From benjaminkiessling at bttec.org Wed Jul 1 05:07:24 2009 From: benjaminkiessling at bttec.org (Benjamin Kiessling) Date: Wed Jul 1 04:36:56 2009 Subject: [Sis-SCPS-INTEREST] Gateway with tunnel interface Message-ID: <20090701090724.GA9573@victor> Hi, I've got some questions regarding the configuration of the gateway and SCPS in general. Firstly my future setup should be like this: CLAN1 ---------| | CLAN2----------| Gateway|------------- Satellite ----------- | Gateway | ------ Internet CLAN3----------| | My first question is how the TUN interface in the gateway actually works. I define a TUN interface for the local (A) interface and one for then WAN (B) interface. When I do that does everything that "comes out" of the network leaves the TUN interface associated with A and does everything that goes into the network goes over the TUN interface associated with B? If so why doesn't everything run over one interface like it's the case with OpenVPN? I saw the iptables code in the source code. Is it right that the gateway route everything through itself automatically? I think I get something fundamentally wrong, please help me to resolve this state. Then I got a question regarding the files needed to configure SCPS as such. I got that npIP_NP_File is kindof like DNS (mapping IP addresses to NP addresses). But for what exactly is npPathFile good? Shouldn't the routing files do it's job? About the routing files. Is npMultiNextHopFile optional? Sorry if some or all of these questions seem a little bit basic, but I am not able to make that much sense out of the documentation. I would test a lot of this stuff myself but I have to wait for the hardware a few more days. Best Regards, Benjamin Kiessling -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature Url : http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090701/ab59e795/attachment.pgp From benjaminkiessling at bttec.org Wed Jul 1 05:34:01 2009 From: benjaminkiessling at bttec.org (Benjamin Kiessling) Date: Wed Jul 1 05:03:32 2009 Subject: [Sis-SCPS-INTEREST] Re: Gateway with tunnel interface In-Reply-To: <20090701090724.GA9573@victor> References: <20090701090724.GA9573@victor> Message-ID: <20090701093400.GA9710@victor> Hi again, I forgot a question. Is the npNextHopFile always of the form local_IP_address remote_NP_address1 remote_IP_address1 .... ? I am not completely sure because the source code puts the "local_IP_address" in the variable "np_local_addr". "remote_IP_address1" must be an IP address at all times am I right (I am 100% sure but just want to check before I change the source code)? Best Regards, Benjamin Kiessling -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: Digital signature Url : http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090701/7c0ca7e0/attachment.pgp From kscott at mitre.org Wed Jul 1 09:55:50 2009 From: kscott at mitre.org (Scott, Keith L.) Date: Wed Jul 1 09:25:14 2009 Subject: [Sis-SCPS-INTEREST] Re: Gateway with tunnel interface In-Reply-To: <20090701093400.GA9710@victor> References: <20090701090724.GA9573@victor> <20090701093400.GA9710@victor> Message-ID: <0111C34BD897FD41841D60396F2AD3D3018A7E4E4D@IMCMBX2.MITRE.ORG> Hi, You probably DON'T want to be using NP. For a simple gateway setup, you're probably best off letting the gateways run over IP. I think the config parameter is '--encap=raw'. As for the TUN interfaces, what the gateway is trying to do is to bridge the hardware Ethernet interfaces to the TUN interfaces so that it (the gateway) can have access to all packets coming into the machine. Anything that comes in the A interface gets bridged to the TUNA interface, which the gateway can read from and write to. Similarly for the B and TUNB interfaces. The gateway then does its thing with the TCP connections, terminating the LAN-side ones and moving the data to SCPS-TP-enabled TCP connections on the WAN side. Set up this way (using the TUN interfaces), the gateway can act like a bridge so that no changes are needed to routing tables on either side. This will not work for traffic originating from the gateway; other changes are needed to support that, and it's probably not something you need, judging by your diagram. --keith -----Original Message----- From: sis-scps-interest-bounces@mailman.ccsds.org [mailto:sis-scps-interest-bounces@mailman.ccsds.org] On Behalf Of Benjamin Kiessling Sent: Wednesday, July 01, 2009 5:34 AM To: sis-scps-interest@mailman.ccsds.org Subject: [Sis-SCPS-INTEREST] Re: Gateway with tunnel interface Hi again, I forgot a question. Is the npNextHopFile always of the form local_IP_address remote_NP_address1 remote_IP_address1 .... ? I am not completely sure because the source code puts the "local_IP_address" in the variable "np_local_addr". "remote_IP_address1" must be an IP address at all times am I right (I am 100% sure but just want to check before I change the source code)? Best Regards, Benjamin Kiessling -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3505 bytes Desc: not available Url : http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090701/1f991902/smime.bin From feighery at mitre.org Wed Jul 1 11:34:23 2009 From: feighery at mitre.org (Feighery, Patrick D.) Date: Wed Jul 1 11:03:47 2009 Subject: [Sis-SCPS-INTEREST] Gateway with tunnel interface In-Reply-To: <20090701090724.GA9573@victor> References: <20090701090724.GA9573@victor> Message-ID: Most people only use the SCPS transport layer protocols, so there so reason to worry about the NP protocols or the SP protocol as well. There are a couple of ways to interface the SCPS gateway with the kernel. Most systems will either use the TAP or TUN interface. With the TUN interface the machine hosting the SCPS gateway must perform all IP forwarding. Thus its routing table must contains a router to all nodes that packets will be forwarded to. So in your case if I remember correctly something like cd source configure --gateway=yes --tun=yes --gateway_single_thread=yes cd ../apps ./configure cd ../ make clean;make Will probably work. Since you are on an AMD64 you may need to edit the Makefile as I mentioned in a previous email With the TAP interface the machine hosting the SCPS gateway will act like a transparent bridge. In other works all ARP messages will flow end to end and the gateway's MAC addresses will not be seen on the wire. So in your case if I remember correctly something like cd source configure --gateway=yes --tap=yes --gateway_single_thread=yes cd ../apps ./configure cd ../ make clean;make Same comments works the AMD64 processors hold true. Finally, you will need to tailor the rfile, but that should be the only file that needs to be modified. Hope this helps.. Pat -----Original Message----- From: sis-scps-interest-bounces@mailman.ccsds.org [mailto:sis-scps-interest-bounces@mailman.ccsds.org] On Behalf Of Benjamin Kiessling Sent: Wednesday, July 01, 2009 5:07 AM To: sis-scps-interest@mailman.ccsds.org Subject: [Sis-SCPS-INTEREST] Gateway with tunnel interface Hi, I've got some questions regarding the configuration of the gateway and SCPS in general. Firstly my future setup should be like this: CLAN1 ---------| | CLAN2----------| Gateway|------------- Satellite ----------- | Gateway | ------ Internet CLAN3----------| | My first question is how the TUN interface in the gateway actually works. I define a TUN interface for the local (A) interface and one for then WAN (B) interface. When I do that does everything that "comes out" of the network leaves the TUN interface associated with A and does everything that goes into the network goes over the TUN interface associated with B? If so why doesn't everything run over one interface like it's the case with OpenVPN? I saw the iptables code in the source code. Is it right that the gateway route everything through itself automatically? I think I get something fundamentally wrong, please help me to resolve this state. Then I got a question regarding the files needed to configure SCPS as such. I got that npIP_NP_File is kindof like DNS (mapping IP addresses to NP addresses). But for what exactly is npPathFile good? Shouldn't the routing files do it's job? About the routing files. Is npMultiNextHopFile optional? Sorry if some or all of these questions seem a little bit basic, but I am not able to make that much sense out of the documentation. I would test a lot of this stuff myself but I have to wait for the hardware a few more days. Best Regards, Benjamin Kiessling -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3514 bytes Desc: not available Url : http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090701/a046b66a/smime.bin From wdyxj at foxmail.com Mon Jul 6 22:04:52 2009 From: wdyxj at foxmail.com (=?gbk?B?d2R5?=) Date: Mon Jul 6 21:36:27 2009 Subject: [Sis-SCPS-INTEREST] SCPS-NP help Message-ID: Hi all: I am a student,I was learning to use SCPS¡£So I refer to the document¡£I would like to build a simulated environment£¬such as£º A-----GATEWAY---- B the PC A as ground host£¬I run the SCPS-FP client on it¡£ so I think PC A should send NP over IP packet to gateway¡£when the gateway receive a packet from A,It should removed the Ip head and send to B. FP FP A TP ---- GATEWAY------- TP B NP NP NP NP IP IP LINK LINK LINK LINK when I configure the gateway use fllow configure£º ./configure --nl_default=np --gateway=yes --tap=yes the gateway work not well¡£It not removed the Ip head and send to B so I need some help for use the SCPS-NP. I hope you can help me. I would be very gratefue if able to provide an example about use the SCPS-NP¡£ Best Regards! wdyxj -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090707/f22d833f/attachment.html From wdyxj at foxmail.com Mon Jul 6 22:02:15 2009 From: wdyxj at foxmail.com (=?gbk?B?d2R5?=) Date: Mon Jul 6 21:37:53 2009 Subject: [Sis-SCPS-INTEREST] SCPS-NP help Message-ID: Hi all: I am a student,I was learning to use SCPS¡£So I refer to the document¡£I would like to build a simulated environment£¬such as£º A-----GATEWAY---- B the PC A as ground host£¬I run the SCPS-FP client on it¡£ so I think PC A should send NP over IP packet to gateway¡£when the gateway receive a packet from A,It should removed the Ip head and send to B. FP FP A TP ---- GATEWAY------- TP B NP NP NP NP IP IP LINK LINK LINK LINK when I configure the gateway use fllow configure£º ./configure --nl_default=np --gateway=yes --tap=yes the gateway work not well¡£It not removed the Ip head and send to B so I need some help for use the SCPS-NP. I hope you can help me. I would be very gratefue if able to provide an example about use the SCPS-NP¡£ Best Regards! wdyxj -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090707/0d50c57c/attachment.htm From eric.dot.travis at gmail.com Tue Jul 7 13:49:34 2009 From: eric.dot.travis at gmail.com (Eric Travis) Date: Tue Jul 7 13:19:06 2009 Subject: [Sis-SCPS-INTEREST] SCPS-NP help In-Reply-To: References: Message-ID: Hi, I don't think that the gateway application in the SCPS-RI support SCPS-NP (at least in the protocol translation capacity that you desire); If you want to experiment with SCPS-NP, you can just run the end-points in your diagram (eliminate the gateway middlebox); I think you are stuck with SCPS-NP being tunneled in IP - which will greatly constrain the degree of interesting things which are possible. At best you'll be able to see the SCPS-NP headers in a packet dump. Now, given that you are a student :o) : If you wish to add a development aspect to your exploration, you can use the tap functionality to build SCPS-NP datagrams so that they are directly encapsulated within ethernet frames (eliminating the need for IP-encapsulation); I can't find any evidence that an ethertype registration for SCPS-NP was ever purchased from IEEE - so you'll have to make one up for local use. Also, I do remember testing and experimentally deploying SCPS-NP w/o IP-encapsulation and seem to remember a translation table capability being implemented for SCPS-NP. The translation capability would enable the mapping of transformation of SCPS-NP <---> IPv4 headers on a host-by-host basis. This was to allow IP-packets traverse a theoretical SCPS-cloud (complete with SCPS-NP routers) and SCPS-NP packets transit an IP-based cloud. If it really existed, said code should still be somewhere in the reference implementation. Given this you could, with little effort, modify the gateway process to support both native SCPS-NP functionality and as a translating (IPv4 <---> SCPS-NP) router. Both of these will allow you to build a fully functional environment. On 7/6/09, wdy wrote: > Hi all: > I am a student,I was learning to use SCPS?So I refer to the document?I > would like to build a simulated environment?such as? > A-----GATEWAY---- B > > the PC A as ground host?I run the SCPS-FP client on it? so I think PC A > should send NP over IP packet to gateway?when the gateway receive a packet > from A,It should removed the Ip head and send to B. > FP FP > A TP ---- GATEWAY------- TP B > NP NP NP NP > IP IP LINK LINK > LINK LINK > > > when I configure the gateway use fllow configure? > > ./configure --nl_default=np --gateway=yes --tap=yes > > the gateway work not well?It not removed the Ip head and send to B > > > so I need some help for use the SCPS-NP. I hope you can help me. > > I would be very gratefue if able to provide an example about use the > SCPS-NP? > Best Regards! > > wdyxj From feighery at mitre.org Tue Jul 7 14:16:53 2009 From: feighery at mitre.org (Feighery, Patrick D.) Date: Tue Jul 7 13:46:26 2009 Subject: [Sis-SCPS-INTEREST] SCPS-NP help In-Reply-To: References: Message-ID: Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3514 bytes Desc: not available Url : http://mailman.ccsds.org/pipermail/sis-scps-interest/attachments/20090707/cf6e9b60/smime.bin