Thursday, November 3, 2016

Encoding of MPLS

Where does this label stack reside? The label stack sits in front of the Layer 3 packet—that is,
before the header of the transported protocol, but after the Layer 2 header. Often, the MPLS label

stack is called the shim header because of its placement.

Q: How we can know if the next address is L2 Header or MPLS Label ?
the label stack is present after the PPP
header but before the IPv4 header. Because the label stack in the Layer 2 frame is placed before
the Layer 3 header or other transported protocol, you must have new values for the Data Link
Layer Protocol field, indicating that what follows the Layer 2 header is an MPLS labeled packet.
The Data Link Layer Protocol field is a value indicating what payload type the Layer 2 frame is

carrying

Example :
R1 loopback try to ping R3 loopback using R1# ping 3.3.3.3 source loopback 0
Topology and advertised labels as shown :


Result : there’s new filed in L2 Header called type that to notify the router the next header will be MPLS stack label using this Hex number as shown in above in table and below packet capture.



Note : Where does MPLS fit in? MPLS is not a Layer 2 protocol because the Layer 2 encapsulation is
still present with labeled packets. MPLS also is not really a Layer 3 protocol because the Layer 3
protocol is still present, too. Therefore, MPLS does not fit in the OSI layering too well. Perhaps
the easiest thing to do is to view MPLS as the 2.5 layer and be done with it.
Posted by at No comments:
Labels:

Wednesday, February 3, 2016

BGP - Passive Peer Feature Explanation.

BGP -passive Peer

Requested :
1       1- BGP Active between R1 & R2,R3

         2-  R2 is Main Peer and R3 is Backup Peer for R1 failed.

Solutions :
1     -      Configure HSRP between R2 & R3 and Assure R2 is Active and R3 is standby.
2     -      Configure BGP between R1 and VIP of R2&R3.

Incident :
BGP Established between R1 and R2 and  R3 will trying to establish BGP and send many SYN Packets to R1 to get TCP Session UP then initiate BGP Connection.
If you have Intermediate Firewall will experience many SYN Packets send respectively and may consider this as ATTACK and DROP this Communication and RESULT :  BGP will not Came UP between R1 & R3 due to Firewall

why R3 will send Many SYN Packets ?

AS R1 will receive SYN on same TCP port 179 so it will reject this packet and will send RST to sender , causing infinite SYN Packets and that trigger as attack by any Intrusion detective device in the middle.

Sample of SYN Logs :
R3 [ Sender ] :
*Aug 11 14:34:16.483: TCB66DF0BA4 created
*Aug 11 14:34:16.483: TCB66DF0BA4 setting property TCP_VRFTABLEID (14) 66D27860
*Aug 11 14:34:16.483: TCB66DF0BA4 setting property TCP_MD5KEY (2) 0
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_ACK_RATE (16) 66DF0928
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_TOS (1) 66DF0918
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_PMTU (10) 66DF08E4
*Aug 11 14:34:16.487: TCB66DF0BA4 setting property TCP_RTRANSTMO (26) 66DF0924
*Aug 11 14:34:16.491: TCP: Random local port generated 13857, network 1
*Aug 11 14:34:16.491: TCB66DF0BA4 bound to 1.1.1.3.13857
R3#
*Aug 11 14:34:16.491: TPA: Reserved port 13857 in Transport Port Agent for TCP IP type 1
*Aug 11 14:34:16.495: TCP: sending SYN, seq 3452347732, ack 0
*Aug 11 14:34:16.495: TCP0: Connection to 1.1.1.1:179, advertising MSS 1460
*Aug 11 14:34:16.499: TCP0: state was CLOSED -> SYNSENT [13857 -> 1.1.1.1(179)]
*Aug 11 14:34:16.575: TCP0: state was SYNSENT -> CLOSED [13857 -> 1.1.1.1(179)]
*Aug 11 14:34:16.579: TPA: Released port 13857 in Transport Port Agent for TCP IP type 1 delay 240000
*Aug 11 14:34:16.579: TCP0: bad seg from 1.1.1.1 -- closing connection: port 13857 seq 0 ack 3452347733 rcvnxt 0 rcvwnd 0 len 0
*Aug 11 14:34:16.579: TCP0: connection closed - remote sent RST
R1 [Receiver] :
*Aug 11 14:35:26.711: TPA: Reserved port 0 in Transport Port Agent for TCP IP type 1
*Aug 11 14:35:26.711: TCP: connection attempt to port 179
*Aug 11 14:35:26.711: TCP: sending RST, seq 0, ack 398763832
*Aug 11 14:35:26.715: TCP: sent RST to 1.1.1.3:58841 from 1.1.1.1:179
*Aug 11 14:35:26.719: TCP0: state was LISTEN -> CLOSED [0 -> UNKNOWN(0)]
*Aug 11 14:35:26.719: TPA: Released port 0 in Transport Port Agent for TCP IP type 1 delay 240000
*Aug 11 14:35:26.719: TCB 0x666BEDB4 destroyed


Solution :

R3 to become a Passive Peer “Listen to TCP SYN Packet” and force BGP session always established from by R1 .

Configuration :
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 transport connection-mode passive








Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)