rp_filter and multicast

Issues related to configuring your network
forforumita
Posts: 1
Joined: 2018/05/06 06:56:24

rp_filter and multicast

Postby forforumita » 2018/05/06 07:07:18

Hello guys,
i have a problem with rp_filter.

The issus is the following: i need to join the following multicast address: 237.2.1.41:5500 with source 10.60.101.24 on interface ens513f0

Interface ens513f0 has following settings:

Code: Select all

ens513f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.216.137.29  netmask 255.255.255.0  broadcast 10.216.137.255
        inet6 fe80::21e:67ff:fe9c:79ee  prefixlen 64  scopeid 0x20<link>
        ether 00:1e:67:9c:79:ee  txqueuelen 1000  (Ethernet)
        RX packets 977751  bytes 1006531335 (959.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 207  bytes 12134 (11.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0x91b60000-91b7ffff



I have add a static route for the 237.2.1.41 multicast:

Code: Select all

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.216.68.1     0.0.0.0         UG        0 0          0 ens513f2
10.39.28.0      10.216.13.1     255.255.255.0   UG        0 0          0 enp4s0f0
10.69.157.0     10.216.13.1     255.255.255.0   UG        0 0          0 enp4s0f0
10.216.13.0     0.0.0.0         255.255.255.0   U         0 0          0 enp4s0f0
10.216.68.0     0.0.0.0         255.255.255.0   U         0 0          0 ens513f2
10.216.137.0    0.0.0.0         255.255.255.0   U         0 0          0 ens513f0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
[color=#FF0000]237.2.0.0       10.216.137.1    255.255.0.0     UG        0 0          0 ens513f0[/color]



I was not able to join multicast, so i disabled rp_filter on ens513f0 interface and enabled the log martian. this is my /etc/sysctl.conf

Code: Select all

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.ens513f0.rp_filter = 0
net.ipv4.conf.all.log_martians = 1


from /var/log/messages i see log martian logs for interface ens513f0

[root@node1 conf]# tail -f /var/log/messages | grep -B1 martian
May 6 08:05:28 node1 serf[101]: agent.ipc: Accepted client: 127.0.0.1:46702
May 6 08:05:29 node1 kernel: IPv4: martian source 10.69.137.82 from 10.69.137.82, on dev ens513f0
May 6 08:05:29 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 2c 08 06 ........M..,..
May 6 08:05:30 node1 kernel: IPv4: martian source 10.69.137.82 from 10.69.137.82, on dev ens513f0
May 6 08:05:30 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 2c 08 06 ........M..,..
May 6 08:05:33 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0
May 6 08:05:33 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 1a 08 06 ........M.....
May 6 08:05:34 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0
May 6 08:05:34 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 1a 08 06 ........M.....
May 6 08:05:35 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0
--
May 6 08:05:35 node1 mesos-master[5024]: W0506 06:05:35.237177 5065 master.cpp:3876] Implicitly declining offers: [ d182b309-4fa1-4229-8cb3-d2c271544efa-O172694 ] in ACCEPT call for framework fb6b2e0a-c701-4bb7-9ac1-0ed19c2cc876 as the launch operation specified no tasks
May 6 08:05:36 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0
May 6 08:05:36 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 1a 08 06 ........M.....
May 6 08:05:37 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0
May 6 08:05:37 node1 kernel: ll header: 00000000: ff ff ff ff ff ff 00 06 4d 02 1c 1a 08 06 ........M.....
May 6 08:05:38 node1 kernel: IPv4: martian source 10.69.137.83 from 10.69.137.83, on dev ens513f0


This is strange to me, and in addition i o not know what 10.69.137.83 is!

in any case, I found two mays to make things work:
1) if i disable the rp_filter on all the interfaces "net.ipv4.conf.all.rp_filter = 0" things works
2) alteratively if i add a static route for the source of the multicast things works

Code: Select all

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.69.101.0     10.216.137.1    255.255.255.0   UG        0 0          0 ens513f0



Can someone explain/help me?
i would like to avoid to have the rp_filter disabled on all interfaces and i would lieke to avoid to add stati routes for each multicast/source i have to join.

thanks guys!