Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

[James Chapman]

On Sun, Mar 24, 2013 at 11:05 AM, Tomas Agartz <tlund@nxs.se> wrote:
> I am trying to set up an unmanaged L2TPv3 ethernet pseudowire from a Cisco
> 7200 (running IOS 15.2M) and a Linux box with kernel 3.2 (Debian Wheezy).
>
> Using Wireshark I can see L2TPv3 packets arriving from the Cisco router, but
> they are not parsed correctly by the kernel and only a few (mangled) frames
> are showing up on the l2tpeth0 interface.
>
> The actualy tunnel packets that arrive from the cisco router looks like
> this: [IPv4][L2TPv3][payload]. The L2TPv3 header is only 4 bytes, the bytes
> 00 00 00 c8 (just the session id, 200) and the payload is an ethernet frame
> recived by the Cisco on the interface where the tunnel is configured. A
> quick glance at the RFC seem to indicate that this is correct.
>
> I am assuming that the kernel is trying to parse more data then just the 4
> bytes, for example expecting a cookie and/or sequence numbers. It is also
> possible it is expecting a L2 sublayer header after the L2TPv3 header. I had
> to tune wireshark and set cookie size to "0", L2-Specific sublayer to "none"
> and tell it to decode the packet contents as "ethernet". With these
> settings, it is showing me exactly what I am expecting.

The issue is that Linux and Cisco use a different default for the
L2SpecificSublayer header setting and neither implementation provides
a config option to change its setting. :-( The Linux default is to use
the Default L2SpecificSublayer as defined in the RFC. Unfortunately
the Cisco default is to use no L2SpecificSublayer.

The kernel already has an API to allow the L2SpecificSublayer setting
to be configured. The missing piece is an iproute2 l2tp config option
to configure it. I'll work on an iproute2 patch now to allow this
setting to be configured.

> To configure the tunnel in the linux end, I have done this:
>
> ip l2tp add tunnel remote 172.16.0.1 local 192.168.0.1 tunnel_id 200
> peer_tunnel_id 200 encap ip
> ip l2tp add session tunnel_id 200 session_id 200 peer_session_id 200
>
> The cisco has the following config:
> !
> interface GigabitEthernet0/0
>  no ip address
>  xconnect 192.168.0.1 200 encapsulation l2tpv3 manual pw-class tlund
>   l2tp id 200 200
> !
> pseudowire-class tlund
>  encapsulation l2tpv3
>  interworking ethernet
>  protocol none
>  ip local interface Loopback0
> !
>
> I can not understand how Linux could possibly auto-detect the cookie size
> and know what kind L2 sublayer header to expect, meaning it needs to be
> configured. Is there some other tool outside of iproute2 that can be used to
> configure these aspect of the L2TPv3 tunnel in the Linux side?

For unmanaged tunnels, these parameters must be manually configured
consistently at each side. Both Cisco and Linux default to use no
cookies and both already have config parameters to set cookie
parameters, if needed. However, for L2SpecificSublayer this isn't the
case. We need to add a config option on the Linux side to force the
same setting as Cisco is using.

For managed tunnels, the L2TP control protocol (implemented by a
userspace daemon on Linux) would take care of negotiating these
settings with the peer and configuring the kernel appropriately.

>
> Best regards,
> Tomas

James

Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

[Tomas Agartz]

On Tue, 26 Mar 2013, James Chapman wrote:

> The issue is that Linux and Cisco use a different default for the 
> L2SpecificSublayer header setting and neither implementation provides a 
> config option to change its setting. :-( The Linux default is to use the 
> Default L2SpecificSublayer as defined in the RFC. Unfortunately the 
> Cisco default is to use no L2SpecificSublayer.
>
> The kernel already has an API to allow the L2SpecificSublayer setting to 
> be configured. The missing piece is an iproute2 l2tp config option to 
> configure it. I'll work on an iproute2 patch now to allow this setting 
> to be configured.

I patched my iproute2 with your patch and now my tunnel is working. Thank 
you! :)

> For unmanaged tunnels, these parameters must be manually configured 
> consistently at each side. Both Cisco and Linux default to use no 
> cookies and both already have config parameters to set cookie 
> parameters, if needed. However, for L2SpecificSublayer this isn't the 
> case. We need to add a config option on the Linux side to force the same 
> setting as Cisco is using.

Does the API in the kernel allow you to set the cookie? In that 
case it seems like a good idea to add that to iproute2 as well?

//tlund

Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

[James Chapman]

On 27/03/13 20:08, Tomas Agartz wrote:
> On Tue, 26 Mar 2013, James Chapman wrote:
> 
>> The issue is that Linux and Cisco use a different default for the
>> L2SpecificSublayer header setting and neither implementation provides
>> a config option to change its setting. :-( The Linux default is to use
>> the Default L2SpecificSublayer as defined in the RFC. Unfortunately
>> the Cisco default is to use no L2SpecificSublayer.
>>
>> The kernel already has an API to allow the L2SpecificSublayer setting
>> to be configured. The missing piece is an iproute2 l2tp config option
>> to configure it. I'll work on an iproute2 patch now to allow this
>> setting to be configured.
> 
> I patched my iproute2 with your patch and now my tunnel is working.
> Thank you! :)

Great. Thanks for reporting back.

>> For unmanaged tunnels, these parameters must be manually configured
>> consistently at each side. Both Cisco and Linux default to use no
>> cookies and both already have config parameters to set cookie
>> parameters, if needed. However, for L2SpecificSublayer this isn't the
>> case. We need to add a config option on the Linux side to force the
>> same setting as Cisco is using.
> 
> Does the API in the kernel allow you to set the cookie? In that case it
> seems like a good idea to add that to iproute2 as well?

It is already supported. See the cookie and peer_cookie parameters of ip
l2tp add session.

ip l2tp help
or
man ip-l2tp

James

Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

[Pierre Desvaux]

James Chapman <jchapman <at> katalix.com> writes:

> 
> On 27/03/13 20:08, Tomas Agartz wrote:
> > On Tue, 26 Mar 2013, James Chapman wrote:
> > 
> >> The issue is that Linux and Cisco use a different default for the
> >> L2SpecificSublayer header setting and neither implementation provides
> >> a config option to change its setting.  The Linux default is to use
> >> the Default L2SpecificSublayer as defined in the RFC. Unfortunately
> >> the Cisco default is to use no L2SpecificSublayer.
> >>
> >> The kernel already has an API to allow the L2SpecificSublayer setting
> >> to be configured. The missing piece is an iproute2 l2tp config option
> >> to configure it. I'll work on an iproute2 patch now to allow this
> >> setting to be configured.
> > 
> > I patched my iproute2 with your patch and now my tunnel is working.
> > Thank you! :)
> 
> Great. Thanks for reporting back.
> 
> >> For unmanaged tunnels, these parameters must be manually configured
> >> consistently at each side. Both Cisco and Linux default to use no
> >> cookies and both already have config parameters to set cookie
> >> parameters, if needed. However, for L2SpecificSublayer this isn't the
> >> case. We need to add a config option on the Linux side to force the
> >> same setting as Cisco is using.
> > 
> > Does the API in the kernel allow you to set the cookie? In that case it
> > seems like a good idea to add that to iproute2 as well?
> 
> It is already supported. See the cookie and peer_cookie parameters of ip
> l2tp add session.
> 
> ip l2tp help
> or
> man ip-l2tp
> 
> James
> 
> 

Hi,

I have tried an other solution to bypass this issue.
I put a 4 bytes cookie in the paquets sent by the Cisco. It looks like this:
[IPv4][L2TPv3][Cookie][payload]

With value 0, the cookie is seen by the Linux as a L2SpecificSublayer with
Sbit at 0. Wich means ignore the value of the sequence number in
L2SpecificSublayer so Linux accepts it. Linux replies automaticaly with Sbit
0 to Cisco.
Cisco is as well configured to accept a 4 bytes cookie, the
L2SpecificSublayer is now accepted as a cookie.

To configure Cisco:
xconnect 192.168.0.1 200 encapsulation l2tpv3 manual pw-class tlund
   l2tp id 200 200
   l2tp cookie local 4 0
   l2tp cookie remote 4 0

Pierre

Stale IPv6 address accumulation on linux 3.2.17

[Templin, Fred L]

Hi,

On linux 3.2.17, I have a host that configures IPv6 addresses on
an eth0 interface based on Router Advertisements received from an
on-link linux box configured as an IPv6 router and running radvd.
When the host gets an RA, it configures both an EUI-64-based IPv6
address and an IPv6 privacy address, so it has two IPv6 addresses.
But, if I leave the host up for long periods of time, it seems to
accumulate additional IPv6 addresses - perhaps these are stale
IPv6 privacy addresses?

Is this known behavior, and if so is there a way to turn it off?
Or, perhaps this was a known bug that has been corrected in more
recent linux kernel versions?

Thanks - Fred
fred.l.templin@boeing.com

Re: Stale IPv6 address accumulation on linux 3.2.17

[Hannes Frederic Sowa]

Hi Fred!

On Mon, Oct 21, 2013 at 03:50:24PM +0000, Templin, Fred L wrote:
> On linux 3.2.17, I have a host that configures IPv6 addresses on
> an eth0 interface based on Router Advertisements received from an
> on-link linux box configured as an IPv6 router and running radvd.
> When the host gets an RA, it configures both an EUI-64-based IPv6
> address and an IPv6 privacy address, so it has two IPv6 addresses.
> But, if I leave the host up for long periods of time, it seems to
> accumulate additional IPv6 addresses - perhaps these are stale
> IPv6 privacy addresses?
> 
> Is this known behavior, and if so is there a way to turn it off?
> Or, perhaps this was a known bug that has been corrected in more
> recent linux kernel versions?

Could you send me the output of ip -6 a l?

Greetings,

  Hannes

Re: unmanaged L2TPv3 ethernet pseudowire Cisco <=> Linux

[Esteban Lopez]

Hi 

I'm trying to create a l2tpv3 tunnel between linux box (kernel 2.6.38) and 
Cisco.

I compiled the James's patch but when I try to use "encap ip" I receive this 
error:

RTNETLINK answers: Protocol not supported

I test the same in with kernel 3.2.0 but I have the same output.

Anybody know if I have a kernel's opction missed?

Thank you in advance!