[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <682346f6-5a19-1b09-c201-9ab210643ca0@katalix.com>
Date: Wed, 11 Dec 2024 09:43:16 +0000
From: James Chapman <jchapman@...alix.com>
To: Preston <preston@...rpreston.com>
Cc: netdev <netdev@...r.kernel.org>
Subject: Re: ethernet over l2tp with vlan
On 10/12/2024 20:00, Preston wrote:
> On Thu, Dec 5, 2024 at 3:00 AM James Chapman <jchapman@...alix.com> wrote:
>> Please don't top-post.
> Apologies, first timer.
>> Are you configuring an IP address on l2tpeth0.1319 and capturing on
> l2tpeth0?
> I'm running dhclient on l2tpeth0.1319, the DHCP discover from that is
> the packet you see in the screenshot. The pcap is being taken on the
> physical interface.
You've top-posted again! Don't c&p parts of text to the top of emails
when replying. Please see https://subspace.kernel.org/etiquette.html
I'll add your reply text below and answer there, in the interest of
making progress.
>
>
>>
>> On 04/12/2024 21:04, Preston wrote:
>>> l2tpeth0 is not attached to anything, it's created by the `ip l2tp`
>>> commands. But since it's encapsulating and setting a new destination
>>> IP address, packets are referred to the route table.
>>
>> Please don't top-post. It makes it much harder for other readers to
>> follow the discussion. I'll repaste your reply below this time.
>>
>>> On Wed, Dec 4, 2024 at 6:48 AM James Chapman <jchapman@...alix.com> wrote:
>>>>
>>>> On 03/12/2024 16:14, Preston wrote:
>>>>> Hello folks, please let me know if there’s a more appropriate place to
>>>>> ask this but I believe I’ve found something that isn’t supported in
>>>>> iproute2 and would like to ask your thoughts.
>>>>
>>>> Thanks for reaching out.
>>>>
>>>>> I am trying to encapsulate vlan tagged ethernet traffic inside of an
>>>>> l2tp tunnel.This is something that is actively used in controllerless
>>>>> wifi aggregation in large networks alongside Ethernet over GRE. There
>>>>> are draft RFCs that cover it as well. The iproute2 documentation I’ve
>>>>> found on this makes it seem that it should work but isn’t explicit.
>>>>>
>>>>> Using a freshly compiled iproute2 (on Rocky 8) I am able to make this
>>>>> work with GRE without issue. L2tp on the other hand seems to quietly
>>>>> drop the vlan header. I’ve tried doing the same with a bridge type
>>>>> setup and still see the same behavior. I've been unsuccessful in
>>>>> debugging it further, I don’t think the debug flags in iproute2's
>>>>> ipl2tp.c are functional and I suppose the issue might instead be in
>>>>> the kernel module which isn’t something I’ve tried debugging before.
>>>>> Is this a bug? Since plain ethernet over l2tp works I assumed vlan
>>>>> support as well.
>>>>>
>>>>>
>>>>> # Not Working L2TP:
>>>>> [root@...rf1 ~]# ip l2tp add tunnel tunnel_id 1 peer_tunnel_id 1 encap
>>>>> udp local 2.2.2.2 remote 1.1.1.1 udp_sport 1701 udp_dport 1701
>>>>> [root@...rf1 ~]# ip l2tp add session tunnel_id 1 session_id 1 peer_session_id 1
>>>>> [root@...rf1 ~]# ip link add link l2tpeth0 name l2tpeth0.1319 type vlan id 1319
>>>>> [root@...rf1 ~]# ip link set l2tpeth0 up
>>>>> [root@...rf1 ~]# ip link set l2tpeth0.1319 up
>>>>> Results: (captured at physical interface, change wireshark decoding
>>>>> l2tp value 0 if checking yourself)
>>>>> VLAN header dropped
>>>>> Wireshark screenshot: https://i.ibb.co/stMsRG0/l2tpwireshark.png
>>>>
>>>> This should work.
>>>>
>>>> In your test network, how is the virtual interface l2tpeth0 connected to
>>>> the physical interface which you are using to capture packets?
>> >
>> > l2tpeth0 is not attached to anything, it's created by the `ip l2tp`
>> > commands. But since it's encapsulating and setting a new destination
>> > IP address, packets are referred to the route table.
>>
>> Are you configuring an IP address on l2tpeth0.1319 and capturing on
>> l2tpeth0?
> l2tpeth0?
Yes.
> I'm running dhclient on l2tpeth0.1319, the DHCP discover from that is
> the packet you see in the screenshot. The pcap is being taken on the
> physical interface.
Which physical interface? Please share your tcpdump/wireshark/other
command line to show which interface you are capturing packets on.
If you capture on l2tpeth0.1319, you will see untagged packets carried
over l2tpeth0 on VLAN 1319.
If you capture on l2tpeth0, you will see all packets carried over
l2tpeth0, with VLAN tags, if any. In your case, you should see tagged
packets of VLAN 1319.
If you capture on the network interface used by the L2TP tunnel, you
will see the L2TP packets with their tunnel IP header.
>>
>>>>
>>>>>
>>>>>
>>>>> # Working GRE:
>>>>> [root@...rf1 ~]# ip link add name gre1 type gretap remote 1.1.1.1
>>>>> [root@...rf1 ~]# ip link add name gre1.120 link gre1 type vlan proto
>>>>> 802.1q id 120
>>>>> [root@...rf1 ~]# ip link set gre1 up
>>>>> [root@...rf1 ~]# ip link set gre1.120 up
>>>>> Results:
>>>>> VLAN header present
>>>>> Wireshark screenshot: https://i.ibb.co/6rJWjg9/grewireshark.png
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> ~Preston Taylor
>>>>>
>>>>
>>>
>>
>
>
> --
> -------------------------------------------------------
> ~Preston Taylor
Powered by blists - more mailing lists