argus-3.x request (forwarded)

Carter Bullard carter at qosient.com
Thu Feb 11 17:17:13 EST 2010 

Well, maybe it will be better just to talk about what is required.

So the goal is to differentiate the same flow but in different
tunnels,  I think I need to add all encapsulations to the flow key,
or at least parts of all the encapsulations, because each encaps
is a functional tunnel.  

I need to keep track of the order of the encapsulations, as encapsulation
scoping isn't commutative.  Ethernet header -> VLAN tag -> IP  isn't the
same as IP header -> Ethernet header -> VLAN tag

Bidirectionality doesn't hold true for some encapsulations.
MPLS is a half-duplex service, as the return MPLS labels
don't have any relationship to each other.

For MPLS, adding all the stacked MPLS labels is important,
but there is no "bi-directional" aspect to MPLS, so I'll need
to track the source and destination encapsulation identifiers
separately.   Bidirectionality can be tracked at the highest
level Transport header, like we're doing now.

Same holds true for VLAN tags?  Can I get one half of a flow in
one VLAN, and the return traffic for the flow in another VLAN?
Is it possible for the return traffic to not be in a VLAN? Is that possible?

What do you think?

Carter

On Feb 11, 2010, at 2:19 PM, Peter Van Epp wrote:

> On Thu, Feb 11, 2010 at 11:59:27AM -0500, Carter Bullard wrote:
>> Hey Peter,
>> Do you have (or did you have) any packets that express this problem
>> where the same flow is on the wire multiple times, but in different tunnels?
>> I'm starting to think about a general solution, but could use some packets
>> to help me ponder the problem.
>> 
>> Carter
>> 
> 	Unfortuntatly "did have" is the operant word :-). It showed up on SFU's
> backbone (which was at tha point a weird place for historitcal reasons) about
> 5 or 6 years ago when I was using one of my test boxes on a tap from the 
> backbone since it wasn't prod I didn't keep the traces. The production boxes 
> were on a more sensible connection and never had the problem so the SFU 
> archives won't have a copy either. I don't have access to SFU's network any 
> more and even if I did, I don't know that we didn't finally clean up the 
> config that was causing the issue. 
> 	It may be possible to recreate the problem here using multiple 
> overlayed networks on a FreeBSD box and turning on forwarding to route between 
> the overlay networks and doing a capture here. I'll have a poke at it. 
> 
> Peter Van Epp
> 
> 	
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100211/b59ea0b4/attachment.bin>

More information about the argus mailing list