[143962] in North American Network Operators' Group
Re: VRF/MPLS on Linux
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Aug 24 10:29:06 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <20110824100607.GB2717@brian>
Date: Wed, 24 Aug 2011 10:28:21 -0400
To: Brian Raaen <nanog@rhemasound.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 24, 2011, at 6:06 AM, Brian Raaen wrote:
> The only issue with this is that the Linux box is not acting as a =
router, but as the egress devices. I'm trying to figure out how to =
properly get my application to 'color' the traffic. standard BSD =
sockets appear to have no concept of 'Labels'. Still seeing what I can =
do to match the traffic. I am probably going to see if I can work out a =
hack with the development team to use DSCP values to tag the traffic and =
then act accordingly on the ingress router. I appreciate all the ideas =
presented so far. =20
You can classify this in the OUTPUT or POSTROUTING table with ipchains. =
Take a look at the man page for it. There's lots of information online =
about how to do this. I recall a sysadmin who I worked with 15 years =
ago that thought of routers as the black boxes that got their packets =
around, but a little bit of understanding of these lower levels of the =
kernel/networks will go a long way.
Some help:
INPUT (for packets destined to local sockets)
FORWARD (for packets being routed through the box)
OUTPUT (for locally-generated packets; for altering locally-generated =
packets before routing)
PREROUTING (for altering packets as soon as they come in)
POSTROUTING (for altering packets as they are about to go out)
http://linux-ip.net/html/adv-multi-internet.html should also prove =
useful in your research. You likely are going to end up using the =
localhost fwmark/mark. Some tools show this number in hex, others =
decimal, so keep this in mind during your debug process.
- Jared
