Hi,
I have recently updated one of my systems from CentOs 6.4 to CentOS 6.5.
This systems is used as a RIPv2 routing server with quagga which is the termination point of some GRE tunnels.
While running CentOS 6.4 I see the multicast packages arriving at the eth0 and the GRE tunnel interface.
While running under CentOs 6.5 I can see the multicast packages arriving at the eth0 but not on the GRE tunnel interface.
I am receiving and sending routes at the eth0 interface, but I am only able to send updates through the GRE tunnel not receive them.
All interfaces are multicast enabled:
eth0 Link encap:Ethernet Hardware Adresse 00:50:56:B8:27:52
inet Adresse:10.139.10.2 Bcast:10.139.10.255 Maske:255.255.255.0
inet6 Adresse: fe80::250:56ff:feb8:2752/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7190594 errors:0 dropped:0 overruns:0 frame:0
TX packets:6209862 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:2425775260 (2.2 GiB) TX bytes:2357002233 (2.1 GiB)
net2bdo Link encap:UNSPEC Hardware Adresse 0A-8B-0A-02-FF-FF-E0-A4-00-00-00-00-00-00-00-00
inet Adresse:192.168.250.21 P-z-P:192.168.250.22 Maske:255.255.255.252
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:118143 errors:7913 dropped:0 overruns:0 frame:7913
TX packets:115334 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:21714417 (20.7 MiB) TX bytes:32111515 (30.6 MiB)
net2bdp Link encap:UNSPEC Hardware Adresse 0A-8B-0A-02-00-00-E0-18-00-00-00-00-00-00-00-00
inet Adresse:192.168.250.25 P-z-P:192.168.250.26 Maske:255.255.255.252
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:78025 errors:7001 dropped:0 overruns:0 frame:7001
TX packets:85049 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:18388666 (17.5 MiB) TX bytes:38376786 (36.5 MiB)
While doing a tcpdump (tcpdump –ni eth0 proto 47 | grep 224.0.0.9), I can see the multicast packages arriving inside the GRE tunnel (see last package):
10:40:34.366661 IP 10.139.10.2 > 192.168.252.26: GREv0, length 536: IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:40:34.366680 IP 10.139.10.2 > 192.168.252.26: GREv0, length 536: IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:40:34.366702 IP 10.139.10.2 > 192.168.252.26: GREv0, length 536: IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:40:34.366721 IP 10.139.10.2 > 192.168.252.26: GREv0, length 356: IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 324
10:40:39.830508 IP 192.168.252.26 > 10.139.10.2: GREv0, length 136: IP 192.168.250.26.router > 224.0.0.9.router: RIPv2, Response, length: 104
While doing the same on the Tunnel interface (tcpdump –ni net2bdp host 224.0.0.9), I do not see the incoming multicast packages any more:
10:42:32.391849 IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:42:32.391887 IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:42:32.391945 IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 504
10:42:32.391975 IP 192.168.250.25.router > 224.0.0.9.router: RIPv2, Response, length: 324
I am using quagga 0.99.15 as the RIPv2 daemon. The configuration is as follows:
Zebra.conf:
interface eth0
multicast
ipv6 nd suppress-ra
!
interface net2xxx
multicast
ipv6 nd suppress-ra
!
interface net2yyy
multicast
ipv6 nd suppress-ra
!
!
ip forwarding
!
Ripd.conf:
!
key chain cis-xxx-yyyy
key 1
key-string xxxxxx
!
key chain cis-aaa-bbb
key 1
key-string xxxxxx
!
interface eth0
ip rip send version 2
ip rip receive version 2
!
interface net2xxx
ip rip receive version 2
ip rip authentication mode md5 auth-length old-ripd
ip rip authentication key-chain cis-xxx-yyy
!
interface net2yyy
ip rip receive version 2
ip rip authentication mode md5 auth-length old-ripd
ip rip authentication key-chain cis-aaa-bbb
!
router rip
version 2
redistribute connected
redistribute static
network network-address-of -eth0/24
network network-address-of-net2xxx/30
network network-address-of-net2yyy/30
distribute-list incoming in
distribute-list out-to-fw out eth0
distribute-list out-to-tunnel out net2xxx
distribute-list out-to-tunnel out net2yyy
!
access-list incoming permit 10.0.0.0/8
access-list incoming permit 172.16.0.0/12
access-list incoming permit 192.168.0.0/16
access-list incoming deny any
access-list out-to-fw permit x.x.x.0/23
access-list out-to-fw permit x.x.0.0/16
access-list out-to-fw permit x.x.x.0/23
access-list out-to-fw permit x.x.x.0/24
access-list out-to-fw permit x.x.x.0/23
access-list out-to-tunnel deny y.y.0.0/16
access-list out-to-tunnel permit 10.0.0.0/8
access-list out-to-tunnel permit 172.16.0.0/12
access-list out-to-tunnel permit 192.168.0.0/16
access-list out-to-tunnel deny any
!
line vty
rip authentication is working as the routes are transmitted to the remote router but not from the remote router to the local server. The RIP or ZEBRA configuration were the same before the update (working) and after the update (no longer working).
Has there be anything changed in multicast handling in combination with GRE tunnels with CentOS 6.5?
Do you need any additional information?
Mit freundlichen Grüßen / Kind regards
Uwe Poliak
AMANN GROUP
IS – Information Systems, Technical Services
Phone +49 7143 277-420, Fax +49 7143 277-901 420
E-Mail Uwe.Poliak at amann.com<mailto:Uwe.Poliak at amann.com>
Amann & Soehne GmbH & Co. KG
Hauptstrasse 1, 74357 Boennigheim – Germany
www.amann.com<http://www.amann.com/>
Kommanditgesellschaft Sitz Boennigheim; USt-IdNr. DE 144 960 031
Registergericht Stuttgart HRA 300309
Pers. Haftende Gesellschafterin: Amann Beteiligungen GmbH Sitz Boennigheim
Registergericht Stuttgart HRB 301997
Geschaeftsfuehrer: Bodo Th. Boelzle (Vorsitzender), Wolfgang Findeis, Peter Morgalla