Pruebenos

Ensayo de una conexión PPTP

April 19, 2022
Telecomunicación
Ensayo de una conexión PPTP
En este artículo, revelamos el proceso de ensayo una conexión PPTP en interfaces virtuales y físicas utilizando una tarjeta de red Intel Ethernet E810-C 100GbE.

Objetivo

  1. Implementar un servidor PPTP y un cliente PPTP en diferentes contenedores docker en interfaces virtuales (veth), simulando así una conexión PPTP real en el mismo host. El diagrama de conexión se presenta en la figura 1.
  2. Implemente una conexión en las interfaces físicas de la tarjeta probada. El diagrama de conexión se muestra en la Figura 2.
  3. Obtenga PCAP para cada método de conexión y compare los resultados.

 

Especificación
CPU
Intel(R) Xeon(R) CPU E3-1240 V2 @ 3.40GHz
Memory
Total 16GiB @ 1600MHz
NIC
Ethernet Controller E810-C Dual-Port 100GbE QSFP
Operating System
Linux CentOS
Linux kernel version
4.18.0-348.el8.x86_64
Driver
ice 0.8.2-k

 

Realización

virtual testing

Figura 1. Esquema de prueba en interfaces virtuales.

physical testing

Figura 2. Esquema de prueba en interfaces físicas.

 

Resultados

1. PCAP del lado del cliente en el esquema con interfaces virtuales (pptp_w_veth.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.50.0.2","172.40.0.2","TCP","74","51246 > 1723 [SYN]
"2","0.000028","172.40.0.2","172.50.0.2","TCP","74","1723 > 51246 [SYN, ACK]
"3","0.000040","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"4","0.000205","172.50.0.2","172.40.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000214","172.40.0.2","172.50.0.2","TCP","66","1723 > 51246 [ACK]
"6","0.000911","172.40.0.2","172.50.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.000915","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"8","1.000442","172.50.0.2","172.40.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.000970","172.40.0.2","172.50.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.000979","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"11","1.001157","172.50.0.2","172.40.0.2","PPP LCP","70","Configuration Request"
"12","1.004528","172.40.0.2","172.50.0.2","PPP LCP","70","Configuration Request"
"13","1.004620","172.40.0.2","172.50.0.2","PPP LCP","74","Configuration Ack"
"14","1.004667","172.50.0.2","172.40.0.2","PPP LCP","74","Configuration Ack"
"15","1.004724","172.50.0.2","172.40.0.2","PPP IPCP","64","Configuration Request"
"16","1.004832","172.40.0.2","172.50.0.2","PPP CCP","64","Configuration Request"
"17","1.004838","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Request"
"18","1.004864","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Reject"
"19","1.004908","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Request"
"20","1.004920","172.50.0.2","172.40.0.2","PPP CCP","60","Configuration Reject"
"21","1.004939","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Ack"
"22","1.004971","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"23","1.005033","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Ack"
"24","1.005038","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Request"
"25","1.005062","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Nak"
"26","1.005118","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Ack"
"27","1.005148","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"28","1.005205","172.40.0.2","172.50.0.2","PPP IPCP","62","Configuration Ack"
"29","1.505778","172.50.0.2","172.40.0.2","GRE","46","Encapsulated PPP"

2.1 PCAP del lado del cliente en el esquema con interfaces físicas (pptp_w_810_client.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000067","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000080","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000299","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000324","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001052","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001058","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000567","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001172","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001192","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.001354","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"12","3.997954","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"13","7.001009","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"14","10.004123","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"15","13.007221","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"16","16.010336","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"17","19.013400","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"18","22.016486","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"19","25.019571","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"20","28.022668","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"21","31.032879","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032941","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032999","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.033008","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

2.2 PCAP del lado del servidor en el esquema con interfaces físicas (pptp_w_810_server.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000026","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000069","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000290","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000298","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001014","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001047","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000598","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001134","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001189","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.004629","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"12","4.007764","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"13","7.010842","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"14","10.013949","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"15","13.017035","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"16","16.020115","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"17","19.023193","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"18","22.026271","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"19","25.029348","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"20","28.030753","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"21","31.032901","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032938","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032972","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.032996","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

Análisis

Desde el PCAP eliminado en el esquema con interfaces virtuales en el lado del cliente (pptp_w_veth.pcap), se puede ver que la conexión PPTP es exitosa.

En el esquema sobre interfaces físicas (pptp_w_810_server/client.pcap), ocurre un error durante el proceso de conexión al momento de la transmisión de paquetes LCP que son encapsulados por GRE. El cliente y el servidor envían un paquete LCP (Configure-Request) pero no los reciben.

Conclusiones

Las pruebas han demostrado que la tarjeta Intel Ethernet E810 de 100 GbE no descarta paquetes GRE al intentar una conexión PPTP.

Creemos que esta información será útil para la comunidad de ISP y lo ayudará a elegir el equipo de red adecuado. Esperamos que Intel preste atención a este problema, pueda solucionarlo y mejorar la calidad de los servicios.

Los autores:
Dmitry Moldavanov, CTO
Kirill Marchenko, Ingeniero de redes

Vota:
5 de 5
Valoración media : 5
Valorado por: 3
VAS Experts en Convergence India Expo 2022 Transición de TCP a QUIC. Firmas Stingray SG
Utilizamos cookies para optimizar la funcionalidad del sitio y ofrecerle la mejor experiencia posible. Para saber más sobre las cookies que utilizamos, visite nuestra Política de Cookies. Al hacer clic en "Aceptar", aceptas el uso que hacemos de las cookies. Más información