the machine in question when MPLS is not enabled > > > > in the network? What are the exact commands you issuesd on all of machines > > > > in your diagram? What is the MTU of the link between ulm2 and ulm3? > > > > > > > > On Sun, Mar 13, 2005 at 12:39:22AM +0800, mu w wrote: > > > > > (ssh to non-mpls machines via mpls net works) -- one more time > > > > > > > > > > OK the previous email didn"t get through...please forgive me for > > > > reposting. > > > > > > > > > > Hi James and all... > > > > > > > > > > I built an mpls network using static label switched path, by using mpls > > > > > nhlfe...and mpls ilm...etc (in 2.6.9-1.6_FC2mpls_1_946). Everything > > > > > works fine except I cannot ssh to an mpls machine. > > > > > The following figure show my network > > > > > > > > > > ulm1--ulm2---ulm3----ulm4 > > > > > > > > > > ulm2 and ulm3 are the mpls network, ulm1 and ulm4 are normal IP hosts. > > > > > ulm1 can ssh to ulm4 (traffic on ulm2 and ulm3 are labeled) but cannot > > > > > ssh to ulm3. ping to ulm3 is okay. > > > > > > > > > > Ethereal shows the mpls traffic for ssh handshake...SYN and stuff but > > > > > the connection was reset after a while. > > > > > > > > > > Is ssh to ulm3 possible? If yes how to setup? > > > > > > > > > > I have seen question on ftp and ssh questions in the archive but can"t > > > > > find any answers. Any help and pointer are appreciated. > > > > > > > > > > Also, is there a more detailed manual for the mpls command in (uname -a > > > > > = 2.6.9-1.6_FC2mpls_1_946)? > > > > > > > > Not written yet, but you can issue "mpls help" and it will give you > > > > command line syntax. > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > SF email is sponsored by - The IT Product Guide > > > > Read honest & candid reviews on hundreds of IT Products from real users. > > > > Discover which products truly live up to the hype. Start reading now. > > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > > > _______________________________________________ > > > > mpls-linux-general mailing list > > > > mpl...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > > > > > -- > > > James R. Leu > > > jl...@mi... > > > > > > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > > _______________________________________________ > > mpls-linux-general mailing list > > mpl...@li... > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > -- > James R. Leu > jl...@mi... > > > |
|
From: James R. L. <jl...@mi...> - 2005-03-28 22:49:31
|
I need the following before I can help you any further: I'd like to see the same TCP packet as it moves from L0 to L1 or from L3 to L4. Checked for duplex mismatches. --=20 James R. Leu jl...@mi... |
Thanks for helping keep SourceForge clean.
X