[SOLVED] igmp snooping broken in proxmox4.x ? (pve-kernel 4.4.8-1-pve )

D

Dumitru Ciobârcianu

New Member
Jun 2, 2016
9
1
3
47
Hello,

I just updated my proxmox install from 3.4 (kernel 2.6.32-pve) and 4.2 (kernel 4.4.8-pve) and it looks like igmp snooping on bridges stopped working. It's enabled in the config but it looks like it's not doing what it's supposed to do.

I have two VMs connecting to the multicast source vlan via a bridge:
Code: 
vmbr1v250               8000.0025907ec814       no              eth1.250
                                                        tap102i1
                                                        tap104i1
                                                        tap104i2

And igmp snooping is enabled:
Code: 
root@prime:~# cat /sys/class/net/vmbr1v250/bridge/multicast_snooping
1

But if I join a multicast stream in the first VM, the packets will be duplicated to the second VM, which is not the intended behaviour:
Code: 
root@prime:~# bridge mdb show dev vmbr1v250
dev vmbr1v250 port tap102i1 grp 224.5.0.109 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.97 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.201 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.2 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.140 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.90 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.108 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.150 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.17 temp
root@prime:~# ifstat -i tap102i1,tap104i1,tap104i2
     tap102i1            tap104i1            tap104i2
 KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
    0.00   6883.68      0.00   6883.68      0.00   6883.68
    0.00   6969.24      0.00   6969.24      0.00   6969.24
    0.00   6938.09      0.00   6939.42      0.00   6939.42
    0.04   6881.25      0.00   6883.94      0.00   6883.94
    0.13   6864.37      0.00   6861.85      0.00   6861.85
    0.09   6799.78      0.00   6798.55      0.00   6798.55
    0.00   6846.39      0.00   6846.39      0.00   6846.39
    0.00   6947.55      0.00   6947.55      0.00   6947.55

Does anyone have any idee what might be the cause or what can I do to fix it ?

Thank you,

Dumitru
 
Dumitru Ciobârcianu said:
Code: 
vmbr1v250               8000.0025907ec814       no              eth1.250
                                                        tap102i1
                                                        tap104i1
                                                        tap104i2

And igmp snooping is enabled:
Code: 
root@prime:~# cat /sys/class/net/vmbr1v250/bridge/multicast_snooping
1

But if I join a multicast stream in the first VM, the packets will be duplicated to the second VM, which is not the intended behaviour:
Code: 
root@prime:~# bridge mdb show dev vmbr1v250
dev vmbr1v250 port tap102i1 grp 224.5.0.109 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.97 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.201 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.2 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.140 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.90 temp
dev vmbr1v250 port tap102i1 grp 239.250.2.108 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.150 temp
dev vmbr1v250 port tap102i1 grp 224.5.0.17 temp
root@prime:~# ifstat -i tap102i1,tap104i1,tap104i2
     tap102i1            tap104i1            tap104i2
KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
    0.00   6883.68      0.00   6883.68      0.00   6883.68
    0.00   6969.24      0.00   6969.24      0.00   6969.24
    0.00   6938.09      0.00   6939.42      0.00   6939.42
    0.04   6881.25      0.00   6883.94      0.00   6883.94
    0.13   6864.37      0.00   6861.85      0.00   6861.85
    0.09   6799.78      0.00   6798.55      0.00   6798.55
    0.00   6846.39      0.00   6846.39      0.00   6846.39
    0.00   6947.55      0.00   6947.55      0.00   6947.55
Click to expand...



I have just tried it out with the latest Proxmox VE 4.2

Code: 
pveversion
pve-manager/4.2-11/2c626aa1 (running kernel: 4.4.8-1-pve)


and did not encounter any problems.

The short test I have made with 3 connected VMs:

Code: 
omping 192.168.199.1 192.168.199.2 192.168.199.3

The output on the hosts is (when running the above on all three):
Code: 
bridge mdb show dev vmbr6
dev vmbr6 port tap3401i6 grp 232.43.211.234 temp
dev vmbr6 port tap3403i6 grp 232.43.211.234 temp
dev vmbr6 port tap3404i6 grp 232.43.211.234 temp

And then when I cancel it on the second VM:

Code: 
bridge mdb show dev vmbr6
dev vmbr6 port tap3401i6 grp 232.43.211.234 temp
dev vmbr6 port tap3404i6 grp 232.43.211.234 temp


Probably something (not virtualization specific) is configured wrongly in you case ....
 
Heya Richard,

Thank you very much for testing.
Maybe I did not explain correctly.
Indeed, also in my case the mdb looks ok but the multicast packets get duplicated to all the interfaces in the bridge, even to the interfaces that did not specifically asked for them (joined the multicast group). AFAIK this is what multicast snooping was supposed to prevent.

tcpdump shows packets from groups joined by VM1 going out also to VM2 and also packets from groups joined by VM2 going out also to VM1. With multicast_snooping activated each VM should receive only the groups they joined, right ?

Richard said:
I have just tried it out with the latest Proxmox VE 4.2

Probably something (not virtualization specific) is configured wrongly in you case ....
Click to expand...


Could be, I just try to figure out what that is :)
 
Dumitru Ciobârcianu said:
tcpdump shows packets from groups joined by VM1 going out also to VM2 and also packets from groups joined by VM2 going out also to VM1. With multicast_snooping activated each VM should receive only the groups they joined, right ?
Click to expand...


Yes indeed! But the behavior is in all Debian kernels 3 and above like this (independent from Proxmox) - where in kernel 2.6.32 it works as you expect.

But since I am not an expert in that area (neither for kernels nor for multicast) I hesitate to say "it´s a bug"; rather not, I guess - remarkable that the behavior is in all kernels 3.x and 4.x the same.

Maybe a new default configuration somewhere - googling for it I did not find any hints ...
 
Oh, ok, thank you for clearing that up (I should have thought to test that myself) :)
I will dig deeper to find out what patches landed in the linux multicast area during 3.x and 4.x.

I would call it a bug, a regression even, the sysfs knob does not do what it supposed to while during 2.6.x it did (but I think I remember that during 2.6 things were broken for MLD - ipv6 multicast snooping)

I will take this to linux-kernel or linux-net, thank you!
 
This patch (integrated into 4.4.11 longterm kernel) should fix my issue:

https://lists.linuxfoundation.org/pipermail/bridge/2016-May/009976.html

I already have a querier in the network so it made no sense to also enable it on the linux bridge.
If I enable the multicast querier the information in the mdb is honored and only the streams that are joined are sent to the respective interfaces. Hoever the information is not updated and after the igmp query interval the streams dissapear entirely, but that's another issue, I know where to dig :)

Virtual (insert favourite beverage) coming right up into your general direction Richard for pointing me in the right direction. :)

Thank you,
Dumitru
 
Did you test this with a mainline 4.4.11 kernel build?
 
fabian said:
Did you test this with a mainline 4.4.11 kernel build?
Click to expand...

No, this is a semi-production machine and I did not want to risk with a vanilla kernel.

Instead I did an "git clone git://git.proxmox.com/git/pve-kernel.git", added the patch to the Makefile, rebuilt the pve-kernel deb package, install it as usual and just rebooted the machine.

Now the multicast snooping in the bridge is working as expected, the stream go out only on the subscribed interfaces, the traffic looks ok:

Code: 
root@prime:~# bridge mdb show dev vmbr1v250
dev vmbr1v250 port tap104i1 grp 239.199.10.219 temp
dev vmbr1v250 port tap102i1 grp 239.2.57.185 temp
dev vmbr1v250 port tap104i1 grp 239.199.0.107 temp
dev vmbr1v250 port tap102i1 grp 239.199.0.66 temp
root@prime:~# ifstat -i tap102i1,tap104i1,tap104i2
     tap102i1            tap104i1            tap104i2
 KB/s in  KB/s out   KB/s in  KB/s out   KB/s in  KB/s out
    0.00    963.53      0.00   1510.57      0.00      0.59
    0.00    962.30      0.00   1511.95      0.50      1.54
    0.00    962.05      0.99   1513.25      0.00      0.53
    0.00    963.43      0.00   1510.40      0.00      0.60
    0.00    962.46      0.00   1514.87      0.00      0.71
    0.00    957.19      0.00   1520.11      0.00      0.88
    0.00    960.85      0.00   1510.52      0.00      0.59
    0.00    961.45      0.00   1512.62      0.00      0.89
    0.00    962.58      0.00   1511.06      0.00      0.76

Thank you,
Dumitru
 
great, thanks for the feedback!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back