[Sis-SCPS-INTEREST] Testing of SCPS-TP

Marcin Jessa lists at yazzy.org
Tue Sep 13 08:45:02 EDT 2005 

On Thu, 8 Sep 2005 12:30:37 -0400
"Feighery,Patrick D." <feighery at mitre.org> wrote:

>  See comment in-line
> 
> 
> >>-----Original Message-----
> >>From: sis-scps-interest-bounces at mailman.ccsds.org 
> >>[mailto:sis-scps-interest-bounces at mailman.ccsds.org] On 
> >>Behalf Of Marcin Jessa
> >>Sent: Thursday, September 08, 2005 2:28 AM
> >>To: sis-scps-interest
> >>Subject: [Sis-SCPS-INTEREST] Testing of SCPS-TP
> >>
> >>Hi guys.
> >>
> >>I am trying to set up a test enviroment for SCSP-TP to test 
> >>it's performance. 
> >>I managed to cleanly compile SCPS on both FreeBSD 6.0 and 7.0 
> >>(CURRENT) 
> >>with a few minor patches and set up an emulator of a 
> >>satellite link using FreeBSD with DUMMYNET.
> >>The computer running emulator has two nics set in bridge mode 
> >>without assigned IP's adding latency, limiting bandwidht and 
> >>simuling lossy link with random packet loss on the traffic 
> >>going through the bridge.
> >>Being very happy I found www.scps.org and feeling I am failry 
> >>familiar with TCP/IP I propably underestimated 
> >>the amount of new things I need to learn to understand the 
> >>mechanism of SCPS.
> >>>From what I understand, to successfully finish my setup I 
> >>need to connect two computers to the bridge of my satellite 
> >>link emulator and make them act as transparent SCPS gateways. 
> >>Which I did creating rfile and running the compiled gateway 
> >>binary on both the machines.
> 
> Yes, so far so good.
> 
> >>Both can ping one another across the bridge and the satellite 
> >>emulator works as expected.
> 
> Yes and note that SCPS compiled for FreeBSD intercepts TCP packets, all
> other packets are not touched by the divert rule and are not proxied.
> 
>  
> >>The gateway binary creates divert rules (in addition to allow 
> >>rules) which can be veryfied as existing/correct with ipfw show. 
> >>TCP traffic is diverted to scps:
> >>10006 divert 53000 tcp from any to any via fxp1 setup in
> >>10007 divert 53001 tcp from any to any via fxp0 setup in
> >>10008 divert 52000 tcp from any to any in via fxp1
> >>10008 divert 52000 tcp from any to any in via fxp0
> >>10008 divert 52000 scps from any to any in via fxp1
> >>10008 divert 52000 scps from any to any in via fxp0
> >>
> 
> In looking at this fxp0 is probably your LAN side interface and fxp0 is
> probably your WAN side interface.
> 
> >>After that I connected additional computers to the second 
> >>inteface of the gateways and from that point I am not quite 
> >>sure what to do.
> 
> Well first remember that SCPS is not a routing protocol so you need to
> enable ip_forwarding and have a routing table entry (either static or
> dynamic) to route the traffic through the gateway.

Thanks, I ofcourse forgot to run sysctl net.inet.ip.forwarding=1. 
No wonder I could not make routing work properly.
The first tests are looking very promicing though.

> After this assuming you have a machine on each gateway's LAN side
> interface, then you should be able to FTP, telnet, http, etc from one
> machine to the other.  First I would ping from end machine to end
> machine to make sure the routing/forwarding is all set up properly.
> 
> >>I guess running natd on the gateways for the networks behind 
> >>them or bridging the interfaces on the gateways is not what I 
> >>am suppose to do.
> 
> Correct, NAT is not used at all.  The gateways are transparent and the
> only IP addresses seen should be those of the end systems themselves.

Is it possible to set up SCPS in bridged mode and make the gateways even more transparent ?
I tried playing with it but it seems like bridge and divert do not play together.
Could one maybe use ipf or pf instead of ipfw and divert ?
Or would that approach work on another O.S ?

> >>Should I set up OSPF on the gateways to make the networks 
> >>behind them talk to one another ?
> 
> Essentially yes.  I would just have static routes on the gateway boxes 
> 
> >>Could someone be so kind and provide me with aditional steps 
> >>to finish my testing?
> 
> >>I am also wondering if the gateway binary can run as daemon ?
> 
> Unfortunately not.
> 
> >>And what does this mean? (I get that error running all the 
> >>other scps_* apps in the app/ directory):
> >>./scps_ttcp -r -s -H 192.168.2.8
> >>UNRECOVERABLE ERROR opening AAA .
> >>ERROR: MTU ioctl call on interface  returned -1
> 
> This is simple side affect on the way the SCPS code was packaged.  If
> you configure the code as a gateway then the only binary that makes is
> 'gateway'.  Even though the other in the apps directory compile, the
> are worthless.  Conversely if you configure the scps code as a stand
> alone stack 'scps_ttcp' binary is valid while gateway is moot.
> 
> Hope this helps and makes sense.  If not, let's try and work it out.

What I am also trying to work out is if I can run SCPS as gateway on NetBSD.
Running ./configure --gateway=yes  gives me following message:
"The SCPS Gateway is only supported on the FreeBSD Operating
System version 2.2.2 or greater or the Linux Operating system."

Although the README file says:
"The SCPS lower layer software and the SCPS example applications
have also been ported to NetBSD, Solaris 2.5 or higher, and IRIX
5.3."
What are those example applications ?

One more thing I am curious about is the hardware requirement for SCPS gateways.
I want to try to make it work on small embedded devices with AMD Geod 266MHZ CPU.
How much bw could device like that handle? Are there any benchmarks/test results for that avaliable ?


Cheers,
Marcin

More information about the Sis-SCPS-INTEREST mailing list