From owner-freebsd-net@freebsd.org Wed Nov 6 02:41:43 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B2C5F1B7D14 for ; Wed, 6 Nov 2019 02:41:43 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 4779lp6yL2z4M6Q for ; Wed, 6 Nov 2019 02:41:42 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.15.2/8.15.2) with ESMTP id xA62fd40065707; Tue, 5 Nov 2019 20:41:40 -0600 (CST) (envelope-from mike@karels.net) Message-Id: <201911060241.xA62fd40065707@mail.karels.net> To: Victor Gamov cc: freebsd-net@freebsd.org From: Mike Karels Reply-to: mike@karels.net Subject: Re: FreeBSD as multicast router In-reply-to: Your message of Wed, 06 Nov 2019 00:41:33 +0300. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <65705.1573008099.1@mail.karels.net> Content-Transfer-Encoding: quoted-printable Date: Tue, 05 Nov 2019 20:41:39 -0600 X-Rspamd-Queue-Id: 4779lp6yL2z4M6Q X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-4.09 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[mike@karels.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.89)[ip: (-6.31), ipnet: 216.160.0.0/15(-3.05), asn: 209(-0.02), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.0.0/15, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Nov 2019 02:41:43 -0000 > On 05/11/2019 09:09, Mike Karels wrote: > >> On 03/11/2019 08:22, Mike Karels wrote: > >>>>>>> Hi All > >>>>>>> > >>>>>>> I have (noob) questions about multicast routing under FreeBSD. > >>>>>>> > >>>>>>> I have FreeBSD box with two (or more) multicast enabled interfac= es (e.x. > >>>>>>> vlan750 and vlan299). vlan750 connected to multicast source. > >>>>>>> > >>>>>>> Then pimd installed and only this two interfaces enabled in pimd= config. > >>>>>>> Multicast routes successfully installed by pimd and listed by `n= etstat > >>>>>>> -g -f inet` > >>>>>>> > >>>>>>> Then client on vlan299 send IGMP-Join (this Join received by Fre= eBSD on > >>>>>>> vlan299) > >>>>>>> > >>>>>>> The question is: who will forward muilticast from one interface > >>>>>>> (vlan750) to another (vlan299)? Is it kernel specific job or I = need > >>>>>>> additional software? > >>>>> > >>>>>> Please read the manpage multicast(4) "man 4 multicast", > >>>>>> you should need to build a custom kernel with the "options MROUTI= NG" > >>>>>> to enable the multicast forwarding in the kernel. > >>>>> > >>>>> If "netstat -g" shows routes, the kernel must have been built with= "options > >>>>> MROUTING". > >>> > >>>> Indeed. > >>> > >>>>> > >>>>> The kernel does the forwarding, according to those routing tables = installed > >>>>> by pimd or another multicast routing program. Is it not working? = It sounds > >>>>> like you are very close. > >>> > >>>> Could it be sysctl net.inet.ip.forwarding? Does that still apply t= o mroutes? > >>> > >>> No, they are separate. The test is just whether MROUTING is enabled= , and > >>> whether a multicast router like pimd is active. > >>> > >>> One other thing to check would be "netstat -gs" (multicast stats). > > = > >> Oops! > > = > >> =3D=3D=3D=3D=3D > >> # netstat -f inet -gs > >> No IPv4 MROUTING kernel support. > >> =3D=3D=3D=3D=3D > > = > > This looks like a bug in netstat; it is doing a test that is wrong for > > the loadable module. I don't know how much the stats might help, but if you let me know what version you are running, I can build a fixed netstat. Or I can send a source patch. > >> But I have ip_mroute.ko loaded and netstat -g shows something like > > = > >> =3D=3D=3D=3D=3D > >> # netstat -f inet -g > > = > >> IPv4 Virtual Interface Table > >> Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Ou= t > >> 0 1 A.A.A.A 0 0 > >> 1 1 B.B.B.19 0 0 > >> 2 10 10.199.199.102 0 = 0 > >> 3 15 10.200.200.6 77440 = 0 > >> 4 1 A.A.A.A 0 77440 > > = > >> IPv4 Multicast Forwarding Table > >> Origin Group Packets In-Vif Out-Vifs:Ttls > >> 10.200.200.5 232.232.8.33 1844 3 4:1 > >> 10.200.200.5 232.232.8.171 1843 3 4:1 > >> 10.200.200.5 232.232.8.58 4609 3 4:1 > >> 10.200.200.5 232.232.8.154 1844 3 4:1 > >> 10.200.200.5 232.232.8.170 1844 3 4:1 I missed this before. Looks like the last column should include 2:1 in each case if pimd saw the join. The multicasts are only being sent to Vif 4, the register-vif (see below); the Pkts-Out for it is the same as the input on 3. I'm not familiar enough with pimd to guess what is wrong. > >> =3D=3D=3D=3D=3D > > = > > = > >> and > > = > >> =3D=3D=3D=3D=3D > >> # pimd -r > >> Virtual Interface Table > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > >> Vif Local Address Subnet Thresh Flags Neighbor= s > >> --- --------------- ------------------ ------ --------- > >> ----------------- > >> 0 A.A.A.A A.A.A.A/25 1 DR NO-NBR > >> 1 B.B.B.19 B.B.B 1 DR NO-NBR > >> 2 10.199.199.102 10.199.199.100/30 10 DR PIM > >> 10.199.199.101 > >> 3 10.200.200.6 10.200.200/29 15 DR NO-NBR > >> 4 A.A.A.A register_vif0 1 > > = > >> Vif SSM Group Sources > > = > >> Multicast Routing Table > >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D > >> ----------------------------------- (S,G) > >> ------------------------------------ > >> Source Group RP Address Flags > >> --------------- --------------- --------------- > >> --------------------------- > >> 10.200.200.5 232.232.8.33 SSM CACHE SG > >> Joined oifs: ....j > >> Pruned oifs: ..... > >> Leaves oifs: ..... > >> Asserted oifs: ..... > >> Outgoing oifs: ....o > >> Incoming : ...I. > >> =3D=3D=3D=3D=3D > > = > > = > >> A.A.A.A is external IP-address. No multicast trafic must be sended t= o > >> this interface. > >> 10.200.200.6 -- vlan750, multicast comes from here > >> 10.199.199.102 -- vlan299, multicast must be forfarded here after > >> IGMP-Join received from 10.199.199.101/30 > > = > > = > >> So, kernel with MROUTING options must be configured/installed or > >> ip_mroute.ko is enough? > > = > > A kernel with MROUTING would let you see stats, but ip_mroute.ko shoul= d > > be enough to function (although I haven't tested that). > > = > > I'm not familiar with the pimd output, but it seems plausible. I am > > assuming that the multicasts are not getting to the vlan299 network? > > Have you looked at the incoming traffic with tcpdump? Use the -p > > option to avoid promiscuous mode to see that the input NIC is receivin= g > > those multicasts, and check the TTL of the incoming multicast packets. > > (If it is 1, the packets will not be forwarded.) > Yes, multicast packets arrived to FBSD via vlan750 and TTL is 20. But = > no packets forwarded to vlan299 after IGMP-Join received: > =3D=3D=3D=3D=3D > 00:39:30.484901 IP (tos 0xc0, ttl 1, id 13571, offset 0, flags [none], = > proto IGMP (2), length 36, options (RA)) > 10.199.199.102 > 224.0.0.1: igmp query v3 > 00:39:31.356732 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 56, options (RA)) > 10.199.199.102 > 224.0.0.22: igmp v3 report, 3 group record(s) = > [gaddr 224.0.0.22 is_ex { }] [gaddr 224.0.0.2 is_ex { }] [gaddr = > 224.0.0.13 is_ex { }] > 00:39:33.091330 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 40, options (RA)) > 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) = > [gaddr 232.232.8.33 to_ex { }] > 00:39:35.166091 IP (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto = > IGMP (2), length 40, options (RA)) > 10.199.199.101 > 224.0.0.22: igmp v3 report, 1 group record(s) = > [gaddr 232.232.8.33 to_ex { }] > =3D=3D=3D=3D=3D > -- = > CU, > Victor Gamov Mike