From owner-freebsd-net@freebsd.org Tue Nov 5 21:41:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F3DC1178EA0 for ; Tue, 5 Nov 2019 21:41:43 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from mail.otcnet.ru (mail.otcnet.ru [194.190.78.3]) by mx1.freebsd.org (Postfix) with ESMTP id 47735f6Jy5z45G3 for ; Tue, 5 Nov 2019 21:41:42 +0000 (UTC) (envelope-from vit@otcnet.ru) Received: from MacBook-Gamov.local (unknown [195.91.148.145]) by mail.otcnet.ru (Postfix) with ESMTPSA id C810D72CDA; Wed, 6 Nov 2019 00:41:34 +0300 (MSK) Subject: Re: FreeBSD as multicast router To: mike@karels.net Cc: freebsd-net@freebsd.org References: <201911050609.xA569XEr061715@mail.karels.net> From: Victor Gamov Organization: OstankinoTelecom Message-ID: Date: Wed, 6 Nov 2019 00:41:33 +0300 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <201911050609.xA569XEr061715@mail.karels.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47735f6Jy5z45G3 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of vit@otcnet.ru designates 194.190.78.3 as permitted sender) smtp.mailfrom=vit@otcnet.ru X-Spamd-Result: default: False [-5.52 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:mail.otcnet.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[otcnet.ru]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-3.32)[ip: (-8.75), ipnet: 194.190.78.0/24(-4.37), asn: 50822(-3.50), country: RU(0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:50822, ipnet:194.190.78.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Nov 2019 21:41:44 -0000 On 05/11/2019 09:09, Mike Karels wrote: >> On 03/11/2019 08:22, Mike Karels wrote: >>>>>>> Hi All >>>>>>> >>>>>>> I have (noob) questions about multicast routing under FreeBSD. >>>>>>> >>>>>>> I have FreeBSD box with two (or more) multicast enabled interfaces (e.x. >>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. >>>>>>> >>>>>>> Then pimd installed and only this two interfaces enabled in pimd config. >>>>>>> Multicast routes successfully installed by pimd and listed by `netstat >>>>>>> -g -f inet` >>>>>>> >>>>>>> Then client on vlan299 send IGMP-Join (this Join received by FreeBSD on >>>>>>> vlan299) >>>>>>> >>>>>>> The question is: who will forward muilticast from one interface >>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I need >>>>>>> additional software? >>>>> >>>>>> Please read the manpage multicast(4) "man 4 multicast", >>>>>> you should need to build a custom kernel with the "options MROUTING" >>>>>> to enable the multicast forwarding in the kernel. >>>>> >>>>> If "netstat -g" shows routes, the kernel must have been built with "options >>>>> MROUTING". >>> >>>> Indeed. >>> >>>>> >>>>> The kernel does the forwarding, according to those routing tables installed >>>>> by pimd or another multicast routing program. Is it not working? It sounds >>>>> like you are very close. >>> >>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply to mroutes? >>> >>> No, they are separate. The test is just whether MROUTING is enabled, and >>> whether a multicast router like pimd is active. >>> >>> One other thing to check would be "netstat -gs" (multicast stats). > >> Oops! > >> ===== >> # netstat -f inet -gs >> No IPv4 MROUTING kernel support. >> ===== > > This looks like a bug in netstat; it is doing a test that is wrong for > the loadable module. > >> But I have ip_mroute.ko loaded and netstat -g shows something like > >> ===== >> # netstat -f inet -g > >> IPv4 Virtual Interface Table >> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out >> 0 1 A.A.A.A 0 0 >> 1 1 B.B.B.19 0 0 >> 2 10 10.199.199.102 0 0 >> 3 15 10.200.200.6 77440 0 >> 4 1 A.A.A.A 0 77440 > >> IPv4 Multicast Forwarding Table >> Origin Group Packets In-Vif Out-Vifs:Ttls >> 10.200.200.5 232.232.8.33 1844 3 4:1 >> 10.200.200.5 232.232.8.171 1843 3 4:1 >> 10.200.200.5 232.232.8.58 4609 3 4:1 >> 10.200.200.5 232.232.8.154 1844 3 4:1 >> 10.200.200.5 232.232.8.170 1844 3 4:1 >> ===== > > >> and > >> ===== >> # pimd -r >> Virtual Interface Table >> ====================================================== >> Vif Local Address Subnet Thresh Flags Neighbors >> --- --------------- ------------------ ------ --------- >> ----------------- >> 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR >> 1 B.B.B.19 B.B.B 1 DR NO-NBR >> 2 10.199.199.102 10.199.199.100/30 10 DR PIM >> 10.199.199.101 >> 3 10.200.200.6 10.200.200/29 15 DR NO-NBR >> 4 A.A.A.A register_vif0 1 > >> Vif SSM Group Sources > >> Multicast Routing Table >> ====================================================== >> ----------------------------------- (S,G) >> ------------------------------------ >> Source Group RP Address Flags >> --------------- --------------- --------------- >> --------------------------- >> 10.200.200.5 232.232.8.33 SSM CACHE SG >> Joined oifs: ....j >> Pruned oifs: ..... >> Leaves oifs: ..... >> Asserted oifs: ..... >> Outgoing oifs: ....o >> Incoming : ...I. >> ===== > > >> A.A.A.A is external IP-address. No multicast trafic must be sended to >> this interface. >> 10.200.200.6 -- vlan750, multicast comes from here >> 10.199.199.102 -- vlan299, multicast must be forfarded here after >> IGMP-Join received from 10.199.199.101/30 > > >> So, kernel with MROUTING options must be configured/installed or >> ip_mroute.ko is enough? > > A kernel with MROUTING would let you see stats, but ip_mroute.ko should > be enough to function (although I haven't tested that). > > I'm not familiar with the pimd output, but it seems plausible. I am > assuming that the multicasts are not getting to the vlan299 network? > Have you looked at the incoming traffic with tcpdump? Use the -p > option to avoid promiscuous mode to see that the input NIC is receiving > those multicasts, and check the TTL of the incoming multicast packets. > (If it is 1, the packets will not be forwarded.) Yes, multicast packets arrived to FBSD via vlan750 and TTL is 20. But no packets forwarded to vlan299 after IGMP-Join received: ===== 00:39:30.484901 IP (tos 0xc0, ttl 1, id 13571, offset 0, flags [none], proto IGMP (2), length 36, options (RA)) 10.199.199.102 > 224.0.0.1: igmp query v3 00:39:31.356732 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 56, options (RA)) 10.199.199.102 > 224.0.0.22: igmp v3 report, 3 group record(s) [gaddr 224.0.0.22 is_ex { }] [gaddr 224.0.0.2 is_ex { }] [gaddr 224.0.0.13 is_ex { }] 00:39:33.091330 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.8.33 to_ex { }] 00:39:35.166091 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 40, options (RA)) 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 232.232.8.33 to_ex { }] ===== -- CU, Victor Gamov