20200204_jeffrey - silenceuncrio/diary GitHub Wiki
review
ariel 昨天對於 M300 v2.03 版本升級以及 release draft 上錯 branch 到 release/v2.02 去了
幫忙套用到 branch develop 去
準備好兩台 M300 如下
+-------+ +-------+
| | lan | |
| m300 +-------------------+---------------------------+ m300 |
| | 192.168.1.11 192.168.1.13 | |
+-------+ +-------+
先做 GRE 配置
M300 - 192.168.1.11 - edit gre entry #1
M300 - 192.168.1.13 - edit gre entry #1
配置後可以觀察到 interface status
M300 - 192.168.1.11 - gre summary
M300 - 192.168.1.13 - gre summary
從 console 來看的話
M300 - 192.168.1.11 - ifconfig gre1
root@m300:~# ifconfig gre1
gre1 Link encap:UNSPEC HWaddr C0-A8-01-0B-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.11 P-t-P:10.0.0.11 Mask:255.255.255.0
inet6 addr: fe80::5efe:c0a8:10b/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1400 Metric:1
RX packets:20 errors:0 dropped:20 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:0 (0.0 B)
M300 - 192.168.1.13 - ifconfig gre1
root@m300:~# ifconfig gre1
gre1 Link encap:UNSPEC HWaddr C0-A8-01-0D-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.13 P-t-P:10.0.0.13 Mask:255.255.255.0
POINTOPOINT NOARP MTU:1400 Metric:1
RX packets:28 errors:0 dropped:28 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:672 (672.0 B) TX bytes:0 (0.0 B)
grek 有問題
interface status 持續在 up/down 間切換
先不啟動 keepalive - Keepalive Period = 0
確認兩台 M300 可以 ping 到 remote peer 的 tunnel address
配置 bgp
M300 - 192.168.1.11 - bgp general
M300 - 192.168.1.11 - bgp neighbors
M300 - 192.168.1.13 - bgp general
M300 - 192.168.1.13 - bgp neighbors
M300 - 192.168.1.11 - 用來新增 static route 用的 script - /tmp/testbgp.sh
#!/bin/sh
for y in {1..10};
do
for x in {1..10};
do
echo "ip route add 10.$y.$x.0/24 dev lo";
ip route add 10.$y.$x.0/24 dev lo;
done
doneM300 - 192.168.1.13 - 確認是否有透過 bgp 學習到 neighbor 的 static route
root@m300:~# ip route list | grep zebra | wc -l
100
確認無誤
這個 neighbor 是 gre remote tunnel address
這就可以說明 bgp over gre 運作正常
來查 grek 發生什麼問題
透過 web 把 bgp 和 gre 都關掉
透過 shell 來設定 gre
M300 - 192.168.1.11
ip tunnel add gre1 mode gre remote 192.168.1.13 local 192.168.1.11 ttl 255 dev lan
ifconfig gre1 mtu 1400
ip link set gre1 up
ip addr add 10.0.0.11/24 dev gre1
echo 1 > /proc/sys/net/ipv4/conf/gre1/accept_local
M300 - 192.168.1.13
ip tunnel add gre1 mode gre remote 192.168.1.11 local 192.168.1.13 ttl 255 dev lan
ifconfig gre1 mtu 1400
ip link set gre1 up
ip addr add 10.0.0.13/24 dev gre1
echo 1 > /proc/sys/net/ipv4/conf/gre1/accept_local
從 tcpdump 看來 M300 不會回應 gre keepalive request
也就是說 /proc/sys/net/ipv4/conf/gre1/accept_local 設成 1 是沒有作用的
回顧 john 當初在 M330 所做的努力 - load_balance#trace-gre-keepalive-packet
john 當初 gre 是透過 eth1 wan ethernet 建立的
先走一樣的路看看有甚麼發現
環境配置如下
+-------+ +-------+
| | wan | |
| m300 +-------------------+---------------------------+ m300 |
| | 192.168.0.177 192.168.0.178 | |
+-------+ +-------+
透過 shell 設定 gre
M300 - 192.168.0.177
ip tunnel add gre1 mode gre remote 192.168.0.178 local 192.168.0.177 ttl 255 dev eth1
ifconfig gre1 mtu 1400
ip link set gre1 up
ip addr add 10.0.0.177/24 dev gre1
echo 1 > /proc/sys/net/ipv4/conf/gre1/accept_local
M300 - 192.168.0.178
ip tunnel add gre1 mode gre remote 192.168.0.177 local 192.168.0.178 ttl 255 dev eth1
ifconfig gre1 mtu 1400
ip link set gre1 up
ip addr add 10.0.0.178/24 dev gre1
echo 1 > /proc/sys/net/ipv4/conf/gre1/accept_local
M300 - 192.168.0.178 - grek
root@m300:~# grek -d eth1 -t gre1 -i 0 -l 192.168.0.178 -r 192.168.0.177
DEVICE: "eth1"
TUNNEL: "gre1"
Tunnel index: 0
Local address: "192.168.0.178"
Remote address: "192.168.0.177"
Use the default keepalive period: 10 seconds
Use the default keepalive retries: 3 times
a raw socket with GRE protocol is created.
checksum: 0x0be0
Timer ID: 18509992
filter expression: src host 192.168.0.177 and ip proto gre and (ip[22:2] = 0 or ip[46:2] = 0)
system cmd: ifconfig gre1 down
M300 - 192.168.0.177 - tcpdump
root@m300:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
...
05:41:32.859753 IP 192.168.0.178 > 192.168.0.177: GREv0, length 28: gre-proto-0x8
...
05:41:42.859759 IP 192.168.0.178 > 192.168.0.177: GREv0, length 28: gre-proto-0x8
...
05:41:53.000323 IP 192.168.0.178 > 192.168.0.177: GREv0, length 28: gre-proto-0x8
...
發現 M300 - 192.168.0.177 沒有回應 gre keepalive request
試著從 iptable 來解析是哪邊出了錯
目前發現關鍵是 htons 的使用
但一直搞不定讓 M300 回應 gre keepalive request
我可能先去搞一台 cisco 來試試
一樣從 DQA 處借來了 Cisco 2811
參考上個月的日記
試著準備以下環境
+-------+ +---------------+
| | lan fastEthernet 0/0 | |
| m300 +-------------------+---------------------------+ CISCO 2811 |
| | 192.168.1.11 192.168.1.200 | |
+-------+ +---------------+
利用 ping 確認完基本的環境後
進行 gre 的設定 - cisco 2811 先不啟用 keepalive
m300 - 192.168.1.11
root@m300:~# ip tunnel add gre1 mode gre remote 192.168.1.200 local 192.168.1.11 ttl 255
root@m300:~# ifconfig gre1 mtu 1400
root@m300:~# ip link set gre1 up
root@m300:~# ip addr add 10.0.0.11/24 dev gre1
root@m300:~# echo 1 > /proc/sys/net/ipv4/conf/gre1/accept_local
root@m300:~# ifconfig gre1
gre1 Link encap:UNSPEC HWaddr C0-A8-01-0B-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.11 P-t-P:10.0.0.11 Mask:255.255.255.0
inet6 addr: fe80::5efe:c0a8:10b/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
CISCO - 192.168.1.200
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no interface tunnel 0
Router(config)#interface tunnel 0
Router(config-if)#ip address 10.0.0.200 255.255.255.0
Router(config-if)#tunnel source fastEthernet 0/0
Router(config-if)#tunnel destination 192.168.1.11
Router(config-if)#exit
Router(config)#exit
Router#show interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.0.0.200/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.1.200 (FastEthernet0/0), destination 192.168.1.11
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Router#
用 ping 來確認可以 ping 通對方的 tunnel ip address
m300 - 192.168.1.11
root@m300:~# ping 10.0.0.200
PING 10.0.0.200 (10.0.0.200): 56 data bytes
64 bytes from 10.0.0.200: seq=0 ttl=255 time=1.549 ms
64 bytes from 10.0.0.200: seq=1 ttl=255 time=2.075 ms
64 bytes from 10.0.0.200: seq=2 ttl=255 time=1.670 ms
64 bytes from 10.0.0.200: seq=3 ttl=255 time=1.764 ms
^C
--- 10.0.0.200 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.549/1.764/2.075 ms
root@m300:~#
CISCO - 192.168.1.200
Router#ping 10.0.0.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router#
開啟 keepalive 並打開 debug
Router#enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface tunnel 0
Router(config-if)#keepalive ?
<0-32767> Keepalive period (default 10 seconds)
<cr>
Router(config-if)#keepalive 4
Router(config-if)#exit
Router(config)#exit
Router#debug tunnel keepalive
Tunnel keepalive debugging is on
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging console
Router(config)#
*Nov 25 18:04:20.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=13
*Nov 25 18:04:24.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=14
*Nov 25 18:04:28.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=15
*Nov 25 18:04:32.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=16
*Nov 25 18:04:36.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=17
*Nov 25 18:04:40.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=18
*Nov 25 18:04:44.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=19
*Nov 25 18:04:48.187: Tunnel0: sending keepalive, 192.168.1.11->192.168.1.200 (len=24 ttl=255), counter=20
...
Router#no debug tunnel keepalive
Tunnel keepalive debugging is off
由 Cisco 的訊息看來
M300 把 /proc/sys/net/ipv4/conf/gre1/accept_local 設成 1 是沒有辦法回應 gre keepalive request 的
所以目前 M300 有兩個問題要克服
- /proc/sys/net/ipv4/conf/gre1/accept_local 設成 1 沒有辦法回應 gre keepalive request
- htons() 的妥善使用
剛找 ariel 討論 - 決定 M300 不要提供 gre tunnel keepalive 的功能
M300[release/v2.03] - remove keepalive function from gre
commit bb993a790bfda4de75a704a275aa0cb57ad75de6
Refs: [release/v2.03], {origin/release/v2.03}
Author: jeffrey <[email protected]>
Date: Tue Feb 4 18:11:02 2020 +0800
remove keepalive function from gre
proscend/prosrc/icos/icoslib/gre_3g/gre_3g.c | 46 ++++++++++++++++++++++++
proscend/prosrc/www/app/feature/gre_3g_edit.html | 28 +--------------
2 files changed, 47 insertions(+), 27 deletions(-)