Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 05 Nov 2019 20:41:39 -0600
From:      Mike Karels <mike@karels.net>
To:        Victor Gamov <vit@otcnet.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: FreeBSD as multicast router
Message-ID:  <201911060241.xA62fd40065707@mail.karels.net>
In-Reply-To: Your message of Wed, 06 Nov 2019 00:41:33 %2B0300. <a789de99-00ce-f12c-f698-9594cf4c9fe7@otcnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On 05/11/2019 09:09, Mike Karels wrote:
> >> On 03/11/2019 08:22, Mike Karels wrote:
> >>>>>>> Hi All
> >>>>>>>
> >>>>>>> I have (noob) questions about multicast routing under FreeBSD.
> >>>>>>>
> >>>>>>> I have FreeBSD box with two (or more) multicast enabled interfac=
es (e.x.
> >>>>>>> vlan750 and vlan299).  vlan750 connected to multicast source.
> >>>>>>>
> >>>>>>> Then pimd installed and only this two interfaces enabled in pimd=
 config.
> >>>>>>> Multicast routes successfully installed by pimd and listed by `n=
etstat
> >>>>>>> -g -f inet`
> >>>>>>>
> >>>>>>> Then client on vlan299 send IGMP-Join (this Join received by Fre=
eBSD on
> >>>>>>> vlan299)
> >>>>>>>
> >>>>>>> The question is:  who will forward muilticast from one interface
> >>>>>>> (vlan750) to another (vlan299)?  Is it kernel specific job or I =
need
> >>>>>>> additional software?
> >>>>>
> >>>>>> Please read the manpage multicast(4) "man 4 multicast",
> >>>>>> you should need to build a custom kernel with the "options MROUTI=
NG"
> >>>>>> to enable the multicast forwarding in the kernel.
> >>>>>
> >>>>> If "netstat -g" shows routes, the kernel must have been built with=
 "options
> >>>>> MROUTING".
> >>>
> >>>> Indeed.
> >>>
> >>>>>
> >>>>> The kernel does the forwarding, according to those routing tables =
installed
> >>>>> by pimd or another multicast routing program.  Is it not working? =
 It sounds
> >>>>> like you are very close.
> >>>
> >>>> Could it be sysctl net.inet.ip.forwarding?  Does that still apply t=
o mroutes?
> >>>
> >>> No, they are separate.  The test is just whether MROUTING is enabled=
, and
> >>> whether a multicast router like pimd is active.
> >>>
> >>> One other thing to check would be "netstat -gs" (multicast stats).
> > =

> >> Oops!
> > =

> >> =3D=3D=3D=3D=3D
> >> # netstat -f inet -gs
> >> No IPv4 MROUTING kernel support.
> >> =3D=3D=3D=3D=3D
> > =

> > This looks like a bug in netstat; it is doing a test that is wrong for
> > the loadable module.

I don't know how much the stats might help, but if you let me know what
version you are running, I can build a fixed netstat.  Or I can send
a source patch.

> >> But I have ip_mroute.ko loaded and netstat -g shows something like
> > =

> >> =3D=3D=3D=3D=3D
> >> # netstat -f inet -g
> > =

> >> IPv4 Virtual Interface Table
> >>    Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Ou=
t
> >>     0         1   A.A.A.A                           0          0
> >>     1         1   B.B.B.19                          0          0
> >>     2        10   10.199.199.102                          0          =
0
> >>     3        15   10.200.200.6                        77440          =
0
> >>     4         1   A.A.A.A                           0      77440
> > =

> >> IPv4 Multicast Forwarding Table
> >>    Origin          Group             Packets In-Vif  Out-Vifs:Ttls
> >>    10.200.200.5    232.232.8.33        1844    3    4:1
> >>    10.200.200.5    232.232.8.171        1843    3    4:1
> >>    10.200.200.5    232.232.8.58         4609    3    4:1
> >>    10.200.200.5    232.232.8.154        1844    3    4:1
> >>    10.200.200.5    232.232.8.170        1844    3    4:1

I missed this before.  Looks like the last column should include 2:1 in
each case if pimd saw the join.  The multicasts are only being sent to
Vif 4, the register-vif (see below); the Pkts-Out for it is the same
as the input on 3.  I'm not familiar enough with pimd to guess what is
wrong.

> >> =3D=3D=3D=3D=3D
> > =

> > =

> >> and
> > =

> >> =3D=3D=3D=3D=3D
> >> # pimd -r
> >> Virtual Interface Table
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> >> Vif  Local Address    Subnet              Thresh  Flags      Neighbor=
s
> >> ---  ---------------  ------------------  ------  ---------
> >> -----------------
> >>     0  A.A.A.A    A.A.A.A/25            1  DR NO-NBR
> >>     1  B.B.B.19   B.B.B              1  DR NO-NBR
> >>     2  10.199.199.102   10.199.199.100/30       10  DR PIM
> >> 10.199.199.101
> >>     3  10.200.200.6     10.200.200/29           15  DR NO-NBR
> >>     4  A.A.A.A    register_vif0            1
> > =

> >>    Vif  SSM Group        Sources
> > =

> >> Multicast Routing Table
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> >> ----------------------------------- (S,G)
> >> ------------------------------------
> >> Source           Group            RP Address       Flags
> >> ---------------  ---------------  ---------------
> >> ---------------------------
> >> 10.200.200.5     232.232.8.33     SSM              CACHE SG
> >> Joined   oifs: ....j
> >> Pruned   oifs: .....
> >> Leaves   oifs: .....
> >> Asserted oifs: .....
> >> Outgoing oifs: ....o
> >> Incoming     : ...I.
> >> =3D=3D=3D=3D=3D
> > =

> > =

> >> A.A.A.A is external IP-address.  No multicast trafic must be sended t=
o
> >> this interface.
> >> 10.200.200.6 -- vlan750, multicast comes from here
> >> 10.199.199.102 -- vlan299, multicast must be forfarded here after
> >> IGMP-Join received from 10.199.199.101/30
> > =

> > =

> >> So, kernel with MROUTING options must be configured/installed or
> >> ip_mroute.ko is enough?
> > =

> > A kernel with MROUTING would let you see stats, but ip_mroute.ko shoul=
d
> > be enough to function (although I haven't tested that).
> > =

> > I'm not familiar with the pimd output, but it seems plausible.  I am
> > assuming that the multicasts are not getting to the vlan299 network?
> > Have you looked at the incoming traffic with tcpdump?  Use the -p
> > option to avoid promiscuous mode to see that the input NIC is receivin=
g
> > those multicasts, and check the TTL of the incoming multicast packets.
> > (If it is 1, the packets will not be forwarded.)


> Yes, multicast packets arrived to FBSD via vlan750 and TTL is 20.  But =

> no packets forwarded to vlan299 after IGMP-Join received:

> =3D=3D=3D=3D=3D
> 00:39:30.484901 IP (tos 0xc0, ttl 1, id 13571, offset 0, flags [none], =

> proto IGMP (2), length 36, options (RA))
>      10.199.199.102 > 224.0.0.1: igmp query v3

> 00:39:31.356732 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto =

> IGMP (2), length 56, options (RA))
>      10.199.199.102 > 224.0.0.22: igmp v3 report, 3 group record(s) =

> [gaddr 224.0.0.22 is_ex { }] [gaddr 224.0.0.2 is_ex { }] [gaddr =

> 224.0.0.13 is_ex { }]

> 00:39:33.091330 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto =

> IGMP (2), length 40, options (RA))
>      10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) =

> [gaddr 232.232.8.33 to_ex { }]

> 00:39:35.166091 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto =

> IGMP (2), length 40, options (RA))
>      10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) =

> [gaddr 232.232.8.33 to_ex { }]
> =3D=3D=3D=3D=3D


> -- =

> CU,
> Victor Gamov

		Mike

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911060241.xA62fd40065707>