tcpdump
tcpdump copied to clipboard
the-tcpdump-group
request tcpdump to support L2vpn encapsulated packet
For the L2VPN traffic which is from AC to PW, PE will add encapsulation of "MAC + VLAN + MPLS label" to the packet, which means the final packet encapsulation on PW side can be "MAC + VLAN + MPLS label + MAC + VLAN + IP + payload". However, If we tcpdump on this packet, it can not parse the IP header. Can tcpdump support this packet encapsulation in L2VPN? Thanks. pw_side_packet.tar.gz
Yes, the header stack is common in L2VPN pseudowire, looks tshark has already supported this.
The attached file contains 5041 packet, most of which are exact copies of the same packet with the following headers:
- Ethernet header (MPLS)
- MPLS label
- MPLS label
- pseudowire control word (0x00710100)
- Ethernet header (IPv4)
- IPv4 (protocol 61)
From RFC 4385 Section 3 it is clear this is a control word with sequence 256, and from RFC 4448 Section 4.6 it is clear that an Ethernet pseudowire may use a control word. Furthermore, RFC 8469 makes that a recommendation. In other words, when you know beforehand that the MPLS payload is Ethernet PW, you can reasonably expect the CW to be in place.
However, it is not immediately obvious that the presence of a CW always means a PW with an Ethernet payload (which is meaningful for dissecting a packet without prior knowledge of the network configuration). I suspect the CW nibbles beyond the first 0 (0x071) might have that meaning, but I could not find respective CW structure or IANA allocations. Do you have any information about that?