Re: GRE in a fib via rc.conf
- In reply to: Zhenlei Huang : "Re: GRE in a fib via rc.conf"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Nov 2022 01:34:57 UTC
On Mon, Nov 7, 2022 at 8:11 PM Zhenlei Huang <zlei.huang@gmail.com> wrote: > > On Nov 8, 2022, at 8:26 AM, Mark Saad <nonesuch@longcount.org> wrote: > > All > I am looking for some help on if my setup makes sense. > I have a vm with two interfaces. One for access to the host , we'll call > this mgmt . One for routing traffic, we'll call this routing . I want to > put the routing interface into a fib and to run a gre tunnel over it. > Sounds simple enough. The problem I am seeing is that it looks like the > tunneled traffic is leaked into the default fib and I don't see why. I am > not sure if this is config nit or if this is an issue. Should the gre10 > interface be in fib 1 ? See below. > > > The fib of the tunneling interface should also be 1 IIUC your setup. > > > ### RC CONF ### > ifconfig_vmx0="inet 10.23.121.253/24 description mgmt" > ifconfig_vmx1="inet 100.65.101.14/28 mtu 9000 description routing fib 1" > defaultrouter="10.23.121.1" > static_routes="ewr10gresrc" > route_ewr10gresrc=" 192.168.255.14 100.65.101.1 -fib 1" > cloned_interfaces="gre10" > ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 > tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" > > > Try this for the gre tunnel interface: > > cloned_interfaces="gre10" > create_args_gre10="tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" > ifconfig_gre10="inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 fib > 1" > > Good catch , and I confirmed it works in either format ifconfig_gre10=" inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 fib 1 tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" or create_args_gre10="tunnel 100.65.101.14 192.168.255.14 tunnelfib 1" ifconfig_gre10="inet 100.67.103.2 100.67.103.1 netmask 255.255.255.252 fib 1" I don't think this is documented very well. Thanks for your help. ############### > > ### DEFAULT FIB ### > ~ # netstat -nr4Wl > Routing tables > > Internet: > Destination Gateway Flags Nhop# Mtu Netif Expire > default 10.23.121.1 UGS 6 1500 vmx0 > 10.23.121.0/24 link#1 U 2 1500 vmx0 > 10.23.121.253 link#1 UHS 3 16384 lo0 > 100.67.103.1 link#4 UH 4 1476 gre10 > 100.67.103.2 link#4 UHS 5 16384 lo0 > 127.0.0.1 link#3 UH 1 16384 lo0 > > ### FIB 1 ### > > # setfib 1 netstat -nr4Wl > Routing tables (fib: 1) > > Internet: > Destination Gateway Flags Nhop# Mtu Netif Expire > 100.65.101.0/28 link#2 U 1 9000 vmx1 > 100.65.101.14 link#2 UHS 2 16384 lo0 > 127.0.0.1 link#3 UHS 3 16384 lo0 > 192.168.255.14 100.65.101.1 UGHS 4 9000 vmx1 > > ##### PING EXAMPLES ##### > > # setfib 1 ping -c 1 -t 2 100.67.103.1 > PING 100.67.103.1 (100.67.103.1): 56 data bytes > ping: sendto: No route to host > > --- 100.67.103.1 ping statistics --- > 1 packets transmitted, 0 packets received, 100.0% packet loss > # setfib 0 ping -c 1 -t 2 100.67.103.1 > PING 100.67.103.1 (100.67.103.1): 56 data bytes > 64 bytes from 100.67.103.1: icmp_seq=0 ttl=255 time=1.528 ms > > --- 100.67.103.1 ping statistics --- > 1 packets transmitted, 1 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 1.528/1.528/1.528/0.000 ms > > #### TCPDUMP #### > ICMP packets are in fact sourced from the gre10 interface. > The GRE packets are also only going out the routing interface. > > See the following pastebin for details. > > https://pastebin.com/n3mGXGHA > > > > > -- > mark saad | nonesuch@longcount.org > > > Best regards, > Zhenlei > > -- mark saad | nonesuch@longcount.org