From owner-freebsd-net@FreeBSD.ORG Mon Jul 3 07:49:14 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A073816A403; Mon, 3 Jul 2006 07:49:14 +0000 (UTC) (envelope-from plk@in.nextra.sk) Received: from fw.nextra.sk (fw.nextra.sk [195.168.29.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2E6B43D49; Mon, 3 Jul 2006 07:49:13 +0000 (GMT) (envelope-from plk@in.nextra.sk) Received: from plk.in.nextra.sk (localhost [127.0.0.1]) by fw.nextra.sk (8.13.4/8.13.4) with ESMTP id k637nBcT027368; Mon, 3 Jul 2006 09:49:11 +0200 Received: (from plk@localhost) by plk.in.nextra.sk (8.13.4/8.13.4/Submit) id k637nBQL027367; Mon, 3 Jul 2006 09:49:11 +0200 Date: Mon, 3 Jul 2006 09:49:11 +0200 From: Bohuslav Plucinsky To: freebsd-net@freebsd.org Message-ID: <20060703074911.GB24299@gtsnextra.sk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: NEXTRA, Bratislava, SLOVAKIA X-NCC-RegID: sk.nextra User-Agent: Mutt/1.5.11 Cc: mlaier@freebsd.org, freebsd-questions@freebsd.org Subject: Re: [Xorp-feedback] Xorp and CARP on FreeBSD] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bohuslav.plucinsky@gtsnextra.sk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2006 07:49:14 -0000 Hello, here is a reply from one of the XORP developers, Pavlin Radoslavov. What is your opinion to this problem? Thanks, Bohus ----- Forwarded message from Pavlin Radoslavov ----- > To: bohuslav.plucinsky@gtsnextra.sk > Subject: Re: [Xorp-feedback] Xorp and CARP on FreeBSD > Date: Thu, 29 Jun 2006 15:54:06 -0700 > From: Pavlin Radoslavov > > > On Fri, Jun 09, 2006 at 09:46:36AM -0700, Pavlin Radoslavov wrote: > > > > I've two FreeBSD 6.1-RELEASE routers (R1, R2) with CARP configured > > > > and it was working OK untill I've installed Xorp and tried to configure > > > > multicast PIM-SM. After that the CARP has stoped working. I've found > > > > out by the tcpdump that after Xorp is started the source IP address > > > > of CARP packets is changed to IP address used as register_vif in Xorp: > > > > > > Do you get the same error if you configure only the "interfaces" > > > section in the XORP config. > > > > No, the problem occures, only when the plumbing section is present. > > > > > Also, is any of the IP address changed (by CARP) while XORP is running? > > > > No. There are the CARP virtual interfaces created befor XORP is started. > > CARP dosn't change any IP address, but XORP changes source IP address > > of multicast CARP packets. When I stop XORP the IP address is retutned > > to original IP address. > > Thank you for the info. > I did some investigation (FreeBSD-6.1) and I was able to see the > the problem: VRRPv2 Advertisement messages with the wrong source > address. > > For the record, this is what I did (on a single machine): > > ===================================== > ifconfig vlan97 create > ifconfig vlan97 inet 192.168.100.2 netmask 255.255.255.0 vlan 97 vlandev xl0 > ifconfig vlan71 create > ifconfig vlan71 inet 10.122.25.66 netmask 255.255.255.224 vlan 71 vlandev xl0 > ifconfig carp97 create > ifconfig carp97 vhid 1 pass foofoo1 192.168.100.1/24 > ifconfig carp71 create > ifconfig carp71 vhid 2 pass foofoo2 10.122.25.64/27 > ===================================== > > Then I started XORP with the configuration file included at the end > of this email. Basically, the important thing in that configuration > file is that inside the MFEA I enabled only the vlan71 interface. > > Indeed, by running tcpdump I was able to see that the VRRPv2 > Advertisement messages sent over vlan97 changed their source address > to be same ass the source address of vlan71: > > ===================================== > root@carp[5] tcpdump -n -i vlan97 proto 112 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on vlan97, link-type EN10MB (Ethernet), capture size 96 bytes > 15:38:04.614085 IP 192.168.100.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36 > 15:38:05.615058 IP 192.168.100.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36 > ... > 15:38:22.635132 IP 10.122.25.66 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36 > 15:38:23.636107 IP 10.122.25.66 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36 > ===================================== > > After some investigation, I was able to trace the problem to the > setsockopt(_mrouter_socket, IPPROTO_IP, MRT_ADD_VIF, ...) system > call. In fact, I was able to reproduce the problem with other > multicast routing implementations: mrouted and pimd which obviously > also use the same setsockopt(). > After some further investigation, it seems to happen only when > running CARP over vlan interfaces, but I haven't investigated this > in greater details. At least, it didn't happen when I enabled in MFEA > the physical xl0 network interface (also running CARP). > > Hence, I belive the problem is in the FreeBSD kernel, and happens > when we have 2+ vlan interfaces configured to run CARP and one of > them is also configured for multicast routing. > > You might want to contact the FreeBSD folks about that, because the > problem is not XORP-specific. > > Please let us know how it goes. > > Thanks, > Pavlin > > > ===================================== > interfaces { > interface vlan97 { > description: "DMZ" > disable: false > default-system-config > } > interface vlan71 { > description: "intranet" > disable: false > default-system-config > } > } > > fea { > unicast-forwarding4 { > disable: false > } > } > > plumbing { > mfea4 { > disable: false > interface vlan71 { > vif vlan71 { > disable: false > } > } > /* > interface vlan97 { > vif vlan97 { > disable: false > } > } > */ > /* > interface register_vif { > vif register_vif { > Note: this vif should be always enabled > disable: false > } > } > */ > traceoptions { > flag all { > disable: false > } > } > } > } > ===================================== > > ----- End forwarded message -----