From owner-freebsd-net@freebsd.org  Tue Nov  5 06:09:43 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 54C9C1BF453
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Tue,  5 Nov 2019 06:09:43 +0000 (UTC) (envelope-from mike@karels.net)
Received: from mail.karels.net (mail.karels.net [216.160.39.52])
 by mx1.freebsd.org (Postfix) with ESMTP id 476fQF6gklz3N8w
 for <freebsd-net@freebsd.org>; Tue,  5 Nov 2019 06:09:41 +0000 (UTC)
 (envelope-from mike@karels.net)
Received: from mail.karels.net (localhost [127.0.0.1])
 by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA569XEr061715;
 Tue, 5 Nov 2019 00:09:34 -0600 (CST) (envelope-from mike@karels.net)
Message-Id: <201911050609.xA569XEr061715@mail.karels.net>
To: Victor Gamov <vit@otcnet.ru>
cc: freebsd-net@freebsd.org
From: Mike Karels <mike@karels.net>
Reply-to: mike@karels.net
Subject: Re: FreeBSD as multicast router
In-reply-to: Your message of Mon, 04 Nov 2019 20:39:15 +0300.
 <8401b22b-be4a-c10c-fb86-0b44beac57e0@otcnet.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <61713.1572934173.1@mail.karels.net>
Content-Transfer-Encoding: quoted-printable
Date: Tue, 05 Nov 2019 00:09:33 -0600
X-Rspamd-Queue-Id: 476fQF6gklz3N8w
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52
 as permitted sender) smtp.mailfrom=mike@karels.net
X-Spamd-Result: default: False [-4.03 / 15.00]; ARC_NA(0.00)[];
 HAS_REPLYTO(0.00)[mike@karels.net];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 IP_SCORE(-1.83)[ip: (-6.15), ipnet: 216.160.0.0/15(-2.94), asn: 209(-0.02),
 country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 06:09:43 -0000

> On 03/11/2019 08:22, Mike Karels wrote:
> >>>>> Hi All
> >>>>>
> >>>>> I have (noob) questions about multicast routing under FreeBSD.
> >>>>>
> >>>>> I have FreeBSD box with two (or more) multicast enabled interfaces=
 (e.x.
> >>>>> vlan750 and vlan299).  vlan750 connected to multicast source.
> >>>>>
> >>>>> Then pimd installed and only this two interfaces enabled in pimd c=
onfig.
> >>>>> Multicast routes successfully installed by pimd and listed by `net=
stat
> >>>>> -g -f inet`
> >>>>>
> >>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeB=
SD on
> >>>>> vlan299)
> >>>>>
> >>>>> The question is:  who will forward muilticast from one interface
> >>>>> (vlan750) to another (vlan299)?  Is it kernel specific job or I ne=
ed
> >>>>> additional software?
> >>>
> >>>> Please read the manpage multicast(4) "man 4 multicast",
> >>>> you should need to build a custom kernel with the "options MROUTING=
"
> >>>> to enable the multicast forwarding in the kernel.
> >>>
> >>> If "netstat -g" shows routes, the kernel must have been built with "=
options
> >>> MROUTING".
> > =

> >> Indeed.
> > =

> >>>
> >>> The kernel does the forwarding, according to those routing tables in=
stalled
> >>> by pimd or another multicast routing program.  Is it not working?  I=
t sounds
> >>> like you are very close.
> > =

> >> Could it be sysctl net.inet.ip.forwarding?  Does that still apply to =
mroutes?
> > =

> > No, they are separate.  The test is just whether MROUTING is enabled, =
and
> > whether a multicast router like pimd is active.
> > =

> > One other thing to check would be "netstat -gs" (multicast stats).

> Oops!

> =3D=3D=3D=3D=3D
> # netstat -f inet -gs
> No IPv4 MROUTING kernel support.
> =3D=3D=3D=3D=3D

This looks like a bug in netstat; it is doing a test that is wrong for
the loadable module.

> But I have ip_mroute.ko loaded and netstat -g shows something like

> =3D=3D=3D=3D=3D
> # netstat -f inet -g

> IPv4 Virtual Interface Table
>   Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
>    0         1   A.A.A.A                           0          0
>    1         1   B.B.B.19                          0          0
>    2        10   10.199.199.102                          0          0
>    3        15   10.200.200.6                        77440          0
>    4         1   A.A.A.A                           0      77440

> IPv4 Multicast Forwarding Table
>   Origin          Group             Packets In-Vif  Out-Vifs:Ttls
>   10.200.200.5    232.232.8.33        1844    3    4:1
>   10.200.200.5    232.232.8.171        1843    3    4:1
>   10.200.200.5    232.232.8.58         4609    3    4:1
>   10.200.200.5    232.232.8.154        1844    3    4:1
>   10.200.200.5    232.232.8.170        1844    3    4:1
> =3D=3D=3D=3D=3D


> and

> =3D=3D=3D=3D=3D
> # pimd -r
> Virtual Interface Table =

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> Vif  Local Address    Subnet              Thresh  Flags      Neighbors
> ---  ---------------  ------------------  ------  --------- =

> -----------------
>    0  A.A.A.A    A.A.A.A/25            1  DR NO-NBR
>    1  B.B.B.19   B.B.B              1  DR NO-NBR
>    2  10.199.199.102   10.199.199.100/30       10  DR PIM =

> 10.199.199.101
>    3  10.200.200.6     10.200.200/29           15  DR NO-NBR
>    4  A.A.A.A    register_vif0            1

>   Vif  SSM Group        Sources

> Multicast Routing Table =

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> ----------------------------------- (S,G) =

> ------------------------------------
> Source           Group            RP Address       Flags
> ---------------  ---------------  --------------- =

> ---------------------------
> 10.200.200.5     232.232.8.33     SSM              CACHE SG
> Joined   oifs: ....j
> Pruned   oifs: .....
> Leaves   oifs: .....
> Asserted oifs: .....
> Outgoing oifs: ....o
> Incoming     : ...I.
> =3D=3D=3D=3D=3D


> A.A.A.A is external IP-address.  No multicast trafic must be sended to =

> this interface.
> 10.200.200.6 -- vlan750, multicast comes from here
> 10.199.199.102 -- vlan299, multicast must be forfarded here after =

> IGMP-Join received from 10.199.199.101/30


> So, kernel with MROUTING options must be configured/installed or =

> ip_mroute.ko is enough?

A kernel with MROUTING would let you see stats, but ip_mroute.ko should
be enough to function (although I haven't tested that).

I'm not familiar with the pimd output, but it seems plausible.  I am
assuming that the multicasts are not getting to the vlan299 network?
Have you looked at the incoming traffic with tcpdump?  Use the -p
option to avoid promiscuous mode to see that the input NIC is receiving
those multicasts, and check the TTL of the incoming multicast packets.
(If it is 1, the packets will not be forwarded.)


> P.S. FreeBSD 11.3-STABLE #0 r351605M

> --
> CU,
> Victor Gamov

		Mike