Unable forward multicast traffic from directly connected router using pimd and quagga (v0.99) with RHEL 7.5

[eugk123]

Hello,

My system is using RHEL 7.5 (Linux kernal 3.10) and I have KVM installed with 5 RHEL VMs that each have quagga (zebra and ospfd) and pimd installed. My current version of quagga does not come with the inherent quagga pimd, so I am using pimd v2.3.2 to help me forward multicast traffic.

I have a simple network topology as follows:

                                             (RP)
           eth1                  eth1 eth2                      eth1  eth2                       eth1
            .1  172.16.0.0/29  .2   .9   172.16.0.8/29  .10  .17  172.16.0.16/29 .18
         R1 =========== R2 ============ R3 ============ R4
     (source)                    .25 || eth3                     (receiver)                     (receiver)
                  172.16.0.24/29  ||
                                      .26 || eth1
                                           R5 
                                     (receiver)

I have successful ospfd dynamic routing enabled on all 5 nodes (each node is essentially a linux router); therefore, i can ping from R1 to R4 without a problem. I can send multicast traffic from R1 to R2. From R2 it does not forward the multicast traffic.

I wireshark on R2 eth1 and confirmed multicast traffic with TTL > 1, when wiresharking R2 eth2 or eth3, I see nothing. I run pimd -r on R2 and I see a successful group with R1 source pointing to R2 eth1 as a RP. I do not see anything when I run pimd -r on anywhere else.

When i perform cat /proc/net/ip_mr_vif on R1, I notice bytes and packets IN on eth1 and bytes and packets OUT on pimreg (this should be 0). When performing the same command on R2, I see no bytes and packets IN or OUT on any interface.

Additional details, I performed the following configuration changes to each VM to help prepare for multicast pimd: (1) Disabled selinux and firewalld (2) Added iptables mangle to increase TTL to 32 when sending multicast traffic to 239.1.1.1 (3) I disabled igmp_snooping on virbr virtual networks (4) I checked in sysctl.conf to ensure mc forwarding, ipv4 forwarding, and disabled rp filters (5) I checked the kernel /boot/configs to ensure MROUTE, PM-SIM, and other mandatory CONFIG_IFs based on search results i found online (6) Added static route for multicast 244.0.0.0/4 to eth1 allowing me to pass multicast traffic to R2 (7) Configured pimd on all nodes to use static RP at R2 eth2 172.16.0.9 (8) Tried using IGMPv2 and IGMPv3; but both did not make a difference

Unfortunately the system I'm working on does not have internet connectivity so I cannot post results and debugs here.

Help is much appreciated!

Thank you, Eugene Kim

[troglobit]

Hi,

sorry to hear you have problems. Getting up and running with dynamic multicast routing can be a bit of a hassle, although you seem to have done your homework :-)

From personal experience, I recommend setting up a separate "staging" lab network to test theories in before taking on a production setup. Personally I prefer CORE, which is amazingly simple to test anything layer-3 (and up) on:

1) Install CORE, they have .deb packages on their GitHub releases page 2) Install quagga/frr from your distribution 3) Start CORE and play around with a simple two/three OSPF router setup 4) When ping between end-devices work we can start playing with pimd 5) Try my little mcjoin tool, it works as sender and receiver for end devices 6) Make sure the pimd routers have peered, see the documentation for how to see this 7) Run mcjoin on one LAN, i.e. both sender and reciver on same LAN 8) Move the receiver to another LAN on the same router, the mcjoin sender defaults to TTL=1 (see options)

When you have this working in CORE you can shift your attention to the production specific problems, like mangling TTLs with iptables etc.

[eugk123]

Hello Troglobit.

Even if I set up a 3 node topology: R1 --- R2 --- R3 with ospf working properly, I can't get pimd to forward my multicast from R1 to R3.

I wrote in detail the configurations I've made on my computers and none seem to be fixing the issue.

I was starting to think that maybe pimd is not supported on RHEL or Linux Kernel 3.10.

Or perhaps my Hypervisor (KVM) doesn't allow for this to work?

Please assist.

Thanks, Eugene

[troglobit]

Hi Eugene,

did you try to break down the problem like I described, and test in a controlled (virtual) environment like CORE and using only one or two routers to begin with?

I don't have the means to test pimd against all possible Linux kernel versions, so it would be great if you could help me narrow things down so I can help you. One of the reasons I ask this of you is that many users have site specific issues, e.g. hardware, drivers, too old kernel, kernel lacking features, or whatever, that are not pimd related.

Best regards /Joachim

[b00ga]

I just started experimenting with PIMD this week and found this issue. I can report that PIMD DOES work on EL7 (in my case, testing with CentOS 7.6.1810, kernel 3.10.0-957.27.2.el7.x86_64). I've used omping and iperf to confirm my routing is working. I'm using vagrant + virtualbox with a 4 node network. Host1 <---> R1 <---> R2 <---> Host2 I ran into a couple of issues that were my unfamiliarity with multicast and mcast routing. In my case these were:

• Making sure TTL was >1 (-T 32 on iperf clients and -t 64 on omping, for example)
• Didn't understand that I required an RP. After adding bsr-candidate and rp-candidate to pimd.conf on both R1/R2, things got better, but still wasn't passing traffic
• Set rp_filter on all PIM-SM interfaces to NOT be in strict mode (change net.ipv4.conf.ethX.rp_filter from 1 to either 0 [rp filtering disabled] or 2 [loose mode])

After these changes, I've been mostly working. I've had pimd be a little unstable when restarting the daemon and sometimes had to reboot my router VMs to get traffic passing again.

Hope these data points help.

-Shawn

[troglobit]

@b00ga Thank you for these great pointers, all worth looking into when starting out with (dynamic) multicast routing.

[phoenix9047]

@eugk123 did you succeed with this environment? Seems like I'm experiencing a very similar issue: https://github.com/troglobit/pimd/issues/166 If you succeeded to overwhelm it somehow, could you please give me a tip? Thank you, Leonid