1

I am attempting to use VRFs in Xubuntu 18.04, but I'm not having much luck when it comes to multicast IP addresses. I have been using https://www.kernel.org/doc/Documentation/networking/vrf.txt as a guideline.

This is my setup:

sudo ip addr add 192.168.0.1/24 dev enp0s8 sudo ip li set dev enp0s8 up sudo ip link add vrf-blue type vrf table 10 sudo ip link set dev vrf-blue up sudo ip link set dev enp0s8 master vrf-blue

The output from ip a is as follows:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether 08:00:27:0c:19:91 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master vrf-blue state UP group default qlen 1000 link/ether 08:00:27:5e:ed:76 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 scope global enp0s8 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe5e:ed76/64 scope link valid_lft forever preferred_lft forever 4: vrf-blue: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP group default qlen 1000 link/ether 8a:f6:90:1c:c1:1e brd ff:ff:ff:ff:ff:ff

The output of ip route show table 10:

default via 192.168.0.2 dev enp0s8 broadcast 192.168.0.0 dev enp0s8 proto kernel scope link src 192.168.0.1 192.168.0.0/24 dev enp0s8 proto kernel scope link src 192.168.0.1 local 192.168.0.1 dev enp0s8 proto kernel scope host src 192.168.0.1 broadcast 192.168.0.255 dev enp0s8 proto kernel scope link src 192.168.0.1

When I ping a local address I can see the ICMP packets on both the interface and the VRF master device by running tcpdump -I vrf-blue and tcpdump -I enp0s8, however if I ping a multicast address I can only see the packets on the capture running over the VRF not the interface. I have tried setting the multicast flag on the VRF but it has little effect.

ping 224.0.0.1 -I vrf-blue ping 192.168.0.2 -I vrf-blue

It is my understanding that the multicast ping should be sent out on any interface attached to the VRF, could anyone advise?

Improve this question

1 Answer 1

Reset to default
0

I posted the same question over on the Cumulus Networks forum; David Ahern (the author of much of the VRF code in the kernel) replied:

IPv4 multicast packets can be received on a VRF device -- an unintended side effect leveraged by a user and so not able to make that change. In general multicast and linklocal (IPv6) are meant to be tied to the real device, not the VRF device. Meaning, packet transmit has to be done on the enslaved device. Trying to send packets to an mcast address via the VRF device are not replicated per enslaved device.

Or at least that is how I remember it working.

I now have this working on v4.17 with the socket bound to the interface instead of the VRF when multicast IP is being sent.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.