[143966] in North American Network Operators' Group
Re: VRF/MPLS on Linux
daemon@ATHENA.MIT.EDU (Eduardo Schoedler)
Wed Aug 24 11:57:14 2011
In-Reply-To: <DE0A6E8D-EAA9-4487-BD83-3329ED539DAF@puck.nether.net>
From: Eduardo Schoedler <listas@esds.com.br>
Date: Wed, 24 Aug 2011 12:56:21 -0300
To: Jared Mauch <jared@puck.nether.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Em 24/08/2011, =C3=A0s 11:28, Jared Mauch <jared@puck.nether.net> escreveu:
>=20
> On Aug 24, 2011, at 6:06 AM, Brian Raaen wrote:
>=20
>> The only issue with this is that the Linux box is not acting as a router,=
but as the egress devices. I'm trying to figure out how to properly get my=
application to 'color' the traffic. standard BSD sockets appear to have no=
concept of 'Labels'. Still seeing what I can do to match the traffic. I a=
m probably going to see if I can work out a hack with the development team t=
o use DSCP values to tag the traffic and then act accordingly on the ingress=
router. I appreciate all the ideas presented so far. =
=20
>=20
> You can classify this in the OUTPUT or POSTROUTING table with ipchains. T=
ake a look at the man page for it. There's lots of information online about=
how to do this. I recall a sysadmin who I worked with 15 years ago that th=
ought of routers as the black boxes that got their packets around, but a lit=
tle bit of understanding of these lower levels of the kernel/networks will g=
o a long way.
>=20
> Some help:
>=20
> INPUT (for packets destined to local sockets)
> FORWARD (for packets being routed through the box)
> OUTPUT (for locally-generated packets; for altering locally-generated pack=
ets before routing)
> PREROUTING (for altering packets as soon as they come in)
> POSTROUTING (for altering packets as they are about to go out)
>=20
> http://linux-ip.net/html/adv-multi-internet.html should also prove useful i=
n your research. You likely are going to end up using the localhost fwmark/=
mark. Some tools show this number in hex, others decimal, so keep this in m=
ind during your debug process.
More VRF info:
http://lartc.org/lartc.html#LARTC.RPDB.SIMPLE
--
Eduardo Schoedler=20=
