Date: Tue, 8 Nov 2022 09:11:18 +0800 From: Zhenlei Huang <zlei.huang@gmail.com> To: Mark Saad <nonesuch@longcount.org> Cc: freebsd-net@freebsd.org Subject: Re: GRE in a fib via rc.conf Message-ID: <5CBAA944-5122-4BA0-854F-AF7D78ACF8AE@gmail.com> In-Reply-To: <CAMXt9NbgFUiGuQNbcQ8mj5RaYw9KiW_SxccfVYvgom2%2BnBev_Q@mail.gmail.com> References: <CAMXt9NbgFUiGuQNbcQ8mj5RaYw9KiW_SxccfVYvgom2%2BnBev_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_56ADC306-43D0-4045-AA1D-8B26B5BC0396 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Nov 8, 2022, at 8:26 AM, Mark Saad <nonesuch@longcount.org> wrote: >=20 > All > I am looking for some help on if my setup makes sense.=20 > I have a vm with two interfaces. One for access to the host , we'll = call this mgmt . One for routing traffic, we'll call this routing . I = want to put the routing interface into a fib and to run a gre tunnel = over it. Sounds simple enough. The problem I am seeing is that it looks = like the tunneled traffic is leaked into the default fib and I don't see = why. I am not sure if this is config nit or if this is an issue. Should = the gre10 interface be in fib 1 ? See below.=20 The fib of the tunneling interface should also be 1 IIUC your setup. >=20 > ### RC CONF ### > ifconfig_vmx0=3D"inet 10.23.121.253/24 <http://10.23.121.253/24>; = description mgmt" > ifconfig_vmx1=3D"inet 100.65.101.14/28 <http://100.65.101.14/28>; mtu = 9000 description routing fib 1" > defaultrouter=3D"10.23.121.1" > static_routes=3D"ewr10gresrc" > route_ewr10gresrc=3D" 192.168.255.14 100.65.101.1 -fib 1" > cloned_interfaces=3D"gre10" > ifconfig_gre10=3D" inet 100.67.103.2 100.67.103.1 netmask = 255.255.255.252 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" Try this for the gre tunnel interface: cloned_interfaces=3D"gre10" create_args_gre10=3D"tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" ifconfig_gre10=3D"inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 = fib 1" > ############### > =20 > ### DEFAULT FIB ### > ~ # netstat -nr4Wl > Routing tables > =20 > Internet: > Destination Gateway Flags Nhop# Mtu Netif Expire > default 10.23.121.1 UGS 6 1500 vmx0 > 10.23.121.0/24 <http://10.23.121.0/24>; link#1 U 2 1500 vmx0 > 10.23.121.253 link#1 UHS 3 16384 lo0 > 100.67.103.1 link#4 UH 4 1476 gre10 > 100.67.103.2 link#4 UHS 5 16384 lo0 > 127.0.0.1 link#3 UH 1 16384 lo0 > =20 > ### FIB 1 ### > =20 > # setfib 1 netstat -nr4Wl > Routing tables (fib: 1) > =20 > Internet: > Destination Gateway Flags Nhop# Mtu Netif Expire > 100.65.101.0/28 <http://100.65.101.0/28>; link#2 U 1 9000 vmx1 > 100.65.101.14 link#2 UHS 2 16384 lo0 > 127.0.0.1 link#3 UHS 3 16384 lo0 > 192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1 > =20 > ##### PING EXAMPLES ##### > =20 > # setfib 1 ping -c 1 -t 2 100.67.103.1 > PING 100.67.103.1 (100.67.103.1): 56 data bytes > ping: sendto: No route to host > =20 > --- 100.67.103.1 ping statistics --- > 1 packets transmitted, 0 packets received, 100.0% packet loss > # setfib 0 ping -c 1 -t 2 100.67.103.1 > PING 100.67.103.1 (100.67.103.1): 56 data bytes > 64 bytes from 100.67.103.1 <http://100.67.103.1/>: icmp_seq=3D0 = ttl=3D255 time=3D1.528 ms > =20 > --- 100.67.103.1 ping statistics --- > 1 packets transmitted, 1 packets received, 0.0% packet loss > round-trip min/avg/max/stddev =3D 1.528/1.528/1.528/0.000 ms > =20 > #### TCPDUMP #### > ICMP packets are in fact sourced from the gre10 interface. > The GRE packets are also only going out the routing interface. >=20 > See the following pastebin for details. >=20 > https://pastebin.com/n3mGXGHA <https://pastebin.com/n3mGXGHA>; >=20 >=20 >=20 >=20 > --=20 > mark saad | nonesuch@longcount.org <mailto:nonesuch@longcount.org> Best regards, Zhenlei --Apple-Mail=_56ADC306-43D0-4045-AA1D-8B26B5BC0396 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Nov 8, 2022, at 8:26 AM, Mark Saad <<a href="mailto:nonesuch@longcount.org" class="">nonesuch@longcount.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">All</div><div class=""> I am looking for some help on if my setup makes sense. <br class=""></div><div class="">I have a vm with two interfaces. One for access to the host , we'll call this mgmt . One for routing traffic, we'll call this routing . I want to put the routing interface into a fib and to run a gre tunnel over it. Sounds simple enough. The problem I am seeing is that it looks like the tunneled traffic is leaked into the default fib and I don't see why. I am not sure if this is config nit or if this is an issue. Should the gre10 interface be in fib 1 ? See below. <br class=""></div></div></div></blockquote><div><br class=""></div><div>The fib of the tunneling interface should also be 1 IIUC your setup.</div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class=""><div class="">### RC CONF ### </div><div class="">ifconfig_vmx0="inet <a href="http://10.23.121.253/24" target="_blank" class="">10.23.121.253/24</a> description mgmt" </div><div class="">ifconfig_vmx1="inet <a href="http://100.65.101.14/28" target="_blank" class="">100.65.101.14/28</a> mtu 9000 description routing fib 1" </div><div class="">defaultrouter="10.23.121.1" </div><div class="">static_routes="ewr10gresrc" </div><div class="">route_ewr10gresrc=" 192.168.255.14 100.65.101.1 -fib 1" </div><div class="">cloned_interfaces="gre10" </div><div class="">ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" </div></div></div></div></blockquote><div><br class=""></div><div>Try this for the gre tunnel interface:</div><div><br class=""></div><div>cloned_interfaces="gre10"</div><div>create_args_gre10="tunnel 100.65.101.14 192.168.255.14 tunnelfib 1"</div><div>ifconfig_gre10="inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 fib 1"</div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><div class="">############### </div><div class=""> </div><div class="">### DEFAULT FIB ### </div><div class=""> ~ # netstat -nr4Wl </div><div class="">Routing tables </div><div class=""> </div><div class="">Internet: </div><div class="">Destination Gateway Flags Nhop# Mtu Netif Expire </div><div class="">default 10.23.121.1 UGS 6 1500 vmx0 </div><div class=""><a href="http://10.23.121.0/24" target="_blank" class="">10.23.121.0/24</a> link#1 U 2 1500 vmx0 </div><div class="">10.23.121.253 link#1 UHS 3 16384 lo0 </div><div class="">100.67.103.1 link#4 UH 4 1476 gre10 </div><div class="">100.67.103.2 link#4 UHS 5 16384 lo0 </div><div class="">127.0.0.1 link#3 UH 1 16384 lo0 </div><div class=""> </div><div class="">### FIB 1 ### </div><div class=""> </div><div class=""> # setfib 1 netstat -nr4Wl </div><div class="">Routing tables (fib: 1) </div><div class=""> </div><div class="">Internet: </div><div class="">Destination Gateway Flags Nhop# Mtu Netif Expire </div><div class=""><a href="http://100.65.101.0/28" target="_blank" class="">100.65.101.0/28</a> link#2 U 1 9000 vmx1 </div><div class="">100.65.101.14 link#2 UHS 2 16384 lo0 </div><div class="">127.0.0.1 link#3 UHS 3 16384 lo0 </div><div class="">192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1 </div><div class=""> </div><div class="">##### PING EXAMPLES ##### </div><div class=""> </div><div class=""># setfib 1 ping -c 1 -t 2 100.67.103.1 </div><div class="">PING 100.67.103.1 (100.67.103.1): 56 data bytes </div><div class="">ping: sendto: No route to host </div><div class=""> </div><div class="">--- 100.67.103.1 ping statistics --- </div><div class="">1 packets transmitted, 0 packets received, 100.0% packet loss </div><div class=""># setfib 0 ping -c 1 -t 2 100.67.103.1 </div><div class="">PING 100.67.103.1 (100.67.103.1): 56 data bytes </div><div class="">64 bytes from <a href="http://100.67.103.1/" target="_blank" class="">100.67.103.1</a>: icmp_seq=0 ttl=255 time=1.528 ms </div><div class=""> </div><div class="">--- 100.67.103.1 ping statistics --- </div><div class="">1 packets transmitted, 1 packets received, 0.0% packet loss </div><div class="">round-trip min/avg/max/stddev = 1.528/1.528/1.528/0.000 ms </div><div class=""> </div><div class="">#### TCPDUMP #### </div><div class="">ICMP packets are in fact sourced from the gre10 interface. </div>The GRE packets are also only going out the routing interface.</div><div class=""><br class=""></div><div class="">See the following pastebin for details.</div><div class=""><br class=""></div><div class=""><a href="https://pastebin.com/n3mGXGHA" target="_blank" class="">https://pastebin.com/n3mGXGHA</a><font color="#888888" class=""><br class=""></font></div><font color="#888888" class=""><div class=""><br class=""><br class=""></div></font><br clear="all" class=""><br class="">-- <br class=""><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">mark saad | <a href="mailto:nonesuch@longcount.org" target="_blank" class="">nonesuch@longcount.org</a><br class=""></div></div> </div></blockquote><br class=""></div><div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Best regards,</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Zhenlei</div></div><br class=""></body></html> --Apple-Mail=_56ADC306-43D0-4045-AA1D-8B26B5BC0396--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5CBAA944-5122-4BA0-854F-AF7D78ACF8AE>