> On 2 Apr 2019, at 6:41 pm, Mitchell Krome <mitchellkr...@gmail.com> wrote:
>
> On 2/04/2019 2:08 pm, David Gwynne wrote:
>> Can you send me the hostname.* files and the output of ifconfig (showing all
>> interfaces)?
>>
>> You're using -current now, right?
>>
>> dlg
>>
>>> On 2 Apr 2019, at 08:15, lnel...@nelnet.org wrote:
>>>
>>>
>>> First of all the protected domain seems to do the opposite of what I
>>> need, but it may only appear to be the case because of the strageness
>>> with broadcast. When trying to ping (or send any traffic) between
>>> rtr01 and rtr02 and the two mpw2's are in the same protected domain,
>>> the arp requests die in the bridge. The arp never shows up at all on
>>> the other mpw. If I remove the mpw's from the protected domain, then
>>> the arp traffic gets through to the other mpw, but it doesn't get sent
>>> out properly by MPLS. It's sent out as MPLS broadcast traffic
>>> originating on the physical ethernet interface but with the right label
>>> for the pseudowire. Even though the arp request itself is broadcast
>>> traffic, I would expect it to be encapsulated in a unicast MPLS packet
>>> which is sent from the MAC of the bridge or the originating router and
>>> and sent as unicast to the destination router with the pseudowire's
>>> label. As it is now, even if the destination router could figure out
>>> what to do with these MPLS broadcast packets, it would respond to the
>>> physical interface and not the bridge.
>
> You only need the protected domain if you do a full mesh vpls (I.E.
> every router has a mpw to every other router). That wasn't the config
> you showed initially so I don't think you need it in your case.
>
> I am running the following diff to get MPLS to work with GRE as I had a
> similar ARP issue that was caused by gre_input tagging the packets as
> MCAST and then mpls_input dropping them. When I looked into it I didn't
> think that should cause the issue I was seeing for a real interface as
> ether_input didn't re-add the MCAST flag, but I also don't have a real
> box to test on. You can give it a go and see if it helps.
I think you've found the problem. mpls_output replaces if_output though, so for
interfaces with mpls enabled on this, this change causes BCAST|MCAST to be
cleared for all outgoing packets. ie, it might break things like ipv6 nd on
ethernet interfaces.
What are you running on top of GRE that hit this?
For now it might be better to have mpw etc clear the flags before calling
mpls_output.
Cheers,
dlg
>
>
> diff --git sys/netmpls/mpls_output.c sys/netmpls/mpls_output.c
> index b2be1fcc9..fe6e0ec42 100644
> --- sys/netmpls/mpls_output.c
> +++ sys/netmpls/mpls_output.c
> @@ -53,6 +53,9 @@ mpls_output(struct ifnet *ifp, struct mbuf *m, struct
> sockaddr *dst,
> int error;
> u_int8_t ttl;
>
> + /* reset broadcast and multicast flags, this is a P2P tunnel */
> + m->m_flags &= ~(M_BCAST | M_MCAST);
> +
> if (rt == NULL || (dst->sa_family != AF_INET &&
> dst->sa_family != AF_INET6 && dst->sa_family != AF_MPLS)) {
> if (!ISSET(ifp->if_xflags, IFXF_MPLS))
> @@ -132,9 +135,6 @@ mpls_output(struct ifnet *ifp, struct mbuf *m,
> struct sockaddr *dst,
> goto bad;
> }
>
> - /* reset broadcast and multicast flags, this is a P2P tunnel */
> - m->m_flags &= ~(M_BCAST | M_MCAST);
> -
> smpls->smpls_label = shim->shim_label & MPLS_LABEL_MASK;
> error = ifp->if_ll_output(ifp, m, smplstosa(smpls), rt);
> return (error);
