(English)
Testez-nous

Test de connexion PPTP

April 19, 2022
Télécom
Test de connexion PPTP
Dans cet article, nous vous dévoilons le processus de test d'une connexion PPTP sur des interfaces virtuelles et physiques en utilisant une carte réseau Intel Ethernet E810-C 100GbE.

Objet

  1. Implémenter le serveur PPTP et le client PPTP dans différents conteneurs Docker sur les interfaces virtuelles (veth), simulant ainsi une connexion PPTP réelle sur le même hôte. Le schéma de connection est présenté sur la figure 1.
  2. Implémenter la connexion sur les interfaces physiques de la carte testée. Le schéma de connection est représenté sur la figure 2.
  3. Obtenir pour chaque méthode de connexion PCAP et comparer les résultats obtenus.

 

Spécification du banc d’essai :
CPU
Intel(R) Xeon(R) CPU E3-1240 V2 @ 3.40GHz
Mémoire
Total 16GiB @ 1600MHz
NIC
Ethernet Controller E810-C Dual-Port 100GbE QSFP
Système d’exploitation
Linux CentOS
Linux kernel version
4.18.0-348.el8.x86_64
Driver
ice 0.8.2-k

 

Implémentation

virtual testing

Figure 1. Schéma de test sur les interfaces virtuelles.

physical testing

Figure 2. Schéma de test sur les interfaces physiques.

 

Résultats

1. PCAP côté client dans un schéma avec des interfaces virtuelles (pptp_w_veth.pcap) :

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.50.0.2","172.40.0.2","TCP","74","51246 > 1723 [SYN]
"2","0.000028","172.40.0.2","172.50.0.2","TCP","74","1723 > 51246 [SYN, ACK]
"3","0.000040","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"4","0.000205","172.50.0.2","172.40.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000214","172.40.0.2","172.50.0.2","TCP","66","1723 > 51246 [ACK]
"6","0.000911","172.40.0.2","172.50.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.000915","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"8","1.000442","172.50.0.2","172.40.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.000970","172.40.0.2","172.50.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.000979","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"11","1.001157","172.50.0.2","172.40.0.2","PPP LCP","70","Configuration Request"
"12","1.004528","172.40.0.2","172.50.0.2","PPP LCP","70","Configuration Request"
"13","1.004620","172.40.0.2","172.50.0.2","PPP LCP","74","Configuration Ack"
"14","1.004667","172.50.0.2","172.40.0.2","PPP LCP","74","Configuration Ack"
"15","1.004724","172.50.0.2","172.40.0.2","PPP IPCP","64","Configuration Request"
"16","1.004832","172.40.0.2","172.50.0.2","PPP CCP","64","Configuration Request"
"17","1.004838","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Request"
"18","1.004864","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Reject"
"19","1.004908","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Request"
"20","1.004920","172.50.0.2","172.40.0.2","PPP CCP","60","Configuration Reject"
"21","1.004939","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Ack"
"22","1.004971","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"23","1.005033","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Ack"
"24","1.005038","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Request"
"25","1.005062","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Nak"
"26","1.005118","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Ack"
"27","1.005148","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"28","1.005205","172.40.0.2","172.50.0.2","PPP IPCP","62","Configuration Ack"
"29","1.505778","172.50.0.2","172.40.0.2","GRE","46","Encapsulated PPP"

2.1 PCAP côté client dans un schéma avec des interfaces physiques (pptp_w_810_client.pcap) :

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000067","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000080","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000299","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000324","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001052","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001058","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000567","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001172","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001192","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.001354","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"12","3.997954","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"13","7.001009","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"14","10.004123","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"15","13.007221","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"16","16.010336","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"17","19.013400","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"18","22.016486","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"19","25.019571","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"20","28.022668","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"21","31.032879","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032941","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032999","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.033008","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

2.2 PCAP côté serveur dans un schéma avec des interfaces physiques (pptp_w_810_server.pcap) :

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000026","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000069","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000290","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000298","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001014","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001047","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000598","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001134","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001189","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.004629","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"12","4.007764","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"13","7.010842","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"14","10.013949","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"15","13.017035","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"16","16.020115","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"17","19.023193","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"18","22.026271","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"19","25.029348","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"20","28.030753","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"21","31.032901","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032938","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032972","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.032996","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

Analyse

À partir du PCAP capturé dans le schéma d’interface virtuelle côté client (pptp_w_veth.pcap), il est évident que la connexion PPTP réussit.

Dans le schéma sur les interfaces physiques (pptp_w_810_server/client.pcap) une erreur de connexion se produit au moment de la transmission des paquets LCP encapsulés par le GRE. Le client et le serveur envoient le paquet LCP (Configure-Request) mais ne les reçoivent pas.

Conclusion

Les tests ont montré que la carte Ethernet Intel E810 100GbE ne transmet pas les paquets GRE E lors de la tentative de connexion PPTP.

Nous pensons que cette information sera utile à la communauté des FAI et aidera à choisir le bon équipement de réseau. Nous espérons que Intel fera attention à ce problème, sera en mesure de le corriger et d’améliorer la qualité des services.

Auteurs :
Dmitry Moldavanov, CTO
Kirill Marchenko, Ingénieur de réseau

Vote:
5 sur 5
Note moyenne : 5
Évalué par: 3
VAS Experts à Convergence India Expo 2022 Passage de TCP à QUIC. Signatures Stingray SG
Nous utilisons des cookies pour optimiser les fonctionnalités du site et vous offrir la meilleure expérience possible. Pour en savoir plus sur les cookies que nous utilisons, veuillez consulter notre Politique de cookies. En cliquant sur « Okay », vous acceptez notre utilisation des cookies. Learn more.