Re: GRE in a fib via rc.conf

Reply: Mark Saad : "Re: GRE in a fib via rc.conf"
In reply to: Mark Saad : "GRE in a fib via rc.conf"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Zhenlei Huang <zlei.huang_at_gmail.com>
Date: Tue, 08 Nov 2022 01:11:18 UTC
> On Nov 8, 2022, at 8:26 AM, Mark Saad <nonesuch@longcount.org> wrote:
> 
> All
>   I am looking for some help on if my setup makes sense. 
> I have a vm with two interfaces. One for access to the host , we'll call this mgmt . One for routing traffic, we'll call this routing . I want to put the routing interface into a fib and to run a gre tunnel over it. Sounds simple enough.  The problem I am seeing is that it looks like the tunneled traffic is leaked into the default fib and I don't see why. I am not sure if this is config nit or if this is an issue. Should the gre10 interface be in fib 1 ?  See below. 

The fib of the tunneling interface should also be 1 IIUC your setup.

> 
> ### RC CONF ###
> ifconfig_vmx0="inet 10.23.121.253/24 <http://10.23.121.253/24> description mgmt"
> ifconfig_vmx1="inet 100.65.101.14/28 <http://100.65.101.14/28> mtu 9000 description routing fib 1"
> defaultrouter="10.23.121.1"
> static_routes="ewr10gresrc"
> route_ewr10gresrc=" 192.168.255.14 100.65.101.1 -fib 1"
> cloned_interfaces="gre10"
> ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1"

Try this for the gre tunnel interface:

cloned_interfaces="gre10"
create_args_gre10="tunnel 100.65.101.14 192.168.255.14 tunnelfib 1"
ifconfig_gre10="inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 fib 1"

> ###############
>  
> ### DEFAULT FIB ###
> ~ # netstat -nr4Wl
> Routing tables
>  
> Internet:
> Destination Gateway Flags Nhop# Mtu Netif Expire
> default 10.23.121.1 UGS 6 1500 vmx0
> 10.23.121.0/24 <http://10.23.121.0/24> link#1 U 2 1500 vmx0
> 10.23.121.253 link#1 UHS 3 16384 lo0
> 100.67.103.1 link#4 UH 4 1476 gre10
> 100.67.103.2 link#4 UHS 5 16384 lo0
> 127.0.0.1 link#3 UH 1 16384 lo0
>  
> ### FIB 1 ###
>  
> # setfib 1 netstat -nr4Wl
> Routing tables (fib: 1)
>  
> Internet:
> Destination Gateway Flags Nhop# Mtu Netif Expire
> 100.65.101.0/28 <http://100.65.101.0/28> link#2 U 1 9000 vmx1
> 100.65.101.14 link#2 UHS 2 16384 lo0
> 127.0.0.1 link#3 UHS 3 16384 lo0
> 192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1
>  
> ##### PING EXAMPLES #####
>  
> # setfib 1 ping -c 1 -t 2 100.67.103.1
> PING 100.67.103.1 (100.67.103.1): 56 data bytes
> ping: sendto: No route to host
>  
> --- 100.67.103.1 ping statistics ---
> 1 packets transmitted, 0 packets received, 100.0% packet loss
> # setfib 0 ping -c 1 -t 2 100.67.103.1
> PING 100.67.103.1 (100.67.103.1): 56 data bytes
> 64 bytes from 100.67.103.1 <http://100.67.103.1/>: icmp_seq=0 ttl=255 time=1.528 ms
>  
> --- 100.67.103.1 ping statistics ---
> 1 packets transmitted, 1 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 1.528/1.528/1.528/0.000 ms
>  
> #### TCPDUMP ####
> ICMP packets are in fact sourced from the gre10 interface.
> The GRE packets are also only going out the routing interface.
> 
> See the following pastebin for details.
> 
> https://pastebin.com/n3mGXGHA <https://pastebin.com/n3mGXGHA>
> 
> 
> 
> 
> -- 
> mark saad | nonesuch@longcount.org <mailto:nonesuch@longcount.org>

Best regards,
Zhenlei