目录

文章目录

  • 目录
  • 前言
  • 组网拓扑
  • VPP1 配置
    • Linux Host 执行
    • VPP CLI 执行
  • VPP2 配置
    • Linux Host 执行
    • VPP 执行
  • 测试验证

前言

环境信息:

  • 操作系统:Ubuntu 18.04
  • VPP:v21.01

VPP 的 L2TP 实现的是剥除了 IPv6 和隧道封装,并留下内部二层头,该模型基于 RFC 4719 中的 PW termination 模型,实现了 LCCE 功能,而非实现了 LAC 或 LNS 功能。可见,VPP 目前不具备、也不区分 LAC 和 LNS 的角色,即:VPP1、2 互为 user-to-net/net-to-user。

组网拓扑

VPP1 配置

Linux Host 执行

创建 veth pair 虚拟网络设备,其中 vpp1out 作为 VPP1 的 Host Interface。

$ ip link add name vpp1out type veth peer name vpp1host
$ ip link set dev vpp1out up
$ ip link set dev vpp1host up
$ ip addr add 10.1.1.1/24 dev vpp1host
$ ip l
6: vpp1host@vpp1out: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether aa:ac:58:9d:9b:33 brd ff:ff:ff:ff:ff:ff
7: vpp1out@vpp1host: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether 8e:a6:98:fe:01:d7 brd ff:ff:ff:ff:ff:ff

VPP CLI 执行

  1. 配置开启 L2TP plugin,配置 L2TP 使用 lookup-session-id 作为查询条件。
$ vi /etc/vpp/startup.conf
...
plugins {...plugin l2tp_plugin.so { enable }plugin l2tp_test_plugin.so { enable }
}
...
l2tp {lookup-session-id
}

NOTE 1:The vpp stack defaults to “lookup-v6-dst.” In the l2-interface-to-tunnel direction, the vpp stack uses the l2 sub-interface as the session lookup key.

  1. 配置 Physical Interface IPv6 地址。
vpp# set ip6 address GigabitEthernet0/7/0 fd00::1/8
vpp# set int state GigabitEthernet0/7/0 up
  1. 创建 L2TPv3 Tunnel 和 Session,同时会自动创建一个虚拟的路由子接口 l2tpv3_tunnel0。
create l2tpv3 tunnel client <ip6-addr> our <ip6-addr>[local-cookie <%llx>] [remote-cookie <%llx>] [local-session-id <dec-num>] [remote-session-id <dec-num>][l2-sublayer-present]vpp# create l2tpv3 tunnel our fd00::1 client fd00::2 local-session-id 10 remote-session-id 20
l2tpv3_tunnel0

NOTE 2:Local-cookie and remote-cookie default to FFFFFFFFFFFFFFFF. Local-session-id and remote-session-id default to 1.

NOTE 3:Since the l2 sublayer is used to transport sequence information – not present in static l2tpv3 softwires – it seems that the Linux implementation is incorrect.

  • When interoperating with the current Linux l2tpv3-in-v6 implementation, you’ll need to specify the l2-sublayer-present property. Conversely.
  • When interoperating with IOS-XR, do not specify l2-sublayer-present.
  1. 因为 l2tpv3_tunnel0 是一个虚拟接口,需要与 bridge-domain 进行关联。
vpp# set interface l2 bridge l2tpv3_tunnel0 1
vpp# set interface state l2tpv3_tunnel0 up

NOTE 4:The vpp stack strips the ip6 and tunnel encaps and tracks down the inner l2 header. Vlan tags can be inserted using subinterface VLAN tag-rewrite commands。

  1. Set interface ip6 l2tpv3:In the tunnel-to-l2-interface direction, decapsulation must be explicitly enabled on the input interface。
vpp# set interface ip6 l2tpv3 GigabitEthernet0/7/0
# This can be deconfigured as well:
#set interface ip6 l2tpv3 GigabitEthernet0/7/0 del
  1. 创建 Host Interface 并关联到与 L2TP Virtual Interface 的同一个 bridge-domain 上,作为 “外部路由子接口”。
vpp# create host-interface name vpp1out
host-vpp1outvpp# set int state host-vpp1out up
vpp# set int l2 bridge host-vpp1out 1
  1. 检查 bridge-domain 1 和 l2tpv3 tunnel 的详情。
vpp# show bridge-domain 1 detailBD-ID   Index   BSN  Age(min)  Learning  U-Forwrd   UU-Flood   Flooding  ARP-Term  arp-ufwd   BVI-Intf1       1       off        on        on       flood        on       off       off        N/A
span-l2-input l2-input-classify l2-input-feat-arc l2-policer-classify l2-input-acl vpath-input-l2 l2-ip-qos-record l2-input-vtr l2-gbp-lpm-classify gbp-src-classify gbp-null-classify l2-gbp-lpm-anon-classify gbp-learn-l2 l2-emulation l2-learn l2-rw l2-fwd gbp-fwd l2-flood l2-flood l2-outputInterface           If-idx ISN  SHG  BVI  TxFlood        VLAN-Tag-Rewritel2tpv3_tunnel0           2     1    0    -      *                 nonehost-vpp1out            3     1    0    -      *                 nonevpp# show l2tpv3 verbose
1 l2tp sessions...
L2tp session lookup on session id
[0] fd00::1 (our) fd00::2 (client) l2tpv3_tunnel0 (sw_if_index 2)local cookies ffffffffffffffff 0000000000000000 remote cookie fffffffffffffffflocal session-id 10 remote session-id 20l2 specific sublayer absentuser-to-net: 2353 pkts 378164 bytesnet-to-user: 2353 pkts 222866 bytes

另外,必要时,还可以修改 L2TPv3 Rollover Cookie:

set l2tpv3 tunnel cookie <interface> [local <64bit hex value>] [remote <64bit hex value>]

NOTE 5:If the local cookie value is specified, both the existing cookie value and the specified rollover value will be accepted. If the remote cookie value is specified, it will immediately replace the existing remote cookie value.

VPP2 配置

Linux Host 执行

$ ip link add name vpp2out type veth peer name vpp2host
$ ip link set dev vpp2out up
$ ip link set dev vpp2host up
$ ip addr add 10.1.1.2/24 dev vpp2host
$ ip l
6: vpp2host@vpp2out: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether 2a:82:d4:20:32:7a brd ff:ff:ff:ff:ff:ff
7: vpp2out@vpp2host: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000link/ether 4e:29:e9:9f:84:f0 brd ff:ff:ff:ff:ff:ff

VPP 执行

set ip6 address GigabitEthernet0/4/0 fd00::2/8
set int state GigabitEthernet0/4/0 upcreate l2tpv3 tunnel our fd00::2 client fd00::1 local-session-id 20 remote-session-id 10set interface l2 bridge l2tpv3_tunnel0 1
set interface state l2tpv3_tunnel0 upset interface ip6 l2tpv3 GigabitEthernet0/4/0create host-interface name vpp2out
set int state host-vpp2out up
set int l2 bridge host-vpp2out 1

测试验证

  1. Host1 ping Host2
$ ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.241 ms
  1. 检查 VPP1 的 L2 MAC 学习表。
vpp# show ip neighborTime                       IP                    Flags      Ethernet              Interface188.1579                 fd00::2                   D    fa:16:3e:61:6b:4e GigabitEthernet0/7/0
  1. 抓 GigabitEthernet0/7/0 的包。
pcap trace tx rx intfc GigabitEthernet0/7/0 max 10000 file vpp1-phy.pcap
pcap trace tx rx status
pcap trace off


4. 抓 Host Interface 的包。

  1. 数据报文跟踪。
vpp# trace add dpdk-input 10vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 100:11:22:393674: dpdk-inputGigabitEthernet0/7/0 rx queue 0buffer 0x9b861: current data 0, length 164, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0ext-hdr-validl4-cksum-computed l4-cksum-correctPKT MBUF: port 0, nb_segs 1, pkt_len 164buf_len 2176, data_len 164, ol_flags 0x0, data_off 128, phys_addr 0xaa2e18c0packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0rss 0x0 fdir.hi 0x0 fdir.lo 0x0IP6: fa:16:3e:61:6b:4e -> fa:16:3e:65:42:61L2TP: fd00::2 -> fd00::1tos 0x00, flow label 0x0, hop limit 254, payload length 110
00:11:22:393696: ethernet-inputframe: flags 0x1, hw-if-index 1, sw-if-index 1IP6: fa:16:3e:61:6b:4e -> fa:16:3e:65:42:61
00:11:22:393714: ip6-inputL2TP: fd00::2 -> fd00::1tos 0x00, flow label 0x0, hop limit 254, payload length 110
00:11:22:393718: l2tp-decapL2T: fd00::2 (client) -> fd00::1 (our) session 0
00:11:22:393724: l2-inputl2-input: sw_if_index 2 dst aa:ac:58:9d:9b:33 src 2a:82:d4:20:32:7a [l2-learn l2-fwd l2-flood l2-flood ]
00:11:22:393727: l2-learnl2-learn: sw_if_index 2 dst aa:ac:58:9d:9b:33 src 2a:82:d4:20:32:7a bd_index 1
00:11:22:393728: l2-fwdl2-fwd:   sw_if_index 2 dst aa:ac:58:9d:9b:33 src 2a:82:d4:20:32:7a bd_index 1 result [0x1030000000003, 3] none
00:11:22:393731: l2-outputl2-output: sw_if_index 3 dst aa:ac:58:9d:9b:33 src 2a:82:d4:20:32:7a data 08 00 45 00 00 54 30 9a 00 00 40 01
00:11:22:393732: host-vpp1out-outputhost-vpp1outIP4: 2a:82:d4:20:32:7a -> aa:ac:58:9d:9b:33ICMP: 10.1.1.2 -> 10.1.1.1tos 0x00, ttl 64, length 84, checksum 0x340b dscp CS0 ecn NON_ECNfragment id 0x309aICMP echo_reply checksum 0xfdb4 id 13965vpp# clear tracevpp# trace add af-packet-input 10vpp# show trace
------------------- Start of thread 0 vpp_main -------------------
Packet 100:12:42:388572: af-packet-inputaf_packet: hw_if_index 3 next-index 4tpacket2_hdr:status 0x20000001 len 98 snaplen 98 mac 66 net 80sec 0x60aa1b01 nsec 0x2876c9d6 vlan 0 vlan_tpid 0
00:12:42:388592: ethernet-inputIP4: aa:ac:58:9d:9b:33 -> 2a:82:d4:20:32:7a
00:12:42:388601: l2-inputl2-input: sw_if_index 3 dst 2a:82:d4:20:32:7a src aa:ac:58:9d:9b:33 [l2-learn l2-fwd l2-flood l2-flood ]
00:12:42:388604: l2-learnl2-learn: sw_if_index 3 dst 2a:82:d4:20:32:7a src aa:ac:58:9d:9b:33 bd_index 1
00:12:42:388605: l2-fwdl2-fwd:   sw_if_index 3 dst 2a:82:d4:20:32:7a src aa:ac:58:9d:9b:33 bd_index 1 result [0x1030000000002, 2] none
00:12:42:388608: l2-outputl2-output: sw_if_index 2 dst 2a:82:d4:20:32:7a src aa:ac:58:9d:9b:33 data 08 00 45 00 00 54 78 b1 40 00 40 01
00:12:42:388609: l2tp-encapL2T: fd00::1 (our) -> fd00::2 (client) session 0)
00:12:42:388612: ip6-lookupfib 0 dpo-idx 3 flow hash: 0x00000000L2TP: fd00::1 -> fd00::2tos 0x00, flow label 0x0, hop limit 255, payload length 110
00:12:42:388615: ip6-rewritetx_sw_if_index 1 adj-idx 3 : ipv6 via fd00::2 GigabitEthernet0/7/0: mtu:9000 next:3 fa163e616b4efa163e65426186dd flow hash: 0x0000000000000000: fa163e616b4efa163e65426186dd60000000006e73fefd00000000000000000000000020: 000000000001fd00000000000000000000000000000200000014ffffffffffff00000040: ffff2a82d420327aaaac589d9b3308004500005478b140004001abf30a01010100000060: 0a01010208007dc6368e0001011baa6000000000cf5b0a0000000000
00:12:42:388618: GigabitEthernet0/7/0-outputGigabitEthernet0/7/0IP6: fa:16:3e:65:42:61 -> fa:16:3e:61:6b:4eL2TP: fd00::1 -> fd00::2tos 0x00, flow label 0x0, hop limit 254, payload length 110
00:12:42:388620: GigabitEthernet0/7/0-txGigabitEthernet0/7/0 tx queue 0buffer 0x97e4e: current data -66, length 164, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0l2-hdr-offset 0 l3-hdr-offset 14PKT MBUF: port 65535, nb_segs 1, pkt_len 164buf_len 2176, data_len 164, ol_flags 0x0, data_off 62, phys_addr 0xac7f9400packet_type 0x0 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0rss 0x0 fdir.hi 0x0 fdir.lo 0x0IP6: fa:16:3e:65:42:61 -> fa:16:3e:61:6b:4eL2TP: fd00::1 -> fd00::2tos 0x00, flow label 0x0, hop limit 254, payload length 110vpp# clear trace

FD.io/VPP — L2TP相关推荐

  1. FD.io/VPP — 常用指令集合

    目录 文章目录 目录 前言 System Level Interface Add NIC into VPP as Interface Interface State Hardware Interfac ...

  2. FD.io/VPP — Overview

    目录 文章目录 目录 FD.io VPP FD.io 官网:https://fd.io FD.io(Fast data – Input/Output)是 Linux 基金会下属的一个开源项目,成立于 ...

  3. FD.io VPP 20.09版本正式发布:往期VPP文章回顾+下载地址+相关链接

    目录 下载RPM/DEB包 往期文章回顾与推荐 FD.io是一些项目和库的集合,基于DPDK并逐渐演化,支持在通用硬件平台上部署灵活可变的业务.FD.io为软件定义基础设施的开发者提供了一个通用平台, ...

  4. FD.io VPP:探究分段场景下vlib_buf在收发包的处理(dpdk_plugin.so)、rte_mbuf与vlib_buf 关系

    Table of Contents rte_mbuf.vlib_buf 关系及内存分布 使用dpdk-收包接口函数 使用dpdk 发包接口函数 总结 参考阅读 在使用vpp老版本copy报文的时候,经 ...

  5. FD.io VPP:vlib buffer pool(vlib_buffer) 内存初始化

    Table of Contents vlib buffer创建过程 vlib_buffer相关内存初始化 1.函数一开始就查询numa的个数 2.遍历numa节点来初始化 3.查询系统大页大小. 4. ...

  6. 关于FD.io VPP的最新消息

    Table of Contents CuVPP:软件数据平面中基于过滤器的最长前缀匹配 快速数据项目的矢量包处理器(VPP)版本20.05 2020年打破神话的DPDK 在商品硬件上使用Calico ...

  7. FD.io VPP环境下运行用户应用程序教程

    FD.io VPP环境下运行用户应用程序教程 RToax 2020年9月 相关文章:<FD.io VPP利用iperf3进行UDP灌包测试-英特尔X520万兆网卡> 1. VPP简介 VP ...

  8. FD.io VPP用户文档:会话层架构与VPP应用

    FD.io VPP:用户文档 HostStack RToax 2020年9月 HostStack 1. 描述 VPP的主机协议栈是利用VPP传输,会话和应用程序层协议的用户空间实现.它大致包括四个主要 ...

  9. FD.io VPP:用户文档:VPP RPM包的构建与离线安装

    VPP RPM包的构建与离线安装 RToax 2020年9月 要开始使用VPP进行开发,您需要获取所需的VPP源代码,然后构建软件包. 1. 设置代理 如果你的服务器本地可以连接互联网,则跳过设置代理 ...

最新文章

  1. 育果医生CEO马于堃:互联网医疗行业与产品的本质
  2. 《Unity 3D 游戏开发技术详解与典型案例》——1.3节第一个Unity 3D程序
  3. 利用dbms_metadata.get_ddl查看DDL语句
  4. 今日英语:out of the box
  5. STM8学习笔记---Modbus通信协议简单移植
  6. hash算法在日常活动中的应用
  7. 【Java从0到架构师】MyBatis - 缓存_构造方法
  8. Apache日志配置详解(rotatelogs LogFormat)
  9. 如何修改SecureCRT中的端口转发过滤器?
  10. 性能测试--jmeter中正则表达式提取器的使用【16】
  11. PHP不支持多线程,有时候处理问题不是那么爽,今天谈论一下PHP定时执行的方法...
  12. C语言常见题目汇总(不断更新)(建议收藏)
  13. 红米1s 一键root测试
  14. [系统安全] 一.什么是逆向分析、逆向分析基础及经典扫雷游戏逆向
  15. 如何扩大计算机的硬盘空间,c盘分区小了怎么扩大_电脑c盘分区空间太小如何扩大...
  16. 域名解析、域名转向的作用
  17. Vue项目实践——实现手机扫描二维码预览页面效果
  18. html比较长的单词不自动换行,HTML+CSS 对于英文单词强制换行但不截断单词的解决办法...
  19. ubuntu下淘宝的使用
  20. [someip专题]vsomeip使用以及代码解析1

热门文章

  1. oracle中or的替函数,Oracle常用内置Or自定义函数-SQL宝典
  2. python开发效率最高_公认8个效率最高的爬虫框架
  3. mysql报错2_MySQL基于报错注入2
  4. java实现微信企业付款到银行卡_微信企业付款到银行卡实现方式 - 黎明互联-官方博客 - 黎明互联 - 区块链培训,PHP培训,IT培训,职业技能培训,追求极致!改变您的职业生涯!...
  5. vue、cnpm不是内部文件_vue文件通过cnpm install后无法用npm run serve打开
  6. Android自定义旋钮效果,Android自定义悬浮按钮效果实现,带移动效果
  7. python3.8自带matlop和numpy吗_Python enlop包_程序模块 - PyPI - Python中文网
  8. eeglab中文教程系列(13)-导入cnt文件
  9. 人类基因组最后一块拼图完成!Science罕见6篇连发
  10. 哈佛大学让青蛙断腿再生:有骨头有血管,对刺激物还会产生强烈踢腿反应