Исследование — тестирование PPTP соединения

Спецификация тестируемого стенда:

CPU	Intel(R) Xeon(R) CPU E3-1240 V2 @ 3.40GHz
Memory	Total 16GiB @ 1600MHz
NIC	Ethernet Controller E810-C Dual-Port 100GbE QSFP
Operating System	Linux CentOS
Linux kernel version	4.18.0-348.el8.x86_64
Driver	ice 0.8.2-k

Цель

1. Реализовать PPTP-сервер и PPTP-клиент в разных docker-контейнерах на виртуальных интерфейсах(veth), тем самым имитировать реальное PPTP-соединение на одном хосте. Схема подключения представлена на рисунке 1.
2. Реализовать подключение на физических интерфейсах тестируемой карты. Схема подключения представлена на рисунке 2.
3. Получить для каждого способа подключения PCAP и сравнить полученные результаты.

Реализация

Рис.1. Схема тестирования на виртуальных интерфейсах.

Рис.2. Схема тестирования на физических интерфейсах.

Результаты

1. PCAP на стороне клиента в схеме с виртуальными интерфейсами (pptp_w_veth.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.50.0.2","172.40.0.2","TCP","74","51246 > 1723 [SYN]
"2","0.000028","172.40.0.2","172.50.0.2","TCP","74","1723 > 51246 [SYN, ACK]
"3","0.000040","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"4","0.000205","172.50.0.2","172.40.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000214","172.40.0.2","172.50.0.2","TCP","66","1723 > 51246 [ACK]
"6","0.000911","172.40.0.2","172.50.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.000915","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"8","1.000442","172.50.0.2","172.40.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.000970","172.40.0.2","172.50.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.000979","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"11","1.001157","172.50.0.2","172.40.0.2","PPP LCP","70","Configuration Request"
"12","1.004528","172.40.0.2","172.50.0.2","PPP LCP","70","Configuration Request"
"13","1.004620","172.40.0.2","172.50.0.2","PPP LCP","74","Configuration Ack"
"14","1.004667","172.50.0.2","172.40.0.2","PPP LCP","74","Configuration Ack"
"15","1.004724","172.50.0.2","172.40.0.2","PPP IPCP","64","Configuration Request"
"16","1.004832","172.40.0.2","172.50.0.2","PPP CCP","64","Configuration Request"
"17","1.004838","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Request"
"18","1.004864","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Reject"
"19","1.004908","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Request"
"20","1.004920","172.50.0.2","172.40.0.2","PPP CCP","60","Configuration Reject"
"21","1.004939","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Ack"
"22","1.004971","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"23","1.005033","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Ack"
"24","1.005038","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Request"
"25","1.005062","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Nak"
"26","1.005118","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Ack"
"27","1.005148","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"28","1.005205","172.40.0.2","172.50.0.2","PPP IPCP","62","Configuration Ack"
"29","1.505778","172.50.0.2","172.40.0.2","GRE","46","Encapsulated PPP"

2.1 PCAP на стороне клиента в схеме с физическими интерфейсами (pptp_w_810_client.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000067","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000080","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000299","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000324","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001052","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001058","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000567","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001172","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001192","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.001354","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"12","3.997954","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"13","7.001009","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"14","10.004123","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"15","13.007221","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"16","16.010336","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"17","19.013400","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"18","22.016486","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"19","25.019571","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"20","28.022668","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"21","31.032879","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032941","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032999","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.033008","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

2.2 PCAP на стороне сервера в схеме с физическими интерфейсами(pptp_w_810_server.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000026","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000069","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000290","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000298","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001014","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001047","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000598","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001134","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001189","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.004629","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"12","4.007764","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"13","7.010842","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"14","10.013949","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"15","13.017035","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"16","16.020115","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"17","19.023193","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"18","22.026271","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"19","25.029348","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"20","28.030753","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"21","31.032901","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032938","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032972","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.032996","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

Анализ

Из снятого PCAP в схеме с виртуальными интерфейсами на стороне клиента (pptp_w_veth.pcap) видно, что PPTP-соединение проходит успешно.

В схеме на физических интерфейсах (pptp_w_810_server/client.pcap) ошибка в процессе подключения возникает на моменте передачи LCP-пакетов, которые инкапсулируются GRE. Клиент и сервер отправляют LCP (Configure-Request) пакет, но не получают их.

Выводы

Тестирование показало, что карта Intel Ethernet E810 100GbE не пропускает GRE пакеты при попытке PPTP-соединения.

Мы считаем, что эта информация будет полезна сообществу Интернет-провайдеров и поможет правильно подобрать сетевое оборудование. Надеемся, что компания Intel обратит внимание на эту проблему, сможет исправить её и улучшить качество сервисов.