Date: Mon, 7 Nov 2022 19:26:32 -0500 From: Mark Saad <nonesuch@longcount.org> To: freebsd-net@freebsd.org Subject: GRE in a fib via rc.conf Message-ID: <CAMXt9NbgFUiGuQNbcQ8mj5RaYw9KiW_SxccfVYvgom2%2BnBev_Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] All I am looking for some help on if my setup makes sense. I have a vm with two interfaces. One for access to the host , we'll call this mgmt . One for routing traffic, we'll call this routing . I want to put the routing interface into a fib and to run a gre tunnel over it. Sounds simple enough. The problem I am seeing is that it looks like the tunneled traffic is leaked into the default fib and I don't see why. I am not sure if this is config nit or if this is an issue. Should the gre10 interface be in fib 1 ? See below. ### RC CONF ### ifconfig_vmx0="inet 10.23.121.253/24 description mgmt" ifconfig_vmx1="inet 100.65.101.14/28 mtu 9000 description routing fib 1" defaultrouter="10.23.121.1" static_routes="ewr10gresrc" route_ewr10gresrc=" 192.168.255.14 100.65.101.1 -fib 1" cloned_interfaces="gre10" ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" ############### ### DEFAULT FIB ### ~ # netstat -nr4Wl Routing tables Internet: Destination Gateway Flags Nhop# Mtu Netif Expire default 10.23.121.1 UGS 6 1500 vmx0 10.23.121.0/24 link#1 U 2 1500 vmx0 10.23.121.253 link#1 UHS 3 16384 lo0 100.67.103.1 link#4 UH 4 1476 gre10 100.67.103.2 link#4 UHS 5 16384 lo0 127.0.0.1 link#3 UH 1 16384 lo0 ### FIB 1 ### # setfib 1 netstat -nr4Wl Routing tables (fib: 1) Internet: Destination Gateway Flags Nhop# Mtu Netif Expire 100.65.101.0/28 link#2 U 1 9000 vmx1 100.65.101.14 link#2 UHS 2 16384 lo0 127.0.0.1 link#3 UHS 3 16384 lo0 192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1 ##### PING EXAMPLES ##### # setfib 1 ping -c 1 -t 2 100.67.103.1 PING 100.67.103.1 (100.67.103.1): 56 data bytes ping: sendto: No route to host --- 100.67.103.1 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss # setfib 0 ping -c 1 -t 2 100.67.103.1 PING 100.67.103.1 (100.67.103.1): 56 data bytes 64 bytes from 100.67.103.1: icmp_seq=0 ttl=255 time=1.528 ms --- 100.67.103.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.528/1.528/1.528/0.000 ms #### TCPDUMP #### ICMP packets are in fact sourced from the gre10 interface. The GRE packets are also only going out the routing interface. See the following pastebin for details. https://pastebin.com/n3mGXGHA -- mark saad | nonesuch@longcount.org [-- Attachment #2 --] <div dir="ltr"><div>All</div><div> I am looking for some help on if my setup makes sense. <br></div><div>I have a vm with two interfaces. One for access to the host , we'll call this mgmt . One for routing traffic, we'll call this routing . I want to put the routing interface into a fib and to run a gre tunnel over it. Sounds simple enough. The problem I am seeing is that it looks like the tunneled traffic is leaked into the default fib and I don't see why. I am not sure if this is config nit or if this is an issue. Should the gre10 interface be in fib 1 ? See below. <br></div><div><br></div><div><div>### RC CONF ### </div><div>ifconfig_vmx0="inet <a href="http://10.23.121.253/24" target="_blank">10.23.121.253/24</a> description mgmt" </div><div>ifconfig_vmx1="inet <a href="http://100.65.101.14/28" target="_blank">100.65.101.14/28</a> mtu 9000 description routing fib 1" </div><div>defaultrouter="10.23.121.1" </div><div>static_routes="ewr10gresrc" </div><div>route_ewr10gresrc=" 192.168.255.14 100.65.101.1 -fib 1" </div><div>cloned_interfaces="gre10" </div><div>ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" </div><div>############### </div><div> </div><div>### DEFAULT FIB ### </div><div> ~ # netstat -nr4Wl </div><div>Routing tables </div><div> </div><div>Internet: </div><div>Destination Gateway Flags Nhop# Mtu Netif Expire </div><div>default 10.23.121.1 UGS 6 1500 vmx0 </div><div><a href="http://10.23.121.0/24" target="_blank">10.23.121.0/24</a> link#1 U 2 1500 vmx0 </div><div>10.23.121.253 link#1 UHS 3 16384 lo0 </div><div>100.67.103.1 link#4 UH 4 1476 gre10 </div><div>100.67.103.2 link#4 UHS 5 16384 lo0 </div><div>127.0.0.1 link#3 UH 1 16384 lo0 </div><div> </div><div>### FIB 1 ### </div><div> </div><div> # setfib 1 netstat -nr4Wl </div><div>Routing tables (fib: 1) </div><div> </div><div>Internet: </div><div>Destination Gateway Flags Nhop# Mtu Netif Expire </div><div><a href="http://100.65.101.0/28" target="_blank">100.65.101.0/28</a> link#2 U 1 9000 vmx1 </div><div>100.65.101.14 link#2 UHS 2 16384 lo0 </div><div>127.0.0.1 link#3 UHS 3 16384 lo0 </div><div>192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1 </div><div> </div><div>##### PING EXAMPLES ##### </div><div> </div><div># setfib 1 ping -c 1 -t 2 100.67.103.1 </div><div>PING 100.67.103.1 (100.67.103.1): 56 data bytes </div><div>ping: sendto: No route to host </div><div> </div><div>--- 100.67.103.1 ping statistics --- </div><div>1 packets transmitted, 0 packets received, 100.0% packet loss </div><div># setfib 0 ping -c 1 -t 2 100.67.103.1 </div><div>PING 100.67.103.1 (100.67.103.1): 56 data bytes </div><div>64 bytes from <a href="http://100.67.103.1" target="_blank">100.67.103.1</a>: icmp_seq=0 ttl=255 time=1.528 ms </div><div> </div><div>--- 100.67.103.1 ping statistics --- </div><div>1 packets transmitted, 1 packets received, 0.0% packet loss </div><div>round-trip min/avg/max/stddev = 1.528/1.528/1.528/0.000 ms </div><div> </div><div>#### TCPDUMP #### </div><div>ICMP packets are in fact sourced from the gre10 interface. </div>The GRE packets are also only going out the routing interface.</div><div><br></div><div>See the following pastebin for details.</div><div><br></div><div><a href="https://pastebin.com/n3mGXGHA" target="_blank">https://pastebin.com/n3mGXGHA</a><font color="#888888"><br></font></div><font color="#888888"><div><br><br></div></font><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">mark saad | <a href="mailto:nonesuch@longcount.org" target="_blank">nonesuch@longcount.org</a><br></div></div>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMXt9NbgFUiGuQNbcQ8mj5RaYw9KiW_SxccfVYvgom2%2BnBev_Q>