Linux 5.16.x сломали ethernet over mpls

ne-vlezay80

Posted March 28, 2022

Вот делаю:

LAB:
node1:
ip netns add test
ip link add dev ns-test.0 up mtu 16384 type veth peer name eth0 netns test mtu 8000
ip link add dev vni-10 up mtu 8958 type vxlan id 10 local <hode_1_ip> ttl 64 dstport 4789

bridge fdb append 00:00:00:00:00:00 dst <node_1_ip> dev vni-10
bridge fdb append 00:00:00:00:00:00 dst <node_2_ip> dev vni-10

tc qdisc add dev ns-test.0 handle ffff: ingress
tc qdisc add dev vni-10 handle ffff: ingress

tc filter add dev ns-test.0 parent ffff: matchall action mpls mac_push label 1 ttl 2 action vlan push_eth src_mac 4e:b7:23:3e:b7:eb dst_mac 9a:38:a4:f4:08:ea action mirred egress redirect dev vni-10

tc filter add dev vni-10 parent ffff: protocol mpls_uc flower mpls_label 1 mpls_ttl 1 action vlan pop_eth action mpls pop proto teb action mirred egress redirect dev ns-test.0

node2:
ip netns add test
ip link add dev ns-test.0 up mtu 16384 type veth peer name eth0 netns test mtu 8000
ip link add dev vni-10 up mtu 8958 type vxlan id 10 local <hode_1_ip> ttl 64 dstport 4789

bridge fdb append 00:00:00:00:00:00 dst <node_1_ip> dev vni-10
bridge fdb append 00:00:00:00:00:00 dst <node_2_ip> dev vni-10

tc qdisc add dev ns-test.0 handle ffff: ingress
tc qdisc add dev vni-10 handle ffff: ingress

tc filter add dev ns-test.0 parent ffff: matchall action mpls mac_push label 1 ttl 1 action vlan push_eth dst_mac 4e:b7:23:3e:b7:eb src_mac 9a:38:a4:f4:08:ea action mirred egress redirect dev vni-10

tc filter add dev vni-10 parent ffff: protocol mpls_uc flower mpls_label 1 mpls_ttl 2 action vlan pop_eth action mpls pop proto teb action mirred egress redirect dev ns-test.0

Между узлами получаю скорость:

[root@arch user]# iperf3 -c 192.168.1.2 
Connecting to host 192.168.1.2, port 5201
[  5] local 192.168.1.1 port 54236 connected to 192.168.1.2 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  4.14 MBytes  34.7 Mbits/sec   50   15.5 KBytes       
[  5]   1.00-2.00   sec  1.21 MBytes  10.2 Mbits/sec   50   15.5 KBytes       
[  5]   2.00-3.00   sec  2.24 MBytes  18.8 Mbits/sec   44   15.5 KBytes       
[  5]   3.00-4.00   sec  4.24 MBytes  35.6 Mbits/sec   36   15.5 KBytes       
[  5]   4.00-5.00   sec  1.27 MBytes  10.7 Mbits/sec   42   15.5 KBytes       
[  5]   5.00-6.00   sec  1.33 MBytes  11.2 Mbits/sec   48   15.5 KBytes       
[  5]   6.00-7.00   sec  1.15 MBytes  9.66 Mbits/sec   40   15.5 KBytes       
[  5]   7.00-8.00   sec  2.30 MBytes  19.3 Mbits/sec   36   15.5 KBytes       
[  5]   8.00-9.00   sec  2.61 MBytes  21.9 Mbits/sec   46   15.5 KBytes       
[  5]   9.00-10.00  sec  2.12 MBytes  17.8 Mbits/sec   41   15.5 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  22.6 MBytes  19.0 Mbits/sec  433             sender
[  5]   0.00-10.00  sec  22.4 MBytes  18.7 Mbits/sec                  receiver

iperf Done.

Притом, что канал 2.5Gbps.

На ядрах 5.10 всё было нормально.

Вот сам интерфейс:

[root@arch user]# ip -s link show dev vni-10
5: vni-10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8958 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 4e:b7:23:3e:b7:eb brd ff:ff:ff:ff:ff:ff
    RX:  bytes packets errors dropped  missed   mcast           
      45965032   17263      0       0       0       0 
    TX:  bytes packets errors dropped carrier collsns           
    2297976308  505472      0    1415       0       0

Что говорит о том, что на ядрах 5.16.x ethernet over mpls сломан.

Share this post

Link to post

Share on other sites

taf_321

Posted March 29, 2022

Не смотрели на эту тему в сторону openvswitch?

Share this post

Link to post

Share on other sites

taf_321

Posted March 29, 2022

2модераторы: перенесите, плз, тему в раздел "Программное обеспечение, биллинг и *unix системы", где ей самое место.

Share this post

Link to post

Share on other sites

ne-vlezay80

Posted March 29, 2022 (edited)

В 29.03.2022 в 12:28, taf_321 сказал:

Не смотрели на эту тему в сторону openvswitch?

Там проблема по моему с qinq. Имею негативный опыт...

В linux можно делать так:

ip link add dev vni-10 up mtu 9100 type vxlan local 192.168.177.1 ttl 16 dstport 4789

tc qdisc add dev p-room10 handle ffff: ingress
tc qdisc add dev vni-10 handle ffff: ingress

tc filter add dev p-room10 parent ffff: matchall action vlan push id 0 action mirred egress nredirect dev vni-10
tc filter add dev vni-10 parent ffff: prio 0 protocol 802.1Q flower vlan_id 0 action vlan pop action mirred egress redirect dev p-room10

tc filter add dev p-room11 parent ffff: matchall action vlan push id 0 action mirred egress nredirect dev vni-10
tc filter add dev vni-10 parent ffff: prio 0 protocol 802.1Q flower vlan_id 0 action vlan pop action mirred egress redirect dev p-room11

И тд.

Вот так делается vpn point o point или point o multipoint в linux.

Edited March 29, 2022 by ne-vlezay80

Sign In

ne-vlezay80

Share this post

Link to post

Share on other sites

taf_321

Share this post

Link to post

Share on other sites

taf_321

Share this post

Link to post

Share on other sites

ne-vlezay80

Share this post

Link to post

Share on other sites

Join the conversation