[Xorp-users] Newbie Xorp & m'cast problem
Mark Calleja
M.Calleja@damtp.cam.ac.uk
Tue, 07 Jun 2005 17:51:35 +0100
Hi,
I've got a firewall (running shorewall actually) with two NICs and I've
been trying to get m'cast to pass in either way without much success.
Our setup's a bit unusual in that the two NICs are actually on the same
network address range, and unicast routing is achieved by proxyarp'ing.
Not a nice solution, but it works. However, I've tried using Xorp to get
the m'cast to be conveyed without much joy, and I'd appreciate if anyone
here can spot where I'm going wrong. Here's our config.boot file:
=====
interfaces {
interface eth0 {
disable: false
description: "Global interface"
default-system-config
}
interface eth1 {
disable: false
description: "Firewalled interface"
default-system-config
}
fea {
unicast-forwarding4 {
disable: false
}
}
plumbing {
mfea4 {
disable: false
interface eth0 {
vif eth0 {
disable: false
}
}
interface eth1 {
vif eth1 {
disable: false
}
}
interface register_vif {
vif register_vif {
/* Note: this vif should be always enabled */
disable: false
}
}
traceoptions {
flag all {
disable: false
}
}
}
}
protocols {
igmp {
disable: false
interface eth0 {
vif eth0 {
disable: false
}
}
interface eth1 {
vif eth1 {
disable: false
}
}
traceoptions {
flag all {
disable: false
}
}
}
}
protocols {
pimsm4 {
disable: false
interface eth0 {
vif eth0 {
disable: false
}
}
interface eth1 {
vif eth1 {
disable: false
}
}
interface register_vif {
vif register_vif {
/* Note: this vif should be always enabled */
disable: false
}
} switch-to-spt-threshold {
disable: false
interval-sec: 100
bytes: 102400
}
traceoptions {
flag all {
disable: false
}
}
}
}
protocols {
fib2mrib {
disable: false
}
}
=====
The firewall is configured to allow all IGMP and packets in the range
224.0.0.0/4 through, and Xorp comes up cleanly enough, but it seems to
get the information about the interfaces which are already there wrong,
i.e. here's what Xorp reports:
[ 2005/06/07 17:26:05 INFO xorp_igmp MLD6IGMP ] Added new address to vif
eth0: addr: 131.111.20.148 subnet: 131.111.20.0/24 broadcast:
131.111.20.191 peer:0.0.0.0
[ 2005/06/07 17:26:05 INFO xorp_igmp MLD6IGMP ] Interface flags changed:
Vif[eth0] pif_index: 0 vif_index: 0 addr: 131.111.20.148 subnet:
131.111.20.0/24 broadcast: 131.111.20.191 peer: 0.0.0.0 Flags: MULTICAST
BROADCAST UNDERLYING_VIF_UP
[ 2005/06/07 17:26:05 INFO xorp_igmp MLD6IGMP ] Interface added:
Vif[eth1] pif_index: 0 vif_index: 1 Flags:
[ 2005/06/07 17:26:05 INFO xorp_igmp MLD6IGMP ] Added new address to vif
eth1: addr: 131.111.20.132 subnet: 131.111.20.0/24 broadcast:
131.111.20.191 peer:0.0.0.0
However, those two addresses have subnet 131.111.20.0/26. Also, what's
that peer:0.0.0.0 all about?
Anyway, when I try to run an mping job across the f/w, with one machine
listening on 229.255.255.2, here's Xorp's output. The listening machine
has IP 131.111.20.151 and is outside the firewall on eth0 on the f/w,
while the sender is 131.111.20.167 and is firewalled behind eth1:
[ 2005/06/07 17:28:39 TRACE xorp_pimsm4 PIM ] TX PIM_HELLO from
131.111.20.148 to 224.0.0.13 on vif eth0
[ 2005/06/07 17:28:41 TRACE xorp_pimsm4 PIM ] TX PIM_HELLO from
131.111.20.132 to 224.0.0.13 on vif eth1
[ 2005/06/07 17:28:41 TRACE xorp_igmp MLD6IGMP ] TX
IGMP_MEMBERSHIP_QUERY from 131.111.20.148 to 224.0.0.1
[ 2005/06/07 17:28:41 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_MEMBERSHIP_QUERY from 131.111.20.148 to 224.0.0.1 on vif eth0
[ 2005/06/07 17:28:41 TRACE xorp_igmp MLD6IGMP ] TX
IGMP_MEMBERSHIP_QUERY from 131.111.20.132 to 224.0.0.1
[ 2005/06/07 17:28:41 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_MEMBERSHIP_QUERY from 131.111.20.132 to 224.0.0.1 on vif eth0
[ 2005/06/07 17:28:42 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.132 to 224.0.0.2 on vif eth0
[ 2005/06/07 17:28:42 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.167 to 229.255.255.2 on vif eth0
[ 2005/06/07 17:28:43 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.132 to 224.0.0.13 on vif eth0
[ 2005/06/07 17:28:45 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.144 to 239.255.255.250 on vif eth0
[ 2005/06/07 17:28:46 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.148 to 224.0.0.13 on vif eth0
[ 2005/06/07 17:28:47 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.163 to 229.255.255.2 on vif eth0
[ 2005/06/07 17:28:47 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.151 to 224.0.1.41 on vif eth0
[ 2005/06/07 17:28:51 WARNING xorp_fea MFEA ] proto_socket_read()
failed: RX packet from 192.153.213.109 to 224.0.0.13: no vif found
[ 2005/06/07 17:28:51 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.148 to 224.0.0.2 on vif eth0
[ 2005/06/07 17:28:52 TRACE xorp_igmp MLD6IGMP ] RX IGMP_V2_LEAVE_GROUP
from 131.111.20.151 to 224.0.0.2 on vif eth0
[ 2005/06/07 17:28:52 TRACE xorp_igmp MLD6IGMP ] TX
IGMP_MEMBERSHIP_QUERY from 131.111.20.148 to 229.255.255.2
[ 2005/06/07 17:28:52 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_MEMBERSHIP_QUERY from 131.111.20.148 to 229.255.255.2 on vif eth0
[ 2005/06/07 17:28:53 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.163 to 229.255.255.2 on vif eth0
[ 2005/06/07 17:28:56 TRACE xorp_igmp MLD6IGMP ] RX
IGMP_V2_MEMBERSHIP_REPORTfrom 131.111.20.167 to 229.255.255.2 on vif eth0
[ 2005/06/07 17:28:57 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:28:57 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:29:02 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:29:02 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:29:02 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:29:02 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
[ 2005/06/07 17:29:02 ERROR xorp_fea:16848 MFEA +1340
mfea_proto_comm.cc proto_socket_read ] proto_socket_read() failed:
invalid unicast sender address: 0.0.0.0
I know this is a lot of stuff I've cut 'n' pasted, but any help on where
I'm going wrong would be appreciated!
Thanks,
Mark