Conflict between CARP and multicast routing on FreeBSD 6.1
Bohuslav Plucinsky
bohuslav.plucinsky at gtsnextra.sk
Tue Jul 11 07:48:15 UTC 2006
Hello,
a few days ago I've sent a message about a problem running CARP and XORP
together on the same machine. Thanks a hint from Pavlin Radoslavov now
I know the problem is not in Xorp but conflict between CARP implementation
and mutlicast routing.
Description of problem:
After multicast routing is started, the CARP starts send packets
with wrong source IP addresss.
How to repeat the problem:
I've FreeBSD 6.1-RELEASE box (kernel config is attached at the end)
with 2 NICs (em0, em1) :
ifconfig em0 10.0.0.1 netmask 255.255.255.0
ifconfig em1 192.168.61.1 netmask 255.255.255.0
I've configured CARP interface:
ifconfig carp1 create
ifconfig carp1 vhid 10 pass blabla advskew 50 192.168.61.3 255.255.255.0
(Make sure the CARP is allowed)
sysctl -a | grep carp
net.inet.ip.same_prefix_carp_only: 0
net.inet.carp.allow: 1
net.inet.carp.preempt: 1
net.inet.carp.log: 1
net.inet.carp.arpbalance: 0
net.inet.carp.suppress_preempt: 0
After multicast routing is started (setsockopt(socket, IPPROTO_IP, MRT_INIT, ...)
and vif is added to the vif table (setsockopt(socket, IPPROTO_IP, MRT_ADD_VIF, ...)
the CARP starts send packets with wrong source IP address.
(The short dirty C code to start multicast routing is attached)
Here is the tcpdump on em1 interface. Until mrouter is not started, the CARP
sends packets with correct IP address (192.168.61.1) after that the source IP
address is changed to IP address of first VIF added to vif_table. When
the mrouter terminates, the source IP address comes back:
# tcpdump -n -i em1 proto 112
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
08:54:14.724536 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:15.921662 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:17.118790 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:18.315948 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:19.513083 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:20.710212 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:21.907341 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:23.104471 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:24.301610 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:25.498738 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:26.695899 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:27.893029 IP 10.0.0.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:29.090169 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:30.287288 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
08:54:31.484411 IP 192.168.61.1 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 50, authtype none, intvl 1s, length 36
^C
Can somebody help me to find a solution of this problem?
Thanks,
Bohus
C code to start multicast routing:
---------------------------------
/*
mrouter_start.c
Dirty code to start mrouter.
*/
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/route.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#define MRT_INIT 100
#define MRT_ADD_VIF 102
typedef u_short vifi_t; /* type of a vif index */
struct vifctl {
vifi_t vifc_vifi; /* the index of the vif to be added */
u_char vifc_flags; /* VIFF_ flags defined below */
u_char vifc_threshold; /* min ttl required to forward on vif */
u_int vifc_rate_limit; /* max rate */
struct in_addr vifc_lcl_addr; /* local interface address */
struct in_addr vifc_rmt_addr; /* remote address (tunnels only) */
};
int main ()
{
int s, i;
int mrouter_version = 1;
struct vifctl vc;
int num_of_ifs = 2; /* number of interfaces */
char *if_addr[] = {"10.0.0.1", "192.168.61.1" };
if ( (s=socket(PF_INET,SOCK_RAW,IPPROTO_IGMP)) < 0)
{
perror ("Cannot open socket. Error ");
exit (-1);
}
if (setsockopt(s, IPPROTO_IP, MRT_INIT,
(void*)&mrouter_version, sizeof(int)) < 0)
{
close(s);
perror ("Cannot set socket option. Error:");
exit (-1);
}
memset(&vc, 0, sizeof(vc));
for (i=0; i< num_of_ifs ; i++)
{
vc.vifc_flags = 0;
vc.vifc_vifi = i;
vc.vifc_threshold = 1;
vc.vifc_rate_limit = 0;
vc.vifc_lcl_addr.s_addr = inet_addr(if_addr[i]);
if (setsockopt(s, IPPROTO_IP, MRT_ADD_VIF,
(void *)&vc, sizeof(vc)) < 0)
{
close(s);
perror ("Cannot add VIF. Error ");
exit (-1);
}
}
fprintf (stdout,"Waiting 10s before terminate.\n");
sleep(10);
close(s);
return (0);
}
/*
End of mrouter_start.c
*/
Kernel config:
-------------
machine i386
cpu I586_CPU
cpu I686_CPU
ident FW-SMP
maxusers 64
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
makeoptions KERNEL=kernel-fw-20060710-01
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
# options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options MROUTING # Multicast routing
options PIM
options IPSTEALTH #support for stealth forwarding
options TCPDEBUG
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options INCLUDE_CONFIG_FILE # Include this file in kernel
options IPSEC #IP security
options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
options IPSEC_DEBUG #debug for IP security
options DEVICE_POLLING
device vlan #VLAN support (needs miibus)
device gre #IP over IP tunneling
device pf #PF OpenBSD packet-filter firewall
device pflog #logging support interface for PF
device pfsync #synchronization interface for PF
device carp #Common Address Redundancy Protocol
options ALTQ
options ALTQ_CBQ # Class Bases Queueing
options ALTQ_RED # Random Early Detection
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queueing
options ALTQ_NOPCC # Required for SMP build
options ALTQ_DEBUG
options SMP # Symmetric MultiProcessor Kernel
# Devices
device apic # I/O APIC
...
(I'll send whole config if is it needed)
More information about the freebsd-net
mailing list