tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: MPLS patches



David Young wrote:
Last night, I scanned the web for MPLS configuration
examples, and all that I found was Cisco IOS, which was not
very compelling, and a discussion on an OpenSolaris forum
which, albeit vague, did mention an MPLS pseudo-interface,
<https://www.opensolaris.org/jive/thread.jspa?messageID=33315>.

I don't think this project got anywhere near design finishing. I did also read the rest of the threads in that category.

I don't think that the word "intuitive" really applies to MPLS,
and it is a vague word that deserves to be defined in any discussion,
<http://www.asktog.com/papers/raskinintuit.html>.  I think that it will
be helpful if MPLS uses familiar abstractions in familiar ways; using a
pseudo-interface to add/subtract encapsulation is familiar to users of
VLANs and tunnels.

Hehe, nice lecture, still I don't think that Picard(or was it Data ?) or a lady that didn't know how to handle the mouse is an appropiate example in this case. Anyhow, I'll try to explain below in detail why using encap/decap interface(s) is not something I'd like.

Also this raises another problem: I could do this if NetBSD would have a clear difference between control and forwarding but this is not the case and I don't want to change the ifa/p for a route without a very strong reason.

You seem to have a precise meaning in mind, but what you have written
is vague.  Can you elaborate on this lack of control/forwarding separation
as it applies to ifa/ifp and MPLS?

Because you want to use an interface [X] that will be seen from control plane, I quickly see some problems:

- No control coming from interface regarding encapsulation (think about cell-mode) - if one set a route to point to an interface:next-hop pair, he expects that to be honored. This will not be the case with these interfaces (route interface will be changed to mplsX) - double lookup on non-MPLS encapsulation: in order to have a reason for MPLS PI to exist we need to route-lookup once for INET in order to deliver that packet to MPLS PI, and once in MPLS PI code in order to know how and where should I deliver the frame from MPLS point of view. - I'll end up keeping a mirror of all routing tables where I should keep the PROTO->MPLS associations (remember, we need to separate PROTO from MPLS in PROTO routing table in order to keep reason for MPLS pseudo-interface existence, where PROTO may be INET or something else). So, mpls_interface will get a packet, together with it's adress family and relookup in that address family mirror table to see how it should be encapsulated.
        - double lookup for MPLS encapsulated packets that we receive.
- shim-pop-pushed instead of MPLS swapping. Fast label swapping is considered one of the MPLS advantages. Also RFC3031 explicitly calls the forwarding mechanism "Label Swapping"
        - loss of forwarding speed
- it will not simplify the code in ether_output() because we still need to handle AF_MPLS frames there


[X] - How many pseudo-interfaces do you want anyway ? These are the options as they come to my mind right now: - only one used for both decap and encap. decap if packet is not tagged, encap else. Still this is no good solution if you want to tap because you'll see here both in and out. Also you'll really have no idea where that packet comes from and where it goes and you'll have packets coming from mpls0 and going out to mpls0. - one pseudo-interface per non-pseudo-interface. This seems more appropiate as we may know where that packet comes and where it goes. Also, I think I can live with information passed via tags between pseudo-interfaces and real-interfaces. But this case raises another question: if we do it for MPLS why don't we do it for every ethernet protocol ? Since when an interface should be used only for carrying IP only frames ?
        - one decap interface and one pseudo-interface per neighbour
        - one pseudo-interface per non-pseudo-interface and one PI per neighbour

Personally I don't like the latter two, because I don't want to pollute interface space with one iface per neighbour. Think how it will be to create an interface per OSPF neighbour for example. Also, their management will be almost impossible and I don't think that ldp daemon should mix with this interface management(including but not restricted to creating/destroying). For all the cases, someone that worked with MPLS on Cisco or Junipers for example, will not feel "familiar" with these pseudo-interfaces.

Yes, I am.  I also believe it makes the system a lot more transparent
and comprehensible to use a pseudo-interface.  We have the opportunity to
apply a packet filter or to tap packets.  Tapping packets is an essential
aid for troubleshooting.

(IMO, a deficiency of IPSec in NetBSD is that it does not use
pseudo-interfaces, even when it does tunnel-like things like IPSEC_NAT_T.)


Note that MPLS is not encrypting packets and tcpdump prints the inner packets for common cases, so payload tapping is still possible.

But there is another problem: you asked for this pseduo-interface(s) because you expect to tap packets on it(them). But you can't really know what you will tap because MPLS shim doesn't contain information regarding the inner protocol. Tcpdump may only guess here after a protocol analysis but there are a lot of non-IP[6] things that can live inside an MPLS frame.

No, you don't need to use it if you will only read the data.  I suggest
extracting a const pointer to the data with mtod, then

I'll constify where is the case.

--
Thanks,
Mihai



Home | Main Index | Thread Index | Old Index