[Xorp-feedback] Xorp and CARP on FreeBSD]
Bohuslav Plucinsky
bohuslav.plucinsky at gtsnextra.sk
Mon Jul 3 07:49:14 UTC 2006
Hello,
here is a reply from one of the XORP developers, Pavlin Radoslavov. What is
your opinion to this problem?
Thanks,
Bohus
----- Forwarded message from Pavlin Radoslavov <pavlin at icir.org> -----
> To: bohuslav.plucinsky at gtsnextra.sk
> Subject: Re: [Xorp-feedback] Xorp and CARP on FreeBSD
> Date: Thu, 29 Jun 2006 15:54:06 -0700
> From: Pavlin Radoslavov <pavlin at icir.org>
>
> > On Fri, Jun 09, 2006 at 09:46:36AM -0700, Pavlin Radoslavov wrote:
> > > > I've two FreeBSD 6.1-RELEASE routers (R1, R2) with CARP configured
> > > > and it was working OK untill I've installed Xorp and tried to configure
> > > > multicast PIM-SM. After that the CARP has stoped working. I've found
> > > > out by the tcpdump that after Xorp is started the source IP address
> > > > of CARP packets is changed to IP address used as register_vif in Xorp:
> > >
> > > Do you get the same error if you configure only the "interfaces"
> > > section in the XORP config.
> >
> > No, the problem occures, only when the plumbing section is present.
> >
> > > Also, is any of the IP address changed (by CARP) while XORP is running?
> >
> > No. There are the CARP virtual interfaces created befor XORP is started.
> > CARP dosn't change any IP address, but XORP changes source IP address
> > of multicast CARP packets. When I stop XORP the IP address is retutned
> > to original IP address.
>
> Thank you for the info.
> I did some investigation (FreeBSD-6.1) and I was able to see the
> the problem: VRRPv2 Advertisement messages with the wrong source
> address.
>
> For the record, this is what I did (on a single machine):
>
> =====================================
> ifconfig vlan97 create
> ifconfig vlan97 inet 192.168.100.2 netmask 255.255.255.0 vlan 97 vlandev xl0
> ifconfig vlan71 create
> ifconfig vlan71 inet 10.122.25.66 netmask 255.255.255.224 vlan 71 vlandev xl0
> ifconfig carp97 create
> ifconfig carp97 vhid 1 pass foofoo1 192.168.100.1/24
> ifconfig carp71 create
> ifconfig carp71 vhid 2 pass foofoo2 10.122.25.64/27
> =====================================
>
> Then I started XORP with the configuration file included at the end
> of this email. Basically, the important thing in that configuration
> file is that inside the MFEA I enabled only the vlan71 interface.
>
> Indeed, by running tcpdump I was able to see that the VRRPv2
> Advertisement messages sent over vlan97 changed their source address
> to be same ass the source address of vlan71:
>
> =====================================
> root at carp[5] tcpdump -n -i vlan97 proto 112
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on vlan97, link-type EN10MB (Ethernet), capture size 96 bytes
> 15:38:04.614085 IP 192.168.100.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36
> 15:38:05.615058 IP 192.168.100.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36
> ...
> 15:38:22.635132 IP 10.122.25.66 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36
> 15:38:23.636107 IP 10.122.25.66 > 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype none, intvl 1s, length 36
> =====================================
>
> After some investigation, I was able to trace the problem to the
> setsockopt(_mrouter_socket, IPPROTO_IP, MRT_ADD_VIF, ...) system
> call. In fact, I was able to reproduce the problem with other
> multicast routing implementations: mrouted and pimd which obviously
> also use the same setsockopt().
> After some further investigation, it seems to happen only when
> running CARP over vlan interfaces, but I haven't investigated this
> in greater details. At least, it didn't happen when I enabled in MFEA
> the physical xl0 network interface (also running CARP).
>
> Hence, I belive the problem is in the FreeBSD kernel, and happens
> when we have 2+ vlan interfaces configured to run CARP and one of
> them is also configured for multicast routing.
>
> You might want to contact the FreeBSD folks about that, because the
> problem is not XORP-specific.
>
> Please let us know how it goes.
>
> Thanks,
> Pavlin
>
>
> =====================================
> interfaces {
> interface vlan97 {
> description: "DMZ"
> disable: false
> default-system-config
> }
> interface vlan71 {
> description: "intranet"
> disable: false
> default-system-config
> }
> }
>
> fea {
> unicast-forwarding4 {
> disable: false
> }
> }
>
> plumbing {
> mfea4 {
> disable: false
> interface vlan71 {
> vif vlan71 {
> disable: false
> }
> }
> /*
> interface vlan97 {
> vif vlan97 {
> disable: false
> }
> }
> */
> /*
> interface register_vif {
> vif register_vif {
> Note: this vif should be always enabled
> disable: false
> }
> }
> */
> traceoptions {
> flag all {
> disable: false
> }
> }
> }
> }
> =====================================
>
>
----- End forwarded message -----
More information about the freebsd-questions
mailing list